Deploying AI-VAULT
For security purposes, the AI-VAULT service cannot be started concurrently in different namespaces in the same Kubernetes cluster.
Prerequisites
Installation preparations have been completed. For details, see Installation Preparations.
Procedure
- Log in to the Kubernetes management node as the administrator and run the following command to check whether the AI-VAULT image and version number are correct:
docker images | grep ai-vault
The following is an example:# docker images | grep ai-vault ai-vault v3.0.0 197f4e8780ca 21 minutes ago 154MB
- If the image and version are correct, go to the next step.
- If either the image or version is incorrect, create and distribute the image by referring to Creating an AI-VAULT Image.
- Create the ai-vault.yaml file in the user's private directory (unreadable and unwritable by other users) on the Kubernetes master node. The following is an example of the Kubernetes startup configuration: Ensure that only one AI-VAULT container exists in a cluster.
apiVersion: apps/v1 kind: Deployment metadata: name: ai-vault namespace: mindx spec: replicas: 1 selector: matchLabels: app: ai-vault template: metadata: labels: app: ai-vault annotations: seccomp.security.alpha.kubernetes.io/pod: runtime/default spec: automountServiceAccountToken: false containers: - name: ai-vault securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] runAsUser: 9001 runAsGroup: 9001 image: ai-vault:{version} env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP resources: requests: memory: 1000Mi cpu: "1" limits: memory: 8000Mi cpu: "10" imagePullPolicy: Never command: [ "/bin/bash", "-c", "--"] args: [ "ulimit -n 1024 && ./ai-vault run" ] volumeMounts: - name: ai-vault-data mountPath: /home/AiVault/.ai-vault volumes: - name: ai-vault-data hostPath: path: /home/AiVault/.ai-vault type: Directory --- apiVersion: v1 kind: Service metadata: name: ai-vault namespace: mindx labels: app: ai-vault spec: type: ClusterIP ports: - name: http port: 8180 targetPort: 8180 protocol: TCP - name: socket port: 8181 targetPort: 8181 protocol: TCP selector: app: ai-vault - Change the permission on the YAML startup configuration file to 600.
chmod 600 ai-vault.yaml
- (Optional) Modify the startup parameters of AI-VAULT in the YAML file as required. For details about the boot parameters, see AI-VAULT Command Description. You can run the ./ai-vault -h command to view the parameter descriptions.
vim ai-vault.yaml
- Run the following command to start AI-VAULT:
kubectl apply -f ai-vault.yaml
The following is an example:
# kubectl apply -f ai-vault.yaml deployment.apps/ai-vault created service/ai-vault created # kubectl get pod -n mindx NAME READY STATUS RESTARTS AGE ai-vault-44534765b-hn5mx 1/1 Running 0 11s
Log Description
- Operation log file: /home/ {userName}/.ai-vault/log/ai-vault_operate.log
- Operation logs are backed up for a maximum of 30 days.
- A maximum of 30 operation log files can be retained after dump.
- Run log file: /home/{userName}/.ai-vault/log/ai-vault_run.log.
- Run logs are backed up for a maximum of seven days.
- A maximum of 30 run log files can be retained after dump.
- In the preceding command, {userName} indicates the user name created in Creating User Accounts. For example, if the user name is AiVault, the corresponding file path is /home/AiVault/.ai-vault/log/ai-vault_run.log.
- When the size of a single log file reaches 20 MB, the automatic dump function is triggered.
Parent topic: AI-VAULT Installation