Wallaroo Enterprise Comprehensive Install Guide: Azure Kubernetes Service (AKS)

Before installing or upgrading Wallaroo, the administrative node managing the Kubernetes cluster will require these tools.

• kubectl
  
  • For Kots based installs:
    • kots Version 1.107.2
  
  
  • For Helm installs:
    • helm: Install Helm
      • Minimum supported version: Helm 3.11.2
    • krew: Install Krew
    • krew preflight and krew support-bundle. Install with the following commands:
      • kubectl krew install support-bundle
      • kubectl krew install preflight

The following are quick guides for installing kubectl for macOS.

To install kubectl on a macOS system using Homebrew:

1. Issue the brew install command:

   brew install kubectl
   

2. Verify the installation:

   kubectl version --client
   

Wallaroo kots based installations are broken up into two formats:

• Automated Install: Variables are passed to the installation process to auto-set the password, license file, and other settings before beginning the installation configuration process.
• Interactive Install: All parts of the installation process are performed through the browser interface.

kubectl kots install wallaroo/2024-1 -n $NAMESPACE --license-file $LICENSEFILE --shared-password $SHAREDPASSWORD

kubectl kots install wallaroo/2024-1 -n wallaroo --license-file myWallaroolicense.yaml --shared-password wallaroo

kubectl kots admin-console --namespace wallaroo

Initial Wallaroo Config

Once Wallaroo has been installed for the first time, we can perform initial configuration.

1. If Wallaroo Edition has not started, launch it with the following command:

   ❯ kubectl kots admin-console --namespace wallaroo
     • Press Ctrl+C to exit
     • Go to http://localhost:8800 to access the Admin Console
   

2. Enter the Kots Administrative Console address into a browser. You will be prompted for the default password as set in the step above. Enter it and select Log in.

   

3. Upload your license file. If the license file was already selected from the Automated installation, this step is skipped.

   

4. The Kots Administrative Console will run the preflight checks to verify that all of the minimum requirements are met. This may take a few minutes. If there are any issues, Wallaroo can still be launched but may not function properly. When ready, select Continue.

   

5. The Configure Wallaroo page will be displayed which allows you to customize your Wallaroo environment. The following are the minimum required settings.

   1. Networking Configuration: Set whether the Wallaroo instance is available from outside the Kubernetes cluster, or only from within it.
      1. Ingress Mode for Wallaroo Endpoints:
         1. None: Services are local to the Kubernetes cluster. kubectl-port forward or some other means is required to access them. If all work will be done in-cluster, select this option.
         2. Internal: An internal cloud load balancer and associated resources are created. Network users outside the Kubernetes cluster – but on the same internal network – can connect directly using DNS names, and do not need to use port forward or related configurations.
         3. External: An external, Internet-facing cloud load balancer, public IP, and associated resources are created. This is highly discouraged. Public DNS is also required. This is the default for Wallaroo Community Edition.
            1. Enable external URL inference endpoints: Creates pipeline inference endpoints. For more information, see Model Endpoints Guide.
   2. DNS
      1. DNS Prefix (Optional): The domain name prefix for your Wallaroo instance.
      2. DNS Suffix (Mandatory): The domain name suffix for your Wallaroo instance.
   3. TLS Certificates
      1. Use custom TLS Certs: Checked
      2. TLS Certificate: Enter your TLS Certificate (.crt file).
      3. TLS Private Key: Enter your TLS private key (.key file).

   

6. Once complete, scroll to the bottom of the Config page and select Deploy.

7. At this point, continue to Required Installation Configurations for the required configuration settings.

Installation Client Helm Requirements

The following software is required for the client with administrative access to the Kubernetes cluster that will host Wallaroo via Helm.

• For Helm installs:
  • helm: Install Helm
    • Minimum supported version: Helm 3.11.2
  • krew: Install Krew
  • krew preflight and krew support-bundle. Install with the following commands:
    • kubectl krew install support-bundle
    • kubectl krew install preflight

The following details how to install Wallaroo via helm.

Wallaroo Provided Data

Members of the Wallaroo support staff will provide the following information:

• Wallaroo Container Registration Login: Commands to login to the Wallaroo container registry.
• Preflight verification command: The commands to verify that the Kubernetes environment meets the requirements for the Wallaroo install.
• Install Wallaroo Command: Instructions on installations into the Kubernetes environment using Helm through the Wallaroo container registry.

