Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Akamas is based on a microservices architecture where each service is deployed as a container and communicates with other services via REST APIs. Akamas can be deployed on a dedicated machine (Akamas Server) or on a Kubernetes cluster.
The following figure represents the high-level Akamas architecture.
Users can interact with Akamas via either the Graphical User Interface (GUI), Command-Line Interface (CLI), or via Application Programmatic Interface (API).
Both the GUI and CLI leverage HTTP/S APIs which pass through an API gateway (based on Kong), which also takes care of authenticating users by interacting with Akamas access management and routing requests to the different services.
The Akamas CLI can be invoked on either the Akamas Server itself or on a different machine (e.g. a laptop or another server) where the Akamas CLI has been installed.
Akamas data is securely stored in different databases:
time series data gathered from telemetry providers are stored in Elasticsearch;
application logs are also stored in Elasticsearch;
data related to systems, studies, workflows, and other user-provided data are stored in a Postgres database.
Notice: both Postgres and Elasticsearch and any other service included within Akamas are provided by Akamas as part of the Akamas installation package.
The following Spring-based microservices represent Akamas core services:
System Service: holds information about metrics, parameters, and systems that are being optimized
Campaign Service: holds information about optimization studies, including configurations and experiments
Metrics Service: stores raw performance metrics (in Elasticsearch)
Akamas also provides advanced management features like logging, self-monitoring, licensing, user management, and more.
Telemetry Service: takes care of integrating different data sources by supporting multiple Telemetry Providers
Optimizer Service: combines different optimization engines to generate optimized configurations using ML techniques
Orchestrator Service: manages the execution of user-defined workflows to drive load tests
User Service: takes care of user management activities such as user creation or password changes
License Service: takes care of license management activities, optimization pack, and study export.
Akamas is deployed as a set of containerized services running on Docker and managed via Docker Compose. The latest version of the Akamas Docker Compose file and all the images required by Docker can be downloaded from the AWS ECR repository.
Two installation modes are available:
online installation mode, in case the Akamas Server has access to the Internet - installation behind a proxy server is also supported.
offline installation mode, in case the Akamas Server does not have access to the Internet.
Akamas is deployed on your Kubernetes cluster through a Helm chart, and all the required images can be downloaded from the AWS ECR repository.
Two installation modes are available:
online installation, in case the Kubernetes cluster can access the Internet.
offline installation, in case the Kubernetes cluster does not have access to the Internet or you need to use a private image registry.
Before installing the Akamas please make sure to review all the following requirements:
Run the following command to verify the correct startup and initialization of Akamas:
akamas statusWhen all services have been started this command will return an "OK" message. Please notice that it might take a few minutes for Akamas to start all services.
To check the UI is also properly working please access the following URL:
http://<akamas server name here>You will see the Akamas login form:
Please notice that it is impossible to log into Akamas before a license has been installed. Read here how to Install an Akamas license.
By default, Akamas uses the following ports for its UI:
80 (HTTP)
443 (HTTPS)
Depending on the configuration of your environment, you may want to change the default settings: to do so, you’ll have to update the Akamas docker-compose file.
Inside the docker-compose.yml file, scroll down until you come across the akamas-ui service.
There you will find a specification as follows:
Before installing the Akamas Server please make sure to review all the following requirements:
The CLI is used to interact with an akamas server. To initialize the configuration of the Akamas CLI you can run the command:
and follow the wizard to provide the required information such as the server IP.
Here is a summary of the configuration wizard options.
This configuration can be changed at any time (see how to ).
After this step, the Akamas CLI can be used to login to the Akamas server, by issuing the following command:
and providing the credentials as requested.
Akamas might collect anonymized usage information on running optimizations. Collection and tracking are disabled by default and can be manually enabled.
External tracking is managed through the following environment variables:
AKAMAS_TRACKER_URL: the target URL for all tracking info.
The Akamas CLI supports interacting with the API server through an HTTP/HTTPS proxy server.
To enable access via an HTTP proxy, set the environment variable HTTP_PROXY. From the following snippet, replace proxy_ip and proxy_port with the desired values.
Then, run the akamas command to verify access.
Access through an HTTPS proxy can be set by using the environment variable HTTPS_PROXY instead of HTTP_PROXY.
Please follow these steps to install the Akamas application:
Please also read the section on how to manage Akamas. Finally, read the relevant sections of Integrating Akamas to integrate Akamas into your specific ecosystem.
Please follow these steps to install the Akamas Server:
Please also read the section on how to troubleshoot the installation and how to manage the Akamas Server. Finally, read the relevant sections of Integrating Akamas to integrate Akamas into your specific ecosystem.
akamas init configApi address [http://localhost:8000]: https://<akamas-hostname>:<ui-port>/akapi
Workpace [default]: default
Verify SSL: [True]: True
Is external certificate CA required? [y/N]: Nakamas loginexport HTTP_PROXY="http://<proxy_ip>:<proxy_port>"akamas status debugIn case you were running Akamas with host networking, you are allowed to bind different ports in the container itself. To do so you can expand the docker-compose service by adding a couple of environment variables like this:
Finally, apply the new configuration after updating the AKAMAS_BASE_URL environment variable to match the new protocol or port.
akamas-ui:
ports:
- "443:443"
- "80:80" akamas-ui:
ports:
- "<YOUR_HTTPS_PORT_OF_CHOICE>:443"
- "<YOUR_HTTP_PORT_OF_CHOICE>:80" akamas-ui:
environment:
- HTTP_PORT=<HTTP_CONTAINER_PORT>
- HTTPS_PORT=<HTTPS_CONTAINER_PORT>
ports:
- "<YOUR_HTTPS_PORT_OF_CHOICE>:<HTTP_CONTAINER_PORT>"
- "<YOUR_HTTP_PORT_OF_CHOICE>:<HTTPS_CONTAINER_PORT>"AKAMAS_TRACKING_OPT_OUT: when set to 1, disables anonymous data collection.
Tracking for a running instance can be enabled by editing the AKAMAS_TRACKING_OPT_OUT variable in the docker-compose.yaml file.
To enable tracking set the variable to the following value:
Then issue the command:
External tracking is managed through the field trackingOptOut in the Values file. To enable tracking set trackingOptOut to 0 as in the following example and upgrade the installation:
AKAMAS_TRACKING_OPT_OUT=0docker compose up -dawsAccessKeyId: "YOUR_ACCESSKEY_ID"
awsSecretAccessKey: "YOUR_SECRET_ACCESS_KEY"
trackingOptOut: 0This section describes how to setup an Akamas Server behind a proxy server and to allow Docker to connect to the Akamas repository on AWS ECR.
