Wallaroo Prerequisites Guide

Software and other local system requirements before installing Wallaroo

Before installing Wallaroo, verify that the following hardware and software requirements are met.

Cluster Requirements

The following requirements are specific to the cluster that hosts Wallaroo.

Environment Hardware Requirements

The following system requirements are required for the minimum settings for running Wallaroo in a Kubernetes cloud cluster.

  • Minimum number of nodes: 4
  • Minimum Number of CPU Cores: 8
  • Minimum RAM per node: 16 GB
  • Minimum Storage: A total of 625 GB of storage will be allocated for the entire cluster based on 5 users with up to four pipelines with five steps per pipeline, with 50 GB allocated per node, including 50 GB specifically for the Jupyter Hub service. Enterprise users who deploy additional pipelines will require an additional 50 GB of storage per lab node deployed.

Wallaroo recommends at least 16 cores total to enable all services. At less than 16 cores, services will have to be disabled to allow basic functionality as detailed in this table.

Note that even when disabling these services, Wallaroo performance may be impacted by the models, pipelines, and data used. The greater the size of the models and steps in a pipeline, the more resources will be required for Wallaroo to operate efficiently. Pipeline resources are set by the pipeline configuration to control how many resources are allocated from the cluster to maintain peak effectiveness for other Wallaroo services. See the following guides for more details.

      
Cluster Size 8 core16 core32 coreDescription
Inference The Wallaroo inference engine that performs inference requests from deployed pipelines.
Dashboard The graphics user interface for configuring workspaces, deploying pipelines, tracking metrics, and other uses.
Jupyter HUB/LabThe JupyterHub service for running Python scripts, JupyterNotebooks, and other related tasks within the Wallaroo instance.
Single Lab
Multiple Labs
PrometheusUsed for collecting and reporting on metrics. Typical metrics are values such as CPU utilization and memory usage.
Alerting 
Model Validation 
Dashboard Graphs 
PlateauA Wallaroo developed service for storing inference logs at high speed. This is not a long term service; organizations are encouraged to store logs in long term solutions if required.
Model Insights 
Python API 
Model ConversionConverts models into a native runtime for use with the Wallaroo inference engine.

To install Wallaroo with minimum services, a configuration file will be used as parts of the kots based installation. For full details on the Wallaroo installation process, see the Wallaroo Install Guides.

Environment Software Requirements

The following software or runtimes are required for Wallaroo 2024.4. Most are automatically available through the supported cloud providers.

Software or RuntimeDescriptionMinimum Supported VersionPreferred Version(s)
KubernetesCluster deployment management1.29 with Container Management set to containerd.1.30
kubectlKubernetes administrative console application1.301.30

Enterprise Network Requirements

The following network requirements are required for the minimum settings for running Wallaroo:

  • For Wallaroo Enterprise users: 200 IP addresses are required to be allocated per cloud environment.

    • Wallaroo only supports RFC-1918 private addresses, that is 10/8, 172.16/12 , or 192.168/16 networks.
      • RFC-6598 are not supported. These include 100.64/10.
  • For Wallaroo Community Edition users: 98 IP addresses are required to be allocated per cloud environment.

  • DNS services integration is required for Wallaroo Enterprise edition. See the DNS Integration Guide for the instructions on configuring Wallaroo Enterprise with your DNS services.

    DNS services integration is required to provide access to the various supporting services that are part of the Wallaroo instance. These include:

    • Simplified user authentication and management.
    • Centralized services for accessing the Wallaroo Dashboard, Wallaroo SDK and Authentication.
    • Collaboration features allowing teams to work together.
    • Managed security, auditing and traceability.

As part of the installation, Wallaroo deploys an envoy proxy. This terminates into the Wallaroo TLS and reverse proxies HTTPS to the Wallaroo services. If the installation ingress_mode is set to internal or external, the envoy proxy is type LoadBalancer with the cloud-appropriate annotations.

Wallaroo does not create Ingress or API Gateway objects as part of the installation.

Cost Calculators

Organizations that intend to install Wallaroo into a Cloud environment can obtain an estimate of environment costs. The Wallaroo Install Guides list recommended virtual machine types and other settings that can be used to calculate costs for the environment.

For more information, see the pricing calculators for the following cloud services:

Certificate Requirements

Wallaroo requires TLS certificates that match the host name used to access Wallaroo services. The following details the how to generate CA-signed certificates used for the installation procedures.

