kubectl
.oc
.watch
, and jq
are useful for verification and troubleshooting.ae5-conda
, a single Conda environment containing
helm
, kubectl
, oc
, jq
, and a number of other useful
Anaconda Enterprise management utilities. To obtain this:
bash ae5-conda-latest-Linux-x86_64.sh
and follow the prompts.PATH
.Role
and ClusterRole
specifications that are sufficiently permissive. We encourage you to speak with
the Anaconda team about any questions you may have about these permissions.
anaconda-storage
: this volume holds our internal Postgres control
database, our internal Git storage mechanism, and the internal conda
package repository. If you are hosting conda packages outside of AE5,
then a minimum size of 100GiB is required. However, if you intend to
mirror conda packages into the AE5 repository, this will need to be
sized much larger to accommodate those packages; for example, 500GiB.anaconda-persistence
: this volume hosts our managed persistence
storage, including custom sample projects, custom conda environments,
and user code and data. Because the demands on this volume will
steadily grow with usage, we recommend 1TiB of space to start.anaconda-persistence
volume must support ReadWriteMany
access mode.anaconda-storage
volume must support either the ReadWriteOnce
or ReadWriteMany
access mode. For ReadWriteOnce
, the three AE5 pods
that consume this volume will need to run on the same node: specifically,
postgres
, git-storage
, and object-storage
. This is a reasonable
configuration in our experience.pv.beta.kubernetes.io/gid
annotation.ReclaimPolicy
from its
default value of Retain
.networking.k8s.io/v1
Ingress API will enable
Anaconda Enterprise to build endpoints for user sessions and deployments.
Because an ingress controller is a cluster-wide resource, we recommend that the
controller be installed and configured prior to the installation of Anaconda
Enterprise. However, if the cluster is fully dedicated to our application, our
Helm chart can be configured to install a version of the
NGINX Ingress controller
that is known to operate successfully on multiple Kubernetes variants, including OpenShift.
Our only modification to the stock NGINX container is to enable it to run
without root privileges.
It is imperative that your cluster configuration and firewall settings allow all TCP
traffic between nodes, particularly HTTP, HTTPS, and the standard Postgres and Redis
ports. In our experience, many apparently healthy clusters block such
inter-node communication, which disrupts the communication between pods that Anaconda
Enterprise requires to provision user workloads.
External traffic to Anaconda Enterprise will be funneled entirely through the
ingress controller, through the standard HTTPS port 443.
*.company.com
(say), when in fact we only require
*.anaconda.company.com
.
aedev/
Docker Hub
channel: