Have questions?📞 Speak with a specialist.📅 Book a demo now.

Installing the Core Components

PreviousInstalling the Infrastructure Components NextVirtual Services and Gateways Command Script (GCP)

Last updated 3 months ago

Installing the Core Components

Before proceeding with these steps, you must first install the Aizen infrastructure components. See Installing the Infrastructure Components.

To install the Aizen core components, follow these steps:

Create the namespace aizen for the Aizen core components by running this command:
```
kubectl create ns aizen
```
Using the Docker Hub credentials that you obtained for the Aizen microservice images (see ), create a Kubernetes Secret for accessing the Aizen images in the core namespace:
```
kubectl create secret docker-registry aizenrepo-creds 
--docker-username=aizencorp 
--docker-password=<YOUR DOCKER CREDENTIALS> 
-n aizen
```
Customize the settings (see the Default Core Configuration Settings below) in the Aizen core Helm chart based on your environment and preferred configuration:
- Update the STORAGE_CLASS, INGRESS_HOST, BUCKET_NAME, CLOUD_ENDPOINT_URL, CLOUD_ACCESSKEY_ID, CLOUD_SECRET_KEY, IMAGE_REPO_SECRET, MLFLOW_ACCESSKEY_ID, MLFLOW_SECRET_KEY, and MLFLOW_ENDPOINT_URL values.
- For the MLFLOW_ENDPOINT_URL, use either an S3 bucket or a local MinIO bucket, but remember to create the bucket. If you are using local MinIO as an object store, make sure to set up MinIO first and then create buckets. See MinIO.
- Change the default persistence size, which is hardcoded in the deployment of the various components, according to your environment.
- For an Azure AKS cluster, add these properties to both infrastructure and core deployments: global.s3.azure.enabled=true
  global.s3.azure.values.storage_account_name global.s3.azure.values.storage_access_key global.s3.azure.values.storage_connection_string global.mlflow.artifact.secrets.values.mlflow_endpoint_url=https://<your storage account name>.blob.core.windows.net global.mlflow.artifact.secrets.values.mlflow_artifacts_destination=wasbs://<storage containername>@<storage account name>.blob.core.windows.net/<destination folder>
- For a cloud-based deployment, add these properties to both infrastructure and core deployments:
  infra.hashicorp-vault.vault.server.hostAliases[0].ip="$CLOUD_ENDPOINT_IP",\ infra.hashicorp-vault.vault.server.hostAliases[0].hostnames[0]="<specify the cloud endpoint url without http>"
For AUTH_TYPE, choose the authentication type that you would like to use when accessing the Aizen Jupyter console. You can specify one of these authentication types:
- dummy (no authentication): This setting uses only predefined users like admin, aizenai, aizendev, <deployed namespace name> with password aizen@321.
- native: This setting allows users to sign up by creating the admin user first and then additional users.
- oauth: This setting uses OAuth-based authentication, such as GitHub, Google, GitLab, and so on.
- ldap (default): This setting uses the Lightweight Directory Access Protocol (LDAP) and Active Directory.

Add these properties to the Aizen core Helm chart based on your chosen authentication type:

Use | to separate multiple Bind DNs, groups, and hosts. Use , to separate multiple allowed users and admin users.

For LDAP authentication:

core.console.auth_type
core.console.ldap_server_host
core.console.ldap_bind_dn
core.console.ldap_allowed_groups
core.console.admin_user
core.console.allowed_users

For OAuth authentication:

core.console.auth_type=oauth
core.console.oauth_authenticator
core.console.oauth_client_id
core.console.oauth_client_secret
core.console.oauth_callback_url
core.constole.allowed_users
core.console.admin_user

If you are using github as the oauth_authenticator, set these properties:

core.console.oauth_allowed_organizations
core.console.oauth_allowed_scopes

Consider adding these optional properties for OAuth authentication:

core.console.oauth_token_url
core.console.oauth_userdata_url
core.console.oauth_allowed_groups

Install the Aizen core components by running this command:

helm -n $NAMESPACE install aizencore $HELMCHART_LOCATION/aizen

If you installed the Aizen core components on a GCP cluster, create the gateways and virtual services for the console, MLflow, dataexplorer, prediction, and explorer by using the Virtual Services and Gateways Command Script (GCP).

