Kubernetes Deployment
1. Introduction
Below we specify everything necessary to install the SelphID SDK service in a Kubernetes environment.
2. Manual deployment
2.1 Introduction
We can deploy SelphID SDK in a Kubernetes cluster, using the kubectl command:
kubectl apply -f manifest.yaml
Using a 'manifest.yaml' file similar to this:
apiVersion: v1
kind: Namespace
metadata:
name: selphid-sdk
---
apiVersion: v1
kind: Secret
metadata:
name: license-secret
namespace: selphid-sdk
stringData:
stringData:
# Write here your license content. E.g:
license.lic: |-
{
"key":"XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX",
"type":"NODE_ONLINE"
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: selphid-sdk
namespace: selphid-sdk
spec:
replicas: 3
selector:
matchLabels:
name: selphid-sdk
template:
metadata:
labels:
name: selphid-sdk
spec:
volumes:
- name: license-volume
secret:
secretName: license-secret
defaultMode: 420
- name: config
emptyDir:
sizeLimit: 50Mi
containers:
- name: selphid-sdk-container-name
# Use your image name and version
image: >-
selphid-sdk-rest-api:major.minor.patch
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
# Optional service configuration variables
env:
- name: FACEPHI_SELPHID_FACIALAUTHENTICATION_THRESHOLD
value: '65'
- name: FACEPHI_SELPHID_FACIALLIVENESS_THRESHOLD
value: '60'
# Only for 5.X versions
- name: FACESDK_NUM_THREADS_ENGINE
value: '8'
# Only for 6.X versions
- name: FACEPHI_SELPHID_FACIALEXTRACTOR_NUM_THREADS
value: '8'
- name: FACEPHI_SELPHID_FACIALLIVENESS_NUM_THREADS
value: '8'
resources:
limits:
cpu: 2096m
memory: 4Gi
requests:
cpu: 1024m
memory: 2Gi
volumeMounts:
- name: license-volume
readOnly: true
mountPath: /app/selphid-sdk/config/license.lic
subPath: license.lic
- name: config
readOnly: false
mountPath: /app/selphid-sdk/config
---
apiVersion: v1
kind: Service
metadata:
name: selphid-service
namespace: selphid-sdk
spec:
ports:
- name: http
protocol: TCP
port: 8080
targetPort: 8080
selector:
app: selphid-sdk
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: selphid-ingress
namespace: selphid-sdk
annotations:
konghq.com/strip-path: "true"
spec:
ingressClassName: kong
rules:
- host: core-test-selphid.facephi.dev
http:
paths:
- path: /selphid
pathType: Prefix
backend:
service:
name: selphid-service
port:
number: 8080
---
2.2 Secret
It is required to declare a kubernetes secret where the license is passed to kubernetes.
apiVersion: v1
kind: Secret
metadata:
name: ocr-license-secret
namespace: facephi-ocr-service
stringData:
license.lic: |-
# Json license content provided by Facephi
2.3 Volumes
You need to map a volume into /app/selphid-sdk/config where SelphID will read the license file and write the log info. By default, the path to store the license file is /app/selphid-sdk/config/license.lic.
...
spec:
volumes:
- name: license-volume
secret:
secretName: license-secret
defaultMode: 420
- name: config
emptyDir:
sizeLimit: 50Mi
...