The following steps are used with these command and configuration files to install Wallaroo Enterprise via Helm.

Registration Login

The first step in the Wallaroo installation process via Helm is to connect to the Kubernetes environment that will host the Wallaroo Enterprise instance and login to the Wallaroo container registry through the command provided by the Wallaroo support staff. The command will take the following format, replacing $YOURUSERNAME and $YOURPASSWORD with the respective username and password provided.

helm registry login registry.replicated.com --username $YOURUSERNAME --password $YOURPASSWORD

Preflight Verification

Preflight verification is performed with the following command format. The variables $LICENSE_CHANNEL and $VERSION is supplied by your Wallaroo support representative.

helm template oci://registry.replicated.com/wallaroo/$LICENSE_CHANNEL/wallaroo --version $VERSION | kubectl preflight -

For example, the $LICENSE_CHANNEL=2024-1 of ee and the $VERSION=2024.1.0-5097

helm template oci://registry.replicated.com/wallaroo/2024-1/wallaroo --version 2024.1.0-5097 | kubectl preflight -

This displays the Preflight Checks report.

The following commands are available:

• s: Save the report to a text file as the file preflight-checks-results-DATETIME.txt. For example: preflight-checks-results-2024-03-19T13_30_41.txt.
• q: Exit the preflight report.
• Up Arrow or Down Arrow: Scroll through the preflight elements and view the report details.

The following example shows a successful preflight test.

Preflight Checks Preflight Checks

Check PASS
Title: Required Kubernetes Version
Message: Your cluster meets the recommended and required versions of Kubernetes.

------------
Check PASS
Title: Container Runtime
Message: Containerd container runtime was found.

------------
Check PASS
Title: Check Kubernetes environment.
Message: GKE is a supported distribution

------------
Title: Cluster CPU Resources
Message: 

------------
Check PASS
Title: Cluster Resources
Message: Cluster resources are satisfactory

------------
Check PASS
Title: Every node in the cluster must have at least 12Gi of memory
Message: All nodes have at least 12 GB of memory capacity

------------
Check PASS
Title: Every node in the cluster must have at least 8 cpus allocatable.
Message: All nodes have at least 8 CPU capacity

------------

Prepare Helm Installation

The following instructions detail how to install Wallaroo Enterprise via Helm for Kubernetes cloud environments such as Microsoft Azure, Amazon Web Service, and Google Cloud Platform.

With the preflight checks and prerequisites met, Wallaroo can be installed via Helm through the following process:

1. Create namespace. By default, the namespace wallaroo is used:

   kubectl create namespace wallaroo
   

2. Set the new namespace as the current namespace:

   kubectl config set-context --current --namespace wallaroo
   

3. Set the TLS certificate secret in the Kubernetes environment:

   1. Create the certificate and private key. It is recommended to name it after the domain name of your Wallaroo instance. For example: wallaroo.example.com. For production environments, organizations are recommended to use certificates from their certificate authority. Note that the Wallaroo SDK will not connect from an external connection without valid certificates. For more information on using DNS settings and certificates, see the Wallaroo DNS Integration Guide.

   2. Create the Kubernetes secret from the certificates created in the previous step, replacing $TLSCONFIG with the name of the Kubernetes secret, with the certificate file $TLSCERT and the private key $TLSKEY. Store the secret name for a the step Configure local values file.

      kubectl create secret tls $TLSCONFIG --cert=$TLSCERT --key=$TLSKEY
      

      For example, if $TLSCONFIG is cust-cert-secret with the certificate $TLSCERT is fullchain.pem and key $TLSKEY is privkey.pem, then the command would be translated as

      kubectl create secret tls cust-cert-secret --cert=fullchain.pem --key=privkey.pem
      

Default Helm Installation Settings

A default Helm install of Wallaroo contains various default settings. The local values file overwrites values based on the organization needs. The following represents the minimum mandatory values for a Wallaroo installation using certificates and the default LoadBalancer for a cloud Kubernetes cluster. The configuration details below is saved as values.yaml for these examples.