First, create the /etc/systemd/system/docker.service.d directory if it does not already exists. Then create or update the /etc/systemd/system/docker.service.d/http-proxy.conf file with the variables listed below, taking care of replacing <PROXY> with the address and port (and credentials if needed) of your target proxy server:
[Service]
Environment="HTTP_PROXY=<PROXY>"
Environment="HTTPS_PROXY=<PROXY>"Once configured, flush the changes and restart Docker with the following commands:
For more details, refer to the official documentation page: .
To allow the Akamas services to connect to addresses outside your intranet, the Docker instance needs to be configured to forward the proxy configuration to the Akamas containers.
Update the ~/.docker/config.json file adding the following field to the JSON, taking care to replace <PROXY> with the address (and credentials if needed) of your target proxy server:
For more details, refer to the official documentation page: .
Set the following variables to configure your working environment, taking care to replace <PROXY> with the address (and credentials if needed) of your target proxy server:
Once configured, you can log into the ECR repository through the AWS CLI and start the Akamas services manually.
The following table provides the minimal hardware requirements for the virtual or physical machine used to install the Akamas server in your data center.
Resource
Requirement
CPU
To run Akamas on an AWS Instance you need to create a new virtual machine based on one of the supported operating systems. You can refer to for step-by-step instructions on creating the instance.
As shown in the following diagram, you can create the Akamas instance in the same AWS region, Virtual Private Cloud (VPC), and private subnet as your own already existing EC2 machines and by creating/configuring a new security group that allows communication between your application instances and Akamas instance. The inbound/outbound rules of this security group must be configured as explained in the Networking Requirements section of this page.
It is recommended to use an m6a.xlarge instance with at least 70GB of disks of type GP2 or GP3 and select the latest LTS version of Ubuntu.
Akamas can be run in any EC2 region.
You can find the latest version supported for your preferred region .
Before installing Akamas on an AWS Instance please make sure to meet your AWS service limits (please refer to the official AWS documentation ).
You may find helpful some of the commands listed in the sections below.
By default, access to each service database is assigned to a user with randomly generated passwords. For example, to read the campaign service database password, execute the following command:
kubectl get secret database-user-credentials -o go-template='{{ .data.campaign | base64decode }}'The username for the campaign service can be found in the configuration file under each service section. To read the username for the campaign service set during the installation, launch the following command:
helm get values akamas --all --output json | jq '.campaign.database.user'You can connect to the campaign_service database with the user and password above.
If you want to show all the passwords, execute this command:
This section describes how to install an Akamas workstation
The Akamas CLI allows users to invoke commands against the Akamas dedicated machine (Akamas Server). The Akamas CLI can also be installed on a different system than the Akamas Server.
Linux and Windows operating systems are supported for installing Akamas CLI.
The Akamas CLI can be installed and configured in two simple steps:
Refer to the section to modify the CLI ports the Akamas Server is listening to. Section provides instructions on how to interact with Akamas via a proxy server.
Akamas APIs and UI use plain HTTP when they are first installed. To enable the use of HTTPS you will need to:
Ask your security team to provide you with a valid certificate for your server. The certificate usually consists of two files with ".key" and ".pem" extensions. You will need to provide the Akamas server DNS name.
Create a folder named "certs" in the same directory as Akamas' docker-compose file;
Copy the ".key" and ".pem" files in the created "certs" folder and rename them to "akamas.key" and "akamas.pem" respectively. Ensure the files belong to the same user and group you use to run Akamas.
Restart two Akamas services by running the following commands:
After the containers' reboot is complete you will be able to access the UI over HTTPS from your browser:
If you previously set up AKAMAS_BASE_URL variable with http (e.g. http://my.domain) you should update it to use https (e.g. http://my.domain) then issue
Now that your Akamas server is configured to use HTTPS you can update the Akamas CLI configuration to use the secure protocol.
If you have not installed the Akamas CLI, follow the . If you already have the CLI available, you can run the following command:
You will be prompted to enter some input, please value it as follows:
You can test the connection by running:
It should return 'OK', meaning Akamas has been properly configured to work over HTTPS.
Running Akamas' studies requires a valid license.
To install a license get in touch with Akamas Customer Service to receive:
the Akamas license file
your "customer name" to configure in the variable AKAMAS_CUSTOMER for Docker installations or akamasCustomer for Kubernetes installations
the URL to configure in the AKAMAS_BASE_URL variable for Docker installations
login credentials
Once you have this information, you can issue the following commands:
This page describes the requirements that should be fulfilled by the user when installing or managing an Akamas installation on Kubernetes. The software below is usually installed on the user's workstation or laptop.
Kubectl must be installed and configured to interact with the desired cluster. Refer to the official kubectl documentation to set up the client.
To interact with the Kubernetes APIs, you will need kubectl, preferably with a version matching the cluster. To check both the client and cluster versions, run the following:
kubectl version --shortInstalling Akamas requires or higher. To check the version, run the following:
Akamas uses Elasticsearch to store logs and time series. When running Akamas on Kubernetes, Elasticsearch is installed automatically using the official Elasticsearch helm chart. This chart required running an init container with privileged access to set up a configuration on the Elasticsearch pod host. If running such a container is not permitted in your environment, you can add the following snippet to the akamas.yaml file when installing Akamas to disable this feature.
To get Akamas CLI installed on Linux, run the following commands:
You can now run the Akamas CLI following by running the akamas command.
In some installations, the /usr/local/bin folder is not present in the PATH environment variable. This prevents you from using akamas without specifying the complete file location. To fix this issue you can add an entry to the PATH system environment variable or move the executable to another folder in your PATH.
To enable auto-completion on Linux systems with a bash shell (requires bash 4.4+), run the following commands:
To install the Akamas CLI on Windows run the following command from Powershell:
You can now run the Akamas CLI by running .\akamas in the same folder.
To invoke the akamas CLI from any folder, create a akamas folder (such as C:\Program Files\akamas), and move there the akamas.exe file. Then, add an entry to the PATH system environment variable with the value C:\Program Files\akamas. Now, you can invoke the CLI from any folder, by simply running the akamas command.
The Akamas CLI can be accessed by simply running the akamascommand.
You can verify that the CLI was installed correctly by running this command:
which should show an output similar to this one
At any time, you can see available commands and options with:
For the full list of Akamas commands please refer to the section .
This page will guide you through the installation of software components that are required to get the Akamas Server installed on a machine. Please read the for a detailed list of these software components for each specific OS.
While some links to official documentation and installation resources are provided here, please make sure to refer to your internal system engineering department to ensure that your company deployment processes and best practices are correctly matched.
As a preliminary step before installing any dependency, it is strongly suggested to create a user named akamas on your machine hosting Akamas Server.
