diff --git a/.helmdocsignore b/.helmdocsignore new file mode 100644 index 0000000000..8f246bffec --- /dev/null +++ b/.helmdocsignore @@ -0,0 +1,6 @@ +infra/charts/feast/charts/postgresql +infra/charts/feast/charts/kafka +infra/charts/feast/charts/redis +infra/charts/feast/charts/prometheus-statsd-exporter +infra/charts/feast/charts/prometheus +infra/charts/feast/charts/grafana diff --git a/infra/charts/feast/Chart.yaml b/infra/charts/feast/Chart.yaml index c8f328548a..8ce82e4a01 100644 --- a/infra/charts/feast/Chart.yaml +++ b/infra/charts/feast/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 -description: A Helm chart to install Feast on kubernetes +description: Feature store for machine learning. name: feast -version: 0.4.4 +version: 0.5.0-alpha.1 diff --git a/infra/charts/feast/README.md b/infra/charts/feast/README.md index e93b687f19..3d868b2fd1 100644 --- a/infra/charts/feast/README.md +++ b/infra/charts/feast/README.md @@ -1,251 +1,379 @@ -# Feast Chart +feast +===== -This directory provides the Helm chart for Feast installation. +Feature store for machine learning. Current chart version is `0.5.0-alpha.1` -This chart installs Feast Core and Feast Serving components of Feast, along with -the required and optional dependencies. Components and dependencies can be -enabled or disabled by changing the corresponding `enabled` flag. Feast Core and -Feast Serving are subcharts of this parent Feast chart. The structure of the charts -are as follows: +## TL;DR; +```bash +# Add Feast Helm chart +helm repo add feast-charts https://feast-charts.storage.googleapis.com +helm repo update + +# Create secret for Feast database, replace with the desired value +kubectl create secret generic feast-postgresql \ + --from-literal=postgresql-password= + +# Install Feast with Online Serving and Beam DirectRunner +helm install --name myrelease feast-charts/feast \ + --set feast-core.postgresql.existingSecret=feast-postgresql \ + --set postgresql.existingSecret=feast-postgresql ``` -feast // top level feast chart -│ -├── feast-core // feast-core subchart -│ ├── postgresql // Postgresql dependency for feast-core (Feast database) -│ └── kafka // Kafka dependency for feast-core (default stream source) -│ -├── feast-serving-online // feast-serving subchart -│ └── redis // Redis dependency for installation of store together with feast-serving -│ -└── feast-serving-batch // feast-serving subchart -``` + +## Introduction +This chart install Feast deployment on a Kubernetes cluster using the [Helm](https://v2.helm.sh/docs/using_helm/#installing-helm) package manager. ## Prerequisites -- Kubernetes 1.13 or newer cluster -- Helm 2.15.2 or newer +- Kubernetes 1.12+ +- Helm 2.15+ (not tested with Helm 3) +- Persistent Volume support on the underlying infrastructure + +## Chart Requirements + +| Repository | Name | Version | +|------------|------|---------| +| | feast-core | 0.5.0-alpha.1 | +| | feast-serving | 0.5.0-alpha.1 | +| | feast-serving | 0.5.0-alpha.1 | +| | prometheus-statsd-exporter | 0.1.2 | +| https://kubernetes-charts-incubator.storage.googleapis.com/ | kafka | 0.20.8 | +| https://kubernetes-charts.storage.googleapis.com/ | grafana | 5.0.5 | +| https://kubernetes-charts.storage.googleapis.com/ | postgresql | 8.6.1 | +| https://kubernetes-charts.storage.googleapis.com/ | prometheus | 11.0.2 | +| https://kubernetes-charts.storage.googleapis.com/ | redis | 10.5.6 | -## Resources Required -The chart deploys pods that consume minimum resources as specified in the resources configuration parameter. +## Chart Values -## Installing the Chart +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| feast-batch-serving.enabled | bool | `false` | Flag to install Feast Batch Serving | +| feast-core.enabled | bool | `true` | Flag to install Feast Core | +| feast-online-serving.enabled | bool | `true` | Flag to install Feast Online Serving | +| grafana.enabled | bool | `true` | Flag to install Grafana | +| kafka.enabled | bool | `true` | Flag to install Kafka | +| postgresql.enabled | bool | `true` | Flag to install Postgresql | +| prometheus-statsd-exporter.enabled | bool | `true` | Flag to install StatsD to Prometheus Exporter | +| prometheus.enabled | bool | `true` | Flag to install Prometheus | +| redis.enabled | bool | `true` | Flag to install Redis | + +## Configuration and installation details + +The default configuration will install Feast with Online Serving. Ingestion +of features will use Beam [DirectRunner](https://beam.apache.org/documentation/runners/direct/) +that runs on the same container where Feast Core is running. -Add repository for Feast chart: ```bash -helm repo add feast-charts https://feast-charts.storage.googleapis.com -helm repo update +# Create secret for Feast database, replace accordingly +kubectl create secret generic feast-postgresql \ + --from-literal=postgresql-password= + +# Install Feast with Online Serving and Beam DirectRunner +helm install --name myrelease feast-charts/feast \ + --set feast-core.postgresql.existingSecret=feast-postgresql \ + --set postgresql.existingSecret=feast-postgresql +``` + +In order to test that the installation is successful: +```bash +helm test myrelease + +# If the installation is successful, the following should be printed +RUNNING: myrelease-feast-online-serving-test +PASSED: myrelease-feast-online-serving-test +RUNNING: myrelease-grafana-test +PASSED: myrelease-grafana-test +RUNNING: myrelease-test-topic-create-consume-produce +PASSED: myrelease-test-topic-create-consume-produce + +# Once the test completes, to check the logs +kubectl logs myrelease-feast-online-serving-test +``` + +> The test pods can be safely deleted after the test finishes. +> Check the yaml files in `templates/tests/` folder to see the processes +> the test pods execute. + +### Feast metrics + +Feast default installation includes Grafana, StatsD exporter and Prometheus. Request +metrics from Feast Core and Feast Serving, as well as ingestion statistic from +Feast Ingestion are accessible from Prometheus and Grafana dashboard. The following +show a quick example how to access the metrics. + +``` +# Forwards local port 9090 to the Prometheus server pod +kubectl port-forward svc/myrelease-prometheus-server 9090:80 +``` + +Visit http://localhost:9090 to access the Prometheus server: + +![Prometheus Server](files/img/prometheus-server.png?raw=true) + +### Enable Batch Serving + +To install Feast Batch Serving for retrieval of historical features in offline +training, access to BigQuery is required. First, create a [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) key that +will provide the credentials to access BigQuery. Grant the service account `editor` +role so it has write permissions to BigQuery and Cloud Storage. + +> In production, it is advised to give only the required [permissions](foo-feast-batch-serving-test) for the +> the service account, versus `editor` role which is very permissive. + +Create a Kubernetes secret for the service account JSON file: +```bash +# By default Feast expects the secret to be named "feast-gcp-service-account" +# and the JSON file to be named "credentials.json" +kubectl create secret generic feast-gcp-service-account --from-file=credentials.json +``` + +Create a new Cloud Storage bucket (if not exists) and make sure the service +account has write access to the bucket: +```bash +gsutil mb ``` -Install Feast release with minimal features, without batch serving and persistence: +Use the following Helm values to enable Batch Serving: +```yaml +# values-batch-serving.yaml +feast-core: + gcpServiceAccount: + enabled: true + postgresql: + existingSecret: feast-postgresql + +feast-batch-serving: + enabled: true + gcpServiceAccount: + enabled: true + application-override.yaml: + feast: + active_store: historical + stores: + - name: historical + type: BIGQUERY + config: + project_id: + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql +``` + +> To delete the previous release, run `helm delete --purge myrelease` +> Note this will not delete the persistent volume that has been claimed (PVC). +> In a test cluster, run `kubectl delete pvc --all` to delete all claimed PVCs. + ```bash -RELEASE_NAME=demo -helm install feast-charts/feast --name $RELEASE_NAME -f values-demo.yaml +# Install a new release +helm install --name myrelease -f values-batch-serving.yaml feast-charts/feast + +# Wait until all pods are created and running/completed (can take about 5m) +kubectl get pods + +# Batch Serving is installed so `helm test` will also test for batch retrieval +helm test myrelease ``` -Install Feast release for typical use cases, with batch and online serving: +### Use DataflowRunner for ingestion + +Apache Beam [DirectRunner](https://beam.apache.org/documentation/runners/direct/) +is not suitable for production use case because it is not easy to scale the +number of workers and there is no convenient API to monitor and manage the +workers. Feast supports [DataflowRunner](https://beam.apache.org/documentation/runners/dataflow/) which is a managed service on Google Cloud. + +> Make sure `feast-gcp-service-account` Kubernetes secret containing the +> service account has been created and the service account has permissions +> to manage Dataflow jobs. + +Since Dataflow workers run outside the Kube cluster and they will need to interact +with Kafka brokers, Redis stores and StatsD server installed in the cluster, +these services need to be exposed for access outside the cluster by setting +`service.type: LoadBalancer`. + +In a typical use case, 5 `LoadBalancer` (internal) IP addresses are required by +Feast when running with `DataflowRunner`. In Google Cloud, these (internal) IP +addresses should be reserved first: ```bash -# To install Feast Batch serving, BigQuery and Google Cloud service account -# is required. The service account needs to have these roles: -# - bigquery.dataEditor -# - bigquery.jobUser -# -# Assuming a service account JSON file has been downloaded to /home/user/key.json, -# run the following command to create a secret in Kubernetes -# (make sure the file name is called key.json): -kubectl create secret generic feast-gcp-service-account --from-file=/home/user/key.json - -# Set these required configuration in Feast Batch Serving -STAGING_LOCATION=gs://bucket/path -PROJECT_ID=google-cloud-project-id -DATASET_ID=bigquery-dataset-id - -# Install the Helm release using default values.yaml -helm install feast-charts/feast --name feast \ - --set feast-serving-batch."application\.yaml".feast.jobs.staging-location=$STAGING_LOCATION \ - --set feast-serving-batch."store\.yaml".bigquery_config.project_id=$PROJECT_ID \ - --set feast-serving-batch."store\.yaml".bigquery_config.dataset_id=$DATASET_ID +# Check with your network configuration which IP addresses are available for use +gcloud compute addresses create \ + feast-kafka-1 feast-kafka-2 feast-kafka-3 feast-redis feast-statsd \ + --region --subnet \ + --addresses 10.128.0.11,10.128.0.12,10.128.0.13,10.128.0.14,10.128.0.15 ``` -## Parameters - -The following table lists the configurable parameters of the Feast chart and their default values. - -| Parameter | Description | Default -| --------- | ----------- | ------- -| `feast-core.enabled` | Flag to install Feast Core | `true` -| `feast-core.postgresql.enabled` | Flag to install Postgresql as Feast database | `true` -| `feast-core.postgresql.postgresqlDatabase` | Name of the database used by Feast Core | `feast` -| `feast-core.postgresql.postgresqlUsername` | Username to authenticate to Feast database | `postgres` -| `feast-core.postgresql.postgresqlPassword` | Passsword to authenticate to Feast database | `password` -| `feast-core.kafka.enabled` | Flag to install Kafka as the default source for Feast | `true` -| `feast-core.kafka.topics[0].name` | Default topic name in Kafka| `feast` -| `feast-core.kafka.topics[0].replicationFactor` | No of replication factor for the topic| `1` -| `feast-core.kafka.topics[0].partitions` | No of partitions for the topic | `1` -| `feast-core.prometheus-statsd-exporter.enabled` | Flag to install Prometheus StatsD Exporter | `false` -| `feast-core.prometheus-statsd-exporter.*` | Refer to this [link](charts/feast-core/charts/prometheus-statsd-exporter/values.yaml | -| `feast-core.replicaCount` | No of pods to create | `1` -| `feast-core.image.repository` | Repository for Feast Core Docker image | `gcr.io/kf-feast/feast-core` -| `feast-core.image.tag` | Tag for Feast Core Docker image | `0.4.4` -| `feast-core.image.pullPolicy` | Image pull policy for Feast Core Docker image | `IfNotPresent` -| `feast-core.prometheus.enabled` | Add annotations to enable Prometheus scraping | `false` -| `feast-core.application.yaml` | Configuration for Feast Core application | Refer to this [link](charts/feast-core/values.yaml) -| `feast-core.springConfigMountPath` | Directory to mount application.yaml | `/etc/feast/feast-core` -| `feast-core.gcpServiceAccount.useExistingSecret` | Flag to use existing secret for GCP service account | `false` -| `feast-core.gcpServiceAccount.existingSecret.name` | Secret name for the service account | `feast-gcp-service-account` -| `feast-core.gcpServiceAccount.existingSecret.key` | Secret key for the service account | `key.json` -| `feast-core.gcpServiceAccount.mountPath` | Directory to mount the JSON key file | `/etc/gcloud/service-accounts` -| `feast-core.gcpProjectId` | Project ID to set `GOOGLE_CLOUD_PROJECT` to change default project used by SDKs | `""` -| `feast-core.jarPath` | Path to Jar file in the Docker image | `/opt/feast/feast-core.jar` -| `feast-core.jvmOptions` | Options for the JVM | `[]` -| `feast-core.logLevel` | Application logging level | `warn` -| `feast-core.logType` | Application logging type (`JSON` or `Console`) | `JSON` -| `feast-core.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` -| `feast-core.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` -| `feast-core.livenessProbe.enabled` | Flag to enable liveness probe | `true` -| `feast-core.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` -| `feast-core.livenessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-core.livenessProbe.timeoutSeconds` | Timeout duration for the probe | `5` -| `feast-core.livenessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-core.livenessProbe.failureThreshold` | Minimum no of consecutive failures for the probe to be considered failed | `5` -| `feast-core.readinessProbe.enabled` | Flag to enable readiness probe | `true` -| `feast-core.