Default Core Configuration Settings

NAMESPACE=aizen
INFRA_NAMESPACE=aizen-infra
HELMCHART_LOCATION=aizen-helmcharts-1.0.0

STORAGE_CLASS=
INGRESS_HOST=
BUCKET_NAME=
CLUSTER_NAME=

CLOUD_ENDPOINT_URL=
CLOUD_ACCESSKEY_ID=
CLOUD_SECRET_KEY=
CLOUD_PROVIDER_REGION=
CLOUD_PROVIDER_TYPE=

STORAGE_TYPE=cloud
AUTH_TYPE=ldap

#Needed only for cloudian
CLOUD_ENDPOINT_IP=

#IMAGE
IMAGE_REPO=aizencorp
IMAGE_REPO_SECRET=
IMAGE_TAG=1.0.0

#MLFLOW
MLFLOW_ACCESSKEY_ID=
MLFLOW_SECRET_KEY=
MLFLOW_ENDPOINT_URL=
MLFLOW_ARTIFACT_DESTINATION=
MLFLOW_ARTIFACT_REGION=

#PVC
STORAGE_PERSISTENCE_SIZE=200Gi
CONSOLE_PERSISTENCE_SIZE=100Gi

#You don't need to change anything below this line
helm -n $NAMESPACE install aizencore $HELMCHART_LOCATION/aizen \
--set core.enabled=true,\
global.clustername=$CLUSTER_NAME,\
global.s3.secrets.enabled=true,\
global.s3.endpoint_url=$CLOUD_ENDPOINT_URL,\
global.s3.endpoint_ip=$CLOUD_ENDPOINT_IP,\
global.s3.secrets.values.s3_access_key=$CLOUD_ACCESSKEY_ID,\
global.s3.secrets.values.s3_secret_key=$CLOUD_SECRET_KEY,\
global.customer_bucket_name=$BUCKET_NAME,\
global.storage_class=$STORAGE_CLASS,\
global.mlflow.artifact.region=$MLFLOW_ARTIFACT_REGION,\
global.mlflow.artifact.secrets.values.mlflow_access_key_id=$MLFLOW_ACCESSKEY_ID,\
global.mlflow.artifact.secrets.values.mlflow_access_secret_key=$MLFLOW_SECRET_KEY,\
global.mlflow.artifact.secrets.values.mlflow_endpoint_url=$MLFLOW_ENDPOINT_URL,\
global.mlflow.artifact.secrets.values.mlflow_artifacts_destination=$MLFLOW_ARTIFACT_DESTINATION,\
global.cloud_provider_type=$CLOUD_PROVIDER_TYPE,\
global.cloud_provider_region=$CLOUD_PROVIDER_REGION,\
global.storage_type=$STORAGE_TYPE,\
global.image_registry=$IMAGE_REPO,\
global.storage_class=$STORAGE_CLASS,\
global.image_secret=$IMAGE_REPO_SECRET,\
global.image_tag=$IMAGE_TAG,\
global.ingress.host=$INGRESS_HOST,\
core.console.auth_type=$AUTH_TYPE,\
core.storage.volume_size=$STORAGE_PERSISTENCE_SIZE,\
core.console.volume_size=$CONSOLE_PERSISTENCE_SIZE,\
core.console.ldap_server_host="ldap://aizen-openldap-service.aizen-infra.svc.cluster.local:1389",\
core.console.ldap_bind_dn="uid={username}\,ou=users\,dc=aizencorp\,dc=local\,dc=com|uid={username}\,ou=people\,dc=aizencorp\,dc=local\,dc=com",\
core.console.ldap_allowed_groups="cn=dbgrp\,ou=groups\,dc=aizencorp\,dc=local\,dc=com",\
core.console.admin_user="aizenadmin"

Checking the Deployment Status of the Core Components

Check the status of all the core components by running this command:

kubectl -n aizen get pods

If any of the components are not in a Running state, see Installation Issues.