This section lists all the connectivity settings required to operate and manage Akamas
Internet access is required for Akamas online installation and updated procedures and allows retrieving the most updated Akamas container images from the Akamas private Amazon Elastic Container Registry (ECR).
If internet access is not available for policies or security reasons, Akamas installation and updates can be executed offline.
Internet access from the Akamas server is not mandatory but it’s strongly recommended.
curl -o akamas_cli https://s3.us-east-2.amazonaws.com/akamas/cli/$(curl -s https://s3.us-east-2.amazonaws.com/akamas/cli/stable.txt)/linux_64/akamas
sudo mv akamas_cli /usr/local/bin/akamas
chmod 755 /usr/local/bin/akamas4 cores @ 2 GHz
Memory
16 GB
Disk Space
70 GB
Follow the reference documentation to install docker on your system.
Docker installation guide: https://docs.docker.com/engine/install
Docker compose is already installed since Docker 23+. To install it on previous versions of Docker follow this installation guide: https://docs.docker.com/compose/install/
AWS CLI v2: https://docs.aws.amazon.com/cli/latest/userguide
As a quick check to verify that all dependencies have been correctly installed, you can run the following commands
Docker:
Docker compose :
Docker versions older than 23 must usedocker-compose command instead of docker compose
AWS CLI:
sudo systemctl daemon-reload
sudo systemctl restart dockerkubectl get secret database-user-credentials -o go-template='{{range $k,$v := .data}} {{printf "%s: %s\n" $k ( $v |base64decode ) }}{{end}}'cd <Akamas docker-compose file folder>
docker compose restart akamas-ui konghttps://<akamas server name here>cd <your bundle files location>
akamas install license <license file you have been provided>kubectl get secret -n <NAMESPACE> akamas-admin-credentials -o go-template='{{.data.password | base64decode}}'helm version --shortdocker run hello-worlddocker compose --versionaws --version{
# ...
"proxies": {
"default": {
"httpProxy": "<PROXY>",
"httpsProxy": "<PROXY>",
"ftpProxy": "<PROXY>",
"noProxy": "localhost,127.0.0.1,/var/run/docker.sock,database,optimizer,campaign,analyzer,telemetry,log,elasticsearch,metrics,system,license,store,orchestrator,airflow-db,airflow-webserver,kong-database,kong,user-service,keycloak,logstash,kibana,akamas-ui,grafana,prometheus,node-exporter,cadvisor,konga,benchmark"
}
}
}export HTTP_PROXY='<PROXY>'
export HTTPS_PROXY='<PROXY>'docker compose up -dakamas init configApi address [http://localhost:8000]: https://<akamas server dns address>:443/akapi
Workspace [default]: default
Verify SSL: [True]: Trueakamas status# Disable ES privileged initialization container.
elasticsearch:
sysctlInitContainer:
enabled: falsecurl -O https://s3.us-east-2.amazonaws.com/akamas/cli/$(curl -s https://s3.us-east-2.amazonaws.com/akamas/cli/stable.txt)/linux_64/akamas_autocomplete.sh
mkdir -p ~/.akamas
mv akamas_autocomplete.sh ~/.akamas
echo '. ~/.akamas/akamas_autocomplete.sh' >> ~/.bashrc
source ~/.bashrcInvoke-WebRequest "https://s3.us-east-2.amazonaws.com/akamas/cli/$($(Invoke-WebRequest https://s3.us-east-2.amazonaws.com/akamas/cli/stable.txt | Select-Object -Expand Content) -replace '\n', '')/win_64/akamas.exe" -OutFile akamas.exeakamas versionAkamas CLI: 2.9.1
Akamas platform: 3.5.2akamas --helpThe following table provides a list of the ports on the Akamas server that have to be reachable by Akamas administrators and users to properly operate the system.
Source
Destination
Port
Reason
Akamas admin
Akamas server
22
ssh
Akamas admin/user
Akamas server
80, 443
Akamas web UI access
Akamas admin/user
In the specific case of AWS instance and customer instances sharing the same VPC/Subnet inside AWS, you should:
open all of the ports listed in the table above for all inbound URLs (0.0.0.0/32) on your AWS security group
open outbound rules to all traffic and then attach this AWS security group (which must reside inside a private subnet) to the Akamas machine and all customer application AWS machines
Akamas is deployed as a set of containerized services running on Docker and managed via Docker Compose. In the online installation mode, the latest version of the Akamas Docker Compose file and all the images required by Docker can be downloaded from the AWS ECR repository.
In case the Akamas Server is behind a proxy server please also read how to setup Akamas behind a Proxy.
It is suggested first to create a directory akamas in the home directory of your user, and then run the following command to get the latest compose file:
To log into AWS ECR and pull the most recent Akamas container images, you need to set the AWS authentication variables to the appropriate values provided by Akamas Customer Support Services by running the following command. To configure Akamas, you should set the following environment variables:
To configure Akamas, you should set the following environment variables:
AKAMAS_CUSTOMER: the customer name matching the one referenced in the Akamas license.
AWS_ACCESS_KEY_ID: the access key for pulling the Akamas images
AWS_SECRET_ACCESS_KEY: the secret access key for pulling the Akamas images
To avoid losing your environment variables for future upgrades, it is suggested to keep them in the .env file. Launch the following command from the same folder where the docker-compose.yml is stored, replacing the parameters in the brackets <>:
To log into AWS ECR and pull the most recent Akamas container images you also need to set the AWS authentication variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION) with the values provided by Akamas Customer Support Services. You can leverage the .env file previously created with the following command:
You can start installing the Akamas server by running the following AWS CLI commands:
The following table provides a list of the supported operating systems and their versions.
Operating System
Version
Ubuntu Linux
18.04+
On RHEL systems Akamas containers might need to be run in privileged mode depending on how Docker was installed on the system.
The following table provides a list of the required Software Packages (also referred to as Akamas dependencies) together with their versions.
The exact version of these prerequisites is listed in the following table:
Read more about how to set up .
To install and run Akamas it is recommended to create a dedicated user (usually "akamas"). The Akamas user is not required to be in the sudoers list but can be added to the docker (dockeroot) group so it can run docker and docker-compose commands.
Make sure that the Akamas user has the read, write, and execute permissions on /tmp. If your environment does not allow writing to the whole /tmp folder, please create a folder /tmp/build and assign read and write permission to the Akamas user on that folder.
Running Akamas on OpenShift requires some Helm configurations to be applied.
The installation is provided as a set of templates packaged in a chart archive managed by Helm. Custom values are applied to ensure Akamas complies with the default restricted-v2 security context constraints.
OpenShift version 4.x.
The installation can be done offline and online as described in the section . Choose the one that better suits your cluster access policies.
The following snippet must be added to the akamas.yaml to install Akamas on OpenShift.
