Kubernetes Deployment
1. Introduction
Below, we specify everything necessary to install the Facephi Voice Service in a Kubernetes environment.
2. Manual deployment
2.1 Introduction
The service Phivox can be deployed in kubernetes with kubectl:
kubectl apply -f manifest.yaml
Using a manifest.yaml file similar to this:
apiVersion: v1
kind: Namespace
metadata:
name: facephi-voice-service
---
apiVersion: v1
kind: Secret
metadata:
name: voice-license-secret
namespace: facephi-voice-service
stringData:
stringData:
config.cfg: |-
{
CONFIG_DIR=<provided by facephi>
LICENSE_TYPE=<provided by facephi>
LICENSE_BEHAVIOUR=<provided by facephi>
LICENSE_ID=<provided by facephi>
LICENSE_DATA=<provided by facephi>
LICENSE_KEY=<provided by facephi>
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: voice-service-deployment
namespace: facephi-voice-service
spec:
selector:
matchLabels:
name: facephi-voice-service
template:
metadata:
labels:
name: facephi-voice-service
spec:
volumes:
- name: config-volume
secret:
secretName: voice-license-secret
defaultMode: 420
containers:
- name: facephi-voice-service-container-name
# Use your image name and version
image: >-
facephicorp.jfrog.io/docker-pro-fphi/facephi-voice-service:$VERSION
ports:
- name: http
containerPort: 6982
protocol: TCP
resources:
limits:
cpu: '8'
memory: 8Gi
requests:
cpu: 500m
memory: 3Gi
volumeMounts:
- name: config-volume
readOnly: true
mountPath: /service/config/config.cfg
subPath: config.cfg
livenessProbe:
httpGet:
path: /api/v1/health
port: 6982
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/v1/health
port: 6982
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
restartPolicy: Always
terminationGracePeriodSeconds: 60
---
apiVersion: v1
kind: Service
metadata:
name: voice-service
namespace: facephi-voice-service
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 6982
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: voice-ingress
namespace: facephi-voice-service
spec:
ingressClassName: kong
rules:
- http:
paths:
- path: /api(/v1)?/(.*)
pathType: Prefix
backend:
service:
name: voice-service
port:
number: 80
---
2.2 Volumes
You need to add the volume with the configuration file for the service to work correctly, this configuration file contains license information and service configuration. By default, the path to store the configuration file is /service/config/config.cfg.
apiVersion: v1
kind: Secret
metadata:
name: config-secret
namespace: facephi-voice-service
stringData:
config.cfg: |-
{
CONFIG_DIR=<provided by facephi>
LICENSE_TYPE=<provided by facephi>
LICENSE_BEHAVIOUR=<provided by facephi>
LICENSE_ID=<provided by facephi>
LICENSE_DATA=<provided by facephi>
LICENSE_KEY=<provided by facephi>
}
Once that secret is created, the deployment will associate the volume in the appropriate path with the following lines:
...
spec:
...
template:
...
spec:
volumes:
- name: config-volume
secret:
secretName: config-secret
defaultMode: 420
...
containers:
...
- volumeMounts:
- name: config-volume
readOnly: true
mountPath: /service/config/config.cfg
subPath: config.cfg
spec.volumes[0].secret.secretName searches the namespace for the previously generated secret and stores it in a volume with the name config-volume. When mounting the config-volume associated with the Secret is searched for, and mountPath is set to the path where the file is stored, and we can specify a particular object of the secret with subPath, in this case the key config.cfg.
2.3 Resources
After running the performance tests, the following results were obtained:
- For Enrollment with three audios (
/api/v1/enrollment/):
| CPU | Memory | Time avg |
|---|---|---|
| 4096m | 10Gi | 2511 ms |
| 8192m | 10Gi | 1407 ms |
- For Authentication (
/api/v1/authentication/):
| CPU | Memory | Time avg |
|---|---|---|
| 4096m | 10Gi | 240 ms |
| 8192m | 10Gi | 220 ms |
With these tests, the following configuration is established at the request and limits level.
spec:
...
template:
...
spec:
...
containers:
...
- resources
limits:
cpu: 4096m # 4 cores
memory: 8Gi
requests:
cpu: 500m # 0.5 cores
memory: 3Gi
2.4 Service
2.4.1 LoadBalancer
We take into account that we will set up a LoadBalancer with Kong in front to access the Facephi Voice Service. Note that the service is exposed on port 80 and attacks the Pod on 6982.
apiVersion: v1
kind: Service
metadata:
name: facephi-voice-service
namespace: facephi-voice-service
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 6982
selector:
name: facephi-voice-service
type: ClusterIP
2.5 Ingress
We set up an Ingress in front to redirect requests from Kong to the service within the Pod that we previously exposed on port 80.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: facephi-voice-service
namespace: facephi-voice-service
spec:
ingressClassName: kong
rules:
- http:
paths:
- path: /api(/v1)?/(.*)
pathType: Prefix
backend:
service:
name: facephi-voice-service
port:
number: 80
3 Types of Instances
The recommended instance types for using the Facephi Voice Service at a production level would be the following, where we see the Facephi Voice Service Pods that fit depending on the type of instance we use.
| Instance type | CPU | Memory | Service Pod Capacity |
|---|---|---|---|
| c5.xlarge | 4 | 8 | 2 |
| c5.2xlarge | 8 | 16 | 4 |
| c5.4xlarge | 16 | 32 | 9 |