- Introduction
- Details
- Limitations
- Supported Platforms
- Accessing the container images
- Prerequisites
- Resources Required
- Preparing for installation
- Installing
- Upgrading the Chart
- Rolling Back the Chart
- Uninstalling the Chart
- Configuration Parameters
- Configuring
- Storage
- Documentation
AI Data Advisor (AIDA) is a component of HCL Workload Automation since V10.1, based on Artificial Intelligence and Machine Learning techniques. It enables fast and simplified data-driven decision making for an intelligent workload management. By analyzing workload historical data and metrics gathered by HCL Workload Automation and predicting their future patterns, AIDA identifies anomalies in KPIs trend (such as the jobs in plan by status and the jobs in plan by workstation) and sends immediate alerts to prevent problems and delays. Alerts show up on the Workload Dashboard and can be notified via email.
This readme provides the steps for deploying AIDA, using helm charts and container images. Deploy AIDA after deploying HCL Workload Automation. For details about HCL Workload Automation deployment, refer to HCL Workload Automation readme file.
- Limited to amd64 platforms.
- With AIDA deployment on Kubernetes, you can monitor only HCL Workload Automation servers (not HCL Workload Automation for Z servers).
- With AIDA deployment on Kubernetes, each single AIDA instance can monitor just one HCL Workload Automation server.
- With AIDA deployment on Kubernetes, AIDA UI can be accessed only using the AIDA widget on the Workload Dashboard of the Dynamic Workload Console.
AIDA helm chart is composed of the following sub-charts, one for each service:
aida-ad- Anomaly detection and alert generation serviceaida-es- Elasticsearch, to store and analyze dataaida-exporter- Exporter serviceaida-email- Email notification serviceaida-nginx- As a reverse proxy for AIDA componentsaida-orchestrator- Orchestrator serviceaida-predictor- Predictor serviceaida-redis- Internal event manageraida-ui- AIDA UI
Each sub-chart defines the following Kubernetes resources:
Deployments
Each sub-chart except aida-es defines a deployment named
{{ .Release.Name }}-{{ .Chart.Name }}
Pods
Each Deployment generates one or more Pods named
{{ .Release.Name }}-{{ .Chart.Name }}-<UID> where is a Unique Identifier generated randomly by Kubernetes.
Stateful Sets
aida-es service defines a StatefulSet named
{{ .Release.Name }}-aida-es
Services
Each sub-chart defines a service named
{{ .Release.Name }}-{{ .Chart.Name }} of kind ClusterIP.
Persistent Volume Claims
aida-es service defines a PVC generated by the Deployment that is named {{ .Release.Name }}-aida-es
Persistent Volumes
aida-es service generates a PV linked to the PVC if using Dynamic Provisioning, otherwise an existing PV can be used.
Service Accounts
Each sub-chart defines a ServiceAccount named
{{ .Release.Name }}-{{ .Chart.Name }} if serviceAccount.create is true, otherwise an existing global.serviceAccountName will be used.
Ingress or Load Balancer or Route
Depends on the type of network enablement that is configured. See Network enablement.
Secrets
The following secrets are defined and contain some default passwords that can be changed. See Modify the Secret files :
- redis-pwd-secret
- email-pwd-secret
Amazon Elastic Kubernetes Service (EKS) on amd64: 64-bit Intel/AMD x86
Azure Kubernetes Service (AKS) on amd64: 64-bit Intel/AMD x86
Google Kubernetes Engine (GKE) on amd64: 64-bit Intel/AMD x86
You can deploy AIDA on Openshift 4.2 or later version by following the instruction in this documentation and using the helm chart. Ensure to modify the value of this parameter in the aida-nginx section of the values.yaml file:
aida-nginx.exposeServiceType
from LoadBalancer to Routes
You can access AIDA subcharts and container images from the Entitled Registry (online installation). See Creating the Secret for more information about accessing the registry. The images are as follows:
hclcr.io/wa/aida-ad:10.2.1hclcr.io/wa/aida-exporter:10.2.1hclcr.io/wa/aida-email:10.2.1hclcr.io/wa/aida-nginx:10.2.1hclcr.io/wa/aida-orchestrator:10.2.1hclcr.io/wa/aida-predictor:10.2.1hclcr.io/wa/aida-redis:10.2.1hclcr.io/wa/aida-ui:10.2.1
AIDA requires:
- HCL Workload Automation V10.1 or higher exposed metrics. For information about HCL Workload Automation exposed metrics, see Exposing metrics to monitor your workload.