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` -| `feast-core.readinessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-core.readinessProbe.timeoutSeconds` | Timeout duration for the probe | `10` -| `feast-core.readinessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-core.service.type` | Kubernetes Service Type | `ClusterIP` -| `feast-core.http.port` | Kubernetes Service port for HTTP request| `80` -| `feast-core.http.targetPort` | Container port for HTTP request | `8080` -| `feast-core.grpc.port` | Kubernetes Service port for GRPC request| `6565` -| `feast-core.grpc.targetPort` | Container port for GRPC request| `6565` -| `feast-core.resources` | CPU and memory allocation for the pod | `{}` -| `feast-core.ingress` | See *Ingress Parameters* [below](#ingress-parameters) | `{}` -| `feast-serving-online.enabled` | Flag to install Feast Online Serving | `true` -| `feast-serving-online.redis.enabled` | Flag to install Redis in Feast Serving | `false` -| `feast-serving-online.redis.usePassword` | Flag to use password to access Redis | `false` -| `feast-serving-online.redis.cluster.enabled` | Flag to enable Redis cluster | `false` -| `feast-serving-online.core.enabled` | Flag for Feast Serving to use Feast Core in the same Helm release | `true` -| `feast-serving-online.replicaCount` | No of pods to create | `1` -| `feast-serving-online.image.repository` | Repository for Feast Serving Docker image | `gcr.io/kf-feast/feast-serving` -| `feast-serving-online.image.tag` | Tag for Feast Serving Docker image | `0.4.4` -| `feast-serving-online.image.pullPolicy` | Image pull policy for Feast Serving Docker image | `IfNotPresent` -| `feast-serving-online.prometheus.enabled` | Add annotations to enable Prometheus scraping | `true` -| `feast-serving-online.application.yaml` | Application configuration for Feast Serving | Refer to this [link](charts/feast-serving/values.yaml) -| `feast-serving-online.store.yaml` | Store configuration for Feast Serving | Refer to this [link](charts/feast-serving/values.yaml) -| `feast-serving-online.springConfigMountPath` | Directory to mount application.yaml and store.yaml | `/etc/feast/feast-serving` -| `feast-serving-online.gcpServiceAccount.useExistingSecret` | Flag to use existing secret for GCP service account | `false` -| `feast-serving-online.gcpServiceAccount.existingSecret.name` | Secret name for the service account | `feast-gcp-service-account` -| `feast-serving-online.gcpServiceAccount.existingSecret.key` | Secret key for the service account | `key.json` -| `feast-serving-online.gcpServiceAccount.mountPath` | Directory to mount the JSON key file | `/etc/gcloud/service-accounts` -| `feast-serving-online.gcpProjectId` | Project ID to set `GOOGLE_CLOUD_PROJECT` to change default project used by SDKs | `""` -| `feast-serving-online.jarPath` | Path to Jar file in the Docker image | `/opt/feast/feast-serving.jar` -| `feast-serving-online.jvmOptions` | Options for the JVM | `[]` -| `feast-serving-online.logLevel` | Application logging level | `warn` -| `feast-serving-online.logType` | Application logging type (`JSON` or `Console`) | `JSON` -| `feast-serving-online.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` -| `feast-serving-online.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` -| `feast-serving-online.livenessProbe.enabled` | Flag to enable liveness probe | `true` -| `feast-serving-online.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` -| `feast-serving-online.livenessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-serving-online.livenessProbe.timeoutSeconds` | Timeout duration for the probe | `5` -| `feast-serving-online.livenessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-serving-online.livenessProbe.failureThreshold` | Minimum no of consecutive failures for the probe to be considered failed | `5` -| `feast-serving-online.readinessProbe.enabled` | Flag to enable readiness probe | `true` -| `feast-serving-online.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` -| `feast-serving-online.readinessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-serving-online.readinessProbe.timeoutSeconds` | Timeout duration for the probe | `10` -| `feast-serving-online.readinessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-serving-online.service.type` | Kubernetes Service Type | `ClusterIP` -| `feast-serving-online.http.port` | Kubernetes Service port for HTTP request| `80` -| `feast-serving-online.http.targetPort` | Container port for HTTP request | `8080` -| `feast-serving-online.grpc.port` | Kubernetes Service port for GRPC request| `6566` -| `feast-serving-online.grpc.targetPort` | Container port for GRPC request| `6566` -| `feast-serving-online.resources` | CPU and memory allocation for the pod | `{}` -| `feast-serving-online.ingress` | See *Ingress Parameters* [below](#ingress-parameters) | `{}` -| `feast-serving-batch.enabled` | Flag to install Feast Batch Serving | `true` -| `feast-serving-batch.redis.enabled` | Flag to install Redis in Feast Serving | `false` -| `feast-serving-batch.redis.usePassword` | Flag to use password to access Redis | `false` -| `feast-serving-batch.redis.cluster.enabled` | Flag to enable Redis cluster | `false` -| `feast-serving-batch.core.enabled` | Flag for Feast Serving to use Feast Core in the same Helm release | `true` -| `feast-serving-batch.replicaCount` | No of pods to create | `1` -| `feast-serving-batch.image.repository` | Repository for Feast Serving Docker image | `gcr.io/kf-feast/feast-serving` -| `feast-serving-batch.image.tag` | Tag for Feast Serving Docker image | `0.4.4` -| `feast-serving-batch.image.pullPolicy` | Image pull policy for Feast Serving Docker image | `IfNotPresent` -| `feast-serving-batch.prometheus.enabled` | Add annotations to enable Prometheus scraping | `true` -| `feast-serving-batch.application.yaml` | Application configuration for Feast Serving | Refer to this [link](charts/feast-serving/values.yaml) -| `feast-serving-batch.store.yaml` | Store configuration for Feast Serving | Refer to this [link](charts/feast-serving/values.yaml) -| `feast-serving-batch.springConfigMountPath` | Directory to mount application.yaml and store.yaml | `/etc/feast/feast-serving` -| `feast-serving-batch.gcpServiceAccount.useExistingSecret` | Flag to use existing secret for GCP service account | `false` -| `feast-serving-batch.gcpServiceAccount.existingSecret.name` | Secret name for the service account | `feast-gcp-service-account` -| `feast-serving-batch.gcpServiceAccount.existingSecret.key` | Secret key for the service account | `key.json` -| `feast-serving-batch.gcpServiceAccount.mountPath` | Directory to mount the JSON key file | `/etc/gcloud/service-accounts` -| `feast-serving-batch.gcpProjectId` | Project ID to set `GOOGLE_CLOUD_PROJECT` to change default project used by SDKs | `""` -| `feast-serving-batch.jarPath` | Path to Jar file in the Docker image | `/opt/feast/feast-serving.jar` -| `feast-serving-batch.jvmOptions` | Options for the JVM | `[]` -| `feast-serving-batch.logLevel` | Application logging level | `warn` -| `feast-serving-batch.logType` | Application logging type (`JSON` or `Console`) | `JSON` -| `feast-serving-batch.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` -| `feast-serving-batch.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` -| `feast-serving-batch.livenessProbe.enabled` | Flag to enable liveness probe | `true` -| `feast-serving-batch.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` -| `feast-serving-batch.livenessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-serving-batch.livenessProbe.timeoutSeconds` | Timeout duration for the probe | `5` -| `feast-serving-batch.livenessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-serving-batch.livenessProbe.failureThreshold` | Minimum no of consecutive failures for the probe to be considered failed | `5` -| `feast-serving-batch.readinessProbe.enabled` | Flag to enable readiness probe | `true` -| `feast-serving-batch.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` -| `feast-serving-batch.readinessProbe.periodSeconds` | How often to perform the probe | `10` -| `feast-serving-batch.readinessProbe.timeoutSeconds` | Timeout duration for the probe | `10` -| `feast-serving-batch.readinessProbe.successThreshold` | Minimum no of consecutive successes for the probe to be considered successful | `1` -| `feast-serving-batch.service.type` | Kubernetes Service Type | `ClusterIP` -| `feast-serving-batch.http.port` | Kubernetes Service port for HTTP request| `80` -| `feast-serving-batch.http.targetPort` | Container port for HTTP request | `8080` -| `feast-serving-batch.grpc.port` | Kubernetes Service port for GRPC request| `6566` -| `feast-serving-batch.grpc.targetPort` | Container port for GRPC request| `6566` -| `feast-serving-batch.resources` | CPU and memory allocation for the pod | `{}` -| `feast-serving-batch.ingress` | See *Ingress Parameters* [below](#ingress-parameters) | `{}` - -## Ingress Parameters - -The following table lists the configurable parameters of the ingress section for each Feast module. - -Note, there are two ingresses available for each module - `grpc` and `http`. - -| Parameter | Description | Default -| ----------------------------- | ----------- | ------- -| `ingress.grcp.enabled` | Enables an ingress (endpoint) for the gRPC server | `false` -| `ingress.grcp.*` | See below | -| `ingress.http.enabled` | Enables an ingress (endpoint) for the HTTP server | `false` -| `ingress.http.*` | See below | -| `ingress.*.class` | Value for `kubernetes.io/ingress.class` | `nginx` -| `ingress.*.hosts` | List of host-names for the ingress | `[]` -| `ingress.*.annotations` | Additional ingress annotations | `{}` -| `ingress.*.https.enabled` | Add a tls section to the ingress | `true` -| `ingress.*.https.secretNames` | Map of hostname to TLS secret name | `{}` If not specified, defaults to `domain-tld-tls` e.g. `feast.example.com` uses secret `example-com-tls` -| `ingress.*.auth.enabled` | Enable auth on the ingress (only applicable for `nginx` type | `false` -| `ingress.*.auth.signinHost` | External hostname of the OAuth2 proxy to use | First item in `ingress.hosts`, replacing the sub-domain with 'auth' e.g. `feast.example.com` uses `auth.example.com` -| `ingress.*.auth.authUrl` | Internal URI to internal auth endpoint | `http://auth-server.auth-ns.svc.cluster.local/auth` -| `ingress.*.whitelist` | Subnet masks to whitelist (i.e. value for `nginx.ingress.kubernetes.io/whitelist-source-range`) | `"""` - -To enable all the ingresses will a config like the following (while also adding the hosts etc): +Use the following Helm values to enable DataflowRuner (and Batch Serving), +replacing the `<*load_balancer_ip*>` tags with the ip addresses reserved above: ```yaml +# values-dataflow-runner.yaml feast-core: - ingress: - grpc: - enabled: true - http: - enabled: true -feast-serving-online: - ingress: - grpc: - enabled: true - http: - enabled: true -feast-serving-batch: - ingress: - grpc: - enabled: true - http: - enabled: true + gcpServiceAccount: + enabled: true + postgresql: + existingSecret: feast-postgresql + application-override.yaml: + feast: + stream: + options: + bootstrapServers: + jobs: + active_runner: dataflow + metrics: + host: + runners: + - name: dataflow + type: DataflowRunner + options: + project: + region: + zone: + tempLocation: + network: + subnetwork: + maxNumWorkers: 1 + autoscalingAlgorithm: THROUGHPUT_BASED + usePublicIps: false + workerMachineType: n1-standard-1 + deadLetterTableSpec: + +feast-online-serving: + application-override.yaml: + feast: + stores: + - name: online + type: REDIS + config: + host: + port: 6379 + subscriptions: + - name: "*" + project: "*" + version: "*" + +feast-batch-serving: + enabled: true + gcpServiceAccount: + enabled: true + application-override.yaml: + feast: + active_store: historical + stores: + - name: historical + type: BIGQUERY + config: + project_id: + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql + +kafka: + external: + enabled: true + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + firstListenerPort: 31090 + loadBalancerIP: + - + - + - + configurationOverrides: + "advertised.listeners": |- + EXTERNAL://${LOAD_BALANCER_IP}:31090 + "listener.security.protocol.map": |- + PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT + "log.retention.hours": 1 + +redis: + master: + service: + type: LoadBalancer + loadBalancerIP: + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + +prometheus-statsd-exporter: + service: + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + loadBalancerIP: +``` + +```bash +# Install a new release +helm install --name myrelease -f values-dataflow-runner.yaml feast-charts/feast + +# Wait until all pods are created and running/completed (can take about 5m) +kubectl get pods + +# Test the installation +helm test myrelease ``` +If the tests are successful, Dataflow jobs should appear in Google Cloud console +running features ingestion: https://console.cloud.google.com/dataflow + +![Dataflow Jobs](files/img/dataflow-jobs.png) + +### Production configuration + +#### Resources requests + +The `resources` field in the deployment spec is left empty in the examples. In +production these should be set according to the load each services are expected +to handle and the service level objectives (SLO). Also Feast Core and Serving +is Java application and it is [good practice](https://stackoverflow.com/a/6916718/3949303) +to set the minimum and maximum heap. This is an example reasonable value to set for Feast Serving: + +```yaml +feast-online-serving: + javaOpts: "-Xms2048m -Xmx2048m" + resources: + limits: + memory: "2048Mi" + requests: + memory: "2048Mi" + cpu: "1" +``` + +#### High availability + +Default Feast installation only configures a single instance of Redis +server. If due to network failures or out of memory error Redis is down, +Feast serving will fail to respond to requests. Soon, Feast will support +highly available Redis via [Redis cluster](https://redis.io/topics/cluster-tutorial), +sentinel or additional proxies. + +### Documentation development + +This `README.md` is generated using [helm-docs](https://github.com/norwoodj/helm-docs/). +Please run `helm-docs` to regenerate the `README.md` every time `README.md.gotmpl` +or `values.yaml` are updated. diff --git a/infra/charts/feast/README.md.gotmpl b/infra/charts/feast/README.md.gotmpl new file mode 100644 index 0000000000..69d40fbb25 --- /dev/null +++ b/infra/charts/feast/README.md.gotmpl @@ -0,0 +1,354 @@ +{{ template "chart.header" . }} + +{{ template "chart.description" . }} {{ template "chart.versionLine" . }} + +## TL;DR; + +```bash +# Add Feast Helm chart +helm repo add feast-charts https://feast-charts.storage.googleapis.com +helm repo update + +# Create secret for Feast database, replace with the desired value +kubectl create secret generic feast-postgresql \ + --from-literal=postgresql-password= + +# Install Feast with Online Serving and Beam DirectRunner +helm install --name myrelease feast-charts/feast \ + --set feast-core.postgresql.existingSecret=feast-postgresql \ + --set postgresql.existingSecret=feast-postgresql +``` + +## Introduction +This chart install Feast deployment on a Kubernetes cluster using the [Helm](https://v2.helm.sh/docs/using_helm/#installing-helm) package manager. + +## Prerequisites +- Kubernetes 1.12+ +- Helm 2.15+ (not tested with Helm 3) +- Persistent Volume support on the underlying infrastructure + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +## Configuration and installation details + +The default configuration will install Feast with Online Serving. Ingestion +of features will use Beam [DirectRunner](https://beam.apache.org/documentation/runners/direct/) +that runs on the same container where Feast Core is running. + +```bash +# Create secret for Feast database, replace accordingly +kubectl create secret generic feast-postgresql \ + --from-literal=postgresql-password= + +# Install Feast with Online Serving and Beam DirectRunner +helm install --name myrelease feast-charts/feast \ + --set feast-core.postgresql.existingSecret=feast-postgresql \ + --set postgresql.existingSecret=feast-postgresql +``` + +In order to test that the installation is successful: +```bash +helm test myrelease + +# If the installation is successful, the following should be printed +RUNNING: myrelease-feast-online-serving-test +PASSED: myrelease-feast-online-serving-test +RUNNING: myrelease-grafana-test +PASSED: myrelease-grafana-test +RUNNING: myrelease-test-topic-create-consume-produce +PASSED: myrelease-test-topic-create-consume-produce + +# Once the test completes, to check the logs +kubectl logs myrelease-feast-online-serving-test +``` + +> The test pods can be safely deleted after the test finishes. +> Check the yaml files in `templates/tests/` folder to see the processes +> the test pods execute. + +### Feast metrics + +Feast default installation includes Grafana, StatsD exporter and Prometheus. Request +metrics from Feast Core and Feast Serving, as well as ingestion statistic from +Feast Ingestion are accessible from Prometheus and Grafana dashboard. The following +show a quick example how to access the metrics. + +``` +# Forwards local port 9090 to the Prometheus server pod +kubectl port-forward svc/myrelease-prometheus-server 9090:80 +``` + +Visit http://localhost:9090 to access the Prometheus server: + +![Prometheus Server](files/img/prometheus-server.png?raw=true) + +### Enable Batch Serving + +To install Feast Batch Serving for retrieval of historical features in offline +training, access to BigQuery is required. First, create a [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) key that +will provide the credentials to access BigQuery. Grant the service account `editor` +role so it has write permissions to BigQuery and Cloud Storage. + +> In production, it is advised to give only the required [permissions](foo-feast-batch-serving-test) for the +> the service account, versus `editor` role which is very permissive. + +Create a Kubernetes secret for the service account JSON file: +```bash +# By default Feast expects the secret to be named "feast-gcp-service-account" +# and the JSON file to be named "credentials.json" +kubectl create secret generic feast-gcp-service-account --from-file=credentials.json +``` + +Create a new Cloud Storage bucket (if not exists) and make sure the service +account has write access to the bucket: +```bash +gsutil mb +``` + +Use the following Helm values to enable Batch Serving: +```yaml +# values-batch-serving.yaml +feast-core: + gcpServiceAccount: + enabled: true + postgresql: + existingSecret: feast-postgresql + +feast-batch-serving: + enabled: true + gcpServiceAccount: + enabled: true + application-override.yaml: + feast: + active_store: historical + stores: + - name: historical + type: BIGQUERY + config: + project_id: + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql +``` + +> To delete the previous release, run `helm delete --purge myrelease` +> Note this will not delete the persistent volume that has been claimed (PVC). +> In a test cluster, run `kubectl delete pvc --all` to delete all claimed PVCs. + +```bash +# Install a new release +helm install --name myrelease -f values-batch-serving.yaml feast-charts/feast + +# Wait until all pods are created and running/completed (can take about 5m) +kubectl get pods + +# Batch Serving is installed so `helm test` will also test for batch retrieval +helm test myrelease +``` + +### Use DataflowRunner for ingestion + +Apache Beam [DirectRunner](https://beam.apache.org/documentation/runners/direct/) +is not suitable for production use case because it is not easy to scale the +number of workers and there is no convenient API to monitor and manage the +workers. Feast supports [DataflowRunner](https://beam.apache.org/documentation/runners/dataflow/) which is a managed service on Google Cloud. + +> Make sure `feast-gcp-service-account` Kubernetes secret containing the +> service account has been created and the service account has permissions +> to manage Dataflow jobs. + +Since Dataflow workers run outside the Kube cluster and they will need to interact +with Kafka brokers, Redis stores and StatsD server installed in the cluster, +these services need to be exposed for access outside the cluster by setting +`service.type: LoadBalancer`. + +In a typical use case, 5 `LoadBalancer` (internal) IP addresses are required by +Feast when running with `DataflowRunner`. In Google Cloud, these (internal) IP +addresses should be reserved first: +```bash +# Check with your network configuration which IP addresses are available for use +gcloud compute addresses create \ + feast-kafka-1 feast-kafka-2 feast-kafka-3 feast-redis feast-statsd \ + --region --subnet \ + --addresses 10.128.0.11,10.128.0.12,10.128.0.13,10.128.0.14,10.128.0.15 +``` + +Use the following Helm values to enable DataflowRuner (and Batch Serving), +replacing the `<*load_balancer_ip*>` tags with the ip addresses reserved above: + +```yaml +# values-dataflow-runner.yaml +feast-core: + gcpServiceAccount: + enabled: true + postgresql: + existingSecret: feast-postgresql + application-override.yaml: + feast: + stream: + options: + bootstrapServers: + jobs: + active_runner: dataflow + metrics: + host: + runners: + - name: dataflow + type: DataflowRunner + options: + project: + region: + zone: + tempLocation: + network: + subnetwork: + maxNumWorkers: 1 + autoscalingAlgorithm: THROUGHPUT_BASED + usePublicIps: false + workerMachineType: n1-standard-1 + deadLetterTableSpec: + +feast-online-serving: + application-override.yaml: + feast: + stores: + - name: online + type: REDIS + config: + host: + port: 6379 + subscriptions: + - name: "*" + project: "*" + version: "*" + +feast-batch-serving: + enabled: true + gcpServiceAccount: + enabled: true + application-override.yaml: + feast: + active_store: historical + stores: + - name: historical + type: BIGQUERY + config: + project_id: + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql + +kafka: + external: + enabled: true + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + firstListenerPort: 31090 + loadBalancerIP: + - + - + - + configurationOverrides: + "advertised.listeners": |- + EXTERNAL://${LOAD_BALANCER_IP}:31090 + "listener.security.protocol.map": |- + PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT + "log.retention.hours": 1 + +redis: + master: + service: + type: LoadBalancer + loadBalancerIP: + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + +prometheus-statsd-exporter: + service: + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + loadBalancerIP: +``` + +```bash +# Install a new release +helm install --name myrelease -f values-dataflow-runner.yaml feast-charts/feast + +# Wait until all pods are created and running/completed (can take about 5m) +kubectl get pods + +# Test the installation +helm test myrelease +``` + +If the tests are successful, Dataflow jobs should appear in Google Cloud console +running features ingestion: https://console.cloud.google.com/dataflow + +![Dataflow Jobs](files/img/dataflow-jobs.png) + +### Production configuration + +#### Resources requests + +The `resources` field in the deployment spec is left empty in the examples. In +production these should be set according to the load each services are expected +to handle and the service level objectives (SLO). Also Feast Core and Serving +is Java application and it is [good practice](https://stackoverflow.com/a/6916718/3949303) +to set the minimum and maximum heap. This is an example reasonable value to set for Feast Serving: + +```yaml +feast-online-serving: + javaOpts: "-Xms2048m -Xmx2048m" + resources: + limits: + memory: "2048Mi" + requests: + memory: "2048Mi" + cpu: "1" +``` + +#### High availability + +Default Feast installation only configures a single instance of Redis +server. If due to network failures or out of memory error Redis is down, +Feast serving will fail to respond to requests. Soon, Feast will support +highly available Redis via [Redis cluster](https://redis.io/topics/cluster-tutorial), +sentinel or additional proxies. + +### Documentation development + +This `README.md` is generated using [helm-docs](https://github.com/norwoodj/helm-docs/). +Please run `helm-docs` to regenerate the `README.md` every time `README.md.gotmpl` +or `values.yaml` are updated. diff --git a/infra/charts/feast/charts/feast-core/.helmignore b/infra/charts/feast/charts/feast-core/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/infra/charts/feast/charts/feast-core/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/infra/charts/feast/charts/feast-core/Chart.yaml b/infra/charts/feast/charts/feast-core/Chart.yaml index 86d0699b9a..5b832943cf 100644 --- a/infra/charts/feast/charts/feast-core/Chart.yaml +++ b/infra/charts/feast/charts/feast-core/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 -description: A Helm chart for core component of Feast +description: Feast Core registers feature specifications and manage ingestion jobs. name: feast-core -version: 0.4.4 +version: 0.5.0-alpha.1 diff --git a/infra/charts/feast/charts/feast-core/README.md b/infra/charts/feast/charts/feast-core/README.md new file mode 100644 index 0000000000..4bf4578eb7 --- /dev/null +++ b/infra/charts/feast/charts/feast-core/README.md @@ -0,0 +1,70 @@ +feast-core +========== +Feast Core registers feature specifications and manage ingestion jobs. + +Current chart version is `0.5.0-alpha.1` + + + + + +## Chart Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| "application-generated.yaml".enabled | bool | `true` | Flag to include Helm generated configuration for Feast database URL, Kafka bootstrap servers and jobs metrics host. This is useful for deployment that uses default configuration for Kafka, Postgres and StatsD exporter. Please set `application-override.yaml` to override this configuration. | +| "application-override.yaml" | object | `{"enabled":true}` | Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Will be created as a ConfigMap. `application-override.yaml` has a higher precedence than `application-secret.yaml` | +| "application-secret.yaml" | object | `{"enabled":true}` | Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Will be created as a Secret. `application-override.yaml` has a higher precedence than `application-secret.yaml`. It is recommended to either set `application-override.yaml` or `application-secret.yaml` only to simplify config management. | +| "application.yaml".enabled | bool | `true` | Flag to include the default [configuration](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Please set `application-override.yaml` to override this configuration. | +| envOverrides | object | `{}` | Extra environment variables to set | +| gcpProjectId | string | `""` | Project ID to use when using Google Cloud services such as BigQuery, Cloud Storage and Dataflow | +| gcpServiceAccount.enabled | bool | `false` | Flag to use [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) JSON key | +| gcpServiceAccount.existingSecret.key | string | `"credentials.json"` | Key in the secret data (file name of the service account) | +| gcpServiceAccount.existingSecret.name | string | `"feast-gcp-service-account"` | Name of the existing secret containing the service account | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"gcr.io/kf-feast/feast-core"` | Docker image repository | +| image.tag | string | `"dev"` | Image tag | +| ingress.grpc.annotations | object | `{}` | Extra annotations for the ingress | +| ingress.grpc.auth.enabled | bool | `false` | Flag to enable auth | +| ingress.grpc.class | string | `"nginx"` | Which ingress controller to use | +| ingress.grpc.enabled | bool | `false` | Flag to create an ingress resource for the service | +| ingress.grpc.hosts | list | `[]` | List of hostnames to match when routing requests | +| ingress.grpc.https.enabled | bool | `true` | Flag to enable HTTPS | +| ingress.grpc.https.secretNames | object | `{}` | Map of hostname to TLS secret name | +| ingress.grpc.whitelist | string | `""` | Allowed client IP source ranges | +| ingress.http.annotations | object | `{}` | Extra annotations for the ingress | +| ingress.http.auth.authUrl | string | `"http://auth-server.auth-ns.svc.cluster.local/auth"` | URL to an existing authentication service | +| ingress.http.auth.enabled | bool | `false` | Flag to enable auth | +| ingress.http.class | string | `"nginx"` | Which ingress controller to use | +| ingress.http.enabled | bool | `false` | Flag to create an ingress resource for the service | +| ingress.http.hosts | list | `[]` | List of hostnames to match when routing requests | +| ingress.http.https.enabled | bool | `true` | Flag to enable HTTPS | +| ingress.http.https.secretNames | object | `{}` | Map of hostname to TLS secret name | +| ingress.http.whitelist | string | `""` | Allowed client IP source ranges | +| javaOpts | string | `nil` | [JVM options](https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html). For better performance, it is advised to set the min and max heap:
`-Xms2048m -Xmx2048m` | +| livenessProbe.enabled | bool | `true` | Flag to enabled the probe | +| livenessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed | +| livenessProbe.initialDelaySeconds | int | `60` | Delay before the probe is initiated | +| livenessProbe.periodSeconds | int | `10` | How often to perform the probe | +| livenessProbe.successThreshold | int | `1` | Min consecutive success for the probe to be considered successful | +| livenessProbe.timeoutSeconds | int | `5` | When the probe times out | +| logLevel | string | `"WARN"` | Default log level, use either one of `DEBUG`, `INFO`, `WARN` or `ERROR` | +| logType | string | `"Console"` | Log format, either `JSON` or `Console` | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| postgresql.existingSecret | string | `""` | Existing secret to use for authenticating to Postgres | +| prometheus.enabled | bool | `true` | Flag to enable scraping of Feast Core metrics | +| readinessProbe.enabled | bool | `true` | Flag to enabled the probe | +| readinessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed | +| readinessProbe.initialDelaySeconds | int | `20` | Delay before the probe is initiated | +| readinessProbe.periodSeconds | int | `10` | How often to perform the probe | +| readinessProbe.successThreshold | int | `1` | Min consecutive success for the probe to be considered successful | +| readinessProbe.timeoutSeconds | int | `10` | When the probe times out | +| replicaCount | int | `1` | Number of pods that will be created | +| resources | object | `{}` | CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) | +| service.grpc.nodePort | string | `nil` | Port number that each cluster node will listen to | +| service.grpc.port | int | `6565` | Service port for GRPC requests | +| service.grpc.targetPort | int | `6565` | Container port serving GRPC requests | +| service.http.nodePort | string | `nil` | Port number that each cluster node will listen to | +| service.http.port | int | `80` | Service port for HTTP requests | +| service.http.targetPort | int | `8080` | Container port serving HTTP requests | +| service.type | string | `"ClusterIP"` | Kubernetes service type | diff --git a/infra/charts/feast/charts/feast-core/charts/kafka-0.20.1.tgz b/infra/charts/feast/charts/feast-core/charts/kafka-0.20.1.tgz deleted file mode 100644 index 76a2247577..0000000000 Binary files a/infra/charts/feast/charts/feast-core/charts/kafka-0.20.1.tgz and /dev/null differ diff --git a/infra/charts/feast/charts/feast-core/charts/postgresql-6.5.5.tgz b/infra/charts/feast/charts/feast-core/charts/postgresql-6.5.5.tgz deleted file mode 100644 index f61421514d..0000000000 Binary files a/infra/charts/feast/charts/feast-core/charts/postgresql-6.5.5.tgz and /dev/null differ diff --git a/infra/charts/feast/charts/feast-core/requirements.yaml b/infra/charts/feast/charts/feast-core/requirements.yaml deleted file mode 100644 index ef1e39a7d0..0000000000 --- a/infra/charts/feast/charts/feast-core/requirements.yaml +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: postgresql - version: 6.5.5 - repository: "@stable" - condition: postgresql.enabled -- name: kafka - version: 0.20.1 - repository: "@incubator" - condition: kafka.enabled -- name: common - version: 0.0.5 - repository: "@incubator" -- name: prometheus-statsd-exporter - version: 0.1.2 - condition: prometheus-statsd-exporter.enabled \ No newline at end of file diff --git a/infra/charts/feast/charts/feast-core/templates/configmap.yaml b/infra/charts/feast/charts/feast-core/templates/configmap.yaml index da45cad5bd..bce32ef33a 100644 --- a/infra/charts/feast/charts/feast-core/templates/configmap.yaml +++ b/infra/charts/feast/charts/feast-core/templates/configmap.yaml @@ -10,44 +10,26 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - application.yaml: | -{{- toYaml (index .Values "application.yaml") | nindent 4 }} - -{{- if .Values.postgresql.enabled }} - application-bundled-postgresql.yaml: | + application-generated.yaml: | +{{- if index .Values "application-generated.yaml" "enabled" }} spring: datasource: - url: {{ printf "jdbc:postgresql://%s:%s/%s" (printf "%s-postgresql" .Release.Name) (.Values.postgresql.service.port | toString) (.Values.postgresql.postgresqlDatabase) }} - driverClassName: org.postgresql.Driver -{{- end }} - -{{ if .Values.kafka.enabled }} - {{- $topic := index .Values.kafka.topics 0 }} - application-bundled-kafka.yaml: | + url: jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/postgres feast: stream: type: kafka - options: - topic: {{ $topic.name | quote }} - replicationFactor: {{ $topic.replicationFactor }} - partitions: {{ $topic.partitions }} - {{- if not .Values.kafka.external.enabled }} - bootstrapServers: {{ printf "%s:9092" (printf "%s-kafka" .Release.Name) }} - {{- end }} -{{- end }} - -{{- if (index .Values "prometheus-statsd-exporter" "enabled" )}} - application-bundled-statsd.yaml: | - feast: + options: + bootstrapServers: {{ .Release.Name }}-kafka:9092 + topic: feast jobs: metrics: - enabled: true + enabled: true type: statsd - host: prometheus-statsd-exporter + host: {{ .Release.Name }}-prometheus-statsd-exporter-udp port: 9125 {{- end }} -{{- range $name, $content := .Values.springConfigProfiles }} - application-{{ $name }}.yaml: | -{{- toYaml $content | nindent 4 }} -{{- end }} + application-override.yaml: | +{{- if index .Values "application-override.yaml" "enabled" }} +{{- toYaml (index .Values "application-override.yaml") | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/infra/charts/feast/charts/feast-core/templates/deployment.yaml b/infra/charts/feast/charts/feast-core/templates/deployment.yaml index df834b6749..1f4fd996ef 100644 --- a/infra/charts/feast/charts/feast-core/templates/deployment.yaml +++ b/infra/charts/feast/charts/feast-core/templates/deployment.yaml @@ -18,11 +18,12 @@ spec: release: {{ .Release.Name }} template: metadata: - {{- if .Values.prometheus.enabled }} annotations: - {{ $config := index .Values "application.yaml" }} + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- if .Values.prometheus.enabled }} prometheus.io/path: /metrics - prometheus.io/port: "{{ $config.server.port }}" + prometheus.io/port: "{{ .Values.service.http.targetPort }}" prometheus.io/scrape: "true" {{- end }} labels: @@ -39,23 +40,29 @@ spec: - name: {{ template "feast-core.fullname" . }}-config configMap: name: {{ template "feast-core.fullname" . }} - {{- if .Values.gcpServiceAccount.useExistingSecret }} - - name: {{ template "feast-core.fullname" . }}-gcpserviceaccount + - name: {{ template "feast-core.fullname" . }}-secret + secret: + secretName: {{ template "feast-core.fullname" . }} + {{- if .Values.gcpServiceAccount.enabled }} + - name: {{ template "feast-core.fullname" . }}-gcp-service-account secret: secretName: {{ .Values.gcpServiceAccount.existingSecret.name }} {{- end }} containers: - name: {{ .Chart.Name }} - image: '{{ .Values.image.repository }}:{{ required "No .image.tag found. This must be provided as input." .Values.image.tag }}' + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: {{ template "feast-core.fullname" . }}-config - mountPath: "{{ .Values.springConfigMountPath }}" - {{- if .Values.gcpServiceAccount.useExistingSecret }} - - name: {{ template "feast-core.fullname" . }}-gcpserviceaccount - mountPath: {{ .Values.gcpServiceAccount.mountPath }} + mountPath: /etc/feast + - name: {{ template "feast-core.fullname" . }}-secret + mountPath: /etc/secrets/feast + readOnly: true + {{- if .Values.gcpServiceAccount.enabled }} + - name: {{ template "feast-core.fullname" . }}-gcp-service-account + mountPath: /etc/secrets/google readOnly: true {{- end }} @@ -64,40 +71,52 @@ spec: value: {{ .Values.logType | quote }} - name: LOG_LEVEL value: {{ .Values.logLevel | quote }} - - {{- if .Values.postgresql.enabled }} - - name: SPRING_DATASOURCE_USERNAME - value: {{ .Values.postgresql.postgresqlUsername | quote }} + + {{- if .Values.postgresql.existingSecret }} - name: SPRING_DATASOURCE_PASSWORD - value: {{ .Values.postgresql.postgresqlPassword | quote }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: postgresql-password {{- end }} - {{- if .Values.gcpServiceAccount.useExistingSecret }} + {{- if .Values.gcpServiceAccount.enabled }} - name: GOOGLE_APPLICATION_CREDENTIALS - value: {{ .Values.gcpServiceAccount.mountPath }}/{{ .Values.gcpServiceAccount.existingSecret.key }} + value: /etc/secrets/google/{{ .Values.gcpServiceAccount.existingSecret.key }} {{- end }} + {{- if .Values.gcpProjectId }} - name: GOOGLE_CLOUD_PROJECT value: {{ .Values.gcpProjectId | quote }} {{- end }} - command: - - java - {{- range .Values.jvmOptions }} - - {{ . | quote }} + {{- if .Values.javaOpts }} + - name: JAVA_TOOL_OPTIONS + value: {{ .Values.javaOpts }} {{- end }} - - -jar - - {{ .Values.jarPath | quote }} - - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/" - {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}} - {{- $profilesArray = append $profilesArray (.Values.postgresql.enabled | ternary "bundled-postgresql" "") -}} - {{- $profilesArray = append $profilesArray (.Values.kafka.enabled | ternary "bundled-kafka" "") -}} - {{- $profilesArray = append $profilesArray (index .Values "prometheus-statsd-exporter" "enabled" | ternary "bundled-statsd" "") -}} - {{- $profilesArray = compact $profilesArray -}} - {{- if $profilesArray }} - - "--spring.profiles.active={{ join "," $profilesArray }}" + + {{- range $key, $value := .Values.envOverrides }} + - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} + value: {{ $value | quote }} {{- end }} + command: + - java + - -jar + - /opt/feast/feast-core.jar + - --spring.config.location= + {{- if index .Values "application.yaml" "enabled" -}} + classpath:/application.yml + {{- end }} + {{- if index .Values "application-generated.yaml" "enabled" -}} + ,file:/etc/feast/application-generated.yaml + {{- end }} + {{- if index .Values "application-secret.yaml" "enabled" -}} + ,file:/etc/secrets/feast/application-secret.yaml + {{- end }} + {{- if index .Values "application-override.yaml" "enabled" -}} + ,file:/etc/feast/application-override.yaml + {{- end }} ports: - name: http containerPort: {{ .Values.service.http.targetPort }} diff --git a/infra/charts/feast/charts/feast-core/templates/secret.yaml b/infra/charts/feast/charts/feast-core/templates/secret.yaml new file mode 100644 index 0000000000..dd33e2dd48 --- /dev/null +++ b/infra/charts/feast/charts/feast-core/templates/secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "feast-core.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "feast-core.name" . }} + component: core + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +stringData: + application-secret.yaml: | +{{- toYaml (index .Values "application-secret.yaml") | nindent 4 }} diff --git a/infra/charts/feast/charts/feast-core/values.yaml b/infra/charts/feast/charts/feast-core/values.yaml index 077906dc35..5032e8d87a 100644 --- a/infra/charts/feast/charts/feast-core/values.yaml +++ b/infra/charts/feast/charts/feast-core/values.yaml @@ -1,246 +1,151 @@ -# ============================================================ -# Bundled PostgreSQL -# ============================================================ - -# Refer to https://github.com/helm/charts/tree/c42002a21abf8eff839ff1d2382152bde2bbe596/stable/postgresql -# for additional configuration. -postgresql: - # enabled specifies whether Postgresql should be installed as part of Feast Core. - # - # Feast Core requires a database to store data such as the created FeatureSets - # and job statuses. If enabled, the database and service port specified below - # will override "spring.datasource.url" value in application.yaml. The - # username and password will also be set as environment variables that will - # override "spring.datasource.username/password" in application.yaml. - enabled: true - # postgresqlDatabase is the name of the database used by Feast Core. - postgresqlDatabase: feast - # postgresqlUsername is the username to authenticate to the database. - postgresqlUsername: postgres - # postgresqlPassword is the password to authenticate to the database. - postgresqlPassword: password - service: - # port is the TCP port that Postgresql will listen to - port: 5432 - -# ============================================================ -# Bundled Kafka -# ============================================================ - -# Refer to https://github.com/helm/charts/tree/c42002a21abf8eff839ff1d2382152bde2bbe596/incubator/kafka -# for additional configuration. -kafka: - # enabled specifies whether Kafka should be installed as part of Feast Core. - # - # Feast Core requires a Kafka instance to be set as the default source for - # FeatureRows. If enabled, "feast.stream" option in application.yaml will - # be overridden by this installed Kafka configuration. - enabled: true - topics: - # topic that will be used as default in Feast Core for the default Kafka source. - - name: feast - replicationFactor: 1 - partitions: 1 - - -# ============================================================ -# Bundled Prometheus StatsD Exporter -# ============================================================ - -prometheus-statsd-exporter: - enabled: false - -# ============================================================ -# Feast Core -# ============================================================ - -# replicaCount is the number of pods that will be created. +# replicaCount -- Number of pods that will be created replicaCount: 1 -# image configures the Docker image for Feast Core image: + # image.repository -- Docker image repository repository: gcr.io/kf-feast/feast-core + # image.tag -- Image tag + tag: dev + # image.pullPolicy -- Image pull policy pullPolicy: IfNotPresent -# Add prometheus scraping annotations to the Pod metadata. -# If enabled, you must also ensure server.port is specified under application.yaml -prometheus: - enabled: false - -# application.yaml is the main configuration for Feast Core application. -# -# Feast Core is a Spring Boot app which uses this yaml configuration file. -# Refer to https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/core/src/main/resources/application.yml -# for a complete list and description of the configuration. -# -# Note that some properties defined in application.yaml may be overriden by -# Helm under certain conditions. For example, if postgresql and kafka dependencies -# are enabled. application.yaml: - grpc: - port: 6565 - enable-reflection: true - feast: - jobs: - runner: DirectRunner - options: {} - updates: - timeoutSeconds: 240 - metrics: - enabled: false - type: statsd - host: localhost - port: 9125 - stream: - type: kafka - options: - topic: TOPIC - bootstrapServers: HOST:PORT - replicationFactor: 1 - partitions: 1 - spring: - jpa: - properties.hibernate.format_sql: true - properties.hibernate.event.merge.entity_copy_observer: allow - hibernate.naming.physical-strategy=org.hibernate.boot.model.naming: PhysicalNamingStrategyStandardImpl - hibernate.ddl-auto: update - datasource: - driverClassName: org.postgresql.Driver - url: jdbc:postgresql://HOST:PORT/DATABASE - username: USERNAME - password: PASSWORD - management: - metrics: - export: - simple: - enabled: false - statsd: - enabled: false - host: localhost - port: 8125 - -springConfigProfiles: {} -# db: | -# spring: -# datasource: -# driverClassName: org.postgresql.Driver -# url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres} -springConfigProfilesActive: "" -# springConfigMountPath is the directory path where application.yaml will be -# mounted in the container. -springConfigMountPath: /etc/feast/feast-core - -# gcpServiceAccount is the service account that Feast Core will use. + # "application.yaml".enabled -- Flag to include the default [configuration](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Please set `application-override.yaml` to override this configuration. + enabled: true + +application-generated.yaml: + # "application-generated.yaml".enabled -- Flag to include Helm generated configuration for Feast database URL, Kafka bootstrap servers and jobs metrics host. This is useful for deployment that uses default configuration for Kafka, Postgres and StatsD exporter. Please set `application-override.yaml` to override this configuration. + enabled: true + +# "application-secret.yaml" -- Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Will be created as a Secret. `application-override.yaml` has a higher precedence than `application-secret.yaml`. It is recommended to either set `application-override.yaml` or `application-secret.yaml` only to simplify config management. +application-secret.yaml: + enabled: true + +# "application-override.yaml" -- Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/core/src/main/resources/application.yml). Will be created as a ConfigMap. `application-override.yaml` has a higher precedence than `application-secret.yaml` +application-override.yaml: + enabled: true + gcpServiceAccount: - # useExistingSecret specifies Feast to use an existing secret containing Google - # Cloud service account JSON key file. - useExistingSecret: false + # gcpServiceAccount.enabled -- Flag to use [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) JSON key + enabled: false existingSecret: - # name is the secret name of the existing secret for the service account. + # gcpServiceAccount.existingSecret.name -- Name of the existing secret containing the service account name: feast-gcp-service-account - # key is the secret key of the existing secret for the service account. - # key is normally derived from the file name of the JSON key file. - key: key.json - # mountPath is the directory path where the JSON key file will be mounted. - # the value of "existingSecret.key" is file name of the service account file. - mountPath: /etc/gcloud/service-accounts - -# Project ID picked up by the Cloud SDK (e.g. BigQuery run against this project) + # gcpServiceAccount.existingSecret.key -- Key in the secret data (file name of the service account) + key: credentials.json + +postgresql: + # postgresql.existingSecret -- Existing secret to use for authenticating to Postgres + existingSecret: "" + +# gcpProjectId -- Project ID to use when using Google Cloud services such as BigQuery, Cloud Storage and Dataflow gcpProjectId: "" -# Path to Jar file in the Docker image. -# If you are using gcr.io/kf-feast/feast-core this should not need to be changed -jarPath: /opt/feast/feast-core.jar - -# jvmOptions are options that will be passed to the Java Virtual Machine (JVM) -# running Feast Core. -# -# For example, it is good practice to set min and max heap size in JVM. -# https://stackoverflow.com/questions/6902135/side-effect-for-increasing-maxpermsize-and-max-heap-size -# -# Refer to https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html -# to see other JVM options that can be set. -# -jvmOptions: [] -# - -Xms1024m -# - -Xmx1024m - -logType: JSON -logLevel: warn +# javaOpts -- [JVM options](https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html). For better performance, it is advised to set the min and max heap:
`-Xms2048m -Xmx2048m` +javaOpts: + +# logType -- Log format, either `JSON` or `Console` +logType: Console +# logLevel -- Default log level, use either one of `DEBUG`, `INFO`, `WARN` or `ERROR` +logLevel: WARN + +prometheus: + # prometheus.enabled -- Flag to enable scraping of Feast Core metrics + enabled: true livenessProbe: + # livenessProbe.enabled -- Flag to enabled the probe enabled: true + # livenessProbe.initialDelaySeconds -- Delay before the probe is initiated initialDelaySeconds: 60 + # livenessProbe.periodSeconds -- How often to perform the probe periodSeconds: 10 + # livenessProbe.timeoutSeconds -- When the probe times out timeoutSeconds: 5 + # livenessProbe.successThreshold -- Min consecutive success for the probe to be considered successful successThreshold: 1 + # livenessProbe.failureThreshold -- Min consecutive failures for the probe to be considered failed failureThreshold: 5 readinessProbe: + # readinessProbe.enabled -- Flag to enabled the probe enabled: true - initialDelaySeconds: 15 + # readinessProbe.initialDelaySeconds -- Delay before the probe is initiated + initialDelaySeconds: 20 + # readinessProbe.periodSeconds -- How often to perform the probe periodSeconds: 10 + # readinessProbe.timeoutSeconds -- When the probe times out timeoutSeconds: 10 + # readinessProbe.successThreshold -- Min consecutive success for the probe to be considered successful successThreshold: 1 + # readinessProbe.failureThreshold -- Min consecutive failures for the probe to be considered failed failureThreshold: 5 service: + # service.type -- Kubernetes service type type: ClusterIP http: + # service.http.port -- Service port for HTTP requests port: 80 + # service.http.targetPort -- Container port serving HTTP requests targetPort: 8080 - # nodePort is the port number that each cluster node will listen to - # https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - # - # nodePort: + # service.http.nodePort -- Port number that each cluster node will listen to + nodePort: grpc: + # service.grpc.port -- Service port for GRPC requests port: 6565 + # service.grpc.targetPort -- Container port serving GRPC requests targetPort: 6565 - # nodePort is the port number that each cluster node will listen to - # https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - # - # nodePort: + # service.grpc.nodePort -- Port number that each cluster node will listen to + nodePort: ingress: grpc: + # ingress.grpc.enabled -- Flag to create an ingress resource for the service enabled: false + # ingress.grpc.class -- Which ingress controller to use class: nginx + # ingress.grpc.hosts -- List of hostnames to match when routing requests hosts: [] + # ingress.grpc.annotations -- Extra annotations for the ingress annotations: {} https: + # ingress.grpc.https.enabled -- Flag to enable HTTPS enabled: true + # ingress.grpc.https.secretNames -- Map of hostname to TLS secret name secretNames: {} + # ingress.grpc.whitelist -- Allowed client IP source ranges whitelist: "" auth: + # ingress.grpc.auth.enabled -- Flag to enable auth enabled: false http: + # ingress.http.enabled -- Flag to create an ingress resource for the service enabled: false + # ingress.http.class -- Which ingress controller to use class: nginx + # ingress.http.hosts -- List of hostnames to match when routing requests hosts: [] + # ingress.http.annotations -- Extra annotations for the ingress annotations: {} https: + # ingress.http.https.enabled -- Flag to enable HTTPS enabled: true + # ingress.http.https.secretNames -- Map of hostname to TLS secret name secretNames: {} + # ingress.http.whitelist -- Allowed client IP source ranges whitelist: "" auth: + # ingress.http.auth.enabled -- Flag to enable auth enabled: false + # ingress.http.auth.authUrl -- URL to an existing authentication service authUrl: http://auth-server.auth-ns.svc.cluster.local/auth +# resources -- CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +# nodeSelector -- Node labels for pod assignment nodeSelector: {} -tolerations: [] - -affinity: {} +# envOverrides -- Extra environment variables to set +envOverrides: {} \ No newline at end of file diff --git a/infra/charts/feast/charts/feast-serving/.helmignore b/infra/charts/feast/charts/feast-serving/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/infra/charts/feast/charts/feast-serving/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/infra/charts/feast/charts/feast-serving/Chart.yaml b/infra/charts/feast/charts/feast-serving/Chart.yaml index 2e9cf89243..7c8e6131cf 100644 --- a/infra/charts/feast/charts/feast-serving/Chart.yaml +++ b/infra/charts/feast/charts/feast-serving/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 -description: A Helm chart for serving component of Feast +description: Feast Serving serves low-latency latest features and historical batch features. name: feast-serving -version: 0.4.4 +version: 0.5.0-alpha.1 diff --git a/infra/charts/feast/charts/feast-serving/README.md b/infra/charts/feast/charts/feast-serving/README.md new file mode 100644 index 0000000000..7882463977 --- /dev/null +++ b/infra/charts/feast/charts/feast-serving/README.md @@ -0,0 +1,69 @@ +feast-serving +============= +Feast Serving serves low-latency latest features and historical batch features. + +Current chart version is `0.5.0-alpha.1` + + + + + +## Chart Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| "application-generated.yaml".enabled | bool | `true` | Flag to include Helm generated configuration for Feast Core host, Redis store and job store. This is useful for deployment that uses default configuration for Redis. Please set `application-override.yaml` to override this configuration. | +| "application-override.yaml" | object | `{"enabled":true}` | Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Will be created as a ConfigMap. `application-override.yaml` has a higher precedence than `application-secret.yaml` | +| "application-secret.yaml" | object | `{"enabled":true}` | Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Will be created as a Secret. `application-override.yaml` has a higher precedence than `application-secret.yaml`. It is recommended to either set `application-override.yaml` or `application-secret.yaml` only to simplify config management. | +| "application.yaml".enabled | bool | `true` | Flag to include the default [configuration](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Please set `application-override.yaml` to override this configuration. | +| envOverrides | object | `{}` | Extra environment variables to set | +| gcpProjectId | string | `""` | Project ID to use when using Google Cloud services such as BigQuery, Cloud Storage and Dataflow | +| gcpServiceAccount.enabled | bool | `false` | Flag to use [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) JSON key | +| gcpServiceAccount.existingSecret.key | string | `"credentials.json"` | Key in the secret data (file name of the service account) | +| gcpServiceAccount.existingSecret.name | string | `"feast-gcp-service-account"` | Name of the existing secret containing the service account | +| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy | +| image.repository | string | `"gcr.io/kf-feast/feast-serving"` | Docker image repository | +| image.tag | string | `"dev"` | Image tag | +| ingress.grpc.annotations | object | `{}` | Extra annotations for the ingress | +| ingress.grpc.auth.enabled | bool | `false` | Flag to enable auth | +| ingress.grpc.class | string | `"nginx"` | Which ingress controller to use | +| ingress.grpc.enabled | bool | `false` | Flag to create an ingress resource for the service | +| ingress.grpc.hosts | list | `[]` | List of hostnames to match when routing requests | +| ingress.grpc.https.enabled | bool | `true` | Flag to enable HTTPS | +| ingress.grpc.https.secretNames | object | `{}` | Map of hostname to TLS secret name | +| ingress.grpc.whitelist | string | `""` | Allowed client IP source ranges | +| ingress.http.annotations | object | `{}` | Extra annotations for the ingress | +| ingress.http.auth.authUrl | string | `"http://auth-server.auth-ns.svc.cluster.local/auth"` | URL to an existing authentication service | +| ingress.http.auth.enabled | bool | `false` | Flag to enable auth | +| ingress.http.class | string | `"nginx"` | Which ingress controller to use | +| ingress.http.enabled | bool | `false` | Flag to create an ingress resource for the service | +| ingress.http.hosts | list | `[]` | List of hostnames to match when routing requests | +| ingress.http.https.enabled | bool | `true` | Flag to enable HTTPS | +| ingress.http.https.secretNames | object | `{}` | Map of hostname to TLS secret name | +| ingress.http.whitelist | string | `""` | Allowed client IP source ranges | +| javaOpts | string | `nil` | [JVM options](https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html). For better performance, it is advised to set the min and max heap:
`-Xms2048m -Xmx2048m` | +| livenessProbe.enabled | bool | `true` | Flag to enabled the probe | +| livenessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed | +| livenessProbe.initialDelaySeconds | int | `60` | Delay before the probe is initiated | +| livenessProbe.periodSeconds | int | `10` | How often to perform the probe | +| livenessProbe.successThreshold | int | `1` | Min consecutive success for the probe to be considered successful | +| livenessProbe.timeoutSeconds | int | `5` | When the probe times out | +| logLevel | string | `"WARN"` | Default log level, use either one of `DEBUG`, `INFO`, `WARN` or `ERROR` | +| logType | string | `"Console"` | Log format, either `JSON` or `Console` | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| prometheus.enabled | bool | `true` | Flag to enable scraping of Feast Core metrics | +| readinessProbe.enabled | bool | `true` | Flag to enabled the probe | +| readinessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed | +| readinessProbe.initialDelaySeconds | int | `15` | Delay before the probe is initiated | +| readinessProbe.periodSeconds | int | `10` | How often to perform the probe | +| readinessProbe.successThreshold | int | `1` | Min consecutive success for the probe to be considered successful | +| readinessProbe.timeoutSeconds | int | `10` | When the probe times out | +| replicaCount | int | `1` | Number of pods that will be created | +| resources | object | `{}` | CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) | +| service.grpc.nodePort | string | `nil` | Port number that each cluster node will listen to | +| service.grpc.port | int | `6566` | Service port for GRPC requests | +| service.grpc.targetPort | int | `6566` | Container port serving GRPC requests | +| service.http.nodePort | string | `nil` | Port number that each cluster node will listen to | +| service.http.port | int | `80` | Service port for HTTP requests | +| service.http.targetPort | int | `8080` | Container port serving HTTP requests | +| service.type | string | `"ClusterIP"` | Kubernetes service type | diff --git a/infra/charts/feast/charts/feast-serving/charts/redis-9.5.0.tgz b/infra/charts/feast/charts/feast-serving/charts/redis-9.5.0.tgz deleted file mode 100644 index 962893a825..0000000000 Binary files a/infra/charts/feast/charts/feast-serving/charts/redis-9.5.0.tgz and /dev/null differ diff --git a/infra/charts/feast/charts/feast-serving/requirements.yaml b/infra/charts/feast/charts/feast-serving/requirements.yaml deleted file mode 100644 index 2cee3f8149..0000000000 --- a/infra/charts/feast/charts/feast-serving/requirements.yaml +++ /dev/null @@ -1,8 +0,0 @@ -dependencies: -- name: redis - version: 9.5.0 - repository: "@stable" - condition: redis.enabled -- name: common - version: 0.0.5 - repository: "@incubator" diff --git a/infra/charts/feast/charts/feast-serving/templates/_helpers.tpl b/infra/charts/feast/charts/feast-serving/templates/_helpers.tpl index ab670cc8cc..49abb6b8e5 100644 --- a/infra/charts/feast/charts/feast-serving/templates/_helpers.tpl +++ b/infra/charts/feast/charts/feast-serving/templates/_helpers.tpl @@ -43,10 +43,3 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} - -{{/* -Helpers -*/}} -{{- define "bq_store_and_no_job_options" -}} -{{ and (eq (index .Values "store.yaml" "type") "BIGQUERY") (empty (index .Values "application.yaml" "feast" "jobs" "store-options")) }} -{{- end -}} diff --git a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml index 934216a9d5..7c895ce530 100644 --- a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml +++ b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml @@ -10,44 +10,28 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - application.yaml: | -{{- toYaml (index .Values "application.yaml") | nindent 4 }} - -{{- if .Values.core.enabled }} - application-bundled-core.yaml: | - feast: - core-host: {{ printf "%s-feast-core" .Release.Name }} -{{- end }} - -{{- if eq (include "bq_store_and_no_job_options" .) "true" }} - application-bundled-redis.yaml: | + application-generated.yaml: | +{{- if index .Values "application-generated.yaml" "enabled" }} feast: - jobs: - store-options: - host: {{ printf "%s-redis-headless" .Release.Name }} + core-host: {{ .Release.Name }}-feast-core + + stores: + - name: online + type: REDIS + config: + host: {{ .Release.Name }}-redis-master port: 6379 + subscriptions: + - name: "*" + project: "*" + version: "*" + + job_store: + redis_host: {{ .Release.Name }}-redis-master + redis_port: 6379 {{- end }} - store.yaml: | -{{- $store := index .Values "store.yaml"}} - -{{- if and .Values.redis.enabled (eq $store.type "REDIS") }} - -{{- if eq .Values.redis.master.service.type "ClusterIP" }} -{{- $newConfig := dict "redis_config" (dict "host" (printf "%s-redis-headless" .Release.Name) "port" .Values.redis.redisPort) }} -{{- $config := mergeOverwrite $store $newConfig }} -{{- end }} - -{{- if and (eq .Values.redis.master.service.type "LoadBalancer") (not (empty .Values.redis.master.service.loadBalancerIP)) }} -{{- $newConfig := dict "redis_config" (dict "host" .Values.redis.master.service.loadBalancerIP "port" .Values.redis.redisPort) }} -{{- $config := mergeOverwrite $store $newConfig }} -{{- end }} - -{{- end }} - -{{- toYaml $store | nindent 4 }} - -{{- range $name, $content := .Values.springConfigProfiles }} - application-{{ $name }}.yaml: | -{{- toYaml $content | nindent 4 }} + application-override.yaml: | +{{- if index .Values "application-override.yaml" "enabled" }} +{{- toYaml (index .Values "application-override.yaml") | nindent 4 }} {{- end }} diff --git a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml index 64dd3955d0..bb8fdc55ae 100644 --- a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml +++ b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml @@ -19,10 +19,11 @@ spec: template: metadata: annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.prometheus.enabled }} - {{ $config := index .Values "application.yaml" }} prometheus.io/path: /metrics - prometheus.io/port: "{{ $config.server.port }}" + prometheus.io/port: "{{ .Values.service.http.targetPort }}" prometheus.io/scrape: "true" {{- end }} labels: @@ -39,23 +40,29 @@ spec: - name: {{ template "feast-serving.fullname" . }}-config configMap: name: {{ template "feast-serving.fullname" . }} - {{- if .Values.gcpServiceAccount.useExistingSecret }} - - name: {{ template "feast-serving.fullname" . }}-gcpserviceaccount + - name: {{ template "feast-serving.fullname" . }}-secret + secret: + secretName: {{ template "feast-serving.fullname" . }} + {{- if .Values.gcpServiceAccount.enabled }} + - name: {{ template "feast-serving.fullname" . }}-gcp-service-account secret: secretName: {{ .Values.gcpServiceAccount.existingSecret.name }} {{- end }} containers: - name: {{ .Chart.Name }} - image: '{{ .Values.image.repository }}:{{ required "No .image.tag found. This must be provided as input." .Values.image.tag }}' + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: {{ template "feast-serving.fullname" . }}-config - mountPath: "{{ .Values.springConfigMountPath }}" - {{- if .Values.gcpServiceAccount.useExistingSecret }} - - name: {{ template "feast-serving.fullname" . }}-gcpserviceaccount - mountPath: {{ .Values.gcpServiceAccount.mountPath }} + mountPath: /etc/feast + - name: {{ template "feast-serving.fullname" . }}-secret + mountPath: /etc/secrets/feast + readOnly: true + {{- if .Values.gcpServiceAccount.enabled }} + - name: {{ template "feast-serving.fullname" . }}-gcp-service-account + mountPath: /etc/secrets/google readOnly: true {{- end }} @@ -65,30 +72,43 @@ spec: - name: LOG_LEVEL value: {{ .Values.logLevel | quote }} - {{- if .Values.gcpServiceAccount.useExistingSecret }} + {{- if .Values.gcpServiceAccount.enabled }} - name: GOOGLE_APPLICATION_CREDENTIALS - value: {{ .Values.gcpServiceAccount.mountPath }}/{{ .Values.gcpServiceAccount.existingSecret.key }} + value: /etc/secrets/google/{{ .Values.gcpServiceAccount.existingSecret.key }} {{- end }} + {{- if .Values.gcpProjectId }} - name: GOOGLE_CLOUD_PROJECT value: {{ .Values.gcpProjectId | quote }} {{- end }} + {{- if .Values.javaOpts }} + - name: JAVA_TOOL_OPTIONS + value: {{ .Values.javaOpts }} + {{- end }} + + {{- range $key, $value := .Values.envOverrides }} + - name: {{ printf "%s" $key | replace "." "_" | upper | quote }} + value: {{ $value | quote }} + {{- end }} + command: - java - {{- range .Values.jvmOptions }} - - {{ . | quote }} - {{- end }} - -jar - - {{ .Values.jarPath | quote }} - - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/" - {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}} - {{- $profilesArray = append $profilesArray (.Values.core.enabled | ternary "bundled-core" "") -}} - {{- $profilesArray = append $profilesArray (eq (include "bq_store_and_no_job_options" .) "true" | ternary "bundled-redis" "") -}} - {{- $profilesArray = compact $profilesArray -}} - {{- if $profilesArray }} - - "--spring.profiles.active={{ join "," $profilesArray }}" - {{- end }} + - /opt/feast/feast-serving.jar + - --spring.config.location= + {{- if index .Values "application.yaml" "enabled" -}} + classpath:/application.yml + {{- end }} + {{- if index .Values "application-generated.yaml" "enabled" -}} + ,file:/etc/feast/application-generated.yaml + {{- end }} + {{- if index .Values "application-secret.yaml" "enabled" -}} + ,file:/etc/secrets/feast/application-secret.yaml + {{- end }} + {{- if index .Values "application-override.yaml" "enabled" -}} + ,file:/etc/feast/application-override.yaml + {{- end }} ports: - name: http diff --git a/infra/charts/feast/charts/feast-serving/templates/secret.yaml b/infra/charts/feast/charts/feast-serving/templates/secret.yaml new file mode 100644 index 0000000000..2ccbccfcf7 --- /dev/null +++ b/infra/charts/feast/charts/feast-serving/templates/secret.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "feast-serving.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "feast-serving.name" . }} + component: serving + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +stringData: + application-secret.yaml: | +{{- toYaml (index .Values "application-secret.yaml") | nindent 4 }} diff --git a/infra/charts/feast/charts/feast-serving/values.yaml b/infra/charts/feast/charts/feast-serving/values.yaml index 52d10cd744..bf7b2c772a 100644 --- a/infra/charts/feast/charts/feast-serving/values.yaml +++ b/infra/charts/feast/charts/feast-serving/values.yaml @@ -1,234 +1,148 @@ -# redis configures Redis that is installed as part of Feast Serving. -# Refer to https://github.com/helm/charts/tree/99430c4afdc88213c1ca08f40eeb03868ffcc9d7/stable/redis -# for additional configuration -redis: - # enabled specifies whether Redis should be installed as part of Feast Serving. - # - # If enabled, "redis_config" in store.yaml will be overwritten by Helm - # to the configuration in this Redis installation. - enabled: false - # usePassword specifies if password is required to access Redis. Note that - # Feast 0.3 does not support Redis with password. - usePassword: false - # cluster configuration for Redis. - cluster: - # enabled specifies if Redis should be installed in cluster mode. - enabled: false - -# core configures Feast Core in the same parent feast chart that this Feast -# Serving connects to. -core: - # enabled specifies that Feast Serving will use Feast Core installed - # in the same parent feast chart. If enabled, Helm will overwrite - # "feast.core-host" in application.yaml with the correct value. - enabled: true - -# replicaCount is the number of pods that will be created. +# replicaCount -- Number of pods that will be created replicaCount: 1 -# image configures the Docker image for Feast Serving image: + # image.repository -- Docker image repository repository: gcr.io/kf-feast/feast-serving + # image.tag -- Image tag + tag: dev + # image.pullPolicy -- Image pull policy pullPolicy: IfNotPresent -# application.yaml is the main configuration for Feast Serving application. -# -# Feast Core is a Spring Boot app which uses this yaml configuration file. -# Refer to https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/serving/src/main/resources/application.yml -# for a complete list and description of the configuration. -# -# Note that some properties defined in application.yaml may be overridden by -# Helm under certain conditions. For example, if core is enabled, then -# "feast.core-host" will be overridden. Also, if "type: BIGQUERY" is specified -# in store.yaml, "feast.jobs.store-options" will be overridden as well with -# the default option supported in Feast 0.3. application.yaml: - feast: - version: 0.3 - core-host: localhost - core-grpc-port: 6565 - tracing: - enabled: false - tracer-name: jaeger - service-name: feast-serving - store: - config-path: /etc/feast/feast-serving/store.yaml - redis-pool-max-size: 128 - redis-pool-max-idle: 64 - jobs: - staging-location: "" - store-type: "" - store-options: {} - grpc: - port: 6566 - enable-reflection: true - server: - port: 8080 - -# store.yaml is the configuration for Feast Store. -# -# Refer to this link for description: -# https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/protos/feast/core/Store.proto -# -# Use the correct store configuration depending on whether the installed -# Feast Serving is "online" or "batch", by uncommenting the correct store.yaml. -# -# Note that if "redis.enabled: true" and "type: REDIS" in store.yaml, -# Helm will override "redis_config" with configuration of Redis installed -# in this chart. -# -# Note that if "type: BIGQUERY" in store.yaml, Helm assumes Feast Online serving -# is also installed with Redis store. Helm will then override "feast.jobs.store-options" -# in application.yaml with the installed Redis store configuration. This is -# because in Feast 0.3, Redis job store is required. -# -# store.yaml: -# name: online -# type: REDIS -# redis_config: -# host: localhost -# port: 6379 -# subscriptions: -# - project: "*" -# name: "*" -# version: "*" -# -# store.yaml: -# name: bigquery -# type: BIGQUERY -# bigquery_config: -# project_id: PROJECT_ID -# dataset_id: DATASET_ID -# subscriptions: -# - project: "*" -# name: "*" -# version: "*" - -springConfigProfiles: {} -# db: | -# spring: -# datasource: -# driverClassName: org.postgresql.Driver -# url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres} -springConfigProfilesActive: "" -# springConfigMountPath is the directory path where application.yaml and -# store.yaml will be mounted in the container. -springConfigMountPath: /etc/feast/feast-serving - -# gcpServiceAccount is the service account that Feast Serving will use. + # "application.yaml".enabled -- Flag to include the default [configuration](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Please set `application-override.yaml` to override this configuration. + enabled: true + +application-generated.yaml: + # "application-generated.yaml".enabled -- Flag to include Helm generated configuration for Feast Core host, Redis store and job store. This is useful for deployment that uses default configuration for Redis. Please set `application-override.yaml` to override this configuration. + enabled: true + +# "application-secret.yaml" -- Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Will be created as a Secret. `application-override.yaml` has a higher precedence than `application-secret.yaml`. It is recommended to either set `application-override.yaml` or `application-secret.yaml` only to simplify config management. +application-secret.yaml: + enabled: true + +# "application-override.yaml" -- Configuration to override the default [application.yaml](https://github.com/gojek/feast/blob/master/serving/src/main/resources/application.yml). Will be created as a ConfigMap. `application-override.yaml` has a higher precedence than `application-secret.yaml` +application-override.yaml: + enabled: true + gcpServiceAccount: - # useExistingSecret specifies Feast to use an existing secret containing Google + # gcpServiceAccount.enabled -- Flag to use [service account](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) JSON key # Cloud service account JSON key file. - useExistingSecret: false + enabled: false existingSecret: - # name is the secret name of the existing secret for the service account. + # gcpServiceAccount.existingSecret.name -- Name of the existing secret containing the service account name: feast-gcp-service-account - # key is the secret key of the existing secret for the service account. - # key is normally derived from the file name of the JSON key file. - key: key.json - # mountPath is the directory path where the JSON key file will be mounted. - # the value of "existingSecret.key" is file name of the service account file. - mountPath: /etc/gcloud/service-accounts - -# Project ID picked up by the Cloud SDK (e.g. BigQuery run against this project) + # gcpServiceAccount.existingSecret.key -- Key in the secret data (file name of the service account) + key: credentials.json + +# gcpProjectId -- Project ID to use when using Google Cloud services such as BigQuery, Cloud Storage and Dataflow gcpProjectId: "" -# Path to Jar file in the Docker image. -# If using gcr.io/kf-feast/feast-serving this should not need to be changed. -jarPath: /opt/feast/feast-serving.jar - -# jvmOptions are options that will be passed to the Java Virtual Machine (JVM) -# running Feast Core. -# -# For example, it is good practice to set min and max heap size in JVM. -# https://stackoverflow.com/questions/6902135/side-effect-for-increasing-maxpermsize-and-max-heap-size -# -# Refer to https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html -# to see other JVM options that can be set. -# -jvmOptions: [] -# - -Xms768m -# - -Xmx768m - -logType: JSON -logLevel: warn +# javaOpts -- [JVM options](https://docs.oracle.com/cd/E22289_01/html/821-1274/configuring-the-default-jvm-and-java-arguments.html). For better performance, it is advised to set the min and max heap:
`-Xms2048m -Xmx2048m` +javaOpts: + +# logType -- Log format, either `JSON` or `Console` +logType: Console +# logLevel -- Default log level, use either one of `DEBUG`, `INFO`, `WARN` or `ERROR` +logLevel: WARN + +prometheus: + # prometheus.enabled -- Flag to enable scraping of Feast Core metrics + enabled: true livenessProbe: - enabled: false + # livenessProbe.enabled -- Flag to enabled the probe + enabled: true + # livenessProbe.initialDelaySeconds -- Delay before the probe is initiated initialDelaySeconds: 60 + # livenessProbe.periodSeconds -- How often to perform the probe periodSeconds: 10 + # livenessProbe.timeoutSeconds -- When the probe times out timeoutSeconds: 5 + # livenessProbe.successThreshold -- Min consecutive success for the probe to be considered successful successThreshold: 1 + # livenessProbe.failureThreshold -- Min consecutive failures for the probe to be considered failed failureThreshold: 5 readinessProbe: - enabled: false + # readinessProbe.enabled -- Flag to enabled the probe + enabled: true + # readinessProbe.initialDelaySeconds -- Delay before the probe is initiated initialDelaySeconds: 15 + # readinessProbe.periodSeconds -- How often to perform the probe periodSeconds: 10 + # readinessProbe.timeoutSeconds -- When the probe times out timeoutSeconds: 10 + # readinessProbe.successThreshold -- Min consecutive success for the probe to be considered successful successThreshold: 1 + # readinessProbe.failureThreshold -- Min consecutive failures for the probe to be considered failed failureThreshold: 5 service: + # service.type -- Kubernetes service type type: ClusterIP http: + # service.http.port -- Service port for HTTP requests port: 80 + # service.http.targetPort -- Container port serving HTTP requests targetPort: 8080 - # nodePort is the port number that each cluster node will listen to - # https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - # - # nodePort: + # service.http.nodePort -- Port number that each cluster node will listen to + nodePort: grpc: + # service.grpc.port -- Service port for GRPC requests port: 6566 + # service.grpc.targetPort -- Container port serving GRPC requests targetPort: 6566 - # nodePort is the port number that each cluster node will listen to - # https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - # - # nodePort: + # service.grpc.nodePort -- Port number that each cluster node will listen to + nodePort: ingress: grpc: + # ingress.grpc.enabled -- Flag to create an ingress resource for the service enabled: false + # ingress.grpc.class -- Which ingress controller to use class: nginx + # ingress.grpc.hosts -- List of hostnames to match when routing requests hosts: [] + # ingress.grpc.annotations -- Extra annotations for the ingress annotations: {} https: + # ingress.grpc.https.enabled -- Flag to enable HTTPS enabled: true + # ingress.grpc.https.secretNames -- Map of hostname to TLS secret name secretNames: {} + # ingress.grpc.whitelist -- Allowed client IP source ranges whitelist: "" auth: + # ingress.grpc.auth.enabled -- Flag to enable auth enabled: false http: + # ingress.http.enabled -- Flag to create an ingress resource for the service enabled: false + # ingress.http.class -- Which ingress controller to use class: nginx + # ingress.http.hosts -- List of hostnames to match when routing requests hosts: [] + # ingress.http.annotations -- Extra annotations for the ingress annotations: {} https: + # ingress.http.https.enabled -- Flag to enable HTTPS enabled: true + # ingress.http.https.secretNames -- Map of hostname to TLS secret name secretNames: {} + # ingress.http.whitelist -- Allowed client IP source ranges whitelist: "" auth: + # ingress.http.auth.enabled -- Flag to enable auth enabled: false + # ingress.http.auth.authUrl -- URL to an existing authentication service authUrl: http://auth-server.auth-ns.svc.cluster.local/auth -prometheus: - enabled: true - +# resources -- CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +# nodeSelector -- Node labels for pod assignment nodeSelector: {} -tolerations: [] - -affinity: {} +# envOverrides -- Extra environment variables to set +envOverrides: {} \ No newline at end of file diff --git a/infra/charts/feast/charts/grafana-5.0.5.tgz b/infra/charts/feast/charts/grafana-5.0.5.tgz new file mode 100644 index 0000000000..06eb83a5e5 Binary files /dev/null and b/infra/charts/feast/charts/grafana-5.0.5.tgz differ diff --git a/infra/charts/feast/charts/kafka-0.20.8.tgz b/infra/charts/feast/charts/kafka-0.20.8.tgz new file mode 100644 index 0000000000..f61be294ae Binary files /dev/null and b/infra/charts/feast/charts/kafka-0.20.8.tgz differ diff --git a/infra/charts/feast/charts/postgresql-8.6.1.tgz b/infra/charts/feast/charts/postgresql-8.6.1.tgz new file mode 100644 index 0000000000..c1ee74e8e8 Binary files /dev/null and b/infra/charts/feast/charts/postgresql-8.6.1.tgz differ diff --git a/infra/charts/feast/charts/prometheus-11.0.2.tgz b/infra/charts/feast/charts/prometheus-11.0.2.tgz new file mode 100644 index 0000000000..32b3abbe4e Binary files /dev/null and b/infra/charts/feast/charts/prometheus-11.0.2.tgz differ diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/.helmignore b/infra/charts/feast/charts/prometheus-statsd-exporter/.helmignore similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/.helmignore rename to infra/charts/feast/charts/prometheus-statsd-exporter/.helmignore diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/Chart.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/Chart.yaml similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/Chart.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/Chart.yaml diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/README.md b/infra/charts/feast/charts/prometheus-statsd-exporter/README.md similarity index 91% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/README.md rename to infra/charts/feast/charts/prometheus-statsd-exporter/README.md index 69eb33039b..8a6739f393 100644 --- a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/README.md +++ b/infra/charts/feast/charts/prometheus-statsd-exporter/README.md @@ -33,7 +33,8 @@ $ helm delete my-release ## Configuration - |Parameter | Description | Default | +|Parameter | Description | Default | +|----------------------------|------------------------------------------------------|----------------------------------------| |`extraArgs` | key:value list of extra arguments to give the binary | `{}` | |`image.pullPolicy` | Image pull policy | `IfNotPresent` | |`image.repository` | Image repository | `prom/statsd-exporter` | diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/NOTES.txt b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/NOTES.txt similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/NOTES.txt rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/NOTES.txt diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/_helpers.tpl b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/_helpers.tpl similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/_helpers.tpl rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/_helpers.tpl diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/config.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/config.yaml similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/config.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/config.yaml diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/deployment.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/deployment.yaml similarity index 96% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/deployment.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/deployment.yaml index 47308ef89b..44fac913b6 100644 --- a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/deployment.yaml +++ b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "prometheus-statsd-exporter.fullname" . }} @@ -16,7 +16,7 @@ spec: template: metadata: annotations: -{{ toYaml .Values.statsdexporter.annotations | indent 8 }} +{{ toYaml .Values.statsdexporter.podAnnotations | indent 8 }} labels: app: {{ template "prometheus-statsd-exporter.name" . }} release: {{ .Release.Name }} diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/pvc.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/pvc.yaml similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/pvc.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/pvc.yaml diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/service.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/service.yaml similarity index 69% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/service.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/service.yaml index 88d01b24a6..1690ba7fe0 100644 --- a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/service.yaml +++ b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/service.yaml @@ -15,6 +15,38 @@ metadata: {{ toYaml .Values.service.labels | indent 4 }} {{- end }} name: {{ template "prometheus-statsd-exporter.fullname" . }} +spec: + ports: + - name: metrics + port: {{ .Values.service.metricsPort }} + protocol: TCP + targetPort: 9102 + - name: statsd-tcp + port: {{ .Values.service.statsdPort }} + protocol: TCP + targetPort: 9125 + selector: + app: {{ template "prometheus-statsd-exporter.name" . }} + release: {{ .Release.Name }} + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: + app: {{ template "prometheus-statsd-exporter.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + component: "{{ .Chart.Name }}" + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} + name: {{ template "prometheus-statsd-exporter.fullname" . }}-udp spec: {{- if .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} @@ -33,14 +65,6 @@ spec: {{- end }} {{- end }} ports: - - name: metrics - port: {{ .Values.service.metricsPort }} - protocol: TCP - targetPort: 9102 - - name: statsd-tcp - port: {{ .Values.service.statsdPort }} - protocol: TCP - targetPort: 9125 - name: statsd-udp port: {{ .Values.service.statsdPort }} protocol: UDP diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/serviceaccount.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/templates/serviceaccount.yaml similarity index 100% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/templates/serviceaccount.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/templates/serviceaccount.yaml diff --git a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/values.yaml b/infra/charts/feast/charts/prometheus-statsd-exporter/values.yaml similarity index 96% rename from infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/values.yaml rename to infra/charts/feast/charts/prometheus-statsd-exporter/values.yaml index f2d523771e..b3f70ee264 100644 --- a/infra/charts/feast/charts/feast-core/charts/prometheus-statsd-exporter/values.yaml +++ b/infra/charts/feast/charts/prometheus-statsd-exporter/values.yaml @@ -20,6 +20,9 @@ service: statsdexporter: podAnnotations: + prometheus.io/path: /metrics + prometheus.io/port: "9102" + prometheus.io/scrape: "true" extraArgs: {} # - --persistence.file=data-perst diff --git a/infra/charts/feast/charts/redis-10.5.6.tgz b/infra/charts/feast/charts/redis-10.5.6.tgz new file mode 100644 index 0000000000..f1e4ec4105 Binary files /dev/null and b/infra/charts/feast/charts/redis-10.5.6.tgz differ diff --git a/infra/charts/feast/files/img/dataflow-jobs.png b/infra/charts/feast/files/img/dataflow-jobs.png new file mode 100644 index 0000000000..2acf48f19e Binary files /dev/null and b/infra/charts/feast/files/img/dataflow-jobs.png differ diff --git a/infra/charts/feast/files/img/prometheus-server.png b/infra/charts/feast/files/img/prometheus-server.png new file mode 100644 index 0000000000..efe31dc9e1 Binary files /dev/null and b/infra/charts/feast/files/img/prometheus-server.png differ diff --git a/infra/charts/feast/requirements.lock b/infra/charts/feast/requirements.lock index e441790dc7..c6ff995bac 100644 --- a/infra/charts/feast/requirements.lock +++ b/infra/charts/feast/requirements.lock @@ -1,6 +1,30 @@ dependencies: -- name: common - repository: https://kubernetes-charts-incubator.storage.googleapis.com - version: 0.0.5 -digest: sha256:935bfb09e9ed90ff800826a7df21adaabe3225511c3ad78df44e1a5a60e93f14 -generated: 2019-12-10T14:47:49.57569Z +- name: feast-core + repository: "" + version: 0.5.0-alpha.1 +- name: feast-serving + repository: "" + version: 0.5.0-alpha.1 +- name: feast-serving + repository: "" + version: 0.5.0-alpha.1 +- name: postgresql + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 8.6.1 +- name: kafka + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ + version: 0.20.8 +- name: redis + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 10.5.6 +- name: prometheus-statsd-exporter + repository: "" + version: 0.1.2 +- name: prometheus + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 11.0.2 +- name: grafana + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 5.0.5 +digest: sha256:e325439384ef9b45428fbeafe8f1e230b331d4b5482c3f26f07b71cecae06c22 +generated: "2020-05-02T15:00:45.4365217+08:00" diff --git a/infra/charts/feast/requirements.yaml b/infra/charts/feast/requirements.yaml index 1fa1826965..7de7870575 100644 --- a/infra/charts/feast/requirements.yaml +++ b/infra/charts/feast/requirements.yaml @@ -1,12 +1,35 @@ dependencies: - name: feast-core - version: 0.4.4 + version: 0.5.0-alpha.1 condition: feast-core.enabled - name: feast-serving - alias: feast-serving-batch - version: 0.4.4 - condition: feast-serving-batch.enabled + alias: feast-online-serving + version: 0.5.0-alpha.1 + condition: feast-online-serving.enabled - name: feast-serving - alias: feast-serving-online - version: 0.4.4 - condition: feast-serving-online.enabled \ No newline at end of file + alias: feast-batch-serving + version: 0.5.0-alpha.1 + condition: feast-batch-serving.enabled +- name: postgresql + version: 8.6.1 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: postgresql.enabled +- name: kafka + version: 0.20.8 + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ + condition: kafka.enabled +- name: redis + version: 10.5.6 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: redis.enabled +- name: prometheus-statsd-exporter + version: 0.1.2 + condition: prometheus-statsd-exporter.enabled +- name: prometheus + version: 11.0.2 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: prometheus.enabled +- name: grafana + version: 5.0.5 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: grafana.enabled diff --git a/infra/charts/feast/templates/tests/test-feast-batch-serving.yaml b/infra/charts/feast/templates/tests/test-feast-batch-serving.yaml new file mode 100644 index 0000000000..54173021d3 --- /dev/null +++ b/infra/charts/feast/templates/tests/test-feast-batch-serving.yaml @@ -0,0 +1,116 @@ +{{- if and (index .Values "feast-core" "enabled") (index .Values "feast-batch-serving" "enabled") }} + +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-feast-batch-serving-test" + annotations: + "helm.sh/hook": test-success + namespace: {{ .Release.Namespace }} +spec: + containers: + - name: main + image: python:3.7 + command: + - bash + - -c + - | + pip install -U feast==0.4.