We’ll install Studio and related components in a dedicated studio namespace.
Let’s create it now:
$ kubectl create namespace studio
Note: If you want to install Studio in any other namespace, modify the
--namespaceflag in the commands below accordingly
Configure Credentials for pulling images from our private registry:
$ kubectl create secret docker-registry iterativeai \
--namespace studio \
--docker-server=docker.iterative.ai \
--docker-username=<username> \
--docker-password=<password>
It is desired to enable Studio access via the https protocol
(as opposed to http). This requires setting up
a TLS secret for access (whether self-signed or “real”).
First, we’ll need to obtain a TLS/SSL certificate
and then, load it into a kubernetes secret in the namespace studio
will be installed in.
To create an SSL cert, you will need to know the domain (FQDN) that Studio
will be accessible from (e.g. studio.iterative.ai for the official SaaS
installation).
Note: We will now go over generating TLS cert with the
opensslcommand. If you already have a TLS certificate available, skip ahead to loading the crt/key files into the kubernetes secret
As an example, we’ll assume your Studio installation will be available
via: https://my-studio.private.com. We’ll also use a self-signed
certificate for the sake of simplicity. Of course, for a production
installation we recommend using a certificate signed by a trusted CA.
Let’s create a self-signed SSL cert using openssl (you may need to install it):
openssl req \
-x509 -newkey rsa:4096 -sha256 -nodes \
-keyout tls.key -out tls.crt \
-subj "/CN=my-studio.private.com" \
-addext "subjectAltName = DNS:my-studio.private.com" \
-days 365
This will create the files tls.crt & tls.key in your current dir.
Now, let’s create a TLS secret containing the contents from this cert:
kubectl create secret tls studio-ingress-tls \
--namespace studio \
--cert=tls.crt \
--key=tls.key
We will refer to this secret in the below installation instructions.
Now, we are ready to deploy Studio using the Helm chart.
Add the iterative Helm repository:
$ helm repo add iterative https://helm.iterative.ai
To install studio with all default values (for sanity, testing), Run the following command:
$ helm install studio iterative/studio \
--namespace studio \
--set-json='imagePullSecrets=[{"name": "iterativeai"}]'
Realistically, for a functional Studio app instance, you’ll need to configure multiple values. In this example we’ll prepare a more realistic and functional installation.
Assumptions:
my-studio.private.com
(we’ve registered this domain and made sure to redirect to our cluster).studio-ingress-tls we’ve created in a previous step.Create a file named studio-values.yaml, with the following contents:
imagePullSecrets:
- name: iterativeai
global:
host: "my-studio.private.com"
secretKey: "768d4238-1257-4500-89ce-7ac6aea5c5c9"
ingress:
enabled: true
className: nginx
tlsEnabled: true
tlsSecretName: studio-ingress-tls
scmProviders:
github:
enabled: true
appId: "<app-id>"
appName: "iterative-studio-selfhosted"
clientId: "<gh-client-id>"
clientSecret: "<gh-app-secret>"
webhookUrl: "https://my-studio.private.com/webhook/github"
privateKey: |-
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
Studio’s studio-values.yaml file points to the latest image tag, instructing Helm to always pull
down the latest image from the registry.
Optional: Pinning Studio Version
If you wish to install/update Studio at a specific version, update the studio-values.yaml file with the following:
studioUi:
image:
tag: "<version>"
studioBackend:
image:
tag: "<version>"
To update the existing Studio deployment, run the following commands
$ helm dependency update
$ helm upgrade --install --atomic studio studio/ --namespace studio -f override.yaml
Execute the following command to uninstall Studio from your environment:
$ helm uninstall studio --namespace studio
See values file with all available configuration flags.