Wallaroo Air-Gapped Installation Guide

The following procedure details installing Wallaroo in a generic air-gapped cluster. These instructions are applicable both to cloud based installations or on-premise installations.

For instructions for specific cloud environments, see the Air-Gapped Kubernetes Install.

Air-Gapped Installation Preparation

Before starting an air-gapped installation of Wallaroo, complete the following preparation steps.

The general process follows these steps:

Pre Setup Checklist: The necessary installation files are available and values set for installation.
Wallaroo Image Retrieval and Installation Preparation: Retrieve the installation images from Wallaroo and store them in a private container registry available from the Target Cluster.

Pre Setup Checklist

The following checklist ensures that required items are ready before starting the process.

The installation environment meets the general Wallaroo Installation Prerequisites.
The Domain Name for the Wallaroo instance is registered in a private DNS accessible from the air-gapped installation.
TLS certificate and private key matching the Domain Name available for the Target Cluster. This can be registered to a private certificate service.
Access to private image registry that hosts the Wallaroo install images with the following permissions:
- Read
- Write
- List
The following Bash scripts:
- load-images.bash: Loads the Wallaroo install images into the private image registry and generates the image-values.yaml file. Available here: load-images.bash
- install-nvidia-driver.bash (Optional): Installs Nvidia drivers for the Target Cluster. Available here: install-nvidia-driver.bash
Wallaroo Image Download Details: This is provided by a Wallaroo Support Representative and are stored as the following variables environmental variables for the installation scripts:
- LICENSE_CHANNEL: The registry channel used based on the version of Wallaroo being installed, currently 2025-1.
- VERSION: The Wallaroo version to be installed. For example: 2025.1.0-6158.
- WALLAROO_LICENSE: The Wallaroo license identifier.
- WALLAROO_LICENSE_USERNAME: The username associated with the Wallaroo license.
- WALLAROO_LICENSE_PASSWORD: The password associated with the Wallaroo license.
The following environmental variables for connecting to the private model registry:
- REGISTRY_HOST: The fully qualified domain name of the private image registry. For example: registry.wallaroo.ai.
- REGISTRY_NAMESPACE: Namespace where the Wallaroo images are stored.
- REGISTRY_USERNAME: Username for authentication to the registry.
- REGISTRY_PASSWORD: Authentication credential for private registry. Often this is either a password or a token.
Administration Host Software Requirements: The administrative host that submits the installation commands to the target cluster requires the following software.
- docker
- curl
- jq
- helm
- kubectl version 1.31

Note that the convenience variables are used for helm based installations of Wallaroo.

Wallaroo Image Storage

Wallaroo installation images are stored in the private image repository in the following format.

registry.wallaroo.ai:1234/wallaroo/conductor-wallsvc:2025.1-6789
------------------------ --------  ----------------  ----------
  \                        \           \                 \
Registry Host Name         namespace    repository        tag

Registry Host Name: The FQDN of the registry host. For example: registry.example.ai.
Namespace: The registry namespace where all Wallaroo images are stored under.
Repository: The specific image.
Tag: The version of the image.

Wallaroo Image Retrieval and Installation Preparation

For air-gapped installations, the Wallaroo installation images are downloaded and stored in a private registry through the following process.

The image load script below expects ECR root level access and add the prefix wallaroo/ prefix for all the Wallaroo images. Access to the ECR must include the following permissions:

Read
List
Write

From a terminal with access to the Kubernetes cluster hosting the Wallaroo instance and read/write access to the private model registry, use the following procedure.

Set the following convenience variables.

REGISTRY_HOST=YOUR PRIVATE IMAGE REGISTRY URL
REGISTRY_NAMESPACE=YOUR WALLAROO CONTAINER NAMESPACE
LICENSE_CHANNEL=YOUR LICENSE CHANNEL
VERSION=YOUR VERSION
WALLAROO_LICENSE=YOUR WALLAROO LICENSE ID
WALLAROO_LICENSE_USERNAME=YOUR WALLAROO INSTALL USER NAME
WALLAROO_LICENSE_PASSWORD=YOUR WALLAROO INSTALL USER PASSWORD
REGISTRY_USERNAME=YOUR REGISTRY AUTHENTICATION USER NAME
REGISTRY_PASSWORD=YOUR REGISTRY AUTHENTICATION CREDENTIAL

For example:

REGISTRY_HOST=registry.wallaroo.ai
REGISTRY_NAMESPACE=wallaroo
LICENSE_CHANNEL=2025-1
VERSION=2025.1.0-6158
WALLAROO_LICENSE=99999xxxyyyzzz0000
WALLAROO_LICENSE_USERNAME=abcdefg
WALLAROO_LICENSE_PASSWORD=12345679
REGISTRY_USERNAME=ABC123
REGISTRY_PASSWORD=ZYX987

Login to the private image registry via docker using the following command:
```
echo $REGISTRY_PASSWORD | docker login -u $REGISTRY_USERNAME --password-stdin $REGISTRY_HOST
```
Upon successful login, the following is returned.
```
Login Succeeded
```

Load images to the private registry using the load-images.bash script. When complete, this outputs the file image-values.yaml with the relevant installation data.

bash load-images.bash \
    --wallaroo-version $WALLAROO_VERSION \
    --wallaroo-license $WALLAROO_LICENSE \
    --wallaroo-username $WALLAROO_USERNAME \
    --registry-namespace $REGISTRY_NAMESPACE \
    --registry-host $REGISTRY_HOST

Save the file image-values.yaml and use it for the step Install Wallaroo.

Once complete, the Wallaroo images are stored and ready for installation.

Optional: Load NVIDIA Gpu Drivers

For organizations that use NVIDIA CUDA gpus for AI acceleration, install the images using the following commands.

Verify the drivers are installed via the kubectl describe node command, and verify the label nvidia.com/gpu is in the Allocatable section. If it is, then no further steps are required.

If the label is not present, install the NVIDIA drivers via the following steps.

Load the Nvidia image into the registry.

bash load-images \
  --wallaroo-version $VERSION \
  --wallaroo-license $WALLAROO_LICENSE \
  --wallaroo-username $WALLAROO_LICENSE_USERNAME \
  --registry-host $REGISTRY_HOST \
  --registry-namespace $REGISTRY_NAMESPACE \
  --load-image nvcr.io/nvidia/k8s-device-plugin:v0.17.0

Install the Nvidia driver into the kube-system namespace.

bash install-nvidia-driver.bash \
   --registry-host $REGISTRY_HOST \
   --registry-namespace $REGISTRY_NAMESPACE

Verify by running the kubectl command below. If successful, the gpu should display allocatable: 1 after execution.
```
kubectl describe pod
```

Install Wallaroo

Wallaroo air-gapped installations for clusters use helm.

Helm Based Installation of Wallaroo

Installation Client Helm Requirements

The following software is required for the client with administrative access to the Kubernetes cluster that will host Wallaroo via Helm.

For Helm installs:
- helm: Install Helm
  - Minimum supported version: Helm 3.11.2
- krew: Install Krew
- krew preflight and krew support-bundle. Install with the following commands:
  - kubectl krew install support-bundle
  - kubectl krew install preflight

The following details how to install Wallaroo via helm. Note that these procedures require the Air-Gapped Installation Preparation be completed.

The first step in the Wallaroo installation process via Helm is to connect to the Kubernetes environment that will host the Wallaroo Enterprise instance and login to the Wallaroo container registry through the command provided by the Wallaroo support staff. The command will take the following format, replacing $WALLAROO_LICENSE_USERNAME and $WALLAROO_LICENSE_PASSWORD with the respective username and password provided.

helm registry login registry.replicated.com --username $WALLAROO_LICENSE_USERNAME --password $WALLAROO_LICENSE_PASSWORD

Preflight Verification

IMPORTANT NOTE

The preflight test is not programmatically enforced during installation via Helm and should be performed manually before installation. If the Kubernetes environment does not meet the requirements the Wallaroo installation may fail or perform erratically. Please verify that all preflight test run successfully before proceeding to install Wallaroo.

Preflight verification is performed with the following command format. The variables LICENSE_CHANNEL and VERSION is supplied by your Wallaroo support representative.

helm template oci://registry.replicated.com/wallaroo/$LICENSE_CHANNEL/wallaroo --version $VERSION | kubectl preflight -

For example, the LICENSE_CHANNEL=2025-1 and the VERSION=2025.1.0-6158

helm template oci://registry.replicated.com/wallaroo/2025-1/wallaroo --version 2025.1.0-6158 | kubectl preflight -

This displays the Preflight Checks report.

The following commands are available:

s: Save the report to a text file as the file preflight-checks-results-DATETIME.txt. For example: preflight-checks-results-2024-03-19T13_30_41.txt.
q: Exit the preflight report.
Up Arrow or Down Arrow: Scroll through the preflight elements and view the report details.

The following example shows a successful preflight test.

