This guide describes how to install Charmed Kubeflow (CKF) on Azure Kubernetes Service (AKS).
You will spin up an AKS cluster using the Azure CLI (Command Line Interface) on your local machine. Then, you will interact with the cluster and deploy CKF using kubectl and Juju.
Requirements
- Local machine with Ubuntu 22.04 or later.
- An Azure account.
- Azure CLI.
- kubectl.
Make sure the Azure CLI has the following configuration:
- Authentication permissions required for AKS.
Managed Application Contributor Role
added.
Deploy AKS cluster
See here for a complete guide on how to do exactly that.
Set up Juju
Set up juju
on your local machine to access the remote Kubernetes cloud.
- Install
juju
. Charmed Kubeflow 1.8 is compatbile with juju 3.4 as mentioned in the Supported versions page.
sudo snap install juju --channel=3.4/stable
- Add your AKS cluster as a cloud to Juju.
juju add-k8s aks --client
- Bootstrap a Juju controller.
juju bootstrap aks aks-controller
- Add a Juju model using
kubeflow
as its name.
juju add-model kubeflow
- Verify that namespace
kubeflow
exists
kubectl get ns
Deploy Kubeflow bundle
- Deploy Charmed Kubeflow bundle with the following command.
juju deploy kubeflow --channel=1.8/stable --trust
- Wait until all charms are in green/active state. You can check the state of the charms with the following command. In case you face any issues, refer to the Known issues section below. Keep in mind that
oidc-gatekeeper
will go toBlocked
status until we configure it as shown in next steps.
juju status --watch 5s --relations
- Make Kubeflow dashboard accessible by configuring its public URL to be the same as the LoadBalancer’s public IP.
PUBLIC_URL="http://$(kubectl -n kubeflow get svc istio-ingressgateway-workload -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
echo PUBLIC_URL: $PUBLIC_URL
juju config dex-auth public-url=$PUBLIC_URL
juju config oidc-gatekeeper public-url=$PUBLIC_URL
- Configure Dex-auth credentials. Feel free to use a different (more secure!) password if you wish.
juju config dex-auth static-username=user@example.com
juju config dex-auth static-password=user
- Navigate to the PUBLIC_URL printed above to access Kubeflow dashboard. You should first see the Dex login screen. Once logged in with the credentials set above, you should now see the Kubeflow “Welcome” page.
Known issues
Oidc-gatekeeper “Waiting for pod startup to complete”
If you see the oidc-gatekeeper/0
unit in juju status
output in waiting state with
oidc-gatekeeper/0* waiting idle 10.1.121.241 Waiting for pod startup to complete.
You can reconfigure the public-url configuration for the charm with following commands
PUBLIC_URL="http://$(kubectl -n kubeflow get svc istio-ingressgateway-workload -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
juju config oidc-gatekeeper public-url=""
juju config oidc-gatekeeper public-url=$PUBLIC_URL
Clean up resources
For AKS clean up, refer to the guide mentioned here. In order to clean up juju, run the following:
juju unregister aks-controller
juju remove-cloud aks --client
Last updated an hour ago.