Installing Trieve on AWS (EKS)

Things you need

  • Domain name
  • An allowance for at least 8vCPU for G and VT instances
  • helm cli
  • aws cli
  • kubectl
  • k9s (optional)

Clone the Trieve repository

git clone https://github.com/devflowinc/trieve.git
cd trieve

Login to AWS

aws configure

Provision Terraform

aws should be configured with your IAM credentails chosen. Run the following commands to create the EKS cluster

cd terraform/aws
terraform init
terraform apply

Login to the cluster

Set up your kubeconfig to point to the new cluster

aws eks update-kubeconfig --region us-east-2 --name trieve-aws-cluster

Install Trieve Depenedencies

Trieve depends on the following:

  • Keycloak (or some other oidc compliant Auth Provider)
  • Postgres We are using RDS for this.
  • Redis We are using Elasticache
  • Clickhouse We are using clickhouse-operator
  • Qdrant We are using qdrant-operator

Ingress nginx + Cert Manager (optional)

Ingress-nginx + Cert manager is how we will expose the trieve services to the internet. Feel free to use whatever ingress controller you are comfortable with.

For this guide we will be using ingress-nginx and cert-manager only for the keycloak installation.


# To install ingress-nginx
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0-beta.0/deploy/static/provider/cloud/deploy.yaml
# To install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml
# To install ClusterIssuer for keycloak
kubectl apply -f helm/test-production/keycloak-extras/cluster-issuer.yaml

Clickhouse

First install the clickhouse operator and clickhouse installation.

Note that this has a preconfigured password and user. We will use these in the helm chart. They will need to be changed in a production environment according to your password policy.


kubectl apply -f helm/test-production/clickhouse/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/clickhouse/

Check the status of the clickhouse installation.


kubectl get ClickhouseInstallations

NAME                CLUSTERS   HOSTS   STATUS      HOSTS-COMPLETED   AGE
trieve-clickhouse   1          1       Completed                     3m3s

OIDC Compliant server (Keycloak)

This is an example of installing keycloak on GCP. You can use any other OIDC compliant provider. Note that this is using postgresql as a statefulset with a prefilled username/password, you can use a managed service like CloudSQL or CloudNativePG. For higher security.

This also includes a KeycloakRealm that contains the recommended default settings for a keycloak realm. This also has a prefilled clientSecret which should be rotated post installation.

kubectl apply -f helm/test-production/keycloak/
# Apply twice to ensure crds are installed
kubectl apply -f helm/test-production/keycloak/
kubectl get sts trieve-keycloak

Qdrant helm chart

For Qdrant we recommend you install it via helm chart, with these values.yaml. Note that this is for a qdrant cluster with 3 nodes and 10 GB ram per node.

Each node also has qdrant-node taint on it, so that the trieve pods can be scheduled on the same nodes types

Note that apiKey is also preset to qdrant-api-key, this may need to be changed if you plan on enabling qdrant ingress.

helm repo add qdrant https://qdrant.github.io/qdrant-helm
helm repo update
helm upgrade -i qdrant qdrant/qdrant -f helm/test-production/qdrant-values.yaml

Verify Qdrant is installed

kubectl get sts qdrant
NAME     READY   AGE
qdrant   3/3     54s

Redis

For simplicity, we are using Elasticache. This was configured in the terraform script. You can view the ip using

cd terraform/aws
terraform output

set values in the helm/values.aws.yaml file


config:
  redis:
    uri: redis://<your-redis-uri>

Postgresql (via RDS)

You can get your RDS connection string using the following command

cd terraform/aws
terraform output

Be sure to update your postgresql URI helm/values.aws.yaml with the correct connection string if you modified the default values

postgres:
  dbURI: "postgres://postgres:password@cloud-sql:5432/postgres"

Install Trieve

Modify domain names for ingresses

domains:
  dashboard:
    host: dashboard.trieve.ai
    class: alb
  server:
    host: api.trieve.ai
    class: alb
  search:
    host: search.trieve.ai
    class: alb
  chat:
    host: chat.trieve.ai
    class: gce

Install the helm chart


helm upgrade -i -f helm/values.aws.yaml trieve-aws helm/

Verify the installation

After installing, kubectl get deployments should look like this.

NAME                READY   UP-TO-DATE   AVAILABLE   AGE
bktree-worker       1/1     1            1           14m
chat                1/1     1            1           14m
crawl-worker        1/1     1            1           14m
dashboard           1/1     1            1           14m
delete-worker       1/1     1            1           14m
group-worker        1/1     1            1           14m
ingest              10/10   10           10          14m
keycloak-operator   1/1     1            1           46m
redis               1/1     1            1           46m
search              1/1     1            1           14m
server              3/3     1            0           14m
sync-qdrant         0/0     0            0           14m
word-worker         1/1     1            1           14m

Set Ingress

Get Ingress ip address


kubectl get ingress

You will get an output like this:

ingress-chat                alb    chat.yourdomain.com        4.157.193.10   80, 443   7m43s
ingress-dashboard           alb    dashboard.yourdomain.com   4.157.193.10   80, 443   7m43s
ingress-keycloak            alb    auth.yourdomain.com        4.157.193.10   80, 443   20m
ingress-search              alb    search.yourdomain.com      4.157.193.10   80, 443   7m43s
ingress-server              alb    api.yourdomain.com         4.157.193.10   80, 443   7m43s

Add A records

Add A records to your domain registrar with the IP address of the ingress.

chat.yourdomain.com      -> 4.157.193.10 # Example IP
dashboard.yourdomain.com -> 4.157.193.10 # Example IP
search.yourdomain.com    -> 4.157.193.10 # Example IP
api.yourdomain.com       -> 4.157.193.10 # Example IP

You will also need to update any other references to that domain name in the helm/values.aws.yaml file.

Ensure you run helm upgrade -i -f helm/values.aws.yaml trieve-aws helm/ after making changes. to apply them.