  1. Create a CA-signed TLS certificate for your Wallaroo domain with the following settings:
    1. Certificate Authority Options:
      1. Use a public Certificate Authority such as Let’s Encrypt or Verisign. In general, you would send a Certificate Signing Request to your CA and they would respond with your certificates.
      2. Use a private Certificate Authority (CA) to provide the certificates. Your organization will have procedures for clients to verify the certificates from the private CA.
      3. Use a Wallaroo certificate and public name server. Contact our CSS team for details.
    2. Wallaroo Domain:
      1. Set the certificate’s Subject CN to your Wallaroo domain. For example, if the Wallaroo Domain wallaroo.example.com, then the Subject CNs would be: wallaroo.example.com.
    3. Save your certificates.
      1. You should have two files: the TLS Certificate (.crt) and TLS private key (.key). Store these in a secure location - these will be installed into Wallaroo at a later step.

Kubernetes Requirements

Wallaroo installs in a Kubernetes environment. The following details the resources and settings by Wallaroo as part of the installation.

Single Cluster Support

Wallaroo requires being installed in its own Kubernetes cluster. At this time, multi-tenancy is not supported. For additional details, consult your Wallaroo support representative.

Node Selectors

Wallaroo uses different nodes for various services, which can be assigned to a different node pool to contain resources separate from other nodes. The following nodes selectors can be configured:

  • ML Engine node selector
  • ML Engine Load Balance node selector
  • Database Node Selector
  • Grafana node selector
  • Prometheus node selector
  • Each Lab * Node Selector

Kubernetes Install Namespace

For Kubernetes based Wallaroo installations, Wallaroo must be installed to it’s own namespace - by default wallaroo.For single node aka embedded Linux based Wallaroo installations the installation domain is set to kotsadm.

Kubernetes Dynamic Namespaces

As part of its operations, Wallaroo dynamically creates additional namespaces for transient activities including:

This allows administrators to visualize and compartmentalize these activities and to facilitate cleanup if necessary. These namespaces typically contain pods, jobs, configmaps, and secrets and do not have persistent volumes or finalizers. All of Wallaroo Kubernetes objects have the label app.kubernetes.io/part-of=wallaroo.

The namespaces kube-* and default are not modified by Wallaroo.

Daemonset Deployments

Wallaroo creates DaemonSet deployments. These run a pod on each cluster node. These are used for:

  • Image pulling for Jupyter Lab
  • Workload attestation for edge deployment inference log uploads
  • Log collection via Fluent Bit

ClusterRoles and ClusterRoleBindings

Wallaroo uses ClusterRoles and ClusterRoleBindings to create, destroy, manage, and assess namespaces and their resources. The following ClusterRoles are created by Wallaroo:

wallaroo-fluent-bit
wallaroo-multi-scaler
wallaroo-prometheus
wallaroo-rest-api
wallaroo-wallsvc

The following includes all of the permissions for the ClusterRoles.

ResourcesVerbs
clusterroles.rbac.authorization.k8s.io[bind,escalate]
configmaps[get,create,list,watch,update,patch,delete]
cronjobs.batch[get,create,list,watch,update,patch,delete]
cronjobs.batch/status[get,create,list,watch,update,patch,delete]
deployments[get,create,list,watch,update,patch,delete]
endpoints[get,list,watch]
horizontalpodautoscalers.autoscaling[get,list,create,update,patch]
ingresses.extensions[get,list,watch]
jobs[get,create,list,watch,update,patch,delete]
jobs.apps[get,create,list,update,patch,delete]
jobs.batch[get,create,list,watch,update,patch,delete]
jobs.batch/status[get,create,list,watch,update,patch,delete]
metrics[get]
modelconfigs.wallaroo.ai[*]
namespaces[get,create,list,watch,update,patch,delete]
nodes[get,list,watch]
nodes/proxy[get,list,watch]
pipelines.wallaroo.ai[*]
pods[get,create,list,watch,update,patch,delete]
pods.apps[get,list]
replicasets.apps[get,create,list,update,patch,delete]
rolebindings.rbac.authorization.k8s.io[get,create,list,update,patch,delete]
roles.rbac.authorization.k8s.io[get,create,list,update,patch,delete]
secrets[get,create,list,watch,update,patch,delete]
services[get,create,list,watch,update,patch,delete]
tokenreviews.authentication.k8s.io[create]

StorageClass

The StorageClass called wallaroo-standard is created to handle Kubernetes upgrades and differences across platforms. This requires the following volume binding modes:

  • WaitForFirstConsumer
  • AllowVolumeExpansion

wallaroo-standard uses the default provisioner for the Kubernetes environment.