Install the Run:ai Control Plane¶
Prerequisites and preparations¶
Make sure you have followed the Control Plane prerequisites and preparations.
Helm install¶
Run the helm command below:
helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod
helm repo update
helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane --version "~2.19.0" \
--set global.domain=<DOMAIN> # (1)
- Domain name described here.
Info
To install a specific version, add --version <version> to the install command. You can find available versions by running helm search repo -l runai-backend.
helm upgrade -i runai-backend control-plane-<VERSION>.tgz \ # (1)
--set global.domain=<DOMAIN> \ # (2)
--set global.customCA.enabled=true \ # (3)
-n runai-backend -f custom-env.yaml # (4)
- Replace
<VERSION>with the Run:ai control plane version. - Domain name described here.
- See the Local Certificate Authority instructions below
custom-env.yamlshould have been created by the prepare installation script in the previous section.
Tip
Use the --dry-run flag to gain an understanding of what is being installed before the actual installation.
Additional Run:ai configurations (optional)¶
There may be cases where you need to set additional properties, To apply the changes run helm upgrade and use --set to set specific configurations, and restart the relevant Run:ai pods so they can fetch the new configurations.
| Key | Change | Description |
|---|---|---|
global.ingress.ingressClass | Ingress class | Run:ai default is using NGINX. If your cluster has a different ingress controller, you can configure the ingress class to be created by Run:ai |
global.ingress.tlsSecretName | TLS secret name | Run:ai requires the creation of a secret with domain certificate. If the runai-backend namespace already had such a secret, you can set the secret name here |
<component> resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi | Pod request and limits | Set Run:ai and 3rd party services' resources |
disableIstioSidecarInjection.enabled | Disable Istio sidecar injection | Disable the automatic injection of Istio sidecars across the entire Run:ai Control Plane services. |
Additional 3rd party configurations (optional)¶
The Run:ai Control Plane chart, includes multiple sub-charts of 3rd party components:
- PostgreSQL - Data store
- Thanos - Metrics Store
- Keycloakx - Identity & Access Management
- Grafana - Analytics Dashboard
- Redis - Caching (Disabled, by default)
Tip
Click on any component, to view it's chart values and configurations
If you have opted to connect to an external PostgreSQL database, refer to the additional configurations table below. Adjust the following parameters based on your connection details:
- Disable PostgreSQL deployment -
postgresql.enabled - Run:ai connection details -
global.postgresql.auth - Grafana connection details -
grafana.dbUser,grafana.dbPassword
PostgreSQL¶
| Key | Change | Description |
|---|---|---|
postgresql.enabled | PostgreSQL installation | If set to false the PostgreSQL will not be installed |
global.postgresql.auth.host | PostgreSQL host | Hostname or IP address of the PostgreSQL server |
global.postgresql.auth.port | PostgreSQL port | Port number on which PostgreSQL is running |
global.postgresql.auth.username | PostgreSQL username | Username for connecting to PostgreSQL |
global.postgresql.auth.password | PostgreSQL password | Password for the PostgreSQL user specified by global.postgresql.auth.username |
global.postgresql.auth.postgresPassword | PostgreSQL default admin password | Password for the built-in PostgreSQL superuser (postgres) |
global.postgresql.auth.existingSecret | Postgres Credentials (secret) | Existing secret name with authentication credentials |
global.postgresql.auth.dbSslMode | Postgres connection SSL mode | Set the SSL mode, see list in Protection Provided in Different Modes, prefer mode is not supported |
postgresql.primary.initdb.password | PostgreSQL default admin password | Set the same password as in global.postgresql.auth.postgresPassword (if changed) |
postgresql.primary.persistence.storageClass | Storage class | The installation to work with a specific storage class rather than the default one |
Thanos¶
| Key | Change | Description |
|---|---|---|
thanos.receive.persistence.storageClass | Storage class | The installation to work with a specific storage class rather than the default one |
Keycloakx¶
| Key | Change | Description |
|---|---|---|
keycloakx.adminUser | User name of the internal identity provider administrator | This user is the administrator of Keycloak |
keycloakx.adminPassword | Password of the internal identity provider administrator | This password is for the administrator of Keycloak |
keycloakx.existingSecret | Keycloakx Credentials (secret) | Existing secret name with authentication credentials |
global.keycloakx.host | KeyCloak (Run:ai internal identity provider) host path | Override the DNS for Keycloak. This can be used to access Keycloak from outside the Run:ai Control Plane cluster via ingress |
The keycloakx.adminUser can only be set during the initial installation. The admin password, however, can also be changed later through the Keycloak UI, but you must also update the keycloakx.adminPassword value in the Helm chart using helm upgrade. Failing to update the Helm values after changing the password can lead to control plane services encountering errors.
Grafana¶
| Key | Change | Description |
|---|---|---|
grafana.db.existingSecret | Grafana database connection credentials (secret) | Existing secret name with authentication credentials |
grafana.dbUser | Grafana database username | Username for accessing the Grafana database |
grafana.dbPassword | Grafana database password | Password for the Grafana database user |
grafana.admin.existingSecret | Grafana admin default credentials (secret) | Existing secret name with authentication credentials |
grafana.adminUser | Grafana username | Override the Run:ai default user name for accessing Grafana |
grafana.adminPassword | Grafana password | Override the Run:ai default password for accessing Grafana |
Redis¶
| Key | Change | Description |
|---|---|---|
redisCache.auth.password | Redis (Runai internal cache mechanism) applicative password | Override the default password |
redisCache.auth.existingSecret | Redis credentials (secret) | Existing secret name with authentication credentials |
Next Steps¶
Connect to Run:ai User interface¶
Go to: runai.<domain>. Log in using the default credentials: User: [email protected], Password: Abcd!234. Go to the Users area and change the password.
Enable Forgot Password (optional)¶
To support the Forgot password functionality, follow the steps below.
- Go to
runai.<domain>/authand Log in. - Under
Realm settings, select theLogintab and enable theForgot passwordfeature. - Under the
Emailtab, define an SMTP server, as explained here
Install Run:ai Cluster¶
Continue with installing a Run:ai Cluster.