Bring Your Own Kubernetes (BYOK8s) Installation
Data Science & AI Workbench can be installed on a wide variety of CNCF-compliant Kubernetes cluster. Installation is performed using the industry standard Helm package manager. Successful deployment requires the expertise of your in-house Kubernetes administrators to validate our requirements and provision the necessary compute, storage, and networking resources.
After you have verified that your environment is prepared for installation by completing the pre-installation checklist, you are ready to install the cluster!
Perform the following actions from your established administration server.
-
Installation is largely performed in the custom namespace. Modify the default
kubectl
context to point to the new namespace by running the following command:The remainder of these instructions assume this change has been made.
-
Open and unpack the Helm chart archive provided by Anaconda, and
cd
into the root directory of this archive.The archive root directory contains the following items of importance:
- The
Anaconda-Enterprise/
directory. This contains your helm chart. - The
values.yaml
override file. Edit this file to include custom configurations for the application. - A version of these instructions labeled as
INSTALL.{md,pdf}
.
- The
-
If you need a pull secret to access the Docker registry, create it now, then verify the presence of the pull secret by running the following command:
-
Using your preferred text editor, open the
values.yaml
override file. Add or modify necessary values to this file. At minimum, you must provide the following:values.yaml override file configurations
View the
values.yaml
override file here.Configuration Description hostname The fully qualified domain name (FQDN) of the host. serviceAccountName The name of the service account with the necessary permissions to install and run the platform. uid The UID under which the containers will be run. storage.pvc The name of the persistent volume for the anaconda-storage
function.persistence.pvc The name of the persistent volume for the anaconda-persistence
function.image.server The address of the Docker image registry image.pullSecrets Information about any pull secrets required to authenticate to the Docker registry: * An empty value indicates that no pull secret is required * A string containing the name of a single secret * A list of strings, with one secret name per entry dnsServer (OpenShift Only) The FQDN of the internal cluster DNS server. Uncomment the line provided in the file for this. ingress.className The name of the IngressClass
resource used by your ingress controller. If you are installing the Anaconda-supplied ingress, no modification is necessary for this configuration.(If necessary) keycloak.truststore The path to your LDAPS truststore (for example, /etc/secrets/certs/ldaps.jks
).(If necessary) keycloak.truststore_password The LDAPS truststore password (If necessary) keycloak.truststore_secret The name of the secret you created containing the truststore -
Start your installation by running the following command:
The current version of Workbench requires the release name
anaconda-enterprise
. Do not change this value. -
Monitor the progress of your installation by running the following command:
-
Wait for all of the pods to get to the
Running
orCompleted
state.Installation can take several minutes depending on the performance characteristics of your system. If a particular pod is behaving in an unexpected manner, you can investigate the cause using commands such as:
-
If you chose to install the Anaconda-supplied ingress, you must now need to determine its assigned IP address, and create your DNS records for the cluster. To determine this address, run the command:
The IP address is provided in the
External IP
column. Create your DNS records for your FQDN and for its wildcard. For example,anaconda.example.com
and*.anaconda.example.com
.Once these DNS changes have propagated, you can proceed to the next step.
-
Open a web browser and navigate to your instance of Workbench.
Your browser may initially refuse to connect due to the use of our generated, self-signed SSL certificates. You should temporarily permit your browser to proceed anyway. You will also have to do the same every time you start a new session or deployment, so it is best to comlpete the next step as soon as possible.
-
If you are installing the Anaconda-supplied ingress, you can expect it to enter a
CrashLoopBackoff
state until the SSL certificate generation task has completed. This is expected behavior. Once the preliminary certificates are generated, the next automatic restart of the ingress should proceed without incident.
Basic installation of Workbench is now complete! You can now perform any additional post-installation steps necessary.