* + + cat < featureset.yaml + kind: feature_set + spec: + name: customer_transactions + entities: + - name: customer_id + valueType: INT64 + features: + - name: daily_transactions + valueType: FLOAT + - name: total_transactions + valueType: FLOAT + maxAge: 3600s + EOF + + python < featureset.yaml + kind: feature_set + spec: + name: customer_transactions + entities: + - name: customer_id + valueType: INT64 + features: + - name: daily_transactions + valueType: FLOAT + - name: total_transactions + valueType: FLOAT + maxAge: 3600s + EOF + + python < + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql diff --git a/infra/charts/feast/values-dataflow-runner.yaml b/infra/charts/feast/values-dataflow-runner.yaml new file mode 100644 index 0000000000..0469a6349e --- /dev/null +++ b/infra/charts/feast/values-dataflow-runner.yaml @@ -0,0 +1,113 @@ +# values-dataflow-runner.yaml +feast-core: + gcpServiceAccount: + enabled: true + postgresql: + existingSecret: feast-postgresql + application-override.yaml: + feast: + stream: + options: + bootstrapServers: + jobs: + active_runner: dataflow + metrics: + host: + runners: + - name: dataflow + type: DataflowRunner + options: + project: + region: + zone: + tempLocation: + network: + subnetwork: + maxNumWorkers: 1 + autoscalingAlgorithm: THROUGHPUT_BASED + usePublicIps: false + workerMachineType: n1-standard-1 + deadLetterTableSpec: + +feast-online-serving: + application-override.yaml: + feast: + stores: + - name: online + type: REDIS + config: + host: + port: 6379 + subscriptions: + - name: "*" + project: "*" + version: "*" + +feast-batch-serving: + enabled: true + gcpServiceAccount: + enabled: true + application-override.yaml: + feast: + active_store: historical + stores: + - name: historical + type: BIGQUERY + config: + project_id: + dataset_id: + staging_location: gs:///feast-staging-location + initial_retry_delay_seconds: 3 + total_timeout_seconds: 21600 + subscriptions: + - name: "*" + project: "*" + version: "*" + +postgresql: + existingSecret: feast-postgresql + +kafka: + external: + enabled: true + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + firstListenerPort: 31090 + loadBalancerIP: + - + - + - + configurationOverrides: + "advertised.listeners": |- + EXTERNAL://${LOAD_BALANCER_IP}:31090 + "listener.security.protocol.map": |- + PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT + "log.retention.hours": 1 + +redis: + master: + service: + type: LoadBalancer + loadBalancerIP: + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + +prometheus-statsd-exporter: + service: + type: LoadBalancer + annotations: + cloud.google.com/load-balancer-type: Internal + loadBalancerSourceRanges: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + loadBalancerIP: diff --git a/infra/charts/feast/values-demo.yaml b/infra/charts/feast/values-demo.yaml deleted file mode 100644 index 2cb5ccbe74..0000000000 --- a/infra/charts/feast/values-demo.yaml +++ /dev/null @@ -1,84 +0,0 @@ -# The following are values for installing Feast for demonstration purpose: -# - Persistence is disabled since for demo purpose data is not expected -# to be durable -# - Only online serving (no batch serving) is installed to remove dependency -# on Google Cloud services. Batch serving requires BigQuery dependency. -# - Replace all occurrences of "feast.example.com" with the domain name or -# external IP pointing to your cluster -# - -feast-core: - enabled: true - - gcpServiceAccount: - useExistingSecret: false - - service: - type: NodePort - grpc: - nodePort: 32090 - - - resources: - requests: - cpu: 250m - memory: 256Mi - - postgresql: - persistence: - enabled: false - - - kafka: - enabled: true - persistence: - enabled: false - external: - enabled: true - type: NodePort - domain: feast.example.com - configurationOverrides: - "advertised.listeners": |- - EXTERNAL://feast.example.com:$((31090 + ${KAFKA_BROKER_ID})) - "listener.security.protocol.map": |- - PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - - application.yaml: - feast: - stream: - options: - bootstrapServers: feast.example.com:31090 - -feast-serving-online: - enabled: true - redis: - enabled: true - - service: - type: NodePort - grpc: - nodePort: 32091 - - store.yaml: - name: redis - type: REDIS - subscriptions: - - name: "*" - project: "*" - version: "*" - -feast-serving-batch: -# enabled: false - enabled: true - store.yaml: - name: bigquery - type: BIGQUERY - bigquery_config: - project_id: PROJECT_ID - dataset_id: DATASET_ID - subscriptions: - - project: "*" - name: "*" - version: "*" - redis: - enabled: false \ No newline at end of file diff --git a/infra/charts/feast/values-external-store.yaml b/infra/charts/feast/values-external-store.yaml deleted file mode 100644 index d012bcec56..0000000000 --- a/infra/charts/feast/values-external-store.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# TODO @dheryanto -# -# The following are sample values for installing Feast without setting up -# Kafka and Redis stores. In other words, using Feast with external stream -# source and stores. diff --git a/infra/charts/feast/values-production.yaml b/infra/charts/feast/values-production.yaml deleted file mode 100644 index 6b53dc19ea..0000000000 --- a/infra/charts/feast/values-production.yaml +++ /dev/null @@ -1,4 +0,0 @@ -# TODO @dheryanto -# -# The following are sample values for installing Feast for typical production -# environment. diff --git a/infra/charts/feast/values.yaml b/infra/charts/feast/values.yaml index fde03f9ad7..20ee2ab029 100644 --- a/infra/charts/feast/values.yaml +++ b/infra/charts/feast/values.yaml @@ -1,262 +1,35 @@ -# Feast deployment installs the following components: -# - Feast Core -# - Feast Serving Online -# - Feast Serving Batch -# - Prometheus StatsD Exporter -# -# The configuration for different components can be referenced from: -# - charts/feast-core/values.yaml -# - charts/feast-serving/values.yaml -# - charts/prometheus-statsd-exporter/values.yaml -# -# Note that "feast-serving-online" and "feast-serving-batch" are -# aliases to "feast-serving" chart since in typical scenario two instances -# of Feast Serving: online and batch will be deployed. Both described -# using the same chart "feast-serving". -# -# Note that the import job by default uses DirectRunner -# https://beam.apache.org/documentation/runners/direct/ -# in this configuration since it allows Feast to run in more environments -# (unlike DataflowRunner which requires Google Cloud services). -# -# A secret containing Google Cloud service account JSON key is required -# in this configuration. -# https://cloud.google.com/iam/docs/creating-managing-service-accounts -# -# The Google Cloud service account must have the following roles: -# - bigquery.dataEditor -# - bigquery.jobUser -# -# Assuming a service account JSON key file has been downloaded to -# (please name the file key.json): -# /home/user/key.json -# -# Run the following command to create the secret in your Kubernetes cluster: -# -# kubectl create secret generic feast-gcp-service-account \ -# --from-file=/home/user/key.json -# -# Replace every instance of EXTERNAL_IP with the external IP of your GKE cluster - -# ============================================================ -# Feast Core -# ============================================================ - feast-core: - # If enabled specifies whether to install Feast Core component. - # - # Normally, this is set to "false" when Feast users need access to low latency - # Feast Serving, by deploying multiple instances of Feast Serving closest - # to the client. These instances of Feast Serving however can still use - # the same shared Feast Core. + # feast-core.enabled -- Flag to install Feast Core enabled: true - # Specify which image tag to use. Keep this consistent for all components - image: - tag: "0.4.4" +feast-online-serving: + # feast-online-serving.enabled -- Flag to install Feast Online Serving + enabled: true - # jvmOptions are options that will be passed to the Java Virtual Machine (JVM) - # running Feast Core. - # - # For example, it is good practice to set min and max heap size in JVM. - # https://stackoverflow.com/questions/6902135/side-effect-for-increasing-maxpermsize-and-max-heap-size - jvmOptions: - - -Xms1024m - - -Xmx1024m +feast-batch-serving: + # feast-batch-serving.enabled -- Flag to install Feast Batch Serving + enabled: false - # resources that should be allocated to Feast Core. - resources: - requests: - cpu: 1000m - memory: 1024Mi - limits: - memory: 2048Mi +postgresql: + # postgresql.enabled -- Flag to install Postgresql + enabled: true - # gcpServiceAccount is the Google service account that Feast Core will use. - gcpServiceAccount: - # useExistingSecret specifies Feast to use an existing secret containing - # Google Cloud service account JSON key file. - # - # This is the only supported option for now to use a service account JSON. - # Feast admin is expected to create this secret before deploying Feast. - useExistingSecret: true - existingSecret: - # name is the secret name of the existing secret for the service account. - name: feast-gcp-service-account - # key is the secret key of the existing secret for the service account. - # key is normally derived from the file name of the JSON key file. - key: key.json - # Setting service.type to NodePort exposes feast-core service at a static port - service: - type: NodePort - grpc: - # this is the port that is exposed outside of the cluster - nodePort: 32090 - # Make kafka externally accessible using NodePort - # Please set EXTERNAL_IP to your cluster's external IP - kafka: - external: - enabled: true - type: NodePort - domain: EXTERNAL_IP - configurationOverrides: - "advertised.listeners": |- - EXTERNAL://EXTERNAL_IP:$((31090 + ${KAFKA_BROKER_ID})) - "listener.security.protocol.map": |- - PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT - application.yaml: - feast: - stream: - options: - # Point to one of your Kafka brokers - # Please set EXTERNAL_IP to your cluster's external IP - bootstrapServers: EXTERNAL_IP:31090 +kafka: + # kafka.enabled -- Flag to install Kafka + enabled: true -# ============================================================ -# Feast Serving Online -# ============================================================ +redis: + # redis.enabled -- Flag to install Redis + enabled: true -feast-serving-online: - # enabled specifies whether to install Feast Serving Online component. +prometheus-statsd-exporter: + # prometheus-statsd-exporter.enabled -- Flag to install StatsD to Prometheus Exporter enabled: true - # Specify what image tag to use. Keep this consistent for all components - image: - tag: "0.4.4" - # redis.enabled specifies whether Redis should be installed as part of Feast Serving. - # - # If enabled is set to "false", Feast admin has to ensure there is an - # existing Redis running outside Feast, that Feast Serving can connect to. - # master.service.type set to NodePort exposes Redis to outside of the cluster - redis: - enabled: true - master: - service: - nodePort: 32101 - type: NodePort - # jvmOptions are options that will be passed to the Feast Serving JVM. - jvmOptions: - - -Xms1024m - - -Xmx1024m - # resources that should be allocated to Feast Serving. - resources: - requests: - cpu: 500m - memory: 1024Mi - limits: - memory: 2048Mi - # Make service accessible to outside of cluster using NodePort - service: - type: NodePort - grpc: - nodePort: 32091 - # store.yaml is the configuration for Feast Store. - # - # Refer to this link for more description: - # https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/protos/feast/core/Store.proto - store.yaml: - name: redis - type: REDIS - redis_config: - # If redis.enabled is set to false, Feast admin should uncomment and - # set the host value to an "existing" Redis instance Feast will use as - # online Store. Also use the correct port for that existing instance. - # - # Else, if redis.enabled is set to true, replace EXTERNAL_IP with your - # cluster's external IP. - # host: redis-host - host: EXTERNAL_IP - port: 32101 - subscriptions: - - name: "*" - project: "*" - version: "*" -# ============================================================ -# Feast Serving Batch -# ============================================================ +prometheus: + # prometheus.enabled -- Flag to install Prometheus + enabled: true -feast-serving-batch: - # enabled specifies whether to install Feast Serving Batch component. +grafana: + # grafana.enabled -- Flag to install Grafana enabled: true - # Specify what image tag to use. Keep this consistent for all components - image: - tag: "0.4.4" - # redis.enabled specifies whether Redis should be installed as part of Feast Serving. - # - # This is usually set to "false" for Feast Serving Batch because the default - # store is BigQuery. - redis: - enabled: false - # jvmOptions are options that will be passed to the Feast Serving JVM. - jvmOptions: - - -Xms1024m - - -Xmx1024m - # resources that should be allocated to Feast Serving. - resources: - requests: - cpu: 500m - memory: 1024Mi - limits: - memory: 2048Mi - # Make service accessible to outside of cluster using NodePort - service: - type: NodePort - grpc: - nodePort: 32092 - # gcpServiceAccount is the service account that Feast Serving will use. - gcpServiceAccount: - # useExistingSecret specifies Feast to use an existing secret containing - # Google Cloud service account JSON key file. - # - # This is the only supported option for now to use a service account JSON. - # Feast admin is expected to create this secret before deploying Feast. - useExistingSecret: true - existingSecret: - # name is the secret name of the existing secret for the service account. - name: feast-gcp-service-account - # key is the secret key of the existing secret for the service account. - # key is normally derived from the file name of the JSON key file. - key: key.json - # application.yaml is the main configuration for Feast Serving application. - # - # Feast Core is a Spring Boot app which uses this yaml configuration file. - # Refer to https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/serving/src/main/resources/application.yml - # for a complete list and description of the configuration. - application.yaml: - feast: - jobs: - # staging-location specifies the URI to store intermediate files for - # batch serving (required if using BigQuery as Store). - # - # Please set the value to an "existing" Google Cloud Storage URI that - # Feast serving has write access to. - staging-location: gs://YOUR_BUCKET_NAME/serving/batch - # Type of store to store job metadata. - # - # This default configuration assumes that Feast Serving Online is - # enabled as well. So Feast Serving Batch will share the same - # Redis instance to store job statuses. - store-type: REDIS - # Default to use the internal hostname of the redis instance deployed by Online service, - # otherwise use externally exposed by setting EXTERNAL_IP to your cluster's external IP - # store-options: - # host: EXTERNAL_IP - # port: 32101 - # store.yaml is the configuration for Feast Store. - # - # Refer to this link for more description: - # https://github.com/gojek/feast/blob/79eb4ab5fa3d37102c1dca9968162a98690526ba/protos/feast/core/Store.proto - store.yaml: - name: bigquery - type: BIGQUERY - bigquery_config: - # project_id specifies the Google Cloud Project. Please set this to the - # project id you are using BigQuery in. - project_id: PROJECT_ID - # dataset_id specifies an "existing" BigQuery dataset Feast Serving Batch - # will use. Please ensure this dataset is created beforehand. - dataset_id: DATASET_ID - subscriptions: - - name: "*" - project: "*" - version: "*"