Note the following required settings:

• domainPrefix and domainSuffix: Used to set the DNS settings for the Wallaroo instance. For more information, see the Wallaroo DNS Integration Guide.
• custTlsSecretName: Specify the Kubernetes secret created in the previous step. External connections through the Wallaroo SDK require valid certificates.
• apilb: Sets the apilb service options including the following:
  • serviceType: LoadBalancer: Uses the default LoadBalancer setting for the Kubernetes cloud service the Wallaroo instance is installed into. Replace with the specific service connection settings as required.
  • external_inference_endpoints_enabled: true: This setting is required for performing external SDK inferences to a Wallaroo instance. For more information, see the Wallaroo Model Endpoints Guide
  • kubernetes_distribution: The cloud provider used. Each cloud provider has their own methods of handling storage classes, LoadBalancers (LB), etc. The following values are available; if your selected provider or distribution is not on the list, contact your Wallaroo Support representative for more options.
    • aks: Microsoft Azure Kubernetes Service
    • eks: Amazon Elastic Kubernetes Service
    • gke: Google Kubernetes Engine
    • oke: Oracle Cloud Infrastructure Container Engine for Kubernetes
    • kurl: On premise aka stand alone Linux installations.
  • ingress_mode: How the Wallaroo instance is reached through the Kubernetes network settings. Options include:
    • internal (Default): An internal cloud load balancer and associated resources are created. Network users outside the Kubernetes cluster – but on the same internal network – can connect directly using DNS names, and do not need to use port forward or related configurations.
    • external: An external, Internet-facing cloud load balancer, public IP, and associated resources are created. This is highly discouraged. Public DNS is also required. This is the default for Wallaroo Community Edition.
    • embedded: A direct connection to the host. This option is available for embedded installs on “bare metal” or single node Linux installs.
    • none: Services are local to the Kubernetes cluster. kubectl-port forward or some other means is required to access them. If all work will be done in-cluster, select this option.
• dashboard: The name displayed when users login to the Wallaroo Ops center Dashboard. For example, “My Company” or “Sales Division”, etc.

The following example shows the minimum required options.

This example shows the uncommented keys for the minimum required settings and additional commented optional settings. For full details on helm values for Wallaroo installations, see the Wallaroo Helm Reference Guides.

domainPrefix: "" # optional if using a DNS Prefix
domainSuffix: "wallaroo.example.com"

custTlsSecretName: cust-cert-secret

apilb:
  serviceType: LoadBalancer
  external_inference_endpoints_enabled: true
  ingress_mode: internal # internal (Default), external, embedded, or none

dashboard:
  clientName: "Wallaroo Helm Example" # Insert the name displayed in the Wallaroo Dashboard

kubernetes_distribution: ""   # Required. One of: aks, eks, gke, oke, or kurl.

# for edge and multicloud model publishing and deployment

# ociRegistry: #Sets the Edge Server registry information.
#   enabled: true #enables the Edge Server registry information.  true enables it, false disables it.
#   registry:  # The registry url. For example: reg.big.corp:3579
#   repository: # The repository within the registry. This may include the cloud account, or the full path where the Wallaroo published pipelines should be kept. For example: account123/wallaroo/pipelines.
#   email: # Optional field to track the email address of the registry credential.
#   username: # The username to the registry. This may vary based on the provider. For example, GCP Artifact Registry with service accounts uses the username _json_key_base64 with the password as a base64 processed token of the credential information.
#   password: #The password or token for the registry service.

# for edge and multicloud deployment observability

# edgelb:
#     serviceType: LoadBalancer
#     enabled: true
#     opscenterHost: mitch4.edge.wallaroocommunity.ninja


# The nodeSelector and tolerations for all components
# This does not apply to nats, fluent-bit, or minio so needs to be applied separately
# nodeSelector:
#   wallaroo.ai/reserved: true

# tolerations:
# - key: "wallaroo.ai/reserved"
#   operator: "Exists"
#   effect: "NoSchedule"

# To change the pipeline taint or nodeSelector, 
# best practice is to change engine, enginelb, and engineAux 
# together unless they will be in different pools.
# engine:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# enginelb:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# engineAux:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# For each service below, adjust the disk size and resources as required.
# If the nodeSelector or tolerations are changed for one service, 
# the other services nodeSelector and tolerations **must** be changed to match
#
#
# plateau:
#   diskSize: 100Gi
#   resources:
#     limits:
#       memory: 4Gi
#       cpu: 1000m
#     requests:
#       memory: 128Mi
#       cpu: 100m
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"