PreviousInstalling the Infrastructure Components NextVirtual Services and Gateways Command Script (GCP)

Last updated 3 months ago

Before proceeding with these steps, you must first install the Aizen infrastructure components. See Installing the Infrastructure Components.

To install the Aizen core components, follow these steps:

Create the namespace aizen for the Aizen core components by running this command:
```
kubectl create ns aizen
```
Using the Docker Hub credentials that you obtained for the Aizen microservice images (see ), create a Kubernetes Secret for accessing the Aizen images in the core namespace:
```
kubectl create secret docker-registry aizenrepo-creds 
--docker-username=aizencorp 
--docker-password=<YOUR DOCKER CREDENTIALS> 
-n aizen
```
Customize the settings (see the Default Core Configuration Settings below) in the Aizen core Helm chart based on your environment and preferred configuration:
- Update the STORAGE_CLASS, INGRESS_HOST, BUCKET_NAME, CLOUD_ENDPOINT_URL, CLOUD_ACCESSKEY_ID, CLOUD_SECRET_KEY, IMAGE_REPO_SECRET, MLFLOW_ACCESSKEY_ID, MLFLOW_SECRET_KEY, and MLFLOW_ENDPOINT_URL values.
- For the MLFLOW_ENDPOINT_URL, use either an S3 bucket or a local MinIO bucket, but remember to create the bucket. If you are using local MinIO as an object store, make sure to set up MinIO first and then create buckets. See MinIO.
- Change the default persistence size, which is hardcoded in the deployment of the various components, according to your environment.
- For an Azure AKS cluster, add these properties to both infrastructure and core deployments: global.s3.azure.enabled=true
  global.s3.azure.values.storage_account_name global.s3.azure.values.storage_access_key global.s3.azure.values.storage_connection_string global.mlflow.artifact.secrets.values.mlflow_endpoint_url=https://<your storage account name>.blob.core.windows.net global.mlflow.artifact.secrets.values.mlflow_artifacts_destination=wasbs://<storage containername>@<storage account name>.blob.core.windows.net/<destination folder>
- For a cloud-based deployment, add these properties to both infrastructure and core deployments:
  infra.hashicorp-vault.vault.server.hostAliases[0].ip="$CLOUD_ENDPOINT_IP",\ infra.hashicorp-vault.vault.server.hostAliases[0].hostnames[0]="<specify the cloud endpoint url without http>"
For AUTH_TYPE, choose the authentication type that you would like to use when accessing the Aizen Jupyter console. You can specify one of these authentication types:
- dummy (no authentication): This setting uses only predefined users like admin, aizenai, aizendev, <deployed namespace name> with password aizen@321.
- native: This setting allows users to sign up by creating the admin user first and then additional users.
- oauth: This setting uses OAuth-based authentication, such as GitHub, Google, GitLab, and so on.
- ldap (default): This setting uses the Lightweight Directory Access Protocol (LDAP) and Active Directory.

Add these properties to the Aizen core Helm chart based on your chosen authentication type:

Use | to separate multiple Bind DNs, groups, and hosts. Use , to separate multiple allowed users and admin users.

For LDAP authentication:

core.console.auth_type
core.console.ldap_server_host
core.console.ldap_bind_dn
core.console.ldap_allowed_groups
core.console.admin_user
core.console.allowed_users

For OAuth authentication:

core.console.auth_type=oauth
core.console.oauth_authenticator
core.console.oauth_client_id
core.console.oauth_client_secret
core.console.oauth_callback_url
core.constole.allowed_users
core.console.admin_user

If you are using github as the oauth_authenticator, set these properties:

core.console.oauth_allowed_organizations
core.console.oauth_allowed_scopes

Consider adding these optional properties for OAuth authentication:

core.console.oauth_token_url
core.console.oauth_userdata_url
core.console.oauth_allowed_groups

Install the Aizen core components by running this command:

helm -n $NAMESPACE install aizencore $HELMCHART_LOCATION/aizen

If you installed the Aizen core components on a GCP cluster, create the gateways and virtual services for the console, MLflow, dataexplorer, prediction, and explorer by using the Virtual Services and Gateways Command Script (GCP).