Besides the methods described in , you can use the OpenShift default ingress controller to create the required routes. Add the following snippet to the akamas.yaml file.
Once the Helm command is invoked, ensure the routes have been created by running:
The output must list the Akamas routes with different paths.
The toolbox optional component requires privileged access to run on OpenShift; the toolbox uses a dedicated service account, named toolbox by default. You can grant privileged access by issuing the following command.
The CLI configuration contains the information required to communicate with the akamas server. It can be easily created and updated with a configuration wizard. This page describes the main options of the Akamas CLI and how to modify them. If your Akamas instance is installed with Kubernetes, ensure the UI service is configured correctly.
The CLI, as well as the UI, interacts with the akamas server via APIs. The apiAddress configuration contains the information required to communicate with the server.
The Akamas Server provides different listeners to interact with APIs:
an HTTP listener on port 80 under the path /akapi
an HTTP listener on port 8000
an HTTPS listener on port 443 under the path /akapi
Depending on your networking setup you can either use the listeners on ports 80 and 443 which are also used for the UI or directly interact with the API gateway on ports 8000 and 8443. If you are unsure about your network setup we suggest you start with the HTTPS listener on port 443.
For improved security, it is recommended to configure CLI communications with the Akamas Server over HTTPS. Notice that you need to have a valid certificate installed on your Akamas server (at least a self-signed one) to enable HTTPS communication between CLI and the Akamas Server.
The CLI can be configured either directly via the CLI itself or via the YAML configuration file akamasconf.
Issue the following command to change the configuration of the Akamas CLI:
and then follow the wizard to provide the required CLI configuration:
enable HTTPS communications:
enable HTTP communications:
Please notice that by default Akamas CLI expects a valid SSL certificate. If you are using a self-signed certificate or a not valid one you can set the Verify SSL variable to false. This will mimic the behavior of accepting an invalid HTTPS certificate on your favorite browser.
akamasconf fileCreate a file and name it akamasconf to be located at the following locations:
Linux: ~/.akamas/akamasconf
Windows: C:\Users\<username>\.akamas (where C: is the drive where the OS is installed)
The file location can be customized by setting an $AKAMASCONF environment variable.
Here is an example akamasconf file provided as a sample:
To interact with your Akamas instance, you need the UI and API Gateway to be accessible from outside the cluster.
Kubernetes offers different options to expose a service outside of the cluster. The following is a list of the supported ones, with examples of how to configure them to work in your chart release:
While changing the access mode of your Akamas installation, you must also update the value of the akamasBaseUrl option of the Helm Values file to match the new endpoint used.
By default, Akams uses Cluster IPs for its services, allowing communication only inside the cluster. Still, you can leverage Kubectl's port-forward to create a private connection and expose any internal service on your local machine.
This solution is suggested to perform quick tests without exposing the application or in scenarios where cluster access to the public is not allowed.
Set akamasBaseUrl to http://localhost:9000 in your Helm Values file, and install or update your Akamas deployment using the Helm command. Once the rollout is complete, open a tunnel to the UI with the following command:
As long as the port-forwarding is running, you will be able to interact with the UI through the tunnel; you can also interact through the Akamas CLI by configuring the URL http://localhost:9000/akapi.
Refer to the official for more details about port-forwarding.
An Ingress is a Kubernetes object that provides service access, load balancing, and SSL termination to Kubernetes services.
To expose the Akamas UI through an Ingress, configure the Helm Values file by configuring akamasBaseUrl with the host of the Ingress (e.g.: https://akamas.kube.example.com), and by adding the snippet below:
Here is a description of the fields:
enabled: set to true to enable the Ingress
tls: configure secretName with the name of the Secret containing the TLS certificate for the hostname configured in akamasBaseUrl. This secret must be created manually before applying the configuration (see on the Kubernetes documentation) or managed by a certificate issuer configured in the namespace.
Re-run to update the configuration. Once the rollout is complete, you will be able to access the UI using the URL specified in akamasBaseUrl and interact with the CLI using ${akamasBaseUrl}/api.
Refer to the for more details on Ingresses.
Akamas is deployed as a set of containerized services running on Docker and managed via Docker Compose. In the offline installation mode, the latest version of the Akamas Docker Compose file and all the images required by Docker cannot be downloaded from the AWS ECR repository.
Get in contact with Akamas Customer Services to get the latest versions of the Akamas artifacts uploaded to a location of your choice on the dedicated Akamas Server.
Akamas installation artifacts will include:
cd ~
mkdir akamas
cd akamas
curl -O https://s3.us-east-2.amazonaws.com/akamas/compose/3.5.2/docker-compose.ymlAkamas server
8000, 8443
Akamas API access
2.0.0+
2.0.0+
CentOS
7.6+
RedHat Enterprise Linux
7.6+
Software Package
Notes
Docker
Akamas is deployed as a set of containerized services running on Docker. During its operation, Akamas launches different containers so access to the docker socket with enough permissions to run the container is required.
Docker Compose
Akamas containerized services are managed via Docker Compose. Docker compose is usually already shipped with Docker starting from version 23.
AWS CLI
Akamas container images are published in a private Amazon Elastic Container Registry (ECR) and are automatically downloaded during the online installation procedure.
AWS CLI is required only during the installation phase if the server has internet access and can be skipped during an offline installation.
Software Package
Ubuntu
CentOS
RHEL
Docker
20.10.10+
20.10.10+
20.10.10+
Docker Compose
2.7.0+
2.7.0+
2.7.0+
AWS CLI
2.0.0+
AWS_DEFAULT_REGION: Unless specified by the support team keep the value to us-east-2
AKAMAS_BASE_URL: the endpoint in the Akamas APIs that will be used to interact with the CLI, typically https://<akamas server DNS address>
annotations: optional, provide any additional annotation required in your deployment. If your cluster leverages any certificate issuer (such as cert-manager), you can add here the annotations required to interact with the issuer.
dockerrootdocker/etc/docker/daemon.jsonAfter editing or creating the file, please restart Docker and then check the group permission of the Docker socket (/var/run/docker.sock), which should show dockerroot as a group:
Then, add the newly created akamas user to the dockerroot group so that it can run docker containers:
and check the akamas user has been correctly added to dockerroot group by running:
In case of issues in logging in through AWS CLI, when executing the following command:
Please check that:
Environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION are correctly set
AWS CLI version is 2.0+
We recommend using the official AWS CLI installation guide for a smoother experience.
Please notice that the very first time Akamas is started, up to 30 minutes might be required to initialize the environment.
In case the issue persists you can run the following command to identify which service is not able to start up correctly
In some systems, the Docker socket, usually located in /var/run/docker.sock can not be accessed within a container. This causes Akamas to signal this behavior by reporting the Access Denied error in the license service logs.
