Gender Identification Helm Chart
The Phonexia Gender Identification (GID) microservice is designed to estimate gender from voiceprints, which serve as representations of speakers.
Maintainers
| Name | Url | |
|---|---|---|
| Phonexia | support@phonexia.com | https://www.phonexia.com |
Requirements
Kubernetes: >= 1.18.0-0
Helm: >= 3.2.0
Values
| Key | Type | Default | Description |
|---|---|---|---|
| affinity | object | {} | Affinity for pod assignment |
| annotations | object | {} | Annotations for the pods |
| config.license.useSecret | bool | false | Retrieve license from a secret object |
| config.license.value | string | "invalidLicenseKey" | License key |
| config.listeningAddress | string | "[::]" | Address where the server will listen |
| config.logLevel | string | info | Override log level. Supported values: error, warning, info, debug, trace |
| config.model.file | string | "" | Name of a model file inside the volume, for example "xl-5.0.0.model" |
| config.model.volume | object | {} | Volume with the Phonexia model |
| config.port | int | 8080 | Port where the service will listen. The value must be the same as service.port |
| fullnameOverride | string | "" | String to fully override the gender-identification.fullname template |
| image.pullPolicy | string | "IfNotPresent" | Image pull policy |
| image.registry | string | "registry.cloud.phonexia.com" | Image registry |
| image.repository | string | "phonexia/dev/technologies/microservices/gender-identification" | Image repository |
| image.tag | string | appVersion specified in Chart.yaml | See gender-identification on Docker Hub for available tags |
| imagePullSecrets | list | [] | Specify Docker registry secret names as an array |
| ingress.annotations | object | {} | Additional annotations for the Ingress resource. To enable certificate autogeneration, place your cert-manager annotations here |
| ingress.className | string | "" | Set the ingressClassName on the ingress record for k8s 1.18+ |
| ingress.enabled | bool | false | Set to true to enable ingress record generation |
| ingress.hosts[0] | object | {"host":"gender-identification.example.com","paths":[{"path":"/","pathType":"ImplementationSpecific"}]} | Default host for the ingress resource |
| ingress.hosts[0].paths[0].pathType | string | "ImplementationSpecific" | Ingress path type |
| ingress.tls | list | [] | TLS configuration for the ingress |
| initContainers | list | [] | Init containers evaluated as a template |
| nameOverride | string | "" | String to partially override the gender-identification.fullname template (will maintain the release name) |
| nodeSelector | object | {} | Node labels for pod assignment |
| podAnnotations | object | {} | Annotations for pods |
| podSecurityContext | object | {} | Security context for pods |
| replicaCount | int | 1 | Number of replicas to deploy |
| resources | object | {} | Resource limits/requests for the gender-identification container |
| securityContext | object | {} | Security context for the gender-identification container |
| service.clusterIP | string | "" | Use None to create a headless service |
| service.port | int | 8080 | Service port. The port must be the same as config.port |
| service.type | string | "ClusterIP" | Service type |
| serviceAccount.annotations | object | {} | Annotations to add to the service account |
| serviceAccount.create | bool | true | Specifies whether a service account should be created |
| serviceAccount.name | string | "" | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | [] | Tolerations for pod assignment |
Installation
To successfully install the chart, you must obtain a license and model at first. The service cannot start without the model and/or license. Feel free to contact phonexia support to obtain a model and license for evaluation purposes.
Model
There are 2 ways how to pass a model to pods:
- Pass the model via an initContainer
- Pass the model via a volume
Pass the model via initContainer
With this approach, no persistent volume is needed. An initContainer is added to the pod instead. It downloads the model from a specified location to an ephemeral volume, which is shared with the main container. This happens each time the pod is re-deployed.
In the values file it looks like:
# Set config.model.volume to emptyDir
config:
model:
volume:
emptyDir: {}
file: "gid-xl-5.0.0.model"
initContainers:
- name: init-copy-model
image: alpine
command:
- sh
- -c
- |
set -e
# Install aws-cli package
apk add --no-cache aws-cli
# Create directory for models
mkdir -p /models
# Download model from s3 and store it to volume
aws s3 cp s3://some-bucket/some-path-to-model/gid-xl-5.0.0.model ${PHX_MODEL_PATH}
env:
# PHX_MODEL_PATH variable must be same as in main container
- name: "PHX_MODEL_PATH"
value: "/models/{{ .Values.config.model.file }}"
# Set AWS_* variables to make aws cli work
- name: "AWS_DEFAULT_REGION"
value: "us-east-1"
- name: "AWS_ACCESS_KEY_ID"
value: "AKAI...CN"
- name: "AWS_SECRET_ACCESS_KEY"
value: "0lW...Yw"
# Mount empty volume to initContainer
volumeMounts:
- name: '{{ include "gender-identification.fullname" . }}-models-volume'
mountPath: /models
Pass the model via volume
With this approach you need to create a persistent volume, copy the model there, and mount it to the pod.