- API key for accessing the Entitled Registry: hclcr.io
- External container image for OpenSearch 2.3.0 (an Elasticsearch based technology)
- Supported browsers are:
- Google Chrome 67.0.3396.99 or higher
- Mozilla Firefox 61.0.1 or higher
- Microsoft Edge 79 or higher
AIDA prerequisites are inherited by HCL Workload Automation.
The following resources correspond to the default values required to manage a production environment. These numbers might vary depending on the environment.
| Component | Container resource limit | Container memory request |
|---|---|---|
| aida-ad | CPU: 2, Memory: 8Gi | CPU: 0.5, Memory: 1Gi, Storage: n/a |
| aida-es | CPU: 4, Memory: 8Gi | CPU: 0.5, Memory: 1Gi, Storage: 10Gi |
| aida-exporter | CPU: 2, Memory: 4Gi | CPU: 0.5, Memory: 0.5Gi, Storage: n/a |
| aida-email | CPU: 1, Memory: 2Gi | CPU: 200m, Memory: 0.5Gi, Storage: n/a |
| aida-nginx | CPU: 1, Memory: 1Gi | CPU: 200m, Memory: 200Mi, Storage: n/a |
| aida-orchestrator | CPU: 2, Memory: 4Gi | CPU: 0.5, Memory: 0.5Gi, Storage: n/a |
| aida-predictor | CPU: 8, Memory: 16Gi | CPU: 1, Memory: 1Gi, Storage: n/a |
| aida-redis | CPU: 1, Memory: 500Mi | CPU: 200m, Memory: 200Mi, Storage: n/a |
| aida-ui | CPU: 1, Memory: 2Gi | CPU: 0.3, Memory: 0.5Gi, Storage: n/a |
Before installing AIDA, run the following steps:
- To use custom SSL certificates for AIDA, in the <install_path>/nginx/cert folder replace aida.crt e aida.key with your own files (do not change the default names).
- Verify that aida-exporter.waHostName parameter in the values.yaml file is set to the host name used to reach the WA server. This parameter is not required if AIDA is deployed in the same helm chart as WA.
- Verify that aida-exporter.waPort parameter in the values.yaml file is set to the port used to reach the WA server. Its default value is "3116".
- Verify that aida-nginx.waConsoleCertSecretName parameter in the values.yaml file is set to the name of the WA console secret used to store the customized SSL certificates.
- If you want to receive alert notification via email, properly set the configuration parameters in the aida-email section of the values.yaml file.
- To prevent HTTP Host Header attacks, in the values.yaml file add the string
EXTERNAL_HOSTNAME=IPwhere IP is the IP address of the machine where AIDA is being installed.
Refer to HCL Workload Automation readme file for the general installation procedure that includes AIDA as an HCL Workload Automation component. During the installation procedure, accept the product license when prompted.
In addition, run the following AIDA specific steps:
-
Creating the Secret by accessing the entitled registry to store an entitlement key for AIDA offering on your cluster.
-
Modify the Secret files to change the passwords for aida-redis and aida-email.
If you already have a license, then you can proceed to obtain your entitlement key. To learn more about acquiring an HCL Workload Automation license, contact HWAinfo@hcl.com. Obtain your entitlement key and store it on your cluster by creating a Kubernetes Secret. Using a Kubernetes secret allows you to securely store the key on your cluster and access the registry to download the chart and product images.
-
Access the entitled registry. Contact your HCL sales representative for the login details required to access the HCL Entitled Registry: hclcr.io.
-
To create a pull secret for your entitlement key that enables access to the entitled registry, run the following command:
kubectl create secret docker-registry -n <workload_automation_namespace> sa-<workload_automation_namespace> --docker-server=<registry_server> --docker-username=<user_name> --docker-password=<password>where,
<workload_automation_namespace>represents the namespace where the product components are installed<registry_server>ishclcr.io<user_name>is the user name provided by your HCL representative<password>is the entitled key copied from the entitled registry<api_key>
If needed, modify the Secrets files to store the passwords for aida-redis and aida-email.
