Install Kubeflow on Azure Kubernetes Service (AKS)

1. Overview

Kubeflow is a novel open-source tool for end-to-end Machine Learning on top Kubernetes. It has great powers, however, as it is composed of 30+ microservices, it can be challenging to deploy and operate.

In this tutorial, we show how to get started with Kubeflow on Azure Kubernetes Service (AKS) in a few simple steps.

What you’ll learn

  • How to deploy Kubeflow on top of AKS
  • How to observe the state of your deployment using Juju
  • How to access your Kubeflow dashboard from your local machine

What you’ll need

  • Access to an AKS Kubernetes cluster via kubectl
  • A minimum of 4 CPU, 16GB RAM, 50GB Disk available in your cluster
  • Some basic command-line knowledge

2. Install the Juju client

We make use of Juju as it provides a simple installation of Kubeflow across Kubernetes platforms, with a good level of customization, as well as easy maintenance - read more on Charmed Kubeflow.

First, in order to make use of the Juju CLI, we need to install the Juju client.

Install Juju client

On Linux, install juju via snap with the following command:

sudo snap install juju --classic

Alternatively, brew install juju on macOS or download the Windows installer.


3. Connect Juju to your AKS cluster

In order to operate workloads in your Kubernetes cluster with Juju, you have to add your cluster to the list of clouds in juju via the add-k8s command.

Connect Juju to Azure Kubernetes Service

If your Kubernetes config file is in the standard location (~/.kube/config on Linux), and you only have one cluster, you can simply run:

juju add-k8s myk8s

If your kubectl config file contains multiple clusters, you can specify the appropriate one by name:

juju add-k8s myk8s --cluster-name=foo

Finally, if your config file is in a different location, you can set the KUBECONFIG environment variable to point to the relevant file. For example:

KUBECONFIG=path/to/file juju add-k8s myk8s

4. Create a controller

To operate workloads on your Kubernetes cluster, Juju uses the concept of controllers.

Create a Juju controller

You can create a controller with the bootstrap command:

juju bootstrap myk8s my-controller

This command creates a couple of pods under the my-controller namespace. You can see your controllers with the juju controllers command.


5. Create a model

A model in Juju is a blank canvas where your operators are deployed, and it holds a 1:1 relationship with a Kubernetes namespace.

You can create a model and give it a name, e.g. kubeflow, with the add-model command, and you are also creating a Kubernetes namespace of the same name:

juju add-model kubeflow

You can list your models with the juju models command.


6. Deploy Kubeflow

MIN RESOURCES: The minimum resources to deploy kubeflow are - 50Gb of disk, 14Gb of RAM and 2 CPUs - available on your cluster.
If you have fewer resources, deploy kubeflow-lite or kubeflow-edge.

Once you have a model, you can simply juju deploy any of the provided Kubeflow bundles into your cluster. For the full Kubeflow bundle, run:

juju deploy kubeflow --trust

Congratulations, Kubeflow is now installing !

You can observe your Kubeflow deployment getting spun-up with the command:

watch -c juju status --color

For further customization of your deployment, check out the docs on customization.


7. Final deployment steps

There are currently a couple of additional steps required to effectively deploy Kubeflow.

1. Add an RBAC role for istio

In order to setup Kubeflow with Istio correctly, you need to provide the istio-ingressgateway operator access to Kubernetes resources. The following command creates the appropriate role:

kubectl patch role -n kubeflow istio-ingressgateway-operator -p '{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"name":"istio-ingressgateway-operator"},"rules":[{"apiGroups":["*"],"resources":["*"],"verbs":["*"]}]}'

2. Find the external IP address of your Kubeflow dashboard

To find the exposed IP address of the Kubeflow dashboard for your deployment run:

kubectl get svc/istio-ingressgateway -n kubeflow

where kubeflow is the name you gave to your Juju model, and hence the namespace of your Kubeflow deployment. Copy the IP address under EXTERNAL-IP for use in the next step.

3. Provide external IP to authentication services

To enable your Kubeflow dashboard access is to provide your dashboard public IP to dex-auth and oidc-gatekeeper via the following commands:

juju config dex-auth public-url=http://<EXTERNAL-IP>:80
juju config oidc-gatekeeper public-url=http://<EXTERNAL-IP>:80

8. Access the Kubeflow dashboard

1. Get authentication credentials

To display your access credentials, run the following commands:

juju config dex-auth static-username
juju config dex-auth static-password

By default, these are both empty. If you wish to set them, add the relevant string to the end of the command, e.g.

juju config dex-auth static-username=admin
juju config dex-auth static-password=AxWiJjk2hu4fFga7

2. Access the dashboard

Assuming you have configured your virtual network’s firewall to allow you to connect, you should be able to point your browser at your Kubeflow Dashboard URL and the AKS cluster’s ingress should take you to your Charmed Kubeflow MLOps platform’s login page.


9. That’s it for now!