The following example shows how to do this in EKS with EBS-based dynamic provisioning.
- Create persistentVolumeClaim
# filename: gender-identification.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: gender-identification
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: ebs-sc
and apply it
kubectl apply -f gender-identification.yaml
- Create a job that downloads the model to a persistent volume:
# filename: job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: gender-identification-download-model
spec:
template:
spec:
containers:
- name: download-model
image: alpine
command:
- sh
- -c
- |
set -e
# Install aws-cli package
apk add --no-cache aws-cli
# Create directory for models
mkdir -p /models
# Download model from s3 and store it to volume
aws s3 cp s3://some-bucket/some-path-to-model/gid-xl-5.0.0.model ${PHX_MODEL_PATH}
env:
# PHX_MODEL_PATH variable must be same as .Values.config.model.file in values files
- name: "PHX_MODEL_PATH"
value: "/models/gid-xl-5.0.0.model"
# Set AWS_* variables to make aws cli work
- name: "AWS_DEFAULT_REGION"
value: "us-east-1"
- name: "AWS_ACCESS_KEY_ID"
value: "AKAI...CN"
- name: "AWS_SECRET_ACCESS_KEY"
value: "0lW...Yw"
volumeMounts:
- name: persistent-storage
mountPath: /models
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: gender-identification
restartPolicy: Never
backoffLimit: 3
Apply it and wait until the job is finished:
kubectl apply -f job.yaml
- Configure values file to use existing PVC:
config:
model:
# Volume with Phonexia model
volume:
persistentVolumeClaim:
claimName: gender-identification
# Name of a model file inside the volume, for example "xl-5.0.0.model"
file: "gid-xl-5.0.0.model"
License
There are 2 ways to pass the license key to the chart:
- Pass the license key directly into the values files
- Pass the license key via Kubernetes secret
Pass the license key directly into values files
Use config.license.value to set license key in values file:
config:
license:
useSecret: false
value: "<license_key>"
Replace <license_key> with the actual license key, which is a long string, something like eyJ...ifQ==.
Pass the license key via Kubernetes secret
Create kubernetes secret at first:
kubectl --namespace <my-namespace> create secret generic <my-secret> --from-literal=license=<license_key>
where
<my-namespace> is the namespace where you plan to install the chart, my-secret is name of the secret to be created and <license_key> is the actual license key.
In the end it should look like:
kubectl --namespace my-namespace create secret generic my-secret --from-literal=license=eyJ...ifQ==
Reference the secret in the values file:
config:
license:
useSecret: true
secret: "my-secret"
key: "license"
Installing the Chart
When you have configured the model and license, you can proceed with the installation itself. To install the chart with the release name my-release:
helm install my-release oci://registry-1.docker.io/phonexia/gender-identification
This command deploys gender-identification on the Kubernetes cluster in the default configuration.
Use --version parameter to install a specific version:
helm install my-release oci://registry-1.docker.io/phonexia/gender-identification --version 1.0.0-helm
Exposing the service
To expose the service outside of the Kubernetes cluster follow Using a Service to Expose Your App.
Ingress
Gender identification service is using GRPC protocol, which can be exposed by some ingress controllers. For example, the nginx-ingress controller supports this. To expose gender-identification service via ingress, use the following configuration:
ingress:
# Deploy ingress object
enabled: true
# Ingress class name
className: "nginx"
annotations:
# Force redirect to SSL
nginx.ingress.kubernetes.io/ssl-redirect: "true"
# Tell nginx that backend service use GRPC
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
hosts:
# Hostnames
- host: gender-identification.example.com
paths:
- path: /
pathType: ImplementationSpecific
# Use tls
tls:
# Secret containing TLS certificate
- secretName: gender-identification-tls
# TLS hostnames
hosts:
- gender-identification.example.com
Use grpcurl to check if everything works as expected. Output of the following command:
$ grpcurl --insecure gender-identification.example.com:443 grpc.health.v1.Health/Check
should be:
{
"status": "SERVING"
}
Uninstalling the Chart
To uninstall/delete the my-release release:
helm delete my-release
The command removes all the Kubernetes components associated with the chart and deletes the release.