AWS Self Hosting
Learn how to self-host Trieve on AWS
Installing Trieve on AWS (EKS)
Things you need
- Domain name
- An allowance for at least 8vCPU for G and VT instances
- helm cli
- aws cli
- kubectl
- k9s (optional)
Clone the Trieve repository
Login to AWS
Provision Terraform
aws should be configured with your IAM credentails chosen. Run the following commands to create the EKS cluster
Login to the cluster
Set up your kubeconfig to point to the new cluster
Install Trieve Depenedencies
Trieve depends on the following:
- Keycloak (or some other oidc compliant Auth Provider)
- Postgres We are using RDS for this.
- Redis We are using Elasticache
- Clickhouse We are using clickhouse-operator
- Qdrant We are using qdrant-operator
Ingress nginx + Cert Manager (optional)
Ingress-nginx + Cert manager is how we will expose the trieve services to the internet. Feel free to use whatever ingress controller you are comfortable with.
For this guide we will be using ingress-nginx and cert-manager only for the keycloak installation.
Clickhouse
First install the clickhouse operator and clickhouse installation.
Note that this has a preconfigured password and user. We will use these in the helm chart. They will need to be changed in a production environment according to your password policy.
Check the status of the clickhouse installation.
OIDC Compliant server (Keycloak)
This is an example of installing keycloak on GCP. You can use any other OIDC compliant provider. Note that this is using postgresql as a statefulset with a prefilled username/password, you can use a managed service like CloudSQL or CloudNativePG. For higher security.
This also includes a KeycloakRealm that contains the recommended default settings for a keycloak realm. This also has a prefilled clientSecret which should be rotated post installation.
Qdrant helm chart
For Qdrant we recommend you install it via helm chart, with these values.yaml. Note that this is for a qdrant cluster with 3 nodes and 10 GB ram per node.
Each node also has qdrant-node taint on it, so that the trieve pods can be scheduled on the same nodes types
Note that apiKey
is also preset to qdrant-api-key
, this may need to be changed if you plan on enabling
qdrant ingress.
Verify Qdrant is installed
Redis
For simplicity, we are using Elasticache. This was configured in the terraform script. You can view the ip using
set values in the helm/values.aws.yaml
file
Postgresql (via RDS)
You can get your RDS connection string using the following command
Be sure to update your postgresql URI helm/values.aws.yaml
with the correct connection string if you modified the default values
Install Trieve
Modify domain names for ingresses
Install the helm chart
Verify the installation
After installing, kubectl get deployments
should look like this.
Set Ingress
Get Ingress ip address
You will get an output like this:
Add A records
Add A records to your domain registrar with the IP address of the ingress.
You will also need to update any other references to that domain name in the helm/values.aws.yaml
file.
Ensure you run helm upgrade -i -f helm/values.aws.yaml trieve-aws helm/
after making changes. to apply them.