Install the Run:ai Control Plane¶
Domain certificate¶
You must provide the domain's private key and crt as a Kubernetes secret in the runai-backend
namespace. Run:
kubectl create secret tls runai-backend-tls -n runai-backend \
--cert /path/to/fullchain.pem --key /path/to/private.pem
Install the Control Plane¶
Run the helm command below:
helm repo add runai-backend https://backend-charts.storage.googleapis.com
helm repo update
helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane --version "~2.13.0" \
--set global.domain=<DOMAIN> # (1)
- Domain name described here.
Info
To install a specific version, add --version <version>
to the install command. You can find available versions by running helm search repo -l runai-backend
.
helm upgrade -i runai-backend control-plane-<VERSION>.tgz \ # (1)
--set global.domain=<DOMAIN> # (2)
-n runai-backend -f custom-env.yaml # (3)
- Replace
<VERSION>
with the Run:ai control plane version. - Domain name described here.
custom-env.yaml
should have been created by the prepare installation script in the previous section.
Tip
Use the --dry-run
flag to gain an understanding of what is being installed before the actual installation.
Additional configurations (optional)¶
There may be cases where you need to set additional properties as follows:
Key | Change | Description |
---|---|---|
keycloakx.adminUser | KeyCloak (Run:ai internal identity provider) administrator username | Override the default user name of the Keycloak administrator user |
keycloakx.adminPassword | KeyCloak (Run:ai internal identity provider) administrator password | Override the default password of the Keycloak administrator user |
global.keycloakx.host | KeyCloak (Run:ai internal identity provider) host path | Override the DNS for Keycloak. This can be used to access Keycloak from outside the Run:ai Control Plane cluster via ingress |
global.ingress.ingressClass | Ingress class | Run:ai default is using NGINX. If your cluster has a different ingress controller, you can configure the ingress class to be created by Run:ai |
global.ingress.tlsSecretName | TLS secret name | Run:ai requires the creation of a secret with domain certificate. See above. If the runai-backend namespace already had such a secret, you can set the secret name here |
global.postgresql.auth.port | PostgreSQL port | Override the default PostgreSQL port for the Run:ai database |
global.postgresql.auth.username | PostgreSQL username | Override the Run:ai default user name for accessing the Run:ai database |
global.postgresql.auth.password | PostgreSQL password | Override the Run:ai default password for accessing the Run:ai database |
global.postgresql.auth.postgresPassword | PostgreSQL default admin password | Set the password of the admin user created by default by PostgreSQL |
postgresql.primary.initdb.password | PostgreSQL default admin password | Set the same password as in global.postgresql.auth.postgresPassword (if changed) |
grafana.adminUser | Grafana username | Override the Run:ai default user name for accessing Grafana |
grafana.adminPassword | Grafana password | Override the Run:ai default password for accessing Grafana |
grafana.dbUser | Grafana's username for PostgreSQL | Override the Run:ai default user name for Grafana to access Run:ai database (PostgreSQL) |
grafana.dbPassword | Grafana's password for PostgreSQL | Override the Run:ai default password for Grafana to access Run:ai database (PostgreSQL) |
grafana.grafana.ini.database.user | Reference to Grafana's username for PostgreSQL | Don't override this value |
grafana.grafana.ini.database.password | Reference to Grafana's password for PostgreSQL | Don't override this value |
tenantsManager.config.adminUsername | Run:ai first admin username | Override the default user name of the first admin user created with Run:ai |
tenantsManager.config.adminPassword | Run:ai first admin user's password | Override the default password of the first admin user created with Run:ai |
thanos.receive.persistence.storageClass and postgresql.primary.persistence.storageClass | Storage class | The installation to work with a specific storage class rather than the default one |
global.imagePullSecrets: - name: <secret-name> | Docker secret | Provide credentials for accessing the organization's docker registry. This is required for air-gapped environments |
<component> resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi | Pod request and limits | <component> may be anyone of the following: backend , frontend , assetsService , identityManager , tenantsManager , keycloakx , grafana , authorization , orgUnitService ,policyService |
Use the --set
syntax in the helm command above.
Note
If you modify one of the usernames or passwords (KeyCloak, PostgreSQL, Grafana) after Run:ai is already installed, perform the following steps to apply the change:
- Modify the username/password within the relevant component as well (KeyCloak, PostgreSQL, Grafana).
- Run
helm upgrade
for Run:ai with the right values, and restart the relevant Run:ai pods so they can fetch the new username/password.
Next Steps¶
Go to: runai.<company-name>
. Log in using the default credentials: User: [email protected]
, Password: Abcd!234
. Go to the Users area and change the password.
Go to: runai.<domain>
. Log in using the default credentials: User: [email protected]
, Password: Abcd!234
. Go to the Users area and change the password.
(Optional) Enable "Forgot password"¶
To support the “Forgot password” functionality, follow the steps below.
- Go to
runai.<domain>/auth
and Log in. - Under
Realm settings
, select theLogin
tab and enable theForgot password
feature. - Under the
Email
tab, define an SMTP server, as explained here
Next steps¶
Continue with installing a Run:ai Cluster.