# Jupyter has both hub and lab nodeSelectors and tolerations
# They default to the same persistent pool, but can be assigned to different ones
# jupyter:
#   nodeSelector:                 # Node placement for Hub administrative pods
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   labNodeSelector:              # Node placement for Hub-spawned jupyterlab pods
#     wallaroo.ai/node-purpose: persistent
#   labTolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   memory:
#     limit: "4"                  # Each Lab - memory limit in GB
#     guarantee: "2"              # Each Lab - lemory guarantee in GB
#   cpu:
#     limit: "2.0"                # Each Lab - fractional CPU limit
#     guarantee: "1.0"            # Each Lab - fractional CPU guarantee
#   storage:
#     capacity: "50"              # Each Lab - disk storage capacity in GB

# minio:
#   persistence:
#     size: 25Gi
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#   - key: wallaroo.ai/persistent
#     operator: "Exists"
#     effect: "NoSchedule"
#   resources:
#     requests:
#       memory: 1Gi

# postgres:
#   diskSize: 10Gi
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   resources:
#     limits:
#       memory: 2Gi
#       cpu: 500m
#     requests:
#       memory: 512Mi
#       cpu: 100m

# Prometheus has the usual persistent options, but also a retention size
# The the size on disk and time can be configured before removing it.
# prometheus:
#   storageRetentionSizeGb: "10"        # Retain this much data, in GB.
#   storageRetentionTimeDays: "15"     # When to remove old data. In days.
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule" 
#   resources:
#     limits:
#       memory: 6Gi
#       cpu: 2000m
#     requests:
#       memory: 512Mi
#       cpu: 100m

# nats:
#   podTemplate:
#     merge:
#       spec:
#         nodeSelector: 
#           wallaroo.ai/node-purpose: persistent
#         tolerations:
#         - key: "wallaroo.ai/persistent"
#           operator: "Exists"
#           effect: NoSchedule

# wallsvc:
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"

persistentVolume Settings

Wallaroo services that have a persistentVolume have the following default nodeSelector label and tolerations:

• nodeSelector
  • Label: wallaroo.ai/node-purpose
  • Value: persistent
• tolerations
  • Key: wallaroo.ai/persistent
  • Operator: “Exists”
  • Effect: “NoSchedule”

For example:

nodeSelector:
  wallaroo.ai/node-purpose: persistent
tolerations:
  - key: wallaroo.ai/persistent
    operator: "Exists"
    effect: "NoSchedule"

If the nodeSelector or tolerations are changed for any service with a persistentVolume, all other services must be edited to match.

For additional information on taints and tolerations settings, see the Taints and Labels Guide.

Install Wallaroo with Helm

1. The Wallaroo support representative will provide the installation command for the Helm install that will use the Wallaroo container registry. This assumes that the preflight checks were successful. This command uses the following format:

   helm install $RELEASE $REGISTRYURL --version $VERSION --values $LOCALVALUES.yaml
   

   Where:

   1. $RELEASE: The name of the Helm release. By default, wallaroo.
   2. $REGISTRYURL: The URl for the Wallaroo container registry service.
   3. $VERSION: The version of Wallaroo to install. For this example, 2024.1.0-5097.
   4. $LOCALVALUES: The .yaml file containing the local values overrides. For this example, values.yaml.

   For example, for the registration wallaroo the command would be:

   helm install wallaroo oci://registry.replicated.com/wallaroo/2024-1/wallaroo --version 2024.1.0-5097 --values values.yaml
   

   If any required elements are missing from the values.yaml file, an error is displayed. For example, leaving out the kubernetes_distribution field returns the following:

   Warning - kubernetes_distribution must be set in user provided values.yaml
   

   Upon successful installation, notes are published indicating the installed version, where to find documentation, etc.:

   NOTES:
   .
   
   Welcome to Wallaroo 2024.1.0
   
   1. Deployment Information:
     Name:             2024.1.0
     Release notes:    https://docs.wallaroo.ai/wallaroo-release-notes/wallaroo-release-202401
     Version:          v2024.1.0-5187
   
   2. Accessing Wallaroo
     Documentation:    https://docs.wallaroo.ai
     Dashboard:        https://sample.wallaroocommunity.ninja
     Jupyterhub:       https://sample.jupyter.wallaroocommunity.ninja
     Auth management:  https://sample.keycloak.wallaroocommunity.ninja
   
   3. Useful Commands:
   
     - Helm tests are available by using: `helm test wallaroo`.
   
