Kubernetes Deployment
1. Introduction
In the following section We will explain how to install the service in a Kubernetes environment.
2. Manual deployment
2.1 Introduction
The FacePhi Face Liveness service can be deployed in kubernetes with kubectl:
kubectl apply -f manifest.yaml
Using a manifest.yaml file similar to this:
apiVersion: v1
kind: Namespace
metadata:
name: facephi-face-liveness-service
---
apiVersion: v1
kind: Secret
metadata:
name: face-liveness-license-secret
namespace: facephi-face-liveness-service
stringData:
license.lic: |-
{
CONFIG_DIR=<provided by facephi>
LICENSE_TYPE=<provided by facephi>
LICENSE_BEHAVIOUR=<provided by facephi>
LICENSE_ID=<provided by facephi>
LICENSE_DATA=<provided by facephi>
LICENSE_KEY=<provided by facephi>
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: face-liveness
namespace: facephi-face-liveness-service
spec:
replicas: 3
selector:
matchLabels:
app: face-liveness
template:
metadata:
labels:
app: face-liveness
spec:
volumes:
- name: license-volume
secret:
secretName: face-liveness-license-secret
defaultMode: 420
containers:
- name: facephi-face-liveness-service
image: facephicorp.jfrog.io/docker-pro-fphi/facephi-face-liveness-service:2.4.6
imagePullPolicy: IfNotPresent
ports:
- containerPort: 6982
volumeMounts:
- name: license-volume
readOnly: true
mountPath: /service/license/license.lic
subPath: license.lic
resources:
limits:
cpu: 1024m
memory: 2Gi
requests:
cpu: 512m
memory: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: face-liveness-service
namespace: facephi-face-liveness-service
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 6982
selector:
app: face-liveness
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: face-liveness-ingress
namespace: facephi-face-liveness-service
annotations:
konghq.com/strip-path: "true"
spec:
ingressClassName: kong
rules:
- host: <your own dns for this service>
http:
paths:
- path: /face-liveness
pathType: Prefix
backend:
service:
name: face-liveness-service
port:
number: 80
---
facephicorp.jfrog.io/docker-pro-fphi/facephi-face-liveness-service and store it in a docker image repository where the cluster can download it.
2.2 Secret
It is required to declare a kubernetes secret where the license is passed to kubernetes.
apiVersion: v1
kind: Secret
metadata:
name: face-liveness-license-secret
namespace: facephi-face-liveness-service
stringData:
# Write here your license content. E.g:
license.lic: |-
{
"key":"XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX",
"type":"NODE_ONLINE"
}
2.3 Deployment
Remember to log in Artifactory or download previously the docker image.
2.3.1 Volumes
You need to add the volume with the client license. By default, the path to store the license file is /service/license.
Once that secret is created, the deployment will associate the volume in the appropriate path with the following lines:
...
spec:
...
template:
...
spec:
volumes:
- name: license-volume
secret:
secretName: face-liveness-license-secret
defaultMode: 420
...
containers:
...
- volumeMounts:
- name: license-volume
readOnly: true
mountPath: /service/license/license.lic
subPath: license.lic
spec.volumes[0].secret.secretName searches the namespace for the previously generated secret and stores it in a volume with the name license-volume. When mounting the license-volume associated with the Secret is searched for, and mountPath is set to the path where the file is stored, and we can specify a particular object of the secret with subPath, in this case the key license.
2.4 Service
2.4.1 LoadBalancer
We take into account that we will set up a LoadBalancer with Kong in front to access the FacePhi Face Liveness Service service. Note that the service is exposed on port 80 and attacks the Pod on 6982.
apiVersion: v1
kind: Service
metadata:
name: face-liveness-service
namespace: facephi-face-liveness-service
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 6982
selector:
app: face-liveness
type: ClusterIP
2.5 Ingress
We set up an Ingress in front to redirect requests from Kong to the service within the Pod that we previously exposed on port 80.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: face-liveness-ingress
namespace: facephi-face-liveness-service
annotations:
konghq.com/strip-path: "true"
spec:
ingressClassName: kong
rules:
- host: <your own dns for this service>
http:
paths:
- path: /face-liveness
pathType: Prefix
backend:
service:
name: face-liveness-service
port:
number: 80
3. Types of Instances
If the cluster is going to make use of kubernetes HPA resources to scale the number of pods, it is recommended to take into account the maximum number of pods supported by each instance. The maximum number of pods that is considered appropriate based on the tests is reflected in the following table.
| Instance type | CPU | Memory | Service Pod Capacity |
|---|---|---|---|
| c5.xlarge | 4 | 8 | 3 |
| c5.2xlarge | 8 | 16 | 6 |
| c5.4xlarge | 16 | 32 | 12 |
It is possible to add more service pods but sacrificing response time.