Default Core Configuration Settings

NAMESPACE=aizen
INFRA_NAMESPACE=aizen-infra
HELMCHART_LOCATION=aizen-helmcharts-1.0.0

STORAGE_CLASS=
INGRESS_HOST=
BUCKET_NAME=
CLUSTER_NAME=

CLOUD_ENDPOINT_URL=
CLOUD_ACCESSKEY_ID=
CLOUD_SECRET_KEY=
CLOUD_PROVIDER_REGION=
CLOUD_PROVIDER_TYPE=

STORAGE_TYPE=cloud
AUTH_TYPE=ldap

#Needed only for cloudian
CLOUD_ENDPOINT_IP=

#IMAGE
IMAGE_REPO=aizencorp
IMAGE_REPO_SECRET=
IMAGE_TAG=1.0.0

#MLFLOW
MLFLOW_ACCESSKEY_ID=
MLFLOW_SECRET_KEY=
MLFLOW_ENDPOINT_URL=
MLFLOW_ARTIFACT_DESTINATION=
MLFLOW_ARTIFACT_REGION=

#PVC
STORAGE_PERSISTENCE_SIZE=200Gi
CONSOLE_PERSISTENCE_SIZE=100Gi

#You don't need to change anything below this line
helm -n $NAMESPACE install aizencore $HELMCHART_LOCATION/aizen \
--set core.enabled=true,\
global.clustername=$CLUSTER_NAME,\
global.s3.secrets.enabled=true,\
global.s3.endpoint_url=$CLOUD_ENDPOINT_URL,\
global.s3.endpoint_ip=$CLOUD_ENDPOINT_IP,\
global.s3.secrets.values.s3_access_key=$CLOUD_ACCESSKEY_ID,\
global.s3.secrets.values.s3_secret_key=$CLOUD_SECRET_KEY,\
global.customer_bucket_name=$BUCKET_NAME,\
global.storage_class=$STORAGE_CLASS,\
global.mlflow.artifact.region=$MLFLOW_ARTIFACT_REGION,\
global.mlflow.artifact.secrets.values.mlflow_access_key_id=$MLFLOW_ACCESSKEY_ID,\
global.mlflow.artifact.secrets.values.mlflow_access_secret_key=$MLFLOW_SECRET_KEY,\
global.mlflow.artifact.secrets.values.mlflow_endpoint_url=$MLFLOW_ENDPOINT_URL,\
global.mlflow.artifact.secrets.values.mlflow_artifacts_destination=$MLFLOW_ARTIFACT_DESTINATION,\
global.cloud_provider_type=$CLOUD_PROVIDER_TYPE,\
global.cloud_provider_region=$CLOUD_PROVIDER_REGION,\
global.storage_type=$STORAGE_TYPE,\
global.image_registry=$IMAGE_REPO,\
global.storage_class=$STORAGE_CLASS,\
global.image_secret=$IMAGE_REPO_SECRET,\
global.image_tag=$IMAGE_TAG,\
global.ingress.host=$INGRESS_HOST,\
core.console.auth_type=$AUTH_TYPE,\
core.storage.volume_size=$STORAGE_PERSISTENCE_SIZE,\
core.console.volume_size=$CONSOLE_PERSISTENCE_SIZE,\
core.console.ldap_server_host="ldap://aizen-openldap-service.aizen-infra.svc.cluster.local:1389",\
core.console.ldap_bind_dn="uid={username}\,ou=users\,dc=aizencorp\,dc=local\,dc=com|uid={username}\,ou=people\,dc=aizencorp\,dc=local\,dc=com",\
core.console.ldap_allowed_groups="cn=dbgrp\,ou=groups\,dc=aizencorp\,dc=local\,dc=com",\
core.console.admin_user="aizenadmin"

Checking the Deployment Status of the Core Components

Check the status of all the core components by running this command:

kubectl -n aizen get pods

If any of the components are not in a Running state, see Installation Issues.