Prerequisites

  • A Kubernetes cluster
  • Helm

Install Helm Chart

# Step 1: Pull Beta9 Helm Chart
helm repo add beta9 oci://public.ecr.aws/n4e0e1y0/beta9-chart:0.1.58

# Step 2: Install Chart
helm install beta9 deploy/charts/beta9 --create-namespace --values https://raw.githubusercontent.com/beam-cloud/beta9/main/deploy/charts/beta9/values.local.yaml

# Step 3: Verify the installation of beta9 gateway and services
kubectl get pods

Step 4: Expose the Beta9 gateway. Port forward to gateway service:
kubectl port-forward svc/beta9-gateway 1993:1993
You can verify the installation by running: 
beta9 config

Setting Configuration Values

Setup your config file. You will need to set a few values in here and create a secret in your cluster, under the beta9 namespace. 
gateway:
  externalURL: https://app.example.com

imageService:
  registryStore: s3
  registryCredentialProvider: aws
  registries:
    s3:
      bucketName: <your-image-bucket-name>
      region: <your-aws-region>
      # keys not needed if using iam with k8s service account
      accessKey:
      secretKey:
  runner:
    baseImageTag: 0.1.10
    baseImageName: beta9-runner
    baseImageRegistry: public.ecr.aws/n4e0e1y0

worker:
  imageTag: 0.1.95
  imageName: beta9-worker
  imageRegistry: public.ecr.aws/n4e0e1y0
  serviceAccountName: <k8s service account to use>

storage:
  mode: juicefs
  juicefs:
    awsS3Bucket: <your-juicefs-bucket>
    # keys not needed if using iam with k8s service account
    awsAccessKey:
    awsSecretKey:

Mounting Secrets

Once you’ve configured the config and created a secret in K8s, you’ll need to do two more things:
  1. Mount the secret to the gateway by modifying the persistence value in the values.yaml file.
  2. Add an env var to the gateway called CONFIG_PATH that points to where you are mounting the secret.

IAM Policies

To access the S3 bucket that you need to setup and configure in the config/secret, you’ll need to also setup an IAM role that a K8s service account can authenticate with. This is called EKS IRSA. Once you figure this out, you’ll need to add an annotation to the K8s service account that points to their IAM role. Here is an example in the values.yaml file: 
serviceAccount:
  create: true
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::<account-id>:role/beta9-role
  name: beta9-role
We recommend saving secrets with the External Secrets Operator, but you can also create secrets manually in the cluster.To create a secret manually, create your secrets file on disk and run kubectl apply like you would normally.

Gotchas

  • Make sure your ingress supports GRPC and HTTP
  • Your IAM permissions need to be set correctly. You will need to create S3 buckets manually or in Terraform.
  • If you are using Karpenter for your autoscaler, you’ll need to add a label to the nodes which you want the Beta9 scheduler to pick up.