Bring Your Own Kubernetes (BYOK8s) Installation#

Data Science & AI Workbench can be installed on a wide variety of CNCF-compliant Kubernetes cluster. Installation is performed using the industry standard Helm package manager. Successful deployment requires the expertise of your in-house Kubernetes administrators to validate our requirements and provision the necessary compute, storage, and networking resources.

After you have verified that your environment is prepared for installation by completing the pre-installation checklist, you are ready to install the cluster!

Perform the following actions from your established administration server.

  1. Installation is largely performed in the custom namespace. Modify the default kubectl context to point to the new namespace by running the following command:

    # Replace <NAMESPACE> with the namespace that you reserved for Workbench
kubectl config set-context --current --namespace=<NAMESPACE>

    The remainder of these instructions assume this change has been made.

  2. Open and unpack the Helm chart archive provided by Anaconda, and cd into the root directory of this archive.

    Note

    The archive root directory contains the following items of importance:

    • The Anaconda-Enterprise/ directory. This contains your helm chart.

    • The values.yaml override file. Edit this file to include custom configurations for the application.

    • A version of these instructions labeled as INSTALL.{md,pdf}.

  3. If you need a pull secret to access the Docker registry, create it now, then verify the presence of the pull secret by running the following command:

    # Replace <PULL_SECRET_NAME> with the name for your pull secret
kubectl describe secret <PULL_SECRET_NAME>

  4. Using your preferred text editor, open the values.yaml override file. Add or modify necessary values to this file. At minimum, you must provide the following:

    values.yaml override file configurations

    Note

    View the values.yaml override file here.

    Configuration

    Description

    hostname

    The fully qualified domain name (FQDN) of the host.

    serviceAccountName

    The name of the service account with the necessary permissions to install and run the platform.

    uid

    The UID under which the containers will be run.

    storage.pvc

    The name of the persistent volume for the anaconda-storage function.

    persistence.pvc

    The name of the persistent volume for the anaconda-persistence function.

    image.server

    The address of the Docker image registry

    image.pullSecrets

    Information about any pull secrets required to authenticate to the Docker registry:

    • An empty value indicates that no pull secret is required

    • A string containing the name of a single secret

    • A list of strings, with one secret name per entry

    dnsServer

    (OpenShift Only) The FQDN of the internal cluster DNS server. Uncomment the line provided in the file for this.

    ingress.className

    The name of the IngressClass resource used by your ingress controller. If you are installing the Anaconda-supplied ingress, no modification is necessary for this configuration.

    (If necessary) keycloak.truststore

    The path to your LDAPS truststore (e.g. /etc/secrets/certs/ldaps.jks).

    (If necessary) keycloak.truststore_password

    The LDAPS truststore password

    (If necessary) keycloak.truststore_secret

    The name of the secret you created containing the truststore

  5. Start your installation by running the following command:

    helm install --values ./values.yaml anaconda-enterprise ./Anaconda-Enterprise/

    Caution

    The current version of Workbench requires the release name anaconda-enterprise. Do not change this value.

  6. Monitor the progress of your installation by running the following command:

    watch kubectl get pods

  7. Wait for all of the pods to get to the Running or Completed state.

    Tip

    Installation can take several minutes depending on the performance characteristics of your system. If a particular pod is behaving in an unexpected manner, you can investigate the cause using commands such as:

    kubectl logs <POD-NAME>
kubectl describe pod <POD-NAME>

  8. If you chose to install the Anaconda-supplied ingress, you must now need to determine its assigned IP address, and create your DNS records for the cluster. To determine this address, run the command:

    kubectl get svc anaconda-enterprise-nginx.ingress

    Note

    The IP address is provided in the External IP column. Create your DNS records for your FQDN and for its wildcard. For example, anaconda.example.com and *.anaconda.example.com.

    Once these DNS changes have propagated, you can proceed to the next step.

  9. Connect to Workbench with your browser.

    Note

    Your browser may initially refuse to connect due to the use of our generated, self-signed SSL certificates. You should temporarily permit your browser to proceed anyway. You will also have to do the same every time you start a new session or deployment, so it is best to comlpete the next step as soon as possible.

  10. Update your SSL cerfiticates.

    Note

    If you are installing the Anaconda-supplied ingress, you can expect it to enter a CrashLoopBackoff state until the SSL certificate generation task has completed. This is expected behavior. Once the preliminary certificates are generated, the next automatic restart of the ingress should proceed without incident.

Basic installation of Workbench is now complete! You can now perform any additional post-installation steps necessary.

If you need to uninstall Workbench, use the command:

helm uninstall anaconda-enterprise

Note

This will remove any of the resources that were installed by the application, but will not remove anything that you had created prior to the helm install command, such as persisent volumes.