To overcome this limitation edit the docker-compose.yaml file adding the line privileged: true to the following services:
License
Optimizer
Telemetry
Airflow
The following is a sample configuration where this change is applied to the license service:
Finally, you can issue the following command to apply these changes
When installing Akamas it’s mandatory to provide the AKAMAS_CUSTOMER variable as illustrated in the installation guide. This variable must match the one provided by Akamas representatives when issuing a license. If the variable is not properly exported license installation will fail with an error message indicating that the name of the customer installation does not match the one provided in the license.
You can easily inspect which value of this variable has been used when starting Akamas by running the following command on the Akamas server:
If you find out that the value is not the one you expect, you can update the .env file and then start again the license service by running:
Once Akamas is up and running you can re-install your license.
For any other issues please contact Akamas Customer Support Services.
The tables below report the required resources both for requests and limits that should be available in the cluster to use Akamas.
The resources specified on this page have been defined by considering using a dedicated namespace to run only Akamas components. If your cluster has additional tools (E.g. a service mesh or a monitoring agent) that inject containers in the Akamas pods we suggest either disabling them or increasing the sizing considering their overhead. Also if you plan to deploy other software inside the Akamas namespace and resource quotas are enabled you should increase the size considering the resources required by the specific software.
The small tier is suited for environments that need to support up to 3 concurrent optimization studies
CPU
4 Cores
15 Cores
Memory
28 GB
28 GB
Disk Space
70 GB
70 GB
The medium tier is suited for environments that need to support up to 50 concurrent optimization studies
CPU
8 Cores
20 Cores
Memory
50 GB
50 GB
Disk Space
100 GB
100 GB
The large tier is suited for environments that need to support up to 100 concurrent optimization studies. If you plan to run more concurrent studies, please contact Akamas support to plan your installation.
CPU
10 Cores
25 Cores
Memory
60 GB
60 GB
Disk Space
150 GB
150 GB
The cluster must define a Storage Class so that the application installation can leverage Persistent Volume Claims to dynamically provision the volumes required to persist data.
For more information on this topic refer to Kubernetes' official documentation.
To install and run Akamas cluster level permissions are not required. This is the minimal set of namespaced rules.
Networking requirements depend on how users interact with Akamas. Services can be exposed via Ingress or using kubectl as a proxy. Refer to Accessing Akamas for a more detailed description of the available options.
images.tar.gz: a tarball containing Akamas main images.
docker-compose.yml: docker-compose file for Akamas.
akamas: the binary file of the Akamas CLI that will be used to verify the installation.
A preliminary step in the offline installation mode is to import the shipped Docker images by running the following commands in the same directory where the tar files have been stored:
Mind that this import procedure could take some time!
To configure Akamas, you should set the following environment variables:
AKAMAS_CUSTOMER: the customer name matching the one referenced in the Akamas license.
AKAMAS_BASE_URL: the endpoint in the Akamas APIs that will be used to interact with the CLI, typically https://<akamas server DNS address>
To avoid losing your environment variables for future upgrades, it is suggested to keep them in the .env file, stored in the same directory as the docker-compose.yml:
To start Akamas you can now simply navigate into the akamas folder and run a docker-compose command:
You may get the following error:
This is a documented docker bug (see this link) that can be solved by installing the "pass" package:
Ubuntu
RHEL
# Required variables
AKAMAS_CUSTOMER=<your name or your organization name>
AWS_ACCESS_KEY_ID=<your access key id>
AWS_SECRET_ACCESS_KEY=<your secret access key>
AKAMAS_BASE_URL=https://<akamas server DNS address>
AWS_DEFAULT_REGION=us-east-2
# Optional variables
# Database passwords
DEFAULT_DATABASE_PASSWORD=
KEYCLOAK_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_keycloak}
ANALYZER_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_analyzer}
CAMPAIGN_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_campaign}
LICENSE_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_license}
OPTIMIZER_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_optimizer}
ORCHESTRATOR_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_orchestrator}
SYSTEM_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_system}
TELEMETRY_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_telemetry}
# Docker volumes prefix
COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-akamas}source ./.env
aws ecr get-login-password --region us-east-2 | docker login -u AWS --password-stdin https://485790562880.dkr.ecr.us-east-2.amazonaws.comdocker compose up -dairflow:
uid: null
gid: null
postgresql:
primary:
containerSecurityContext:
enabled: false
podSecurityContext:
enabled: false
shmVolume:
enabled: false
kibana:
podSecurityContext:
fsGroup: null
securityContext:
runAsUser: null
elasticsearch:
sysctlInitContainer:
enabled: false
securityContext:
runAsUser: null
podSecurityContext:
fsGroup: null
runAsUser: nullingress:
enabled: true
annotations:
route.openshift.io/termination: edge
haproxy.router.openshift.io/timeout: 1200s
className: ""
tls:
- {}oc get routes#This command assumes the akamas namespace is named "akamas"
# and the service account default name "toolbox" is used
oc adm policy add-scc-to-user privileged system:serviceaccount:akamas:toolboxakamas init configApi address [http://localhost:8000]: https://<akamas server dns name>:443/akapi
Workspace [default]: Workspace1
Login method (local, oauth2) [local]: local
Verify SSL: [True]: True
Is external certificate CA required? [y/N]: NApi address [http://localhost:8000]: http://<akamas server DNS name>:80
Workspace [default]: Workspace1
Login method (local, oauth2) [local]: localapiAddress: http[s]://<akamas server dns name>:80[443]/akapi
verifySsl: [true|false]
workspace: defaultkubectl port-forward service/ui 9000:httpingress:
enabled: true
tls:
- secretName: "<SECRET_NAME>" # secret containing the certificate and key data
annotations: {} # optional{
"group": "dockerroot"
}srw-rw----. 1 root dockerroot 0 Jul 4 09:57 /var/run/docker.socksudo usermod -aG dockerroot <user_name>lid -g dockerrootaws ecr get-login-password --region us-east-2akamas status -dlicense:
image: 485790562880.dkr.ecr.us-east-2.amazonaws.com/akamas/license_service:2.3.0
container_name: license
privileged: truedocker compose up -ddocker inspect license | grep AKAMAS_CUSTOMERdocker compose up -d license- apiGroups: ["", "apps", "policy", "batch", "networking.k8s.io", "events.k8s.io/v1", "rbac.authorization.k8s.io"]
resources:
- configmaps
- cronjobs
- deployments
- events
- ingresses
- jobs
- persistentvolumeclaims
- poddisruptionbudgets
- pods
- pods/log
- rolebindings
- roles
- secrets
- serviceaccounts
- services
- statefulsets
verbs: ["get", "list", "create", "delete", "patch", "update", "watch"]cd <your bundle files location>
docker image load -i images.tar.gz# Required variables
AKAMAS_CUSTOMER=<your name or your organization name>
AKAMAS_BASE_URL=https://<akamas server DNS address>
# Optional variables
## Database password. Use DEFAULT_DATABASE_PASSWORD to set a custom password for all databases
DEFAULT_DATABASE_PASSWORD=
## A custom password per each service can be set using the variables below, otherwise, the default is used. For example, for Kong's database, the password is `akamas_kong`.
