Install the Run:ai Control Plane¶
Domain certificate¶
You must provide the domain's private key and crt as a Kubernetes secret in the runai-backend
namespace. Run:
kubectl create secret tls runai-backend-tls -n runai-backend \
--cert /path/to/fullchain.pem --key /path/to/private.pem
Install the Control Plane¶
Run the helm command below:
helm repo add runai-backend https://backend-charts.storage.googleapis.com
helm repo update
helm upgrade -i runai-backend -n runai-backend runai-backend/control-plane --version "~2.15.0" \
--set global.domain=<DOMAIN> # (1)
- Domain name described here.
Info
To install a specific version, add --version <version>
to the install command. You can find available versions by running helm search repo -l runai-backend
.
helm upgrade -i runai-backend control-plane-<VERSION>.tgz \ # (1)
--set global.domain=<DOMAIN> # (2)
-n runai-backend -f custom-env.yaml # (3)
- Replace
<VERSION>
with the Run:ai control plane version. - Domain name described here.
custom-env.yaml
should have been created by the prepare installation script in the previous section.
Tip
Use the --dry-run
flag to gain an understanding of what is being installed before the actual installation.
(Air-gapped only) Local Certificate Authority¶
Perform the instructions for local certificate authority.
Additional configurations (optional)¶
There may be cases where you need to set additional properties as follows:
Key | Change | Description |
---|---|---|
keycloakx.adminUser | KeyCloak (Run:ai internal identity provider) administrator username | Override the default user name of the Keycloak administrator user |
keycloakx.adminPassword | KeyCloak (Run:ai internal identity provider) administrator password | Override the default password of the Keycloak administrator user |
global.keycloakx.host | KeyCloak (Run:ai internal identity provider) host path | Override the DNS for Keycloak. This can be used to access Keycloak from outside the Run:ai Control Plane cluster via ingress |
global.ingress.ingressClass | Ingress class | Run:ai default is using NGINX. If your cluster has a different ingress controller, you can configure the ingress class to be created by Run:ai |
global.ingress.tlsSecretName | TLS secret name | Run:ai requires the creation of a secret with domain certificate. See above. If the runai-backend namespace already had such a secret, you can set the secret name here |
global.postgresql.auth.port | PostgreSQL port | Override the default PostgreSQL port for the Run:ai database |
global.postgresql.auth.username | PostgreSQL username | Override the Run:ai default user name for accessing the Run:ai database |
global.postgresql.auth.password | PostgreSQL password | Override the Run:ai default password for accessing the Run:ai database |
global.postgresql.auth.postgresPassword | PostgreSQL default admin password | Set the password of the admin user created by default by PostgreSQL |
postgresql.primary.initdb.password | PostgreSQL default admin password | Set the same password as in global.postgresql.auth.postgresPassword (if changed) |
grafana.adminUser | Grafana username | Override the Run:ai default user name for accessing Grafana |
grafana.adminPassword | Grafana password | Override the Run:ai default password for accessing Grafana |
grafana.dbUser | Grafana's username for PostgreSQL | Override the Run:ai default user name for Grafana to access Run:ai database (PostgreSQL) |
grafana.dbPassword | Grafana's password for PostgreSQL | Override the Run:ai default password for Grafana to access Run:ai database (PostgreSQL) |
grafana.grafana.ini.database.user | Reference to Grafana's username for PostgreSQL | Don't override this value |
grafana.grafana.ini.database.password | Reference to Grafana's password for PostgreSQL | Don't override this value |
tenantsManager.config.adminUsername | Run:ai first admin username | Override the default user name of the first admin user created with Run:ai |
tenantsManager.config.adminPassword | Run:ai first admin user's password | Override the default password of the first admin user created with Run:ai |
thanos.receive.persistence.storageClass and postgresql.primary.persistence.storageClass | Storage class | The installation to work with a specific storage class rather than the default one |
global.imagePullSecrets: - name: <secret-name> | Docker secret | Provide credentials for accessing the organization's docker registry. This is required for air-gapped environments |
<component> resources: limits: cpu: 500m memory: 512Mi requests: cpu: 250m memory: 256Mi | Pod request and limits | <component> may be anyone of the following: backend , frontend , assetsService , identityManager , tenantsManager , keycloakx , grafana , authorization , orgUnitService ,policyService |
Use the --set
syntax in the helm command above.
Note
If you modify one of the usernames or passwords (KeyCloak, PostgreSQL, Grafana) after Run:ai is already installed, perform the following steps to apply the change:
- Modify the username/password within the relevant component as well (KeyCloak, PostgreSQL, Grafana).
- Run
helm upgrade
for Run:ai with the right values, and restart the relevant Run:ai pods so they can fetch the new username/password.
Connect to Run:ai User Interface¶
Go to: runai.<company-name>
. Log in using the default credentials: User: [email protected]
, Password: Abcd!234
. Go to the Users area and change the password.
Go to: runai.<domain>
. Log in using the default credentials: User: [email protected]
, Password: Abcd!234
. Go to the Users area and change the password.
(Optional) Enable "Forgot password"¶
To support the “Forgot password” functionality, follow the steps below.
- Go to
runai.<domain>/auth
and Log in. - Under
Realm settings
, select theLogin
tab and enable theForgot password
feature. - Under the
Email
tab, define an SMTP server, as explained here
Next steps¶
Continue with installing a Run:ai Cluster.