Deploy Charmed Kubeflow to AKS | Documentation

Welcome to the Deploy Charmed Kubeflow to AKS guide. This how-to guide will take you through the steps of deploying Kubeflow to an Azure Kubernetes Service (AKS) cluster. From an architectural point of view, we will spin up an AKS cluster on Azure cloud using Azure CLI on our local machine. Then with kubectl and juju still on our local machine, we will interact with the cluster to deploy Kubeflow there.

Requirements:

Local machine with Ubuntu 22.04 or later
An Azure account (How to create an Azure account)

Deploy AKS cluster

See here for a complete guide on how to do exactly that.

Set up Juju

Set up juju on your local machine to access the remote Kubernetes cloud.

Install juju. Charmed Kubeflow 1.8 is compatbile with juju 3.4 as mentioned in the Supported versions page.

sudo snap install juju --channel=3.4/stable

Add your AKS cluster as a cloud to Juju.

juju add-k8s aks --client

Bootstrap a Juju controller.

juju bootstrap aks aks-controller

Add a Juju model using kubeflow as its name.

juju add-model kubeflow

Verify that namespace kubeflow exists

kubectl get ns

Deploy Kubeflow bundle

Deploy Charmed Kubeflow bundle with the following command.

juju deploy kubeflow --channel=1.8/stable --trust

Wait until all charms are in green/active state. You can check the state of the charms with the following command. In case you face any issues, refer to the Known issues section below. Keep in mind that oidc-gatekeeper will go to Blocked status until we configure it as shown in next steps.

juju status --watch 5s --relations

Make Kubeflow dashboard accessible by configuring its public URL to be the same as the LoadBalancer’s public IP.

PUBLIC_URL="http://$(kubectl -n kubeflow get svc istio-ingressgateway-workload -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
echo PUBLIC_URL: $PUBLIC_URL

juju config dex-auth public-url=$PUBLIC_URL
juju config oidc-gatekeeper public-url=$PUBLIC_URL

Configure Dex-auth credentials. Feel free to use a different (more secure!) password if you wish.

juju config dex-auth static-username=user@example.com
juju config dex-auth static-password=user

Navigate to the PUBLIC_URL printed above to access Kubeflow dashboard. You should first see the Dex login screen. Once logged in with the credentials set above, you should now see the Kubeflow “Welcome” page.

Known issues

Oidc-gatekeeper “Waiting for pod startup to complete”

If you see the oidc-gatekeeper/0 unit in juju status output in waiting state with

oidc-gatekeeper/0* waiting idle 10.1.121.241 Waiting for pod startup to complete.

You can reconfigure the public-url configuration for the charm with following commands

PUBLIC_URL="http://$(kubectl -n kubeflow get svc istio-ingressgateway-workload -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
juju config oidc-gatekeeper public-url=""
juju config oidc-gatekeeper public-url=$PUBLIC_URL

Clean up resources

For AKS clean up, refer to the guide mentioned here. In order to clean up juju, run the following:

juju unregister aks-controller
juju remove-cloud aks --client

Last updated 4 months ago.

Help improve this document in the forum.