KONG_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_kong}
AIRFLOW_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_airflow}
KEYCLOAK_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_keycloak}
ANALYZER_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_analyzer}
CAMPAIGN_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_campaign}
LICENSE_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_license}
OPTIMIZER_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_optimizer}
ORCHESTRATOR_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_orchestrator}
SYSTEM_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_system}
TELEMETRY_DATABASE_PASSWORD=${DEFAULT_DATABASE_PASSWORD:-akamas_telemetry}
# Docker volumes prefix
COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-akamas}cd <your docker-compose file location>
docker compose up -dError saving credentials: error storing credentials - err: exit status 1, out: Cannot autolaunch D-Bus without X11 $DISPLAYsudo apt-get install -y passyum install passBefore starting the installation, make sure the requirements are met.
Akamas on Kubernetes is provided as a set of templates packaged in a chart archive managed by Helm.
To proceed with the installation, you need to create a Helm Values file, called akamas.yaml in this guide, containing the mandatory configuration values required to customize your application. The following template contains the minimal set required to install Akamas:
You can also download the template file running the following snippet:
Replace in the file the following placeholders:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY: the AWS credentials for pulling the Akamas images
CUSTOMER_NAME: customer name provided with the Akamas license
ADMIN_PASSWORD: initial administrator password
Akamas can be installed in three sizes Small, Medium, and Large as explained in the section. By default, the chart installs the Small size. If you want to install a specific size add the following snippet to your values.yaml file.
Medium
Large
With the configuration file you just created (and the new variables you added to override the defaults), you can start the installation with the following command:
This command will create the Akamas resources within the specified namespace. You can define a different namespace by changing the argument --namespace <your-namespace>
An example output of a successful installation is the following:
To monitor the application startup, run the command kubectl get pods. After a few minutes, the expected output should be similar to the following:
At this point, you should be able to access the Akamas UI using the endpoint specified in the akamasBaseUrl, and interact through the Akamas CLI with the path /api.
If you haven't already, you can update your configuration file to use a different type of service to expose Akamas' endpoints. To do so, pick from the the configuration snippet for the service type of your choice, add it to the akamas.yaml file, update the akamasBaseUrl value, and re-run the installation command to update your Helm release.
# AWS credentials to fetch ECR images (required)
awsAccessKeyId: <AWS_ACCESS_KEY_ID>
awsSecretAccessKey: <AWS_SECRET_ACCESS_KEY>
# Akamas customer name. Must match the value in the license (required)
akamasCustomer: <CUSTOMER_NAME>
# Akamas administrator password. If not set a random password will be generated
akamasAdminPassword: <ADMIN_PASSWORD>
# The URL that will be used to access Akamas, for example 'http://akamas.kube.example.com' (required)
akamasBaseUrl: <INSTANCE_HOSTNAME>INSTANCE_HOSTNAME: the URL that will be used to expose the Akamas installation, for example https://akamas.k8s.example.com when using an Ingress, or http://localhost:9000 when using port-forwarding. Refer to Accessing Akamas for the list of the supported access methods and a reference for any additional configuration required.
curl -so akamas.yaml http://helm.akamas.io/templates/1.5.4/akamas.yaml.template#Medium
airflow:
config:
core:
parallelism: 102
scheduler:
resources:
limits:
cpu: 2500m
memory: 21000Mi
requests:
cpu: 1000m
memory: 21000Mi
#Large
airflow:
config:
core:
parallelism: 202
scheduler:
resources:
limits:
cpu: 2500m
memory: 28000Mi
requests:
cpu: 1000m
memory: 28000Mi
telemetry:
parallelism: 50helm upgrade --install \
--create-namespace --namespace akamas \
--repo http://helm.akamas.io/charts \
--version '1.5.4' \
-f akamas.yaml \
akamas akamasRelease "akamas" does not exist. Installing it now.
NAME: akamas
LAST DEPLOYED: Thu Sep 21 10:39:01 2023
NAMESPACE: akamas
STATUS: deployed
REVISION: 1
NOTES:
Akamas has been installed
NOTES:
Akamas has been installed
To get the initial password use the following command:
kubectl get secret akamas-admin-credentials -o go-template='{{ .data.password | base64decode }}'NAME READY STATUS RESTARTS AGE
airflow-6ffbbf46d8-dqf8m 3/3 Running 0 5m
analyzer-67cf968b48-jhxvd 1/1 Running 0 5m
campaign-666c5db96-xvl2z 1/1 Running 0 5m
database-0 1/1 Running 0 5m
elasticsearch-master-0 1/1 Running 0 5m
keycloak-66f748d54-7l6wb 1/1 Running 0 5m
kibana-6d86b8cbf5-6nz9v 1/1 Running 0 5m
kong-7d6fdd97cf-c2xc9 1/1 Running 0 5m
license-54ff5cc5d8-tr64l 1/1 Running 0 5m
log-5974b5c86b-4q7lj 1/1 Running 0 5m
logstash-8697dd69f8-9bkts 1/1 Running 0 5m
metrics-577fb6bf8d-j7cl2 1/1 Running 0 5m
optimizer-5b7576c6bb-96w8n 1/1 Running 0 5m
orchestrator-95c57fd45-lh4m6 1/1 Running 0 5m
store-5489dd65f4-lsk62 1/1 Running 0 5m
system-5877d4c89b-h8s6v 1/1 Running 0 5m
telemetry-8cf448bf4-x68tr 1/1 Running 0 5m
ui-7f7f4c4f44-55lv5 1/1 Running 0 5m
users-966f8f78-wv4zj 1/1 Running 0 5mAkamas offers, as an additional container, a toolbox that contains the Akamas CLI executable, along with some other useful command-line tools such as kubectl, Helm, vim, docker cli, jq, yq, git, gzip, zip, OpenSSH, ping, cURL, and wget. It can be executed along akamas services, in the same network, for docker-compose installation, or in the akamas namespace for Kubernetes installations.
This toolbox aims to:
allow users to interact with Akamas without the need to install Akamas CLI on their systems
provide the Akamas' workflows with an environment where to run scripts and persist artifacts when no other options (e.g. a dedicated host) are available
By setting the following options in the .env file, you can configure your toolbox by enabling SSH password authentication (only key-based authentication will be available otherwise) and by setting a login password:
To start the toolbox container just issue the following command:
If you want to keep the toolbox running also after a complete restart you can also add the following line to your .env file: COMPOSE_PROFILES=toolbox
To access the toolbox on docker you can issue the following command:
You will be provided with a shell inside the toolbox where you can interact with Akamas. Please read the work folder section below for more information on how to persist scripts and data on the toolbox upon restart and upgrades.
Follow the usual guide for installing Akamas on Kubernetes but make sure to override the following variable (its default value is false) in your akamas.yaml file or in the file values-files/my-values.yaml (can be created if missing):
Follow the usual guide for installing Akamas on Kubernetes, adding the following variables to the values file:
Then, you can launch the usual helm upgrade --install ... command to run the pod, as described in theStart the installation (online) or (offline) sections.
By default, the toolbox uses a dedicated service account to allow for more granularity and control over permissions.
The service account will be created automatically upon first installation. If you need to use an existing service account you can specify its configuration in the values file using the following snippet.
When it's deployed to Kubernetes, you may access this toolbox in two ways:
via kubectl
via SSH command
Accessing is as simple as:
For this type of access, you need to retrieve the SSH login password (if enabled) or key. To fetch them, run the following commands:
With this info, you can leverage the toolbox to run commands in your workflows, like in the following example:
You can also access the toolbox by port-forwarding from your local machine (on port 2222 in our example). Run the following kubectl command:
On another terminal, run:
and answer yes to the question, then insert the akamas password to successfully SSH access the toolbox (see example below):
A typical kubernetes scenario is Akamas running from inside a namespace and a customer application running from inside another namespace. In such a scenario you will probably need to create an Akamas workflow (running from the akamas namespace) that applies a new configuration on the customer application (running in the customer namespace) then Akamas collects new metrics for a period of time and then calculates a new configuration based on the score of the previous configuration.
What follows is a typical workflow example that:
uses a FileConfigurator to create a new helm file that applies the new configuration computed by Akamas on a single service named adservice.FileConfigurator recreates a new adservice.yaml file by using the template adservice.yaml.templ. Just make sure that adservice.yaml.templ contains namespace: boutique (the customer namespace, in our example)
uses an Executor that launches kubectl apply with the new helm file adservice.yaml you just saved to apply the new configuration
uses another Executor to wait for the new configuration to be rolled out by launching kubectl rollout status
waits for half an hour to observe the changes in metrics
If you need to store Akamas artifacts, scripts, or any other file that requires persistence, you can use the /work directory, which persists across restarts. This is the default working directory at login time.
ALLOW_PASSWORD=true
CUSTOM_PASSWORD=yourPassworddocker compose --profile toolbox up -ddocker exec -it toolbox bashtoolbox:
enabled: true
sshPassword:
# enable SSH password authentication. If 'false', only key-based access
# will be allowed
enabled: false
# configure the password for the toolbox user. If not provided, an
# autogenerated password will be used
override:
# Optionally you can also specify custom resource limits
resources:
limits:
cpu: 300m
memory: 300Mi
requests:
cpu: 100m
memory: 300Mi
toolboox:
# extra lines in between #
serviceAccount:
create: true # Automatically create the SA if it does not already exist
name: toolbox # Name of the SA to use for the toolbox kubectl exec -it deployment/toolbox -- bash# Get the password
kubectl exec deployment/toolbox -- cat /home/akamas/password
# Get the key
kubectl exec deployment/toolbox -- cat /home/akamas/.ssh/id_rsaname: hello-workflow
tasks:
- name: Say Hello
operator: Executor
arguments:
command: echo 'Hello Akamas'
host:
hostname: toolbox
username: akamas
password: d48020ab71be6a07kubectl port-forward service/toolbox 2222:22ssh akamas@localhost -p 2222$ ssh akamas@localhost -p 2222
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
ED25519 key fingerprint is SHA256:34GXnmRz1YjWr2TTpUpJmRoHYck0NzeAxni2L857Exs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2222' (ED25519) to the list of known hosts.
akamas@localhost's password:
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.10.178-162.673.amzn2.x86_64 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
akamas@toolbox-6dd8b7f898-8xwzf:~$Before starting the installation, make sure the requirements are met.
If your cluster is in an air-gapped network or is unable to reach the Akamas image repository, you need to copy the required images to your private registry.
The procedure described here leverages your local environment to upload the images. Thus, to interact between the Akamas and private registry, it requires Docker to be installed and configured.
The offline installation requires you to pull the images and migrate them to your private registry. In the following command replace the chart version to download the related list of images:
Once the import is complete, you must re-tag and upload the images. Run the following snippet, replacing <REGISTRY_URL> with the actual URL of the private registry:
This process could last several minutes, once the upload is complete, you can proceed with the next steps.
Akamas on Kubernetes is provided as a set of templates packaged in a chart archive managed by .
To proceed with the installation, you must create a Helm Values file, called akamas.yaml in this guide, containing the mandatory configuration values required to customize your application. The following template contains the minimal set required to install Akamas:
Replace in the file the following placeholders:
CUSTOMER_NAME: customer name provided with the Akamas license
ADMIN_PASSWORD: initial administrator password
INSTANCE_HOSTNAME: the URL that will be used to expose the Akamas installation, for example https://akamas.k8s.example.com when using an Ingress, or
This section describes how to configure the authentication to your private registry. If your registry does not require any authentication, skip directly to the .
To authenticate to your private registry, you must manually create the Secret required to pull the images. If the registry uses basic authentication, you can create the credentials in the namespace by running the following command:
Otherwise, you can leverage any credential already configured on your machine by running the following command:
Akamas can be installed in three sizes Small, Medium, and Large as explained in the section. By default, the chart installs the Small size. If you want to install a specific size add the following snippet to your values.yaml file.
Medium
Large
If the host you are using to install akamas can reach helm.akamas.io you can follow the instructions in the . Otherwise, follow the instructions below to download the chart content locally.
From a machine that can reach the endpoint, run the following command to download the chart:
The command downloads the latest version chart version as an archive named akamas-<version>.tgz. The file can be transferred to the machine where the installation will be run. Replace akamas/akamas with the download package in the following commands.
If you wish to see and override the values that Helm will use to install Akamas, you may execute the following command.
Now, with the configuration file you just created (and the new variables you added to override the defaults), you can start the installation with the following command:
This command will create the Akamas resources within the specified namespace. You can define a different namespace by changing the argument --namespace <your-namespace>
An example output of a successful installation is the following:
To monitor the application startup, run the command kubectl get pods. After a few minutes, the expected output should be similar to the following:
At this point, you should be able to access the Akamas UI using the endpoint specified in the akamasBaseUrl, and interact through the Akamas CLI with the path /api.
