Gender identification helm chart
The Phonexia Gender Identification (GID) microservice is designed to estimate gender from voiceprints, which serves as representations of speakers.
Homepage: https://phonexia.com
Maintainers
Name | Url | |
---|---|---|
Phonexia | support@phonexia.com | https://www.phonexia.com |
Requirements
Kubernetes: >= 1.18.0-0
Helm: >= 3.2.0
Values
Key | Type | Default | Description |
---|---|---|---|
affinity | object | {} | Affinity for pod assignment |
annotations | object | {} | |
config.keepAliveTime | int | 60 | Time between 2 consecutive keep-alive messages, that are sent if there is no activity from the client. |
config.keepAliveTimeout | int | 20 | Time to wait for keep alive acknowledgement until the connection is dropped by the server. |
config.license.useSecret | bool | false | Get license from secret object |
config.license.value | string | "invalidLicenseKey" | License key |
config.listeningAddress | string | "[::]" | Override address where the server will listen |
config.logLevel | string | info | Override log level Supported values: error , warning , info , debug , trace |
config.model.file | string | "" | Name of a model file inside the volume, for example "xl-5.0.0.model" |
config.model.volume | object | {} | Volume with Phonexia model |
config.port | int | 8080 | Port where the service will listen. The value must be same as service.port. |
fullnameOverride | string | "" | String to fully override gender-identification.fullname template |
image.pullPolicy | string | "IfNotPresent" | Image pull policy |
image.registry | string | "registry.cloud.phonexia.com" | Image registry |
image.repository | string | "phonexia/dev/technologies/microservices/gender-identification" | Image repository |
image.tag | string | appVersion specified in Chart.yaml | See gender-identification on dockerhub for available tags |
imagePullSecrets | list | [] | Specify docker-registry secret names as an array |
ingress.annotations | object | {} | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. |
ingress.className | string | "" | Set the ingressClassName on the ingress record for k8s 1.18+ |
ingress.enabled | bool | false | Set to true to enable ingress record generation |
ingress.hosts[0] | object | {"host":"gender-identification.example.com","paths":[{"path":"/","pathType":"ImplementationSpecific"}]} | Default host for the ingress resource |
ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" | Ingress path type |
ingress.tls | list | [] | |
initContainers | list | [] | Init containers Evaluated as a template. |
nameOverride | string | "" | String to partially override gender-identification.fullname template (will maintain the release name) |
nodeSelector | object | {} | Node labels for pod assignment. |
podAnnotations | object | {} | Annotations for pods |
podSecurityContext | object | {} | Security context for pods |
replicaCount | int | 1 | Number of replicas to deploy |
resources | object | {} | The resources limits/requests for the gender-identification container |
securityContext | object | {} | Security context for gender-identification container |
service.clusterIP | string | "" | Use None to create headless service |
service.port | int | 8080 | Service port The port must be same as config.port |
service.type | string | "ClusterIP" | Service type |
serviceAccount.annotations | object | {} | Annotations to add to the service account |
serviceAccount.create | bool | true | Specifies whether a service account should be created |
serviceAccount.name | string | "" | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
tolerations | list | [] | Tolerations for pod assignment. |
Installation
To successfully install the chart you have to obtain license and model at first. Service is unable to start without model and/or license. Feel free to contact phonexia support to obtain model and license for evaluation purpose.
Model
There are 2 ways how to pass a model to pods:
- Pass the model via initContainer
- Pass the model via volume
Pass the model via initContainer
With this approach no persistent volume is needed. InitContainer is added to the pod instead. It downloads model from specified location to ephemeral volume which is shared with main container. This happens each time when pod is re-deployed.
In values file it looks like:
# Set config.model.volume to emptyDir
config:
model:
volume:
emptyDir: {}
file: "gid-xl-5.0.0.model"
initContainers:
- name: init-copy-model
image: alpine
command:
- sh
- -c
- |
set -e
# Install aws-cli package
apk add --no-cache aws-cli
# Create directory for models
mkdir -p /models
# Download model from s3 and store it to volume
aws s3 cp s3://some-bucket/some-path-to-model/gid-xl-5.0.0.model ${PHX_MODEL_PATH}
env:
# PHX_MODEL_PATH variable must be same as in main container
- name: "PHX_MODEL_PATH"
value: "/models/{{ .Values.config.model.file }}"
# Set AWS_* variables to make aws cli work
- name: "AWS_DEFAULT_REGION"
value: "us-east-1"
- name: "AWS_ACCESS_KEY_ID"
value: "AKAI...CN"
- name: "AWS_SECRET_ACCESS_KEY"
value: "0lW...Yw"
# Mount empty volume to initContainer
volumeMounts:
- name: '{{ include "gender-identification.fullname" . }}-models-volume'
mountPath: /models
Pass the model via volume
With this approach you need to create persistent volume, copy model there and mount it to pod.
