Prerequisites
Before installing AI/Run CodeMie, carefully review the prerequisites and requirements.
Prerequisites Checklist
AWS Account Access Requirements
- Active AWS Account with preferable region for deployment
- User credentials with programmatic access to AWS account with permissions to create and manage IAM Roles and Policy Documents
Domain Name
- Available wildcard DNS hosted zone in Route53
AI/Run CodeMie terraform modules will automatically create:
- DNS Records
- TLS certificate through AWS Certificate Manager, which will be used later by the ALB and NLB
External Connections
-
Firewall or SG and NACLs of EKS cluster allow outbound access to:
- AI/Run CodeMie container registry –
europe-west3-docker.pkg.dev - 3rd party container registries –
quay.io,docker.io,registry.developers.crunchydata.com - Any service you're planning to use with AI/Run CodeMie (for example, GitLab instance)
- AI/Run CodeMie container registry –
-
Firewall on your integration service allow inbound traffic from the AI/Run CodeMie NAT Gateway public IP address
NAT Gateway public IP address will be known after EKS installation
LLM Models
- Activated region in AWS where AWS Bedrock Models are available
- Activated desired LLMs and embeddings models in AWS account (for example, Sonnet 3.5v3/3.7, AWS Titan 2.0)
AI/Run CodeMie can be deployed with mock LLM configurations initially. Real configurations can be provided later if client-side approvals require additional time.
User Permissions and Admission Control Requirements for EKS
- Admin EKS permissions with rights to create
namespaces - Admission webhook allows creation of Kubernetes resources listed below (applicable when deploying onto an existing EKS cluster with enforced policies):
| AI/Run CodeMie Component | Kubernetes APIs | Description |
|---|---|---|
| NATS | Service | NATS messaging system requires a LoadBalancer service type for client-server communication. When running codemie-plugins:– within the same VPC as the EKS cluster – Internal LoadBalancer configured for secure, private network communication – outside the EKS cluster's VPC – Public LoadBalancer required for cross-network communication |
| keycloak-operator | ClusterRole, ClusterRoleBinding, Role, RoleBinding, CRDs, CRs | Cluster-wide permissions required for managing Keycloak configuration, including realms, clients, and user federation settings |
| Postgres-operator | ClusterRole, ClusterRoleBinding, CRDs, CRs | Cluster-wide permissions required for managing PostgreSQL instances and their lifecycle |
| All components | Pod(securityContext) | All components require SecurityContext with readOnlyRootFilesystem: false for proper operation |
Deployer Instance Requirements
Required Software
The following software must be pre-installed and configured on the deployer laptop or VDI instance before beginning the deployment process:
Required Repository Access
Access to the following repositories is necessary for deployment:
- codemie-terraform-aws-remote-backend
- codemie-terraform-aws-platform
- codemie-terraform-aws-iam
- codemie-helm-charts
Repositories can be extracted as archives and uploaded to a VDI if direct repository access is not available