Preflight Checks Preflight Checks

Check PASS
Title: Required Kubernetes Version
Message: Your cluster meets the recommended and required versions of Kubernetes.

------------
Check PASS
Title: Container Runtime
Message: Containerd container runtime was found.

------------
Check PASS
Title: Check Kubernetes environment.
Message: GKE is a supported distribution

------------
Title: Cluster CPU Resources
Message: 

------------
Check PASS
Title: Cluster Resources
Message: Cluster resources are satisfactory

------------
Check PASS
Title: Every node in the cluster must have at least 12Gi of memory
Message: All nodes have at least 12 GB of memory capacity

------------
Check PASS
Title: Every node in the cluster must have at least 8 cpus allocatable.
Message: All nodes have at least 8 CPU capacity

------------

Prepare Helm Installation

The following instructions detail how to install Wallaroo Enterprise via Helm for Kubernetes cloud environments such as Microsoft Azure, Amazon Web Service, and Google Cloud Platform.

Helm Network Configuration

apilb.serviceType settings have the following effects.

Setting	Cloud Kubernetes
Internal Only Connections	`ClusterIP`
External Connections	`LoadBalancer`

Refer to the instructions for environment host for details on IP address allocation and support.

With the preflight checks and prerequisites met, Wallaroo can be installed via Helm through the following process:

Create namespace. By default, the namespace wallaroo is used:
```
kubectl create namespace wallaroo
```

Set the new namespace as the current namespace:

kubectl config set-context --current --namespace wallaroo

Set the TLS certificate secret in the Kubernetes environment:
1. Create the certificate and private key. It is recommended to name it after the domain name of your Wallaroo instance. For example: wallaroo.example.com. For production environments, organizations are recommended to use certificates from their certificate authority. Note that the Wallaroo SDK will not connect from an external connection without valid certificates. For more information on using DNS settings and certificates, see the Wallaroo DNS Integration Guide.
2. Create the Kubernetes secret from the certificates created in the previous step, replacing $TLS_CONFIG with the name of the Kubernetes secret, with the certificate file $TLS_CERT and the private key $TLS_KEY. Store the secret name for a the step Configure local values file.
```
kubectl create secret tls $TLS_CONFIG --cert=$TLS_CERT --key=$TLS_KEY
```
  For example, if $TLS_CONFIG is cust-cert-secret with the certificate $TLS_CERT is fullchain.pem and key $TLS_KEY is privkey.pem, then the command would be translated as
```
kubectl create secret tls cust-cert-secret --cert=fullchain.pem --key=privkey.pem
```
Create the image pull secret for the private image registry. IMPORTANT NOTE: This assumes that the docker login command was run earlier in the step Wallaroo Image Storage.
```
kubectl create secret docker-registry regcred --from-file=$HOME/.docker/config.json
```
(Optional) If using NVIDIA drivers as per the step Optional: Load NVIDIA Gpu Drivers, create a secret in the kube-system namespace with the following command:
```
kubectl create secret docker-registry regcred --from-file=$HOME/.docker/config.json --name kube-system
```

Default Helm Installation Settings

A default Helm install of Wallaroo contains various default settings. The local values file overwrites values based on the organization needs. The following represents the minimum mandatory values for a Wallaroo installation using certificates and the default LoadBalancer for a cloud Kubernetes cluster. The configuration details below is saved as values.yaml for these examples.

Note the following required settings:

wallarooDomain: Used to set the DNS domain name for the Wallaroo instance. For more information, see the Wallaroo DNS Integration Guide.
custTlsSecretName: Specify the Kubernetes secret created in the previous step. External connections through the Wallaroo SDK require valid certificates.
kubernetes_distribution: The cloud provider used. Each cloud provider has their own methods of handling storage classes, LoadBalancers (LB), etc. The following values are available; if your selected provider or distribution is not on the list, contact your Wallaroo Support representative for more options.
- aks: Microsoft Azure Kubernetes Service
- eks: Amazon Elastic Kubernetes Service
- gke: Google Kubernetes Engine
- oke: Oracle Cloud Infrastructure Container Engine for Kubernetes
ingress_mode: How the Wallaroo instance is reached through the Kubernetes network settings. Options include:
- internal (Default): An internal cloud load balancer and associated resources are created. Network users outside the Kubernetes cluster – but on the same internal network – can connect directly using DNS names, and do not need to use port forward or related configurations.
- external: An external, Internet-facing cloud load balancer, public IP, and associated resources are created. This is highly discouraged. Public DNS is also required. This is the default for Wallaroo Community Edition.
- none: Services are local to the Kubernetes cluster. kubectl-port forward or some other means is required to access them. If all work will be done in-cluster, select this option.
dashboard: The name displayed when users login to the Wallaroo Ops center Dashboard. For example, “My Company” or “Sales Division”, etc.
imageRegistry: This is required for air-gapped installations and must match the REGISTRY_HOST and REGISTRY_NAMESPACE of private container registry where the Wallaroo install images are installed as per step Wallaroo Image Retrieval and Installation Preparation. For example, if the REGISTRY_HOST=registry.wallaroo.ai and the REGISTRY_NAMESPACE=wallaroo, then the imageRegistry value is registry.wallaroo.ai/wallaroo.

