In this short how-to guide, you will learn how to deploy Charmed Kubeflow on MicroK8s from behind a web proxy.
How to deploy Charmed Kubeflow on MicroK8s behind a web proxy
1. Introduction
2. Configure the systems for operation behind a web proxy
Since MicroK8s includes a few utilities (eg, curl, helm) it makes sense to configure the system proxy settings in /etc/environment. We’ll need to add a few addresses to the proxy exclusion list so that things work as they should.
CLUSTER_SUBNET=<YOUR MICROK8S CLUSTER SUBNET>/24
CLUSTER_HOSTS=<YOUR MICROK8S CLUSTER HOSTNAMES> #comma separated
PROXY_HOST=squid.internal #change as required
PROXY_PORT=3128 #change as required
JUJU_CONTROLLER_NAME=uk8s #change as required
echo "HTTPS_PROXY=http://$PROXY_HOST:$PROXY_PORT" | sudo tee -a /etc/environment
echo "HTTP_PROXY=http://$PROXY_HOST:$PROXY_PORT" | sudo tee -a /etc/environment
echo "NO_PROXY=10.1.0.0/16,10.152.183.0/24,127.0.0.1,$CLUSTER_SUBNET,$CLUSTER_HOSTS,admission-webhook.kubeflow.svc,modeloperator.kubeflow.svc,modeloperator.controller-$JUJU_CONTROLLER_NAME.svc,spark.kubeflow.svc,katib-controller.kubeflow.svc,169.254.169.254" | sudo tee -a /etc/environment
echo "https_proxy=http://$PROXY_HOST:$PROXY_PORT" | sudo tee -a /etc/environment
echo "http_proxy=http://$PROXY_HOST:$PROXY_PORT" | sudo tee -a /etc/environment
echo "no_proxy=10.1.0.0/16,10.152.183.0/24,127.0.0.1,$CLUSTER_SUBNET,$CLUSTER_HOSTS,admission-webhook.kubeflow.svc,modeloperator.kubeflow.svc,modeloperator.controller-$JUJU_CONTROLLER_NAME.svc,spark.kubeflow.svc,katib-controller.kubeflow.svc,169.254.169.254" | sudo tee -a /etc/environment
Reboot the machines and wait until they’re up again.
sudo reboot
3. Configure required domains
You may need to add the following domains to your firewall’s allow-list:
api.charmhub.io:443
api.jujucharms.com:443
api.snapcraft.io:443
auth.docker.io:443
canonical-bos01.cdn.snapcraftcontent.com:443
canonical-lgw01.cdn.snapcraftcontent.com:443
gcr.io:443
gchr.io:443
k8s.gcr.io:443
production.cloudflare.docker.com:443
registry-1.docker.io:443
registry.jujucharms.com:443
rocks.canonical.com:443
storage.googleapis.com:443
streams.canonical.com:443
Once done, you can proceed with the installation.
4. Install MicroK8s
Kubernetes 1.21: Remember to install the supported MicroK8s version 1.21/stable for Charmed Kubeflow.
sudo snap install microk8s --channel=1.21/stable --classic
Enable MicroK8s storage and wait for it to be available.
microk8s enable storage
5. Set a local DNS server for CoreDNS
When running behind a proxy, CoreDNS may not be able to reach public DNS servers, so you may want to configure MicroK8s to use a local DNS server. You can configure the DNS server that MicroK8s uses to use the host’s DNS server configuration as follows:
microk8s enable dns:$(resolvectl status | grep "Current DNS Server" | awk '{print $NF}')"
6. Deploy and bootstrap Juju
Once you’ve deployed MicroK8s as above, the next steps are to install and bootstrap Juju.
PROXY_HOST="squid.internal" #change as required
PROXY_PORT=3128 #change as required
CLUSTER_SUBNET=<YOUR MICROK8S CLUSTER SUBNET>/24
sudo snap install juju --classic
sudo snap install juju-bundle --classic
sudo snap install juju-wait --classic
juju bootstrap microk8s uk8s
juju add-model kubeflow
juju model-config \
{juju,apt,snap}-http{,s}-proxy=http://$PROXY_HOST:$PROXY_PORT \
apt-no-proxy=localhost,127.0.0.1 \
juju-no-proxy=localhost,127.0.0.1,0.0.0.0,10.0.8.0/24,$CLUSTER_SUBNET
7. Deploy Kubeflow
When all of the previous steps are completed, you can deploy Kubeflow as usual by following the quickstart guide.
Have questions? Contact our sales team now.
Was this tutorial useful?
