About	RepositoryOwner	DocumentationOwner
Installing MOSTLY AI AWS Marketplace Offering	mostlyai-devops	mostlyai-devops

MOSTLY AI Marketplace Installation Guide

• MOSTLY AI Marketplace Installation Guide
  • Tools
  • Basic Overview
  • Installation Requirements
  • Getting Started

Tools

• Required:
  • opentofu: OSS fork of Terraform, used to manage the infrastructure as code. (Source, Install & Documentation)
  • terragrunt: OpenTofu wrapper for configuration management. (Source, Install & Documentation)
  • awscli: Command-line interface for managing AWS services. (Source, Install & Documentation)
  • kubectl: Command-line tool for interacting with Kubernetes clusters. (Source, Install & Documentation)
  • helm: Package manager for Kubernetes (Source, Install & Documentation)
• Recommended:
  • devbox: A tool to prepare your development environment for working with this repository. (Source/Install & Documentation)

Basic Overview

aws-marketplace is a repository aimed to provide guidance on preparing your infrastructure for the MOSTLY AI Marketplace installation. Here, you will find a collection of Terraform modules that can be used to bootstrap the needed AWS components - VPC, EKS, ACM, etc.

Some modules (eks, vpc) are referencing widely-used community modules for the sake of brevity and ongoing support.

The repository also comes with terragrunt examples, demonstrating how the modules above can be used.

We believe that infrastructure should always be tailored to the specific needs of the company deploying it. As such, please note that while this repository will get you up and running, none of the modules/examples are direct requirements for the installation. Instead, treat them as a starting point for your own infrastructure setup.

Installation Requirements

To install and run the MOSTLY AI Data Intelligence Platform, the following infrastructure components are required. This repository outlines these prerequisites and provides a step-by-step installation example using the tools listed above.

1. Kubernetes Cluster - the platform is distributed in a form of a helm-chart and only supports Kubernetes as a deployment target.
2. Fully-Qualified Domain Name (FQDN) - FQDN is required when configuring the Keycloak identity provider realm. It is also used in the ingress configuration.
3. TLS Certificate - Secure Context is required for client -> platform communication starting KC26, hence the requirement for a TLS certificate.

Additionally, the examples in this repository assume the use/deployment of the following:

1. AWS Load Balancer Controller - used to manage AWS Load Balancers for the Kubernetes cluster. Deployed as a separate helm-chart release
2. AWS Certificate Manager (ACM) - used to manage TLS certificates which are automatically provisioned to ALBs. Deployed as a separate helm-chart release
3. AWS EBS CSI Controller - used to manage AWS EBS volumes for the Kubernetes cluster. Deployed as an EKS add-on
4. AWS S3 - acts as a storage backend for the MOSTLY AI Data Intelligence Platform. Alternatively, the mostly-combined chart provides an option to deploy a MinIO instance in the Kubernetes cluster.
5. AWS Route53 - used to manage the FQDN dns record as well as the TLS certificate verification record.
6. AWS IAM Policies && IAM Instance Roles - additional IAM Policies are deployed along with the EKS cluster example to allow AWS Controllers to operate. These policies are attached to the IAM Instance Roles. IRSA is not used for the sake of simplicity, but is recommended for production deployments.

Getting Started

This repository is setup with devbox which can be used to set up your environment. To get started, run the following command in the root of the repository, which will drop you into a shell with all the necessary tools installed:

devbox shell

Alternatively, you can install the dependencies following the instructions in the Tools section above.

You will also need to have your AWS credentials available in the environment. The examples read those directly from the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. It would also be most convenient to set the AWS_REGION variable to the region where you want to deploy the infrastructure for the awscli interactions.

export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
export AWS_REGION=your_aws_region

Finally, we assume that you have already purchased the Marketplace offering which will automatically provide you with the access to the helm chart and images stored in the AWS Marketplace ECR repository.

With your environment set up, you can follow the instructions in the examples README to deploy the infrastructure or use the modules directly.