Katonic Platform on AWS
This guide provides instructions for installing, operating, administrating and configuring the Katonic Platform within your AWS Kubernetes cluster. The information presented here is specifically relevant to users of Katonic who possess self-installation licenses.
Hardware Configurationsโ
This configuration is specifically designed to provide high availability (HA) and optimal performance for various use cases. Its purpose is to deliver superior performance, enabling real-time execution of analytics, machine learning (ML), and artificial intelligence (AI) applications within a production pipeline.
Katonic on EKSโ
The Katonic platform can be deployed on an AWS Elastic Kubernetes Service. In this setup, the architecture of Katonic leverages AWS resources to meet the platform's operational needs and requirements.
The control of Kubernetes is transferred to the EKS control plane, which offers managed Kubernetes masters.
Katonic uses a dedicated Auto Scaling Group (ASG) of EKS workers to host the Katonic platform.
ASGs of EKS workers host elastic compute for Katonic executions.
AWS S3 is used to store entire platform backups.
AWS EFS is used to store Katonic Datasets.
The
kubernetes.io/aws-ebs
provisioner is used to create persistent volumes for Katonic executions.Katonic cannot be installed on EKS Fargate since Fargate does not support stateful workloads with persistent volumes.
All AWS services listed previously are required except GPU compute instances, which are optional.
Your annual Katonic license fee will not include any charges incurred from using AWS services.
You can find detailed pricing information for the Amazon services listed above at AWS Pricing.
Setting up an EKS Cluster for Katonic Platformโ
This section provides a detailed guide on how to configure an Amazon EKS cluster to work seamlessly with Katonic. To successfully set up an EKS cluster for Katonic, it is essential to have a solid understanding of the following AWS services:
- Elastic Kubernetes Service (EKS)
- Identity and Access Management (IAM)
- Virtual Private Cloud (VPC) Networking
- Elastic Block Store (EBS)
- Elastic File System (EFS)
- S3 Object Storage
Additionally, having a basic comprehension of Kubernetes concepts such as node pools, network CNI, storage classes, autoscaling, and Docker will prove invaluable during the cluster deployment.
Security Considerationsโ
To provision an EKS cluster, it is essential to create IAM policies in the AWS console. Katonic recommends following the standard security practice of granting the least privilege when creating IAM policies. It is advised to start with minimal privileges and only grant elevated privileges when necessary. For more information, refer to the concept of Grant Least Privilege concept.
IAM Permissions for Userโ
In order to complete the installation, the IAM user must have the following AWS permissions. These permissions include both AWS managed policies and custom policies that need to be created and attached to the IAM user.
AWS Managed:โ
Custom Managed:โ
These IAM policies have to be created manually in your AWS account and have to be assigned to the IAM User. Use the link to get policy json.
Additionally, for backups, you need to add the policy provided below in the S3 Object Storage part of the documentation.
Managing Service Quotasโ
Amazon maintains default service quotas for each of the previously listed services. You can check the default Service Quotas and manage your quotas by logging in to the AWS Service Quotas Console.
Creating Elastic Kubernetes Service (EKS)โ
By default, the Katonic installer creates an EKS cluster. If you plan to create an EKS cluster, it is recommended to first create a new separate VPC with two subnets and then proceed with creating the EKS cluster within that VPC.
Dynamic Block Storageโ
EKS clusters come pre-configured with several EBS-backed storage classes. For improved input and output performance, Katonic recommends using gp3 disks. The default gp3-based storage class (kfs) is created automatically by the Katonic installer.
If you are manually creating a cluster, you will need to create an EBS gp3-based storage class named kfs. To do this, you need to install and configure the EBS CSI driver in the EKS cluster. Refer to the documentation for instructions on creating the GP3 based storage class.
Dynamic Shared Storageโ
To enable dynamic shared storage, you need to provision an EFS file system and configure an access point that allows access from the EKS cluster.
The Katonic Installer provides an optional parameter shared_storage.create
to create an AWS Elastic File System. It automatically creates the AWS Elastic File System and configures the kfs-shared storage class to use it.
If you are manually creating a cluster and want to use shared storage, you need to create an AWS Elastic File System and configure the kfs-shared storage class to utilize it. Refer to the documentation for instructions on creating an AWS Elastic File System based storage class.
S3 Object Storageโ
To facilitate the storage of platform backups, it is essential to create an Amazon S3 bucket. Access to this bucket should be granted to the IAM user account responsible for the installation process. This can be accomplished by applying the below IAM policy to the bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<backup-bucket-name>"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<backup-bucket-name>/*"
}
]
}
Note: Update the name of the bucket for use when installing Katonic.
AWS EKS Cluster Autoscalingโ
If you intend to deploy the Cluster Autoscaler in your cluster, follow this documentation Cluster Autoscaler.
Domainโ
To ensure proper operation, Katonic must be configured to serve from a specific Fully Qualified Domain Name (FQDN). If you want to serve Katonic securely over HTTPS, you will also need an SSL certificate that covers the chosen domain name. Make sure to record the FQDN for use during the Katonic installation process.
Katonic offers the default option to use the .katonic.ai domain in all versions of the Katonic Platform. However, if you have your own domain, you can also utilize it across all versions provided by the Katonic Platform.
Resources Provisioned Post-Installationโ
When the platform is installed, the following resources are created. Take this into account when selecting your installation configuration.
SR NO. | TYPE | AMOUNT | WHEN | NOTES |
---|---|---|---|---|
1 | Classic Elastic Load Balancer | 1 | Always | Only 1 is required. Automatically gets created by EKS when required. |
2 | Network interface | 1 per node | Always | |
3 | OS boot disk (AWS EBS ) | 1 per node | Always | |
4 | Public IP address | 1 per node | The platform has public IP addresses. | |
5 | VPC | 1 | The platform is deployed to a new VPC. | |
6 | Security Group | 1 | Always | See Security Groups Configuration (AWS). |
7 | EKS Cluster | 1 | EKS is used as the application cluster | Version 1.30 |
8 | EKS Managed Nodes | varies depending on configuration | EKS nodes are used to manage Kubernetes Workloads | |
9 | AWS EFS | 1 | When you enable shared storage while installing Katonic platform. |
Kubernetes(EKS) versionโ
Katonic MLOps platform 5.0.9 version has been validated with Kubernetes(EKS) version 1.30 and above.
Network pluginโ
Katonic relies on Kubernetes network policies to manage secure communication between pods in the cluster. Network policies are implemented by the network plugin, so your cluster uses a networking solution that supports NetworkPolicy, such as Calico.
See the AWS documentation on installing Calico for your EKS cluster.
If you use the Amazon VPC CNI for networking, with only NetworkPolicy enforcement components of Calico, you must ensure the subnets you use for your cluster have CIDR ranges of sufficient size, as every deployed pod in the cluster will be assigned an elastic network interface and consume a subnet address. Katonic recommends at least a /23 CIDR for the cluster.
Data Visualisationโ
Katonic MLOps platform 5.0.9 include Superset Version 2.0.1 for Data Visualization.
You require an additional DNS if you're installing Superset.
Example:
- If your domain name to access platform is katonic.tesla.com.
- Then, the domain for data visualisation would look like dash-katonic.tesla.com.
Connectorsโ
Katonic MLOps platform 5.0.9 include Airbyte Version 0.40.32 for Connectors.
You require an additional DNS if you're installing Airbyte.
Example:
- If your domain name to access platform is katonic.tesla.com.
- Then, the domain for connectors would look like connectors-katonic.tesla.com.
Katonic Platform Installationโ
Installation of the Katonic platform has been segmented based on product. When you click the link, you will be redirected to the installation process documentation.