triton_with_https
๐: apiVersion: v1
kind: Service
metadata:
name: {{ template "triton-inference-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "triton-inference-server.name" . }}
chart: {{ template "triton-inference-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 8000
targetPort: http
name: http-inference-server
- port: 8001
targetPort: grpc
name: grpc-inference-server
- port: 8002
targetPort: metrics
name: metrics-inference-server
selector:
app: {{ template "triton-inference-server.name" . }}
release: {{ .Release.Name }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "triton-inference-server-metrics.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "triton-inference-server-metrics.name" . }}
chart: {{ template "triton-inference-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
alpha.monitoring.coreos.com/non-namespaced: "true"
spec:
ports:
- name: metrics
port: 8080
targetPort: metrics
protocol: TCP
selector:
app: {{ template "triton-inference-server.name" . }}
release: {{ .Release.Name }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "triton-inference-server-metrics-monitor.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "triton-inference-server-metrics-monitor.name" . }}
chart: {{ template "triton-inference-server.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
selector:
matchLabels:
app: {{ template "triton-inference-server-metrics.name" . }}
endpoints:
- port: metrics
interval: 15s
How can I add HTTPS into the above triton server helm chart
๐ค: To add HTTPS to your Triton server Helm chart, you need to make a few changes.
Firstly, you need to add a new port to your service definition for HTTPS. You can do this by adding a new - port: section under the ports: section. Here's how you can do it:
ports:
- port: 8000
targetPort: http
name: http-inference-server
- port: 8001
targetPort: grpc
name: grpc-inference-server
- port: 8002
targetPort: metrics
name: metrics-inference-server
- port: 8443
targetPort: https
name: https-inference-server
Next, you need to add a new - name: section under the selector: section. This will allow the service to route traffic to the correct pods. Here's how you can do it:
selector:
app: {{ template "triton-inference-server.name" . }}
release: {{ .Release.Name }}
name: https-inference-server
Finally, you need to add a new - name: section under the ports: section in the ServiceMonitor definition. This will allow Prometheus to scrape metrics from the HTTPS endpoint. Here's how you can do it:
spec:
selector:
matchLabels:
app: {{ template "triton-inference-server-metrics.name" . }}
endpoints:
- port: metrics
interval: 15s
- port: https-inference-server
interval: 15s
Please note that you need to ensure that your Triton server is configured to use HTTPS. This usually involves setting up a certificate and a private key, and configuring the server to use them.
๐: How would I configure the server to use HTTPS by creating cert and key?
๐ค: To configure your server to use HTTPS, you need to create a certificate and a private key. This is typically done using a tool like OpenSSL. Here's a basic example of how you can do it:
- Generate a private key:
openssl genrsa -out server.key 2048
- Generate a certificate signing request (CSR):
openssl req -new -key server.key -out server.csr
You will be asked to enter details such as your country, state, organization, etc.
- Generate a self-signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
This will create a self-signed certificate that is valid for 365 days.
- Configure your server to use the certificate and key. The exact steps will depend on your server software, but typically, you would specify the path to the certificate and key in your server configuration file.
For example, if you're using Nginx, you would add the following lines to your server block:
listen 443 ssl;
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server.key;
Remember to replace /path/to/server.crt and /path/to/server.key with the actual paths to your certificate and key files.
Please note that self-signed certificates are not trusted by default. If you want to use a certificate that is trusted by browsers, you will need to obtain a certificate from a certificate authority (CA).
๐: Would I need to add the ssl_certificate and ssl_certificate_key to triton's helm chart above?
๐ค: No, you don't need to add the ssl_certificate and ssl_certificate_key to the Triton server's Helm chart. The Helm chart is used to define the Kubernetes resources, but it doesn't handle the configuration of the Triton server itself.
The ssl_certificate and ssl_certificate_key are typically set in the configuration of the server software itself, not in the Helm chart.
If you're using a Kubernetes Ingress Controller, you can use a Kubernetes Secret to store your SSL certificate and key, and then reference that Secret in your Ingress resource. Here's an example of how you can do it:
- Create a Kubernetes Secret:
kubectl create secret tls my-tls-secret --key server.key --cert server.crt
- In your Ingress resource, reference the Secret:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
tls:
- hosts:
- my-domain.com
secretName: my-tls-secret
rules:
- host: my-domain.com
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: my-service
port:
number: 443
In this example, replace my-domain.com with your domain name, and my-service with the name of your service.
If you're not using an Ingress Controller, you can configure your Triton server to use the SSL certificate and key directly. The exact steps will depend on your Triton server software, but typically, you would specify the path to the certificate and key in your server configuration file.