     - External load balancer hostname can be found by using:
   
         kubectl get svc api-lb-ext -n wallaroo  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
   
     - List Wallaroo namespaces, including pipeline deployments, but not including the main `wallaroo` namespace:
   
         kubectl get namespaces -l wallaroo-managed=true
   
     - In order to change any helm values:
   
         helm upgrade --install wallaroo oci://registry.replicated.com/wallaroo/uat-latest/wallaroo --version v2024.1.0-5187 --values $LOCALVALUES_YAML
   
    4. Uninstall:
   
    1. To uninstall/delete the Wallaroo deployment, run:
   
      kubectl delete ns wallaroo && kubectl delete \
        all,secret,configmap,clusterroles,clusterrolebindings,storageclass,crd \
        --selector app.kubernetes.io/part-of=wallaroo --selector kots.io/app-slug=wallaroo
   
    2. To delete all pipelines, run:
   
      kubectl delete ns -l wallaroo-managed=true
   .
   

2. Verify the Installation: Once the installation is complete, verify the installation with the helm test $RELEASE command. A condensed display uses egrep to show only the test suite and phase status as follows. Replace wallaroo with the name of the helm release used.

   helm test wallaroo | egrep 'SUITE:|Phase:'
   TEST SUITE:     wallaroo-fluent-bit-test-connection
   Phase:          Succeeded
   TEST SUITE:     nats-test-request-reply
   Phase:          Succeeded
   TEST SUITE:     wallaroo-wallaroo-test-connections-hook
   Phase:          Succeeded
   TEST SUITE:     wallaroo-test-objects-hook
   Phase:          Succeeded
   

   The following will show the full helm test output with notes.

   helm test wallaroo
   

   which displays the following:

   NAME: wallaroo
   LAST DEPLOYED: Fri May 17 14:00:04 2024
   NAMESPACE: wallaroo
   STATUS: deployed
   REVISION: 2
   TEST SUITE:     wallaroo-fluent-bit-test-connection
   Last Started:   Fri May 17 14:04:48 2024
   Last Completed: Fri May 17 14:04:51 2024
   Phase:          Succeeded
   TEST SUITE:     nats-test-request-reply
   Last Started:   Fri May 17 14:04:43 2024
   Last Completed: Fri May 17 14:04:48 2024
   Phase:          Succeeded
   TEST SUITE:     sample-wallaroo-test-connections-hook
   Last Started:   Fri May 17 14:04:24 2024
   Last Completed: Fri May 17 14:04:31 2024
   Phase:          Succeeded
   TEST SUITE:     sample-wallaroo-test-objects-hook
   Last Started:   Fri May 17 14:04:31 2024
   Last Completed: Fri May 17 14:04:43 2024
   Phase:          Succeeded
   NOTES:
   .
   
   Welcome to Wallaroo 2024.1.0
   
   1. Deployment Information:
     Name:             2024.1.0
     Release notes:    https://docs.wallaroo.ai/wallaroo-release-notes/wallaroo-release-202401
     Version:          v2024.1.0-5187
   
   2. Accessing Wallaroo
     Documentation:    https://docs.wallaroo.ai
     Dashboard:        https://sample.wallaroocommunity.ninja
     Jupyterhub:       https://sample.jupyter.wallaroocommunity.ninja
     Auth management:  https://sample.keycloak.wallaroocommunity.ninja
   
   3. Useful Commands:
   
     - Helm tests are available by using: `helm test wallaroo`.
   
     - External load balancer hostname can be found by using:
   
         kubectl get svc api-lb-ext -n wallaroo  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'
   
     - List Wallaroo namespaces, including pipeline deployments, but not including the main `wallaroo` namespace:
   
         kubectl get namespaces -l wallaroo-managed=true
   
     - In order to change any helm values:
   
         helm upgrade --install wallaroo oci://registry.replicated.com/wallaroo/2024-1/wallaroo --version 2024.1.0-5097 --values $LOCALVALUES_YAML
   
    4. Uninstall:
   
     1. To uninstall/delete the Wallaroo deployment, run:
   
       kubectl delete ns wallaroo && kubectl delete \
         all,secret,configmap,clusterroles,clusterrolebindings,storageclass,crd \
         --selector app.kubernetes.io/part-of=wallaroo --selector kots.io/app-slug=wallaroo
   
     2. To delete all pipelines, run:
   
       kubectl delete ns -l wallaroo-managed=true
   .
   

At this point, the installation is complete and can be accessed through the fully qualified domain names set in the installation process above. Verify that the DNS settings are accurate before attempting to connect to the Wallaroo instance. For more information, see the Wallaroo DNS Integration Guide.