-
Modify the
aida-helm/templates/redis-pwd-secret.yamlfile that stores aida-redis password. Theredis-pwd-secret.yamlfile has the following content:apiVersion: v1kind: Secretmetadata:name: redis-pwd-secrettype: Opaquedata:REDIS_PASSWORD: <hidden_password>where:
-
redis-pwd-secretis the value of theglobal. redisPwdSecretNameparameter defined in the Configuration Parameters section; -
<hidden_password>can be changed; to enter an encrypted password, run the following command in a UNIX shell and copy the output into the yaml file:echo -n 'mypassword' | base64vThe default password is “foobared”.
-
-
Modify the
aida-helm/charts/aida-email/templates/email-pwd-secret.yamlfile that stores aida-email sender email password. Theemail-pwd-secret.yaml filehas the following content:apiVersion: v1kind: Secretmetadata:name: email-pwd-secrettype: Opaquedata:EMAIL_PASSWORD: <hidden_password>where:
-
email-pwd-secretis the value of theglobal.senderEmailPwdSecretNameparameter defined in the Configuration Parameters section; -
<hidden_password>can be changed; to enter an encrypted password, run the following command in a UNIX shell and copy the output into the yaml file:echo -n 'mypassword' | base64vThe default password is “smtpPassword”.
-
After the deployment procedure is complete, you can validate the deployment to ensure that AIDA is working. To manually verify that AIDA was successfully installed, you can perform the following checks:
-
Run the following command to verify the AIDA pods (see Details) installed in the <workload_automation_namespace>:
kubectl get pods -n <workload_automation_namespace> -
Verify that AIDA UI is accessible using the AIDA widget on the Workload Dashboard of the Dynamic Workload Console.
Refer to HCL Workload Automation readme file.
Refer to HCL Workload Automation readme file.
Refer to HCL Workload Automation readme file.
The following tables list the configurable parameters of the chart values.yaml, and their default values.
AIDA configuration parameters in the values.yaml file are divided in three categories:
- Parameters whose value users must provide (Mandatory=Y)
- Parameters with a default value that users can optionally customize ( Customizable =Y)
- Parameters with a default value that users should not change ( Customizable =N) because their value is inherited by Workload Automation chart or because their customization is for expert users only.
The tables are organized as follows:
The following table lists the global configurable parameters of the chart and their default values:
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| license | Use accept to agree to the license agreement | Y | Y | notaccepted |
| serviceAccountName | The name of the serviceAccount to use. The Workload Automation default service account (wauser) is used | Y (Inherited by WA chart) | N | |
| aidaEngineLogLevel | Log level in AIDA. It can be DEBUG, INFO, ERROR, WARNING, CRITICAL | N | N | "INFO" |
| redisPwdSecretName | aida-redis password secret name | N | N | "foobared" |
| defaultShardCount | The default number of OpenSearch shards | N | N | 1 |
| defaultReplicaCount | The default number of OpenSearch replicas | N | N | 0 |
The following tables list the configurable parameters of the chart relative to each service and their default values:
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| image.repository | aida-ad image repository | N | N | hclcr.io/wa/aida-ad |
| image.tag | aida-ad image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CPU requested to run | N | N | 2 |
| resources.limits.memory | The maximum memory requested to run | N | N | 8Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 0.5 |
| resources.requests.memory | The minimum memory requested to run | N | N | 1Gi |
| autoscaling.enabled | Set this to false to completely disable autoscaling and true to enable it | N | N | true |
| autoscaling.minReplicas | The minimum number of Pods | N | N | 1 |
| autoscaling.maxReplicas | The maximum number of Pods | N | N | 10 |
| autoscaling.targetMemoryUtilizationPercentage | The value in percentage of memory utilization that each Pod should have | N | N | 80 |
| toleranceMillis | The maximum number of milliseconds between a real data point and a predicted data point in order to consider them close and, therefore, usable by the alert detection algorithm | N | Y | 240000 |
| webConcurrency | Number of workers of the web server. The more they are, the more there is parallelism (and the more RAM is consumed). Suggested value: 2 | N | N | 2 |
| minimumSeverityForMail | Minimum level of severity above which an alert will be sent by email. Can be high, medium or low | Y (if you want to receive alerts by email) | Y | high |
| host_ip | AIDA host IP address for alert email | Y (if you want to receive alerts by email) | Y | "" |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| image.repository | aida-es image repository | N | N | amazon/opensearchproject/opensearch |