The following example shows the minimum required options.

This example shows the uncommented keys for the minimum required settings and additional commented optional settings. For full details on helm values for Wallaroo installations, see the Wallaroo Helm Reference Guides.

wallarooDomain: "wallaroo.example.com" # change to match the actual domain name

custTlsSecretName: cust-cert-secret

ingress_mode: internal # internal (Default), external,or none

dashboard:
  clientName: "Wallaroo Helm Example" # Insert the name displayed in the Wallaroo Dashboard

kubernetes_distribution: ""   # Required. One of: aks, eks, gke, oke, or kurl.

# Must be a full registry address calculated by:
# $REGISTRY_HOST/$REGISTRY_NAMESPACE
# For example:  
imageRegistry: registry.wallaroo.ai:1234/wallaroo

# enable Wallaroo assays.  Select **one** of the following: `v1` or `v2`, or leave commented out to disable assays.
# v2 is enabled by default.
#assays:
#  enabled: true
#  v1: false
#  v2: true


# Enable edge deployment
#ociRegistry: 
#  enabled: true # true enables the Edge Server registry information, false disables it.
#  registry: ""# The registry url. For example: reg.big.corp:3579.
#  repository: ""# The repository within the registry. This may include the cloud account, or the full path where the Wallaroo published pipelines should be kept. For example: account123/wallaroo/pipelines.
#  email: "" # Optional field to track the email address of the registry credential.
#  username: "" # The username to the registry. This may vary based on the provider. For example, GCP Artifact Registry with service accounts uses the username _json_key_base64 with the p`ass`word as a base64 processed token of the credential information.
#  password: "" # The password or token for the registry service.

# Enable edge deployment observability
# edgelb:
#     enabled: true

# The nodeSelector and tolerations for all components
# This does not apply to nats, fluent-bit, or minio so needs to be applied separately
# nodeSelector:
#   wallaroo.ai/reserved: true

# tolerations:
# - key: "wallaroo.ai/reserved"
#   operator: "Exists"
#   effect: "NoSchedule"

# To change the pipeline taint or nodeSelector, 
# best practice is to change engine, enginelb, and engineAux 
# together unless they will be in different pools.
# engine:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# enginelb:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# engineAux:
#   nodeSelector:
#     wallaroo.ai/node-purpose: pipelines
#   tolerations:
#     - key: "wallaroo.ai/pipelines"
#       operator: "Exists"
#       effect: "NoSchedule"

# For each service below, adjust the disk size and resources as required.
# If the nodeSelector or tolerations are changed for one service, 
# the other services nodeSelector and tolerations **must** be changed to match
#
#
# plateau:
#   diskSize: 100Gi
#   resources:
#     limits:
#       memory: 4Gi
#       cpu: 1000m
#     requests:
#       memory: 128Mi
#       cpu: 100m
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"

# Jupyter has both hub and lab nodeSelectors and tolerations
# They default to the same persistent pool, but can be assigned to different ones
# jupyter:
#   nodeSelector:                 # Node placement for Hub administrative pods
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   labNodeSelector:              # Node placement for Hub-spawned jupyterlab pods
#     wallaroo.ai/node-purpose: persistent
#   labTolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   memory:
#     limit: "4"                  # Each Lab - memory limit in GB
#     guarantee: "2"              # Each Lab - lemory guarantee in GB
#   cpu:
#     limit: "2.0"                # Each Lab - fractional CPU limit
#     guarantee: "1.0"            # Each Lab - fractional CPU guarantee
#   storage:
#     capacity: "50"              # Each Lab - disk storage capacity in GB

# minio:
#   persistence:
#     size: 25Gi
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#   - key: wallaroo.ai/persistent
#     operator: "Exists"
#     effect: "NoSchedule"
#   resources:
#     requests:
#       memory: 1Gi

