This repository contains a Helm chart which can be used to install Tonic via helm install.
Project structure:
.
├── templates
└── <All template files>
├── values.sample.yaml
└── README.md
Before deploying this setup, rename values.sample.yaml to values.yaml and configure the following values.
- This value will be provided by Tonic and must be input upon first startup of Tonic. Subsequently, it can be updated from within the Tonic Admin portal. Note that this was previously maintained via
tonicLicense, but this is no longer needed since version 519.
environmentName: E.g. "my-company-name", or if deploying multiple Tonic instances, "my-company-name-dev" or "my-company-name-prod to differentiate instances.
The connection details for the Postgres metadata/application database which holds Tonic's state (user accounts, workspaces, etc.).
tonicdb:
host:
port:
dbName:
user:
password:
sslMode:This value is used to support Consistency functionality across data generations.
tonicStatisticsSeed: Any signed 32-bit integer, i.e. between "-2147483648" and "2147483647". Wrap the values in quotes to avoid type issues with values larger than 6 digits.
numberOfWorkers: An integer. Increase to more than 1 to deploy additional workers. Each worker can run a single job (Data Generation or Privacy Scan) at a time. Multiple workers are needed to run jobs simultaneously. This sets the number of replicas in the Tonic Worker Deployment spec.
Tonic never collects your sensitive data. Enabling this option securely and safely shares logs with Tonic's engineering team. We recommend that you enable this option. See: https://docs.tonic.ai/app/admin/sharing-logs-with-tonic
enableLogCollection: "false" (default) or "true"
Tonic hosts our application images on a private quay.io repository. Authorization is required to pull the images.
dockerConfigAuth: This value will be provided to you by Tonic and will allow you to authenticate against our private docker image repository.
You can set this to a specific Tonic version number if you wish to ensure you always get the same version. Otherwise you will always deploy the latest version of Tonic.
tonicVersion: "latest" or a specific version tag. Tonic's tag convention is just the release number, e.g. "123". Release notes are available at doc.tonic.ai.
Refer to the Tonic documentation on Administrators for more information. This is optional and can be configured in the following section of the values.yaml file.
tonicai:
web_server:
# Comma separated list of user emails that should be have the Admin role in Tonic.
administrators: [email protected],[email protected]The Helm charts include default annotations for internal-facing load balancers for AWS and Azure. You can change to your preferred ingress method by modifying tonic-web-server-service.yaml.
Each of the deployment YAML template files contains resource requests and limits. In some cases these may need to be modified for your environment.
Other configuration items are necessary when using and to enable the following functionality. The Tonic support team will provide additional information if these apply for your use case.
- Connecting to a Snowflake database as a source and destination
- Connecting to a Redshift database as a source and destination
- For Professional and Enterprise licensed users, configuring login/authentication via Single Sign-On
- For Professional and Enterprise licensed users, configuring an email server for collaboration/commenting email notifications
To install Tonic, execute the following commands.
Create a namespace: kubectl create namespace <namespace_name>
$ kubectl create namespace my-tonic-namespace
namespace/my-tonic-namespace createdDeploy Tonic: helm install <name_of_release> -n <namespace_name> <path-to-helm-chart>
$ helm install my-tonic-release -n my-tonic-namespace .
NAME: my-tonic-release
LAST DEPLOYED: Fri Jun 10 11:31:31 2022
NAMESPACE: my-tonic-namespace
STATUS: deployed
REVISION: 1Use kubectl get all -n <namespace_name> to check that the Tonic pods are running:
The deployment may take a few minutes with pods in the ContainerCreating status. Re-run the command to get an updated status. Once all pods have a status of Running and deployments show READY as 1/1, Tonic should be available shortly after via browser at the URL/IP listed in the EXTERNAL-IP field next to the load balancer service. If you have modified the Helm chart ingress configuration, then this will vary. While not required, it's recommended to set up a more user-friendly domain routing to the Tonic web application.
❯ kubectl get all -n my-tonic-namespace
NAME READY STATUS RESTARTS AGE
pod/tonic-notifications-578d8b8568-7tktx 0/1 ContainerCreating 0 3s
pod/tonic-pyml-service-7d99675b89-2jktq 0/1 ContainerCreating 0 3s
pod/tonic-web-server-b4b795d8-bbr6g 0/1 Running 0 3s
pod/tonic-worker-b8f87bc5c-srd6p 0/1 ContainerCreating 0 3s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/tonic-notifications ClusterIP 10.100.211.114 <none> 7000/TCP,7001/TCP 3s
service/tonic-pyml-service ClusterIP 10.100.202.103 <none> 7700/TCP 3s
service/tonic-web-server LoadBalancer 10.100.105.239 <load-balancer-assigned-url> 443:32479/TCP 3s
service/tonic-worker ClusterIP 10.100.26.158 <none> 8080/TCP,4433/TCP 3s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/tonic-notifications 0/1 1 0 3s
deployment.apps/tonic-pyml-service 0/1 1 0 3s
deployment.apps/tonic-web-server 0/1 1 0 3s
deployment.apps/tonic-worker 0/1 1 0 3s
NAME DESIRED CURRENT READY AGE
replicaset.apps/tonic-notifications-578d8b8568 1 1 0 3s
replicaset.apps/tonic-pyml-service-7d99675b89 1 1 0 3s
replicaset.apps/tonic-web-server-b4b795d8 1 1 0 3s
replicaset.apps/tonic-worker-b8f87bc5c 1 1 0 3sYou can validate that Tonic has fully started up and is in a healthy state by running kubectl logs deployment/tonic-web-server -n <namespace_name> | grep listening and checking for the following output.
❯ kubectl logs deployment/tonic-web-server -n my-tonic-namespace | grep listening
[2022-06-10T16:48:29+00:00 INF Microsoft.Hosting.Lifetime] Now listening on: http://0.0.0.0:80
[2022-06-10T16:48:29+00:00 INF Microsoft.Hosting.Lifetime] Now listening on: https://0.0.0.0:443- Check that Tonic is successfully connecting to the application database.
Run
kubectl logs deployment/tonic-web-server -n <namespace_name> | grep "Failed to connect". If you see aFailed to connect to db during startup. Retrying in 5 seconds...message like below, Tonic is not able to connect to your Postgres application database. Please verify the network path between Tonic and the database as well as the connection parameters.
❯ kubectl logs deployment/tonic-web-server -n my-tonic-namespace | grep "Failed to connect"
[2022-06-10T16:50:40+00:00 WRN ] Failed to connect to db during startup. Retrying in 5 seconds...
[2022-06-10T16:50:45+00:00 WRN ] Failed to connect to db during startup. Retrying in 5 seconds...
[2022-06-10T16:50:50+00:00 WRN ] Failed to connect to db during startup. Retrying in 5 seconds...
[2022-06-10T16:50:55+00:00 WRN ] Failed to connect to db during startup. Retrying in 5 seconds...- If Tonic appears to be running and in a healthy state but you are unable to load the UI, verify that Tonic is reachable. Common issues may be a requirement to be on a VPN , firewall rules preventing access, or another issue with the ingress configuration used to expose your cluster to external user traffic.