Bring Your Own Kubernetes (BYOK8s) Installation#

Data Science & AI Workbench can be installed on a wide variety of CNCF-compliant Kubernetes cluster. Installation is performed using the industry standard Helm package manager. Successful deployment requires the expertise of your in-house Kubernetes administrators to validate our requirements and provision the necessary compute, storage, and networking resources.

After you have verified that your environment is prepared for installation by completing the pre-installation checklist, you are ready to install the cluster!

Perform the following actions from your established administration server.

  1. Installation is largely performed in the custom namespace. Modify the default kubectl context to point to the new namespace by running the following command:

    # Replace <NAMESPACE> with the namespace that you reserved for Workbench
    kubectl config set-context --current --namespace=<NAMESPACE>

    The remainder of these instructions assume this change has been made.

  2. Open and unpack the Helm chart archive provided by Anaconda, and cd into the root directory of this archive.


    The archive root directory contains the following items of importance:

    • The Anaconda-Enterprise/ directory. This contains your helm chart.

    • The values.yaml override file. Edit this file to include custom configurations for the application.

    • A version of these instructions labeled as INSTALL.{md,pdf}.

  3. If you need a pull secret to access the Docker registry, create it now, then verify the presence of the pull secret by running the following command:

    # Replace <PULL_SECRET_NAME> with the name for your pull secret
    kubectl describe secret <PULL_SECRET_NAME>
  4. Using your preferred text editor, open the values.yaml override file. Add or modify necessary values to this file. At minimum, you must provide the following:

    values.yaml override file configurations


    View the values.yaml override file here.




    The fully qualified domain name (FQDN) of the host.


    The name of the service account with the necessary permissions to install and run the platform.


    The UID under which the containers will be run.


    The name of the persistent volume for the anaconda-storage function.


    The name of the persistent volume for the anaconda-persistence function.


    The address of the Docker image registry


    Information about any pull secrets required to authenticate to the Docker registry:

    • An empty value indicates that no pull secret is required

    • A string containing the name of a single secret

    • A list of strings, with one secret name per entry


    (OpenShift Only) The FQDN of the internal cluster DNS server. Uncomment the line provided in the file for this.


    The name of the IngressClass resource used by your ingress controller. If you are installing the Anaconda-supplied ingress, no modification is necessary for this configuration.

    (If necessary) keycloak.truststore

    The path to your LDAPS truststore (e.g. /etc/secrets/certs/ldaps.jks).

    (If necessary) keycloak.truststore_password

    The LDAPS truststore password

    (If necessary) keycloak.truststore_secret

    The name of the secret you created containing the truststore

  5. Start your installation by running the following command:

    helm install --values ./values.yaml anaconda-enterprise ./Anaconda-Enterprise/


    The current version of Workbench requires the release name anaconda-enterprise. Do not change this value.

  6. Monitor the progress of your installation by running the following command:

    watch kubectl get pods
  7. Wait for all of the pods to get to the Running or Completed state.


    Installation can take several minutes depending on the performance characteristics of your system. If a particular pod is behaving in an unexpected manner, you can investigate the cause using commands such as:

    # Replace <POD_NAME> with the name of the pod
    kubectl logs <POD_NAME>
    kubectl describe pod <POD_NAME>
  8. If you chose to install the Anaconda-supplied ingress, you must now need to determine its assigned IP address, and create your DNS records for the cluster. To determine this address, run the command:

    kubectl get svc anaconda-enterprise-nginx.ingress


    The IP address is provided in the External IP column. Create your DNS records for your FQDN and for its wildcard. For example, and *

    Once these DNS changes have propagated, you can proceed to the next step.

  9. Open a web browser and navigate to your instance of Workbench.


    Your browser may initially refuse to connect due to the use of our generated, self-signed SSL certificates. You should temporarily permit your browser to proceed anyway. You will also have to do the same every time you start a new session or deployment, so it is best to comlpete the next step as soon as possible.

  10. Update your SSL cerfiticates.


    If you are installing the Anaconda-supplied ingress, you can expect it to enter a CrashLoopBackoff state until the SSL certificate generation task has completed. This is expected behavior. Once the preliminary certificates are generated, the next automatic restart of the ingress should proceed without incident.

Basic installation of Workbench is now complete! You can now perform any additional post-installation steps necessary.

If you need to uninstall Workbench, use the command:

helm uninstall anaconda-enterprise


This will remove any of the resources that were installed by the application, but will not remove anything that you had created prior to the helm install command, such as persisent volumes.