Downloading and Configuring Saagie

Download the Saagie installer and begin the configuration process, which takes place in your terminal command line. Answer to a series of prompts to generate the .mdl files, which will be used during the installation process.

Default answers are in [brackets].
Before you begin:
  1. Download the latest Saagie installer for Linux.

  2. Configure Saagie by following these steps:

    1. Launch the installer.

    2. Choose the deployment mode.

    3. Configure the cluster settings.

    4. Define the platform URL.

    5. Define the SMTP (Simple Mail Transfer Protocol).

    6. Configure the platform settings.

    7. Define the Kubernetes CIDR (Classless Inter-Domain Routing).

    8. Assign the pods.

    9. Define the access modes.

    10. Configure Prometheus authentication.

    11. Configure the HTTP proxy.

    12. Configure the storage size settings.

    13. Configure EKS (Amazon EKS Only).

    14. Configure ingress.

    15. Set the Docker registry (dedicated mode only)

    16. Configure the technology repository (dedicated mode only)

    17. Retrieve the Saagie file.

    As you work through the configuration process, answer carefully to prompts. It is much easier to make a correction before moving on to the next prompt.

    In case of error, follow these instructions:

    1. Close the installer.

    2. Delete the .mdl file that contains the mistake.

    3. Relaunch the installer.

    4. Continue to follow the prompts.

Launch the Installer

  1. Launch the installer, by running the following command:

    ./bin/saagiectl configure
  2. Answer all the prompts.

    • Each prompt is described in detail in the sections below. Follow along with this document as you complete the configuration process.

    • Each prompt generates a file.

Deployment Mode

settings note a File generated → deploymentmode.mdl

What is your K8s provider ? (valid answers: gke, eks, aks, custom) [custom]:

Where:

  • gke is for Google Cloud.

  • eks is for Amazon Web Services.

  • aks is for Microsoft Azure.

  • custom is for any other type of Kubernetes cluster management.

What is the type of registry? (valid answers: 'OFFICIAL', 'CUSTOM') [OFFICIAL]:

Where:

  • If you choose OFFICIAL, Docker images will be pulled from the Saagie Docker registry.

  • If you choose CUSTOM, Docker images will be pulled from your Docker registry.

Authentication Mode (valid answers: LDAP, STANDARD) [STANDARD]:

Where:

  • LDAP is to rely on your corporate LDAP for identity and access management.

  • STANDARD is to rely on Saagie's built-in user management.

Cluster Settings

settings note a File generated → settings.mdl

Metric data is mandatory for billing. It is also sent to the Saagie server. To opt out of sending anonymous data, choose false. (valid answers: 'true' or 'false') [true]:

Where:

  • true is to keep anonymous data tracking.

  • false is to avoid sending anonymous data.

Do you need a custom extra volume for FluentBit ? (valid answers: 'true' or 'false') [false]:

Where:

  • true is to customize the Fluent Bit volume.

  • false is to keep the default volume.

Expose Prometheus endpoint ? (valid answers: 'true' or 'false') [false]:

Where:

  • true is to expose Prometheus metrics via HTTP.

  • false will ask you for your username and password later.

We use Prometheus for monitoring purposes.
Do you need to define a HTTP/HTTPS proxy ? (valid answers: 'true' or 'false') [false]:

Where:

  • true is to define HTTP/HTTPS proxy.

  • false will ask you to provide HTTP/HTTPS proxy and the related credentials, if any.

Define affinities for deployment ? (valid answers: 'true' or 'false') [false]:

We recommend answering true to have a node dedicated to running Saagie.

Define tolerations for deployment ? (valid answers: 'true' or 'false') [false]:

We recommend answering true to have a node dedicated to running Saagie.

Platform URL

settings note a File generated → url.mdl

The answers to these prompts must match what you determined for your DNS entry.

Platform url prefix:

It must be the same prefix that you will use for your DNS entry.
For example, dunder.

We strongly recommend that you use your company name or a shortened version of it.
Platform url suffix:

It must be the same suffix you will use for your DNS entry.
For example, workspace.

Platform url domain:

This is the DNS entry under which your Saagie instance will be hosted.
For example, dundermifflin.com.

→ The above sample answers results in the URL dunder-workspace.dundermifflin.com.

SMTP (Simple Mail Transfer Protocol)

settings note a File generated → smtp.mdl

SMTP Host:

This is the IP or DNS name of the SMTP host.
For example, smtp.mailgun.org.

SMTP Port (number required) [25]:

The answer is usually either 25, 465, or 587.

SMTP: Enable authentication (valid answers: 'true' or 'false') [true]:

Where:

  • true is to enable the SMTP authentication, if any.

  • false is to disable the SMTP authentication, if you don’t have any.

SMTP: Transport protocol (valid answers: smtp, smtps) [smtp]:

Choose between smtp or smtps depending on your infrastructure.

SMTP: Enable starttls (valid answers: 'true' or 'false') [true]:

Where:

  • true is to allow the SMTP server to negotiate the use of TLS.

  • false is to prevent the SMTP server to negotiate the use of TLS.

SMTP username:
SMTP password:
Repeat for confirmation:

SMTP username and SMTP password are the credentials of the account from which Saagie emails will be sent.

The password must contain at least eight characters, including upper case (A-Z), lower case (a-z), numbers (0-9), and special characters (!, $, #, %, etc).
Platform email sender ? (your SMTP gateway must allow this email address as the sender):

This is the email address used to send emails from Saagie.

The email address can be used for job alerts and resetting your password.

Platforms

How many platform(s) do you want to create/configure/install? (number required) [1]: 2
  • Number of platforms you want.

What is the Platform name?:
  • You can choose whatever works for your needs.

  • The Platform name will be displayed in the Platforms menu.

What is the Platform authorized egress CIDR block? [0.0.0.0/0]:
  • Define a destination network authorized for platform egress (outgoing) communication.

Do you want to enable GPU option ? (valid answers: 'true' or 'false') [false]:
  • Enable the GPU option (mandatory to be able to run processes across GPU nodes).

Do you want to customize the data lake url ? (valid answers: 'true' or 'false') [false]
Custom data lake url: http://www.mydatalakeurl.com
  • Define a custom url for this platform’s data lake.

File generated: platforms.mdl

Kubernetes CIDR

K8S CIDR IP Range [0.0.0.0/0]:
  • This is the IP address or range where you join your Kubernetes API server.

  • You must use the physical network interface IP/range of your master server, not the cluster IP of the Kubernetes service in the default namespace.

  • Remember to add /32 as a netmask if you specify a single address.

File generated: k8scidr.mdl

Affinities

What is affinity for common pods ? :
{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"type.saagie.io/common","operator":"In","values":[true]}]}]}}}
What is affinity for jobs pods ? :
{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"type.saagie.io/common","operator":"In","values":[true]}]}]}}}

File generated: affinities.mdl

Tolerations

What are tolerations for common pods ? :
[{"effect":"NoSchedule","key":"type.saagie.io/common","operator":"Equal","value":true}]
What are tolerations for jobs pods ? :
[{"effect":"NoSchedule","key":"type.saagie.io/jobs","operator":"Equal","value":true}]

File generated: tolerations.mdl

Fluent Bit volume

You will only respond to these prompts if you responded true to the Fluent Bit volume prompt in the settings section.

Fluent Bit volume mountPath:

File generated: fluentbit.mdl

Standard access

You will only respond to these prompts if you responded STANDARD to the Authentication Mode prompt in the Deployment mode section.

Standard Password:
Repeat for confirmation:
  • Password used by M2M user for internal communication.

Password must use all of the following types of characters: uppercase letters, lowercase letters, numbers, special characters.
  • This is the default user with administrative rights that will be used for Saagie internal services communication.

File generated: keycloakaccess.mdl

Customer access

You will only respond to these prompts if you responded STANDARD to the Authentication Mode prompt in the Deployment mode section.

Customer Password:
Repeat for confirmation:
  • Password for customer_admin user.

  • This is the default user with administrative rights that you will use to connect to Saagie UI for the first time.

File generated: customeraccess.mdl

LDAP access

LDAP Login:
LDAP Password:
Repeat for confirmation:
  • Your LDAP Login is the User DN that Saagie components will use to communicate with your LDAP service.

LDAP Admin group:
  • This is your Admin group name.

File generated: ldapaccess.mdl

LDAP

LDAP Vendor (valid answers: ldap, ad, other) [ad]:
  • ldap for LDAP

  • ad for Active Directory

  • other for other vendor

LDAP Host:
  • Description: IP or hostname of the LDAP server

  • Example: ldap.priv.company.com

LDAP Base DN:
  • Base DN of LDAP directory.

  • Example: dc=company,dc=com

LDAP User DN [CN=Users]:
  • Prefix where to look for users.

  • Do not add the baseDN here

LDAP User Object Classes (expecting a comma-separated list) [person, organizationalperson, user]:
  • Comma-separated list of expected object classes for user.

LDAP Username Attribute [cn]:
  • Attribute used to identify an user.

LDAP RDN Attribute [cn]:
  • Attribute used for user’s RDN.

LDAP UUID Attribute [objectGUID]:
  • Operational attribute that is unique across the whole directory.

LDAP Bind DN attribute [cn]:
  • User and the location of the user in the LDAP directory.

LDAP Group Membership Attribute Type (valid answers: DN, UID) [DN]:
  • How group members are defined in LDAP Directory.

  • Must be either dn or uid.

LDAP Group Name Attribute [cn]:
  • Attribute used to identify a group.

LDAP Group DN [ou=Groups]:
  • Directory prefix where to search for groups.

  • Do not add the baseDN here.

LDAP Group Membership Attribute [member]:
  • Attribute used by a group to declare members.

LDAP Group Object Classes (expecting a comma-separated list) [group]:
  • Comma-separated list of expected object classes for groups.

File generated: ldap.mdl

Prometheus

You will only respond to these prompts if you responded true to the Prometheus prompt in the settings section.

Prometheus endpoint HTTP Basic Authentication - Set user name [monitoring]:
Prometheus endpoint HTTP Basic Authentication - Set user password:
Repeat for confirmation:
  • Set username and password for Prometheus HTTP monitoring.

File generated: prometheus.mdl

HTTP proxy

You will only respond to these prompts if you responded true to the HTTP proxy prompt in the settings section.

Do you want to define a HTTP Proxy directive ? (valid answers: 'true' or 'false') [false]:
HTTP Proxy [http://proxy.saagie.com:3128]:
Do you want to define a HTTPS Proxy directive ? (valid answers: 'true' or 'false') [false]:
HTTPS Proxy [https://proxy.saagie.com:3128]:
Do you want to define a NO Proxy directive ? (valid answers: 'true' or 'false') [false]:
No Proxy [saagie.com, 10.0.0.0/8]:

File generated: proxy.mdl

Settings service

Settings Max storage size for apps (in MB) (number required) [128]:
  • Set the storage size limit in MB for an app volume.

File generated: settingsservice.mdl

EKS Configuration (Amazon EKS only)

For security matter, provide the ARN of the role to assign to the Saagie jobs (see documentation):
Restrict to private network (private network needed on VPC - internal load balancer) (valid answers: 'true' or 'false') [false]:
  • Respond true if the load balancer for the Saagie frontend should not be exposed to the internet.

File generated: eksconfig.mdl

Ingress configuration

You will only respond to these prompts if you responded custom to the K8s provider prompt in the deployment mode section.

You also need to configure your cluster to collect user IP addresses. Saagie will block IP addresses when there have been too many failed login attempts.

Does the cluster support load balancer auto-provisioning? (valid answers: 'true' or 'false') [true]:
What kind of loadbalancer is in front of k8s cluster? (valid answers: 'L3' or 'L4' or 'L7') [L4]:
  • Respond L3 if Saagie is deployed behind an Network load balancer.

  • Respond L4 if Saagie is deployed behind an TCP load balancer.

  • Respond L7 if Saagie is deployed behind an HTTP load balancer.

File generated: ingressconfig.mdl

Docker registry (dedicated mode only)

Docker registry:
  • Set the Docker registry used to pull the image inside Kubernetes.

File generated: registry.mdl

Technologies repository (dedicated mode only)

Is the technologies repository an internal one, for offline deployment ? (valid answers: 'true' or 'false') [false]:
  • Respond true if your cluster is offline and you provided your technologies.zip file using the saagiectl command.

  • Respond false if the technologies.zip will be downloaded via a URL.

Url of the technology repository:
  • Set the URL of the technologies repository.

Does the technology repository use a different Docker registry than the product ? (valid answers: 'true' or 'false') [false]:
  • Respond true if the Docker images for the technology repository are hosted on a different Docker registry than the Docker registry for the product.

Docker registry for the technologies repository:
  • Set the Docker registry of the technologies repository.

  • Respond false if the Docker images for the technology repository and the product are hosted on the same Docker registry.

File generated: technologiesrepository.mdl

Saagie file

This file is generated automatically and compiles all the information from the configuration process.

If you find an error after the saagie.mdl file is generated, you do not need to delete it to correct it. Follow the process outlined above. Once you’ve fixed the mistake and the new file is generated, the saagie.mdl file is updated automatically.

File generated: saagie.mdl