| image.tag | aida-es image tag | N | N | 2.3.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created. If false, an existing one with name global.serviceAccountName will be used | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| persistence.enabled | If true, StorageClasses are used to dynamically create persistent volumes for the pods | N | N | true |
| persistence.useDynamicProvisioning | If true, StorageClasses are used to dynamically create persistent volumes for the pods | N | N | true |
| persistence.dataPVC.storageClassName | The name of the Storage Class to be used. Leave empty to not use a storage class | N | N | "" |
| persistence.dataPVC.selector.label | Volume label to bind (only limited to single label) | N | N | "" |
| persistence.dataPVC.selector.value | Volume label value to bind (only limited to single value) | N | N | "" |
| persistence.dataPVC.size | The minimum size of the Persistent Volume | N | N | 10Gi |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 4 |
| resources.limits.memory | The maximum memory requested to run | N | N | 8Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 0.51 |
| resources.requests.memory | The minimum memory requested to run | N | N | 1Gi |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| waHostName | The host name used to reach the WA server. Not required if WA is deployed in the same helm chart as AIDA. | N | N | "" |
| waPort | The port used to reach the WA server | N | Y | 31116 |
| httpAuthUsername | The username of WA basic authentication. | N | N | wauser |
| httpAuthPasswordSecretName | The name of the secret that stores the password of WA basic authentication. | N ) | N | |
| image.repository | aida-exporter image repository | N | N | hclcr.io/wa/aida-exporter |
| image.tag | aida-exporter image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 2 |
| resources.limits.memory | The maximum memory requested to run | N | N | 4Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 0.5 |
| resources.requests.memory | The minimum memory requested to run | N | N | 0.5Gi |
| maximumDaysOfOlderPredictions | How many days of predictions to keep in the past | N | Y | 14 |
| maximumDaysOfOlderData | How many days of metrics data to keep in the past | N | Y | 400 |
| resolveAlertsAfterDays | Number of days after which alerts will automatically go in "resolved" status | N | Y | 1 |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| smtpServer | The smtp server | Y (only if you want to enable alerting by email) | Y | |
| smtpPort | The port of the smtp server | Y (only if you want to enable alerting by email) | Y | 587 |
| senderEmailId | The email account of the alert sender | Y (only if you want to enable alerting by email) | Y | |
| senderEmailPwd | The email password of the alert sender | Y (only if you want to enable alerting by email) | Y | |
| recipientMailIds | The list of recipient emails "mail1@mail.com,mail2@mail.com" |
Y (only if you want to enable alerting by email) | Y | |
| image.repository | aida-email image repository | N | N | hclcr.io/wa/aida-email |
| image.tag | aida-exporter image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 1 |
| resources.limits.memory | The maximum memory requested to run | N | N | 2Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 200m |
| resources.requests.memory | The minimum memory requested to run | N | N | 0.5Gi |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| waConsoleCertSecretName | The name of the WA console secret to store customized SSL certificates | N | N | |
| image.repository | aida-nginx image repository | N | N | hclcr.io/wa/aida-nginx |
| image.tag | aida-nginx image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| routes.enabled | If true, the ingress controller rules are enabled | N | N | true |
| ingress.hostname | The virtual hostname defined in the DNS used to reach the WA Console | Y (only if the network enablement implementation is INGRESS) | N | |
| ingress.secretName | The WA Console ingress secret | Y (only if the network enablement implementation is INGRESS) | N | |
| exposeServiceType | The network enablement configuration implemented. Valid values: LoadBalancer, Ingress or Routes | N | N | LoadBalancer |
| exposeServiceAnnotation | Annotations of either the resource of the service or the resource of the ingress, customized in accordance with the cloud provider. Example: networking.gke.io/load-balancer-type: "Internal" | N | N | {} |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 1 |
| resources.limits.memory | The maximum memory requested to run | N | N | 1Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 200m |
| resources.requests.memory | The minimum memory requested to run | N | N | 200Mi |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| prophetOrchestrator | Interval in minutes between two subsequent predictions, and between two subsequent alert detections | N | Y | {"schedule":1440},{"schedule_alert":15} |
