Vanilla Installation

Deploy kubeflow into an AKS cluster using default settings.

Background

In this lab you will deploy an Azure Kubernetes Service (AKS) cluster and other Azure services (Container Registry, Managed Identity, Key Vault) with Azure CLI and Bicep. You will then install Kubeflow using the default settings using Kustomize and create a jupyter notebook server you can easily access on your browser.

Instructions for Basic Deployment without TLS and with Default Password

This deployment option is for testing only. To deploy with TLS, and change default password, please click here: Deploy kubeflow with TLS.

⚠️ Warning: This deployment option would require users to have access to the kubernetes cluster. For a better deployment option that doesn’t have this restriction, uses TLS and shows how to change default password, please head to the [Deploy kubeflow with TLS] option.

Use the Azure CLI and Bicep templates to deploy the infrastructure for your application. We will be using the AKS construction project to rapidly deploy the required Azure resources. The project allows users the flexibility to tweak their AKS environment however they want. Please check out the AKS construction helper for more details about AKS construction.

az login

💡Note: If you have access to multiple subscriptions, you may need to run the following command to work with the appropriate subscription: az account set --subscription <NAME_OR_ID_OF_SUBSCRIPTION>.

Install kubectl using the Azure CLI, if required.

az aks install-cli

Clone this repo which includes the Azure/AKS-Construction and kubeflow/manifests repos as Git Submodules

git clone --recurse-submodules https://github.com/Azure/kubeflow-aks.git

Change directory into the newly cloned directory

cd kubeflow-aks

Deployment steps

⚠️ Warning: In order to complete this deployment, you will need to have either User Access Admin and Contributor or Owner access to the subscription you are deploying into.

Get the signed in user id so that you can get admin access to the cluster you create

SIGNEDINUSER=$(az ad signed-in-user show --query id --out tsv)
RGNAME=kubeflow

Create deployment

az group create -n $RGNAME -l eastus
DEP=$(az deployment group create -g $RGNAME --parameters signedinuser=$SIGNEDINUSER -f main.bicep -o json)

💡Note: The DEP variable is very important and will be used in subsequent steps. You can save it by running echo $DEP > test.json and restore it by running export DEP=$(cat test.json).

KVNAME=$(echo $DEP | jq -r '.properties.outputs.kvAppName.value')
AKSCLUSTER=$(echo $DEP | jq -r '.properties.outputs.aksClusterName.value')
TENANTID=$(az account show --query tenantId -o tsv)
ACRNAME=$(az acr list -g $RGNAME --query "[0].name"  -o tsv)

Install kubelogin and log into the cluster

Next install kubelogin using the installation instructions appropriate for your computer. From there, you’ll need to run the following commands to download the kubeconfig file and convert it for use with kubelogin.

az aks get-credentials --resource-group $RGNAME \
  --name $AKSCLUSTER

kubelogin convert-kubeconfig -l azurecli

Log in to the cluster. Enter your Azure credentials when prompted afterwards to complete the login. If this is successful, kubectl should return a list of nodes.

⚠️ Warning: It is important that you log into the cluster at this point to avoid running into issues at a later point.

kubectl get nodes

Install kustomize

Next install kustomize using the installation instructions appropriate for your computer.

💡Note: In order to use the kustomize command below to deploy Kubeflow, you must use Kustomize v3.2.0. More info here.

Deploy Kubeflow without TLS using Default Password

This deployment option is for testing only. To deploy with TLS, and change default password, please click here: Deploy kubeflow with TLS.

From the root of the repo, cd into kubeflow’s manifests directory and make sure you are in the v1.7-branch.

cd manifests/
git checkout v1.7-branch
cd ..

Install all of the components via a single command

cp -a deployments/vanilla manifests/vanilla
cd manifests/  
while ! kustomize build vanilla | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done

Once the command has completed, check the pods are ready

kubectl get pods -n cert-manager
kubectl get pods -n istio-system
kubectl get pods -n auth
kubectl get pods -n knative-eventing
kubectl get pods -n knative-serving
kubectl get pods -n kubeflow
kubectl get pods -n kubeflow-user-example-com

Run kubectl port-forward to access the Kubeflow dashboard

kubectl port-forward svc/istio-ingressgateway -n istio-system 8080:80

Finally, open http://localhost:8080 and login with the default user’s credentials. The default email address is user@example.com and the default password is 12341234

Testing the deployment with a Notebook server

You can test that the deployments worked by creating a new Notebook server using the GUI.

Click on “Create a new Notebook server”
Click on “+ New Notebook” in the top right corner of the resulting page
Enter a name for the server
Leave the “jupyterlab” option selected
Feel free to pick one of the images available, in this case we choose the default
Set Requested CPU to 0.5 and requested memory in Gi to 1
Under Data Volumes click on “+ Add new volume”
Expand the resulting section
Set the name to datavol-1. The default name provided would not work because it has characters that are not allowed
Set the size in Gi to 1
Uncheck “Use default class”
Choose a class from the provided options. In this case I will choose “azurefile-premium”
Choose ReadWriteMany as the Access mode. Your data volume config should look like the picture below
Click on “Launch” at the bottom of the page. A successful deployment should have a green checkmark under status, after 1-2 minutes.
Click on “Connect” to access your jupyter lab
Under Notebook, click on Python 3 to access your jupyter notebook and start coding

Next steps

[Secure your kubeflow cluster using TLS and stronger Password] deployment option.