volumeMounts:
- name: license-volume
readOnly: true
mountPath: /app/selphid-sdk/config/license.lic
subPath: license.lic
- name: config
readOnly: false
mountPath: /app/selphid-sdk/config
2.4 Environments
env:
- name: FACEPHI_SELPHID_FACIALAUTHENTICATION_THRESHOLD
value: '65'
- name: FACEPHI_SELPHID_FACIALLIVENESS_THRESHOLD
value: '60'
- name: LICENSE_PATH
value: /path/to/license
- name: CONFIG_FILE
value: /path/to/config/config.json
- name: DEBUG_PATH
value: /path/to/debug
- name: USAGE_PATH
value: /path/to/usage
- name: FACESDK_NUM_THREADS_ENGINE
value: '8'
- name: FACEPHI_SELPHID_FACIALEXTRACTOR_NUM_THREADS
value: '8'
- name: FACEPHI_SELPHID_FACIALLIVENESS_NUM_THREADS
value: '8'
Each of them modifies an aspect of the SelphID SDK behavior:
-
FACEPHI_SELPHID_FACIALAUTHENTICATION_THRESHOLD: Changes the threshold when performing a FacialAuthentication. The default setting is65(0-100). -
FACEPHI_SELPHID_FACIALLIVENESS_THRESHOLD: Changes the threshold when performing a FacialLiveness. The default setting is50(0-100). -
LICENSE_PATH: Alternative path to search for thelicense.licfile. Default is/app/selphid-sdk/config/license.lic. -
CONFIG_FILE: Path to a custom api-rest service configuration file. Default is/app/selphid-sdk/config/config.json -
DEBUG_PATH: Alternative path to save log files. Default is/app/selphid-sdk/config. -
USAGE_PATH: Alternative path to save usage files. Default is/app/selphid-sdk/config. -
FACESDK_NUM_THREADS_ENGINE: Number of threads assigned to the Liveness service. Only in5.xversions. By default4. -
FACEPHI_SELPHID_FACIALEXTRACTOR_NUM_THREADS: Number of threads assigned to the Authentication service. Only in6.xversions. By default4. -
FACEPHI_SELPHID_FACIALLIVENESS_NUM_THREADS: Number of threads assigned to the Liveness service. Only in6.xversions. By default4.
2.5 Service
2.5.1 LoadBalancer
We take into account that we will set up a LoadBalancer with Kong in front to access the SelphID SDK service. Note that the service is exposed on port 80 and attacks the Pod on 8080.
apiVersion: v1
kind: Service
metadata:
name: selphid-service
namespace: selphid-sdk
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
selector:
name: selphid-sdk
type: ClusterIP
2.5.2 Ingress
We set up an Ingress in front to redirect requests from Kong to the service within the Pod that we previously exposed on port 80.
3 Helm chart deployment
It is possible to automate the deployment of selphid on a Kubernetes cluster using the helm tool.
helm upgrade --install <release-name> selphid-sdk-1.0.0.tgz --namespace <namespace> --create-namespace --wait
where:
<release-name>: Name for identify the installation.<namespace>: Kubernetes namespace where the deployment will take place.--create-namespace: Namespace will be created if not exists.--wait: Wait until everything has started up correctly before reporting any success message.
The selphid-sdk-1.0.0.tgz will be provided for deployment and will contain all the templates and configuration files needed for helm.
selphid-sdk
├─ .helmignore
├─ Chart.yaml
├─ values.yaml
└─ templates
├─ deployment.yaml
├─ pvc.yaml
├─ secret.yaml
├─ service.yaml
└─ serviceaccount.yaml
3.1 Chart.yaml
apiVersion: v2
appVersion: 1.0.0
description: A Helm chart for SelphID SDK
name: selphid-sdk
type: application
version: 1.0.0
3.2 values.yaml
In this file you should configure the deployment-specific values:
replicaCount: 1
image:
repository: selphid-sdk-rest-api
pullPolicy: IfNotPresent
tag: 6.8.0
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
license:
resources:
limits:
cpu: 4
memory: 8192Mi
requests:
cpu: 2
memory: 3072Mi
affinity:
podAntiAffinity:
enabled: true
nodeSelector: {}
tolerations: []
service:
type: NodePort
port: 8080
nodePort: 32080
storage:
class: standard
capacity: 100Mi
serviceAccount:
create: true
annotations: {}
name: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
4 Types of Instances
The recommended instance types for using the SelphID SDK service at a production level would be the following, where we see the SelphID SDK Pods that fit depending on the type of instance we use.
| Instance type | CPU | Memory | SDK Pod Capacity |
|---|---|---|---|
| c5.xlarge | 4 | 8 | 2 |
| c5.2xlarge | 8 | 16 | 4 |
| c5.4xlarge | 16 | 32 | 9 |