Installation and Configuration
The following instructions assume the user is proceeding from:
- A completed platform setup.
- A
stablebuild ofcortex-charts. - The installation is being performed on a Linux/MAC OS.
- A Kubernetes cluster exists and sizing analysis has been done. (Default: 3 nodes with 4 cpus x 16 GB RAM)
Dependencies Compatibility Matrix Cortex Fabric
| Cortex Helm Chart | Helm | Kubernetes | Istio | Redis | Mongo | Dex |
|---|---|---|---|---|---|---|
| 6.4.1 | 3.x | 1.26.x | 1.17.x | 7.0.x | 6.0.x | 2.36.x |
| 6.4.0 | 3.x | 1.23.x | 1.15.x | 7.0.x | 5.0.x | 2.36.x |
| 6.3.3 | 3.x | 1.23.x | 1.13.x | 6.2.x | 5.0.x | 2.32.x |
| 6.3.0 | 3.x | 1.21.x | 1.13.x | 6.2.x | 5.0.x | 2.32.x |
| 6.2.2 | 3.x | 1.21.x | 1.12.x | 6.2.x | 5.0.x | 2.31.x |
| 6.2.1 | 3.x | 1.21.x | 1.12.x | 6.2.x | 4.4.x | 2.31.x |
| 6.2.0 | 3.x | 1.21.x | 1.12.x | 6.2.x | 4.4.x | 2.31.x |
| 6.1.1 | 3.x | 1.21.x | 1.12.x | 6.2.x | 4.4.x | 2.31.x |
| 6.1.0 | 3.x | 1.21.x | 1.12.x | 6.2.x | 4.4.x | 2.31.x |
Users have a choice of internal storage including: MinIO, S3, or GCS storage.
NOTE: Version 6.3.1 and 6.3.2 were internal-only releases.
Prerequisites
Cortex Helm installation can be performed on the following platforms. Follow the links to view prerequisites that must be in place prior to performing the steps for Cortex Fabric Helm installation on a Kubernetes cluster.
- AKS Installation Prerequisites
- EKS Installation Prerequisites
- GKE Installation Prerequisites
- On Premise Installation Prerequisites
- SSL certificate and any intermediate certificate with associated private key files signed by a trusted CA
- Utilities:
- azure-cli or aws-cli or gcloud CLI
- kubectl or k8s
- helm
- jq
- Istio is installed (See Compatibility chart above for version information.)
- (Optional) Vault setup is complete.
Creating hosted-externalized infrastructure dependencies (especially Mongo, Redis, and MinIO) is considered the best practice for both development and production environments of Cortex Fabric.
Customers who opt for this setup are responsible for creating accounts with the dependency providers, procuring the required licenses, implementing appropriate plans for their solutions, monitoring their usage, and managing those accounts.
Examples of externalized dependency setup are provided in the Cortex Charts here.
For development/demo environments customers may opt to install Cortex with the internalized dependencies as directed in the Installation Guide below.
Redis, Mongo, Dex, and Minio are packaged in the Fabric Helm Chart as internalized dependencies.
Recommended Prerequisites
Read the following instructions for using Kubernetes and Dex.
- Kubernetes documentation
- Dex documentation (Read the content in the README at this link.)
Cortex URLs
After your base-domain is set up, you will use it to access Cortex tools:
The Fabric URL is https://api.<base-domain>. Use the URL to open the Cortex Fabric Console and in REST API calls headers.
For instructions to install Cortex Fabric tools, see https://cognitivescale.github.io/cortex-fabric/
Ports
Fabric sets up resources (Istio Gateway) that allow ingress traffic on the following ports:
| Type | Port | Description | Required |
|---|---|---|---|
https | 443 | for accessing Fabric APIs | Required |
http | 80 | for http->https redirects | Optional |
status | 15021 | for Istio gateway (service mesh) healthcheck; shows if the service mesh is functioning, but is not a measure of system up/down. | Optional |
Install Fabric
Create a values file (
values.yaml) for your specific deployment variables. The links below provide detailed instructions and best practices for working with Helm charts.The Fabric Helm chart's
values.yamldescribes the available settings and provides examples in the annotated code. Not all settings are required. Use the ones that are applicable to your deployment environment. To view thevalues.yamlextract the chart release and view the packaged .yaml values for the Helm release you are deploying.The following variables must be overridden in the values.yaml before installing Cortex Fabric:
cortex:
# cortex.imageRegistry: Source docker registry to pull cortex service images from, default is dockerhub
imageRegistry: index.docker.io/
dex:
autoscaling:
enabled: false
config:
issuer: "https://api.<BASE_DOMAIN>/dex"
staticClients:
- id: cortex-app
redirectURIs:
- "https://api.<BASE_DOMAIN>/login/oidc"
domains:
base: <BASE_DOMAIN>Add Cortex Helm Repository to Helm repo cache.
helm repo add cortex https://cognitivescale.github.io/cortex-charts/stableCreate a namespace for Cortex installation.
cortexservices namespace:kubectl create namespace cortexcortex-computenamespace:kubectl create namespace cortex-compute
Create secrets for Cortex deploy. Needed only when pulling Cortex images from DockerHub.
For cortex namespace:
kubectl create secret docker-registry docker-login \
--docker-server=<docker_registry> \
--docker-username=<docker_username> \
--docker-password=<docker_password> \
-n cortexFor cortex-compute namespace:
kubectl create secret docker-registry docker-login \
--docker-server=<docker_registry> \
--docker-username=<docker_username> \
--docker-password=<docker_password> \
-n cortex-computenoteUse
https://index.docker.io/v1/fordocker_registry. If you are using ECR or ACR, provide entries in the values file for proper Docker image locations.Deploy Cortex via Helm chart. The recommended way to use SSL certificate is as shown below. To know more on how to format the certs or debug issues with SSL certificate refer to [Istio Docs] (https://istio.io/latest/docs/tasks/security/cert-management/plugin-ca-cert/#verifying-the-certificates)
helm upgrade --install cortex \
cortex/fabric6 \
--namespace cortex \
-f cortex.yaml \
--set cortex.ssl.cert="$(cat cert.crt)" \
--set cortex.ssl.key="$(cat key.pem)"To deploy a specific version of the Cortex Helm chart use the
--versionargument and specify the version number.helm upgrade --install cortex \
cortex/fabric6 \
--namespace cortex \
-f cortex.yaml \
--set cortex.ssl.cert="$(cat cert.crt)" \
--set cortex.ssl.key="$(cat key.pem)" \
--version 0.6.x
Verify deployment status
Verify that the pods are deployed and stable in the namespace Fabric was deployed to by using one of the two utilities (or any other Kubernetes utility):
Your pods must be running and stable before moving on to the post deployment steps.
Post Deployment Steps
(Optional) Deploy the metrics-service to track node and pod metrics.
NOTE: Not needed for AKS as "metrics-server" is deployed as part of the default K8s services
(Only required if
external-dnsis not configured viacortex.yaml) Create A-record or CNAME DNS entry for * (/ wildcard) that points to the deployed ingress controller public IP address AND create A-record or CNAME DNS entry for "private-registry" that points to the secondary docker-ingress controller public IP address.
Enable authentication required for the
cortexandcortex-computenamespaces to pull from private-registry configured to use Fabric authentication:noteThe Cortex CLI and kubectl must be installed and configured on the system where they are being run in order to run the auth script below.
Execute this command to create a secret named "docker-login" for the cortex and cortex-compute namespaces.
In Linux terminal:
wget -O create-token-actions.sh "https://cognitivescale.github.io/cortex-charts/utilities/create-token-actions.sh" && bash ./create-token-actions.sh kubectl docker-loginFor different options for setting up Docker registry authentication go to the Private Registries page.
Upgrading to a new Fabric Version
See the Upgrades page for release specific upgrade steps.
Next steps
Configure logging and monitoring tools.