Following example shows how to do it in EKS with EBS-based dynamic provisioning.
- Create persistentVolumeClaim
# filename: gender-identification.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gender-identification
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: ebs-sc
and apply it
kubectl apply -f gender-identification.yaml
- Create job which downloads model to persistent volume:
# filename: job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gender-identification-download-model
spec:
template:
spec:
containers:
- name: download-model
image: alpine
command:
- sh
- -c
- |
set -e
# Install aws-cli package
apk add --no-cache aws-cli
# Create directory for models
mkdir -p /models
# Download model from s3 and store it to volume
aws s3 cp s3://some-bucket/some-path-to-model/gid-xl-5.0.0.model ${PHX_MODEL_PATH}
env:
# PHX_MODEL_PATH variable must be same as .Values.config.model.file in values files
- name: "PHX_MODEL_PATH"
value: "/models/gid-xl-5.0.0.model"
# Set AWS_* variables to make aws cli work
- name: "AWS_DEFAULT_REGION"
value: "us-east-1"
- name: "AWS_ACCESS_KEY_ID"
value: "AKAI...CN"
- name: "AWS_SECRET_ACCESS_KEY"
value: "0lW...Yw"
volumeMounts:
- name: persistent-storage
mountPath: /models
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: gender-identification
restartPolicy: Never
backoffLimit: 3
Apply it and wait until job is finished:
kubectl apply -f job.yaml
- Configure values file to use existing PVC:
config:
model:
# Volume with Phonexia model
volume:
persistentVolumeClaim:
claimName: gender-identification
# Name of a model file inside the volume, for example "xl-5.0.0.model"
file: "gid-xl-5.0.0.model"
License
There are 2 ways how to pass license key to the chart:
- Pass the license key directly into values files
- Pass the license key via kubernetes secret
Pass the license key directly into values files
Use config.license.value
to set license key in values file:
config:
license:
useSecret: false
value: "<license_key>"
Replace <license_key>
with license key which is a long string, something like eyJ...ifQ==
.
Pass the license key via kubernetes secret
Create kubernetes secret at first:
kubectl --namespace <my-namespace> create secret generic <my-secret> --from-literal=license=<license_key>
where
<my-namespace>
is namespace where you plan to install the chart, my-secret
is name of the secret to be created and <license_key>
is actual license key.
In the end it should look like:
kubectl --namespace my-namespace create secret generic my-secret --from-literal=license=eyJ...ifQ==
Reference the secret in values file:
config:
license:
useSecret: true
secret: "my-secret"
key: "license"
Installing the Chart
When you have configure model and license you can proceed with installation itself. To install the chart with the release name my-release:
helm install my-release oci://registry-1.docker.io/phonexia/gender-identification
This command deploy gender-identification on the Kubernetes cluster in the default configuration.
Use --version
parameter to install specific version:
helm install my-release oci://registry-1.docker.io/phonexia/gender-identification --version 1.0.0-helm
Exposing the service
To expose the service outside of kubernetes cluster follow Using a Service to Expose Your App.
Ingress
Gender identification service is using GRPC protocol which can be exposed by some ingress controllers. For example nginx-ingress controller support this. To expose gender-identification service via ingress use following configuration:
ingress:
# Deploy ingress object
enabled: true
# Ingress class name
className: "nginx"
annotations:
# Force redirect to SSL
nginx.ingress.kubernetes.io/ssl-redirect: "true"
# Tell nginx that backend service use GRPC
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
hosts:
# Hostnames
- host: gender-identification.example.com
paths:
- path: /
pathType: ImplementationSpecific
# Use tls
tls:
# Secret containing TLS certificate
- secretName: gender-identification-tls
# TLS hostnames
hosts:
- gender-identification.example.com
Use grpcurl to check if everything works as expected. Output of the following command
$ grpcurl --insecure gender-identification.example.com:443 grpc.health.v1.Health/Check
should be
{
"status": "SERVING"
}
Uninstalling the Chart
To uninstall/delete the my-release release:
helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.