To add the initial users if they were not set up through Helm values, see the Wallaroo Enterprise User Management guide.

DNS services integration is required for Wallaroo Enterprise to provide access to the various supporting services that are part of the Wallaroo instance. These include:

• Simplified user authentication and management.
• Centralized services for accessing the Wallaroo Dashboard, Wallaroo SDK and Authentication.
• Collaboration features allowing teams to work together.
• Managed security, auditing and traceability.

The following guide is for standard DNS services.

Once integrated, users can access the following services directly from a URL starting with the suffix domain - this is the domain name where other DNS entries are appended to. For example, if the suffix domain is sales.example.com, then the other services would be referenced by https://api.sales.sample.com, etc.

Note that even when accessing specific Wallaroo services directly that the user must still be authenticated through Wallaroo.

Connections to Wallaroo services are provided as https://service.{suffix domain}. For example, if the domain suffix is wallaroo.example.com then the URLs to access the various Wallaroo services would be:

• https://wallaroo.example.com
• https://jupyter.wallaroo.example.com
• https://api.wallaroo.example.com
• https://keycloak.wallaroo.example.com

Prerequisites

• Install Wallaroo Enterprise into a qualified environment. For more details, see the Wallaroo Install Guides and the Wallaroo Enterprise Install Guides.
• Determine whether your organization will use a prefix or not as detailed above.
• Generate or update the the SSL Certificates
• Have access to internal corporate DNS configurations that can be updated. A subdomain for the Wallaroo instance will be created through this process.
• Have the IP address for the Wallaroo instance.
• Install kubectl into the Kubernetes cluster administrative node.

Wallaroo IP Address Retrieval Methods

The first step is to retrieve the IP address that is set to the DNS services.

DNS Entries

Create DNS the following entries based on the list above for the Wallaroo instance’s IP address. Select the cloud environment used for DNS services. Note that DNS services are not tied to the specific cloud platform; check with your organizations setup requirements before proceeding.

Edge Observability Enablement

For organizations that deploy Wallaroo pipelines on edge devices as Wallaroo Servers, see the DNS settings from the Edge Deployment Registry Guide.

User management is managed through the Wallaroo Dashboard, via the Platform Admin Dashboard page. See the Wallaroo User Management for full guides on setting up users, identity providers, and other user configuration options.

The following is an abbreviated guide on setting up new Wallaroo users.

The process includes the following steps:

• Obtain the User Admin Credentials
• Create a New User with the Admin Role

Obtain the User Admin Credentials

Obtaining the admin User Credentials

The standard Wallaroo installation creates the user admin by default and assigns them a randomly generated password. The admin user credentials are obtained which may be obtained directly from Kubernetes with the following commands, assuming the Wallaroo instance namespace is wallaroo.

• Retrieve Keycloak Admin Username

  kubectl -n wallaroo \
  get secret keycloak-admin-secret \
  -o go-template='{{.data.KEYCLOAK_ADMIN_USER | base64decode }}'
  

• Retrieve Keycloak Admin Password

  kubectl -n wallaroo \
  get secret keycloak-admin-secret \
  -o go-template='{{.data.KEYCLOAK_ADMIN_PASSWORD | base64decode }}'
  

Create a New User with the Admin Role

Creating users is managed through the Platform Admin Dashboard. The following steps are used to create an initial user with the role admin.

1. Access the Wallaroo Dashboard through the DNS name set up in the DNS Services Integration step. For example, if the DNS name of the Wallaroo Ops center is wallaroo.example.com, the Wallaroo Dashboard is available at https://wallaroo.example.com.
2. Login with the username admin and the password retrieved in Obtaining the admin User Credentials.
3. Select Create Users and enter the following:
   1. User Email: The email address for the user. This must be in the valid email address format.
   2. Assign Type: Select Admin.
   3. Password: Enter the user’s password. This user password be sent to the new user.
   4. Temporary or Permanent:
      1. Temporary: The user will be forced to change their login password upon their next login (Recommended).
      2. Permanent: The user will keep their password.
4. Create any additional users as needed. When finished, select the Wallaroo icon drop down and select Logout.

At this point, users can log in to Wallaroo Dashboard with their provided identities. For guides on setting up Single Sign-On (SSO) and other features, see Wallaroo User Management for full guides on setting up users, identity providers, and other user configuration options.