Deploying Ephemeral with Helm

To deploy Tonic Ephemeral, you use Helm charts. The OCI reference for the Ephemeral chart is oci://quay.io/tonicai/ephemeral. The Ephemeral repository is at https://quay.io/repository/tonicai/ephemeral.

During the onboarding process, Tonic.ai provides you with access credentials for the Quay repository, which gives you access to the charts and application images.

Obtaining the Helm chart configuration

To access the Helm chart assets, you first authenticate Helm to Quay:

helm registry login quay.io

After you authenticate, download the configuration template to a .yaml file.

helm show values oci://quay.io/tonicai/ephemeral --version <ephemeral-version> <yaml-file>

For --version, you must provide the full version number. The repository Tag History lists the available Ephemeral versions.

The .yaml file contains the Helm chart configuration. It is typically named values.yaml.

The following example downloads the configuration template for version 1.062.0 to values.yaml.

helm show values oci://quay.io/tonicai/ephemeral --version 1.062.0 > values.yaml

Configuring the Helm chart

To configure Ephemeral, you edit values.yaml.

Before you deploy Ephemeral, you must configure the following Helm chart values:

ephemeralDatabase

To configure the connection information for the Ephemeral application database:

ephemeralDatabase:
  host: <database-host-DNS-or-IP-address> # For example, myEphemeralDBServer.acme.com
  port: <database-service-port> # For PostgreSQL, usually 5432 
  dbName: <database-name>
  user: <username-for-database-access>
  password: <database-password>
  sslMode: disable|allow|prefer|require|verify-ca|verify-full 

For details about the sslMode options, go to the PostgreSQL SSL documentation.

ingress

To allow external access to the Ephemeral web application, set ingress.enable to true, then configure the ingress.

For help with the Azure AKS ingress configuration, contact Tonic.ai support.

Amazon EKS configuration

The following example shows the ingress configuration for Amazon EKS:

ingress:
  enabled: true
  className: alb
  host: null
  labels: {}
  annotations: 
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/backend-protocol: HTTPS    

Google Kubernetes Engine (GKE) configuration

The following example shows the ingress configuration for GKE.

ingress:
  enabled: true|false
  annotations: {
    # Environment specific annotations. Below is an example for GKE.
    # References a named static IP address
    # and specificies the ingress class.
    kubernetes.io/ingress.global-static-ip-name: tonic-ephemeral,
    kubernetes.io/ingress.class: "gce",
  }
  labels: {}
  host: ""
  className: <INGRESS_CONTROLLER_TYPE> # For example, nginx or gce 

Commenting out the nginx configuration

If you enable ingress, then you comment out the nginx configuration:

    # nginx:
    #   limits:
    #     cpu: "500m"
    #     memory: "256Mi"
    #   requests:
    #     cpu: "100m"
    #     memory: "128Mi" 

ephemeralWeb.annotations

Ephemeral web server or API access might require specific annotations.

In the following example, the configuration ensures that GKE correctly recognizes https traffic.

ephemeral_web:
  annotations: {
    cloud.google.com/app-protocols: '{"https":"HTTPS"}'
  }

database_access

Under database_access, configure the DNS domain:

database_access:
  type: "Direct" # Either: Direct | Proxy
  direct:
    serviceType: "Headless" # Either: LoadBalancer | NodePort
    defaultIps: []
    dns:
      enabled: true
      domain: "${EPHEMERAL_DOMAIN}"
      kubernetesDomainAnnotation: external-dns.alpha.kubernetes.io/hostname
      labels: {}
      annotations:
        # per https://github.com/kubernetes-sigs/external-dns/blob/master/docs/annotations/annotations.md#external-dnsalphakubernetesioendpoints-type
        # > Otherwise, use the IP address of each service's endpoints's addresses.
        # To use pod IP by default, provide a nonexistent value
        external-dns.alpha.kubernetes.io/endpoints-type: PodIP 

Container request resource limits

The Helm chart allows you to configure the resource requests and limits for the individual containers in the Ephemeral application deployment.

The following values reflect the default values in the chart. You can override these values as needed.

ephemeral_web:
  resources:
    ephemeral_api:
      limits:
        memory: "3Gi"
        cpu: "1000m"
      requests:
        memory: "512Mi"
        cpu: "200m"
        ephemeralStorage: "512Mi"
    ephemeral_ui:
      limits:
        memory: "512Mi"
        cpu: "500m"
      requests:
        cpu: "100m"
        memory: "128Mi"
    nginx:
      limits:
        cpu: "500m"
        memory: "256Mi"
      requests:
        cpu: "100m"
        memory: "128Mi"
    vector:
      limits:
        memory: "256Mi"
        cpu: "200m"
      requests:
        cpu: "50m"
        memory: "128Mi"

Installing Ephemeral

In the ephemeral-eks-setup GitHub repository: 06-install-ephemeral.sh

To install Ephemeral:

helm install -n <your-namespace> ephemeral oci://quay.io/tonicai/ephemeral --version 1.<ephemeral-version>.0 -f <yaml-file>

To monitor the progress of the installation:

kubectl get all -n <your-namespace>.

The ephemeral-web pod should be in the running state.

If you enabled ingress, then to check the ingress state:

kubectl describe ingress/ephemeral-web -n <your-namespace>

The Address field contains any expected external address. For example:

The Ephemeral web service should be accessible at http://<ingress-IP-address>.

If you have specific requirements related to ingress or SSL, contact Tonic.ai support.

Upgrading Ephemeral

To upgrade to a newer version of Ephemeral:

helm upgrade -n <your-namespace> ephemeral oci://quay.io/tonicai/ephemeral --version 1.<ephemeral-version>.0 -f <yaml-file>

Removing Ephemeral