If you haven't already, you can update your configuration file to use a different type of service to expose Akamas' endpoints. To do so, pick from the the configuration snippet for the service type of your choice, add it to the akamas.yaml file, update the akamasBaseUrl value, and re-run the installation command to update your Helm release.
During online installation, a set of out-of-the-box telemetry providers are automatically installed. For offline installation, this step has to be executed manually. To install the telemetry providers required for your environment proceed to section.
http//:localhost:9000REGISTRY_URL: the URL for the private registry used in the transfer process above
curl -sO http://helm.akamas.io/images/1.5.4/image-listNEW_REGISTRY="<REGISTRY_URL>"
while read IMAGE; do
REGISTRY=$(echo "$IMAGE" | cut -d '/' -f 1)
REPOSITORY=$(echo "$IMAGE" | cut -d ':' -f 1 | cut -d "/" -f2-)
TAG=$(echo "$IMAGE" | cut -d ':' -f 2)
NEW_IMAGE="$NEW_REGISTRY/$REPOSITORY:$TAG"
echo "Migrating $IMAGE to $NEW_IMAGE"
docker pull "$IMAGE"
docker tag "$IMAGE" "$NEW_IMAGE"
docker push "$NEW_IMAGE"
done <image-list# Akamas customer name. Must match the value in the license (required)
akamasCustomer: <CUSTOMER_NAME>
# Akamas administrator password. If not set a random password will be generated
akamasAdminPassword: <ADMIN_PASSWORD>
# The URL that will be used to access Akamas, for example 'http://akamas.kube.example.com' (required)
akamasBaseUrl: <INSTANCE_HOSTNAME>
global:
imageRegistry: gitlab-runner-new.dev.akamas.io
elasticsearch:
image: gitlab-runner-new.dev.akamas.io/akamas/elastic/elasticsearch
kibana:
image: gitlab-runner-new.dev.akamas.io/akamas/elastic/kibana
airflow:
images:
airflow:
repository: gitlab-runner-new.dev.akamas.io/akamas/airflow_service
tag: 2.8.0
pgbouncer:
repository: gitlab-runner-new.dev.akamas.io/akamas/airflow_service
tag: ~
pgbouncerExporter:
repository: gitlab-runner-new.dev.akamas.io/akamas/airflow_service
tag: ~
webserver:
extraInitContainers:
- name: wait-logstash
image: gitlab-runner-new.dev.akamas.io/akamas/utils:0.1.5
command:
- "sh"
- "-c"
- "until ./wait-for-it.sh -h logstash -p 9600 -t 120 -e _node/pipelines -j '.pipelines|length' -r 10 ; do echo Waiting for Logstash; sleep 10; done; echo Connected"
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 10m
memory: 50Mi
scheduler:
podAnnotations:
k8s.akamas.com/imageName: gitlab-runner-new.dev.akamas.io/akamas/airflow_service
env:
- name: CONTAINER_NAME
value: airflow
- name: SERVICE
value: airflow
- name: LOGTYPE
value: airflow
- name: IMAGE_NAME
value: gitlab-runner-new.dev.akamas.io/akamas/airflow_service
- name: AIRFLOW_CONN_HTTP_SYSTEM
value: "http://:@system:8080"
- name: AIRFLOW_CONN_HTTP_CAMPAIGN
value: "http://:@campaign:8080"
- name: AIRFLOW_CONN_HTTP_ORCHESTRATOR
value: "http://:@orchestrator:8080"
- name: KEYCLOAK_ENDPOINT
value: "http://keycloak:8080"
extraInitContainers:
- name: wait-logstash
image: gitlab-runner-new.dev.akamas.io/akamas/utils:0.1.5
command:
- "sh"
- "-c"
- "until ./wait-for-it.sh -h logstash -p 9600 -t 120 -e _node/pipelines -j '.pipelines|length' -r 10 ; do echo Waiting for Logstash; sleep 10; done; echo Connected"
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 10m
memory: 50Mikubectl create secret docker-registry registry-token \
--namespace akamas \
--docker-server=<REGISTRY_URL> \
--docker-username=<USER> \
--docker-password=<PASSWORD>kubectl create secret docker-registry registry-token \
--namespace akamas \
--from-file=.dockerconfigjson=<PATH/TO/.docker/config.json>#Medium
airflow:
config:
core:
parallelism: 102
scheduler:
resources:
limits:
cpu: 2500m
memory: 21000Mi
requests:
cpu: 1000m
memory: 21000Mi
#Large
airflow:
config:
core:
parallelism: 202
scheduler:
resources:
limits:
cpu: 2500m
memory: 28000Mi
requests:
cpu: 1000m
memory: 28000Mi
telemetry:
parallelism: 50helm pull --repo http://helm.akamas.io/charts --version '1.5.4' akamashelm show values akamas-<version>.tgzhelm upgrade --install \
--create-namespace --namespace akamas \
-f akamas.yaml \
akamas akamas-<version>.tgzRelease "akamas" does not exist. Installing it now.
NAME: akamas
LAST DEPLOYED: Thu Sep 21 10:39:01 2023
NAMESPACE: akamas
STATUS: deployed
REVISION: 1
NOTES:
Akamas has been installed
NOTES:
Akamas has been installed
To get the initial password use the following command:
kubectl get secret akamas-admin-credentials -o go-template='{{ .data.password | base64decode }}'NAME READY STATUS RESTARTS AGE
airflow-6ffbbf46d8-dqf8m 3/3 Running 0 5m
analyzer-67cf968b48-jhxvd 1/1 Running 0 5m
campaign-666c5db96-xvl2z 1/1 Running 0 5m
database-0 1/1 Running 0 5m
elasticsearch-master-0 1/1 Running 0 5m
keycloak-66f748d54-7l6wb 1/1 Running 0 5m
kibana-6d86b8cbf5-6nz9v 1/1 Running 0 5m
kong-7d6fdd97cf-c2xc9 1/1 Running 0 5m
license-54ff5cc5d8-tr64l 1/1 Running 0 5m
log-5974b5c86b-4q7lj 1/1 Running 0 5m
logstash-8697dd69f8-9bkts 1/1 Running 0 5m
metrics-577fb6bf8d-j7cl2 1/1 Running 0 5m
optimizer-5b7576c6bb-96w8n 1/1 Running 0 5m
orchestrator-95c57fd45-lh4m6 1/1 Running 0 5m
store-5489dd65f4-lsk62 1/1 Running 0 5m
system-5877d4c89b-h8s6v 1/1 Running 0 5m
telemetry-8cf448bf4-x68tr 1/1 Running 0 5m
ui-7f7f4c4f44-55lv5 1/1 Running 0 5m
users-966f8f78-wv4zj 1/1 Running 0 5m