| daysOfPrediction | How many days to predict in the future | N | Y | 1 |
| image.repository | aida-orchestrator image repository | N | N | hclcr.io/wa/aida-orchestrator |
| image.tag | aida-ad image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 2 |
| resources.limits.memory | The maximum memory requested to run | N | N | 4Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 0.5 |
| resources.requests.memory | The minimum memory requested to run | N | N | 0.5Gi |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| image.repository | aida-predictor image repository | N | N | hclcr.io/wa/aida-predictor |
| image.tag | aida-ad image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 8 |
| resources.limits.memory | The maximum memory requested to run | N | N | 16Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 1 |
| resources.requests.memory | The minimum memory requested to run | N | N | 1Gi |
| autoscaling.enabled | Set this to false to completely disable autoscaling and true to enable it | N | N | true |
| autoscaling.minReplicas | The minimum number of Pods | N | N | 1 |
| autoscaling.maxReplicas | The maximum number of Pods | N | N | 10 |
| autoscaling.targetMemoryUtilizationPercentage | The value in percentage of memory utilization that each Pod should have | N | N | 80 |
| webConcurrency | Number of workers of the web server. The more they are, the more there is parallelism (and the more RAM is consumed) | N | N | 2 |
| model | The Machine Learning model used for predictions | N | N | neural |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| image.repository | aida-redis image repository | N | N | hclcr.io/wa/aida-redis |
| image.tag | aida-ad image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead. | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 1 |
| resources.limits.memory | The maximum memory requested to run | N | N | 500Mi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 200m |
| resources.requests.memory | The minimum memory requested to run | N | N | 200Mi |
| Parameter | Description | Mandatory | Customizable | Default |
|---|---|---|---|---|
| uiLogLevel | Log level in AIDA UI | N | N | "ERROR:,INFO:,-TRACE:*" |
| image.repository | aida-ui image repository | N | N | hclcr.io/wa/aida-ui |
| image.tag | aida-ad image tag | N | N | 10.2.0.0 |
| image.pullPolicy | image pull policy | N | N | Always |
| serviceAccount.create | If true, a new ServiceAccount will be created, if false will be used an existing one with name global.serviceAccountName | N | N | false |
| serviceAccount.annotations | Annotations to add to the created ServiceAccount | N | N | {} |
| serviceAccount.name | The name of the created ServiceAccount. If not set, the Pod name will be used instead | N | N | "" |
| resources.limits.cpu | The maximum CUP requested to run | N | N | 1 |
| resources.limits.memory | The maximum memory requested to run | N | N | 2Gi |
| resources.requests.cpu | The minimum CPU requested to run | N | N | 0.3 |
| resources.requests.memory | The minimum memory requested to run | N | N | 0.5Gi |
| autoscaling.enabled | Set this to false to completely disable autoscaling and true to enable it | N | N | true |
| autoscaling.minReplicas | The minimum number of Pods | N | N | 1 |
| autoscaling.maxReplicas | The maximum number of Pods | N | N | 10 |
| autoscaling.targetMemoryUtilizationPercentage | The value in percentage of memory utilization that each Pod should have | N | N | 80 |
The following procedures are ways in which you can configure AIDA default deployment. They include the following configuration topics:
aida-nginx service can use two different ways to route external traffic into the Kubernetes Service cluster:
-
A load balancer service that redirects traffic
-
An ingress service that manages external access to the services in the cluster
You can freely switch between these two types of configuration.
To configure a load balancer for aida-nginx service, follow these steps:
- Locate the following parameters in the aida-nginx section of the
values.yamlfile:
aida-nginx.exposeServiceType
aida-nginx.exposeServiceAnnotation
For more information about these configurable parameters, see the aida-nginx parameters table.
- Set the value of the
exposeServiceTypeparameter toLoadBalancer. Note: You can also set the value of theexposeServiceTypeparameter toLoadBalancer_sessionAffinityfor Azure AKS and Google GKE. This parameter ensures each user session always remains active on the same pod, providing a smooth and seamless user experience. - In the
exposeServiceAnnotationsection, uncomment the lines in this section as follows:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
service.beta.kubernetes.io/aws-load-balancer-type: "clb"
#service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-internal: "true"
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
networking.gke.io/load-balancer-type: "Internal"
- Specify the load balancer type and set the load balancer to internal by specifying "true".