# postgres:
#   diskSize: 10Gi
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"
#   resources:
#     limits:
#       memory: 2Gi
#       cpu: 500m
#     requests:
#       memory: 512Mi
#       cpu: 100m

# Prometheus has the usual persistent options, but also a retention size
# The the size on disk and time can be configured before removing it.
# prometheus:
#   storageRetentionSizeGb: "10"        # Retain this much data, in GB.
#   storageRetentionTimeDays: "15"     # When to remove old data. In days.
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule" 
#   resources:
#     limits:
#       memory: 6Gi
#       cpu: 2000m
#     requests:
#       memory: 512Mi
#       cpu: 100m

# nats:
#   podTemplate:
#     merge:
#       spec:
#         nodeSelector: 
#           wallaroo.ai/node-purpose: persistent
#         tolerations:
#         - key: "wallaroo.ai/persistent"
#           operator: "Exists"
#           effect: NoSchedule

# wallsvc:
#   nodeSelector:
#     wallaroo.ai/node-purpose: persistent
#   tolerations:
#     - key: "wallaroo.ai/persistent"
#       operator: "Exists"
#       effect: "NoSchedule"

persistentVolume Settings

Wallaroo services that have a persistentVolume have the following default nodeSelector label and tolerations:

nodeSelector
- Label: wallaroo.ai/node-purpose
- Value: persistent
tolerations
- Key: wallaroo.ai/persistent
- Operator: “Exists”
- Effect: “NoSchedule”

For example:

nodeSelector:
  wallaroo.ai/node-purpose: persistent
tolerations:
  - key: wallaroo.ai/persistent
    operator: "Exists"
    effect: "NoSchedule"

If the nodeSelector or tolerations are changed for any service with a persistentVolume, all other services must be edited to match.

For additional information on taints and tolerations settings, see the Taints and Labels Guide.

Install Wallaroo with Helm

Install Wallaroo: The Wallaroo support representative will provide the installation command for the Helm install that will use the Wallaroo container registry. This assumes that the preflight checks were successful. This assumes some of these helper variables are set from the previous procedure Air-Gapped Installation Preparation.
1. $RELEASE: The name of the Helm release. By default, wallaroo.
2. $REGISTRY_URI: The URl for the Wallaroo container registry service.
3. $VERSION: The version of Wallaroo to install. For this example, 2025.1.0-6158.
4. $LOCALVALUES: The .yaml file containing the local values overrides. For this example, values.yaml.
5. image-values.yaml file generated created in the step Wallaroo Image Retrieval and Installation Preparation.
```
helm install wallaroo \
  oci://registry.replicated.com/wallaroo/2025-1/wallaroo \
  --version 2025.1.0-6158 \
  --values values.yaml \
  --values image-values.yaml \
  --timeout 10m \
  --wait \
  --wait-for-jobs
```

Verify Installation

If any required elements are missing from the values.yaml file, an error is displayed. For example, leaving out the kubernetes_distribution field returns the following:

Warning - kubernetes_distribution must be set in user provided values.yaml

Upon successful installation, notes are published indicating the installed version, where to find documentation, etc.:

NOTES:
.

Welcome to Wallaroo 2025.1.0

1. Deployment Information:
Name:             2025.1.0
Release notes:    https://docs.wallaroo.ai/wallaroo-release-notes/wallaroo-release-202501
Version:          v2025.1.0-5187

2. Accessing Wallaroo
Documentation:    https://docs.wallaroo.ai
Dashboard:        https://sample.wallaroocommunity.ninja

3. Useful Commands:

- Helm tests are available by using: `helm test wallaroo`.

- External load balancer hostname can be found by using:

    kubectl get svc api-lb-ext  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'

- List Wallaroo namespaces, including pipeline deployments, but not including the main `wallaroo` namespace:

    kubectl get namespaces -l wallaroo-managed=true

- In order to change any helm values:

    helm upgrade --install wallaroo oci://registry.replicated.com/wallaroo/uat-latest/wallaroo --version v2025.1.0-5187 --values $LOCALVALUES_YAML --timeout 10m --wait --wait-for-jobs

4. Uninstall:

 1. To uninstall/delete the Wallaroo deployment, run:

   kubectl delete ns wallaroo && kubectl delete \
     all,secret,configmap,clusterroles,clusterrolebindings,storageclass,crd \
     --selector app.kubernetes.io/part-of=wallaroo --selector kots.io/app-slug=wallaroo

 2. To delete all pipelines, run:

   kubectl delete ns -l wallaroo-managed=true
.

Once the installation is complete, verify the installation with the helm test $RELEASE command. A condensed display uses egrep to show only the test suite and phase status as follows. Replace wallaroo with the name of the helm release used.

helm test wallaroo | egrep 'SUITE:|Phase:'

A successful result shows the following:

TEST SUITE:     wallaroo-fluent-bit-test-connection
Phase:          Succeeded
TEST SUITE:     nats-test-request-reply
Phase:          Succeeded
TEST SUITE:     wallaroo-wallaroo-test-connections-hook
Phase:          Succeeded
TEST SUITE:     wallaroo-test-objects-hook
Phase:          Succeeded

The following will show the full helm test output with notes.

helm test wallaroo

which displays the following:

NAME: wallaroo
LAST DEPLOYED: Fri May 17 14:00:04 2024
NAMESPACE: wallaroo
STATUS: deployed
REVISION: 2
TEST SUITE:     wallaroo-fluent-bit-test-connection
Last Started:   Fri May 17 14:04:48 2024
Last Completed: Fri May 17 14:04:51 2024
Phase:          Succeeded
TEST SUITE:     nats-test-request-reply
Last Started:   Fri May 17 14:04:43 2024
Last Completed: Fri May 17 14:04:48 2024
Phase:          Succeeded
TEST SUITE:     sample-wallaroo-test-connections-hook
Last Started:   Fri May 17 14:04:24 2024
Last Completed: Fri May 17 14:04:31 2024
Phase:          Succeeded
TEST SUITE:     sample-wallaroo-test-objects-hook
Last Started:   Fri May 17 14:04:31 2024
Last Completed: Fri May 17 14:04:43 2024
Phase:          Succeeded
NOTES:
.

Welcome to Wallaroo 2025.1.0

1. Deployment Information:
  Name:             2025.1.0
  Release notes:    https://docs.wallaroo.ai/wallaroo-release-notes/wallaroo-release-202501
  Version:          v2025.1.0-5187

2. Accessing Wallaroo
  Documentation:    https://docs.wallaroo.ai
  Dashboard:        https://sample.wallaroocommunity.ninja

3. Useful Commands:

  - Helm tests are available by using: `helm test wallaroo`.

  - External load balancer hostname can be found by using:

      kubectl get svc api-lb-ext  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'

  - List Wallaroo namespaces, including pipeline deployments, but not including the main `wallaroo` namespace:

      kubectl get namespaces -l wallaroo-managed=true

  - In order to change any helm values:

      helm upgrade --install wallaroo oci://registry.replicated.com/wallaroo/2025-1/wallaroo --version 2025.1.0-6158 --values $LOCALVALUES_YAML --timeout 10m --wait --wait-for-jobs

 4. Uninstall:

  1. To uninstall/delete the Wallaroo deployment, run:

    kubectl delete ns wallaroo && kubectl delete \
      all,secret,configmap,clusterroles,clusterrolebindings,storageclass,crd \
      --selector app.kubernetes.io/part-of=wallaroo --selector kots.io/app-slug=wallaroo

  2. To delete all pipelines, run:

    kubectl delete ns -l wallaroo-managed=true
.

At this point, the installation is complete and can be accessed through the fully qualified domain names set in the installation process above.

To add the initial users if they were not set up through Helm values, see the Wallaroo Enterprise User Management guide.

Required Installation Configurations

Once installed, the following actions are required to complete the setup process process.

Setup Users

User management is managed through the Wallaroo Dashboard, via the Platform Admin Dashboard page. See the Wallaroo User Management for full guides on setting up users, identity providers, and other user configuration options.

The following is an abbreviated guide on setting up new Wallaroo users.

IMPORTANT NOTE

At least one user must be created before using Wallaroo.

The process includes the following steps:

Obtain the User Admin Credentials
Create a New User with the Admin Role

Obtain the User Admin Credentials

Obtaining the admin User Credentials

The standard Wallaroo installation creates the user admin by default and assigns them a randomly generated password. The admin user credentials are obtained which may be obtained directly from Kubernetes with the following commands, assuming the Wallaroo instance namespace is wallaroo.

Retrieve Admin Username

kubectl -n wallaroo \
get secret keycloak-admin-secret \
-o go-template='{{.data.KEYCLOAK_ADMIN_USER | base64decode }}'

Retrieve Admin Password

kubectl -n wallaroo \
get secret keycloak-admin-secret \
-o go-template='{{.data.KEYCLOAK_ADