Kinesis
Hydrolix can ingest data from AWS Kinesis, whether your cluster is running on AWS or any other cloud provider.
👍 The basic steps are:
- Create a Project/Table
- Create a Transform
- Configure a checkpoint database
- Configure the Hydrolix Kinesis source and adjust the scale
This document assumes that the project, table and transform are already configured, and proceeds to steps 3 and 4 above. More information on how to perform steps 1 and 2 can be found here - Projects & Tables, Write Transforms.
Configure a Checkpoint Database⚓︎
A checkpoint database table is needed by the Hydrolix kinesis-peers to track their progress. The most common option is to configure an AWS DynamoDB table for this purpose, but it's also possible to use a GCP Datastore. Both options are described below.
Create an AWS DynamoDB table⚓︎
Prerequisites⚓︎
In order to load data into Hydrolix from Kinesis, you will need the following in your AWS Account:
- A DynamoDB table to store checkpoint information
- An AWS user/role with access to DynamoDB and Kinesis
- The Kinesis ARN and region of your Kinesis stream
Create the DynamoDB table⚓︎
The DynamoDB can be created with the AWS Console. The table should be created with the following options.
The following options should be applied:
| Option | Value |
|---|---|
| Table Name | Hydrolix suggests using your client Id with the string _kinesis_check_point appended for example, hdxcli-123456_kinesis_check_point |
| Partition Key | StreamShard |
| Settings | Select 'Customize settings' |
| Table Class | DynamoDB Standard |
| Read/Write capacity settings | On-demand |
Record your DynamoDB ARN
Make sure to record your new DynamoDB ARN for later use in Hydrolix's checkpointer setting.
Create a User/Role for access⚓︎
To access the Kinesis queue and use the DynamoDB for checkpointing, your Hydrolix cluster will need a user/role that can read and write to these services in your account. This can be done within the AWS Console. More information is within AWS's Documentation.
For Kinesis access, make sure the user has permission to perform these actions:
kinesis:GetRecordskinesis:GetShardIteratorkinesis:DescribeStreamkinesis:ListShards
If you've set up DynamoDB, ensure the user has permission to perform these actions:
- dynamodb:PutItem
- dynamodb:DescribeTable
- dynamodb:GetItem
Make sure to record your AWS Secret ID and AWS Secret
AWS shows this to you only once during key creation.
Record Your Kinesis ARN⚓︎
Retrieve your Kinesis ARN from the AWS console. You will need this later when you configure the Hydrolix platform.
Configure Access to Your Kinesis stream⚓︎
Configure the Hydrolix Kinesis acquisition service using the Kinesis Sources API.
If your cluster uses AWS for storage, the service account needs access to Kinesis and DynamoDB.
Add the Access Key in Kubernetes⚓︎
Kinesis & Non-AWS Storage Providers
Configure access keys to use Kinesis ingest with a cloud provider other than AWS.
Add the access key and DynamoDB ARN in the API call. Hydrolix will add the credentials into a Kubernetes secret:
The Kinesis pool creation will respond with an object:
aws_creds_key is the name of the secret in Kubernetes that stores your credentials.
GCP Datastore⚓︎
Prerequisites⚓︎
Hydrolix can read a Kinesis stream from GCP. The main difference is where the checkpoint is stored. To store checkpoint into a Google Datastore, the service account used by Hydrolix needs to have access to that datastore.
Add Datastore Role⚓︎
Edit the service account created in Google Cloud and add the role Cloud Datastore Owner.
Create a Kinesis source using GCP Datastore⚓︎
You can now create a new Kinesis datasource using the GCP Datastore for storing checkpoints. Here's an API call example:
This will create a new Datastore table named hdx-kinesis, which will store the checkpoint for the Kinesis stream named test-kinesis.
Configure the Hydrolix Kinesis Source⚓︎
Create your Kinesis source in Hydrolix using the API endpoint Create Kinesis Sources within the API.
The settings for the source are as follows:
| Setting | Description | Example |
|---|---|---|
| name | Name of your Kinesis source | "myKinesisSource" |
| pool_name | Name for the pool that will service the source | "myKinesisPool" |
| k8s_deployment | Object describing the cpu/memory and service for the pool (kinesis-peer) | {<br> "cpu": 1,<br> "memory": "10Gi",<br> "service": "kinesis-peer"<br> } |
| type | The method to retrieve stream data. This should be set as pull |
"pull" |
| subtype | The type of data source. This should be set as kinesis |
"kinesis" |
| transform | The name of the transform to use in ingesting data | "myTransform" |
| table | The project and table to import the data into. | "myproject.mytable" |
| settings stream_name |
ARN for the Kinesis stream | "settings": {<br> "stream_name": "arn:aws:kinesis:us-east-2:1234567890:stream/test-kinesis"<br> } |
| settings region |
Region for the Kinesis stream | "settings": {<br> "region": "us-east-2",<br> } |
| settings checkpointer name |
ARN for the DynamoDB for AWS / Datastore table name for GCP | "settings": {<br> "checkpointer": {<br> "name": "arn:aws:kinesis:us-east-2:1234567890:stream/test-kinesis"<br> } ...or... "settings": {<br> "checkpointer": {<br> "name": "<https://datastore.googleapis.com/hdx-kinesis>"<br> } |
| settings aws_key |
AWS Key used to connect to the Kinesis stream | |
| settings aws_secret |
AWS Secret used to connect to the Kinesis stream |
Scale the Kinesis Service⚓︎
The default scale profiles for Hydrolix set the scale of the kinesis-peers to zero, since they're not needed for every Hydrolix cluster. To scale the service, edit hydrolixcluster.yaml:
Edit the replicas for the number of nodes you wish for Kinesis processing.
See Scale your Cluster and Scale Profiles for more information.
Special Considerations⚓︎
Specify an Alternative AWS Role⚓︎
If your Kinesis configuration and your Hydrolix configuration do not share AWS roles, you need a way to specify an alternative AWS role ARN for accessing your Kinesis stream. Create a field named aws_role_arn within your Kinesis configuration settings. Use the full ARN as the value:
You can also store credentials in the aws_key and aws_secret fields of your Kinesis configuration settings. Hydrolix stores these values in a Kubernetes secret as a JSON object. You can access this secret using the aws_creds_key value.
You can also specify the ARN, aws_key, and aws_secret. Simply add all three fields given in the two examples above.
Credential Order
Hydrolix first attempts to connect to your Kinesis stream using the ARN stored in aws_role_arn. If that does not work, Hydrolix attempts to connect using the environment variable stored in aws_creds. If neither method works, Hydrolix attempts to connect to the Kinesis stream without authentication.
AWS CloudWatch Ingest via Kinesis⚓︎
AWS CloudWatch uses a special format that passes multiple logs at a time through the logEvents message field. This requires special handling in Hydrolix.
Hydrolix supports a special subtype of transform to handle this log form. In your transform, assign settings.format_details.subtype a value of "cloudwatch":
When you use the "cloudwatch" subtype, each element of the array in the logEvents field becomes a separate ingested row, handled separately by your transform. Hydrolix deserializes the JSON in the "message" field of each logEvents element. This becomes the value of the logEvent field in the new log messages. Consider another example of the CloudWatch format: following logEvents array within a CloudWatch message:
The first index of the logEvents field becomes the following ingested row:
Scaling⚓︎
To scale the Kubernetes deployment for the ingest pool used by this source, including the number of replicas, memory, and CPU, see the scaling resource pools page.