To configure an ingress for aida-nginx service, follow these steps:
- Locate the following parameters in the aida-nginx section of the
values.yamlfile:
aida-nginx.exposeServiceType
aida-nginx.exposeServiceAnnotation
For more information about these configurable parameters, see the aida-nginx parameters table.
-
Set the value of the
exposeServiceTypeparameter toIngress. -
In the
exposeServiceAnnotationsection, leave the following lines as comments:
#service.beta.kubernetes.io/aws-load-balancer-type:nlb
#service.beta.kubernetes.io/aws-load-balancer-internal: "true"
#service.beta.kubernetes.io/azure-load-balancer-internal: "true"
#networking.gke.io/load-balancer-type: "Internal"
Scaling is only supported by the following services:
- aida-ad
- aida-predictor
- aida-ui
It is enabled by default, and it is not possible to enable it on the other services.
For the services that support scaling, it is enabled by default the Kubernetes autoscaling feature, that automatically scales the Pod count based on CPU or RAM utilization.
In AIDA value.yaml file, under the specific service section, you can change the following values to control autoscaling:
autoscaling.enabled: set this to false to completely disable autoscaling and true to enable it
autoscaling.minReplicas: set the minimum number of Pods
autoscaling.maxReplicas: set the maximum number of Pods
autoscaling.targetMemoryUtilizationPercentage: set the value in percentage of memory utilization that each Pod should have.
autoscaling.targetCPUUtilizationPercentage: set the value in percentage of CPU utilization that each Pod should have.
Kubernetes autoscaling feature will automatically increase the number of Pods if the actual utilization of CPU/RAM is higher than the configured target, and decrease the number of Pods if it is lower.
AIDA requires persistent storage for the aida-es component that is an Elasticsearch database. To make all of the configuration and runtime data persistent, the Persistent Volume you specify must be mounted in the following container folder:
/usr/share/elasticsearch/data/
The Pod is based on a StatefulSet. This guarantees that each Persistent Volume is mounted in the same Pod when it is scaled up or down.
For test purposes only, you can configure the chart so that persistence is not used.
AIDA can use either dynamic provisioning or static provisioning using a pre-created persistent volume
to allocate storage. You can pre-create Persistent Volumes to be bound to the StatefulSet using Label or StorageClass. It is highly recommended to use persistence with dynamic provisioning. In this case, you must have defined your own Dynamic Persistence Provider. AIDA supports the following provisioning use cases:
-
Kubernetes dynamic volume provisioning to create both a persistent volume and a persistent volume claim. This type of storage uses the default storageClass defined by the Kubernetes admin or by using a custom storageClass which overrides the default. Set the values as follows:
-
aida-es.persistence.enabled:true (default)
-
aida-es.persistence.useDynamicProvisioning:true (default)
-
Specify a custom storageClassName or leave the value blank to use the default storageClass.
-
Persistent storage using a predefined PersistentVolume set up prior to the deployment of this chart. Pre-create a persistent volume. If you configure the label=value pair described in the following Note, then the persistent volume claim is automatically generated by the Helm chart and bound to the persistent volume you pre-created. Set the values as follows:
-
aida-es.persistence.enabled:true
-
aida-es.persistence.useDynamicProvisioning:false
-
Note: By configuring the following two parameters, the persistent volume claim is automatically generated. Ensure that this label=value pair is inserted in the persistent volume you created:
-
aida-es.persistence.dataPVC.selector.label
-
aida-es.persistence.dataPVC.selector.value
Let the Kubernetes binding process select a pre-existing volume based on the accessMode and size. Use selector labels to refine the binding process.
Before you deploy all of the components, you have the opportunity to choose your persistent storage from the available persistent storage options in your cloud environment or you can leave the default storageClass.
If you create a storageClass object or use the default one, ensure that you have a sufficient amount of backing storage for the aida-es component.
For more information about the required amount of storage, see Resources Required.
Custom storage class:
Modify the aida-es.persistence.dataPVC.storageClassName
parameter in the value.yaml file by specifying the custom storage class name, when you deploy aida-es component.
Default storage class:
Leave the values for the aida-es.persistence.dataPVC.storageClassName
parameter blank in the value.yaml file when you deploy aida-es component.
For more information about the storage parameter values to set, see the aida-es parameters table.
AIDA supports only ReadWriteOnce (RWO) access mode. The volume can be mounted as read-write by a single node.
For more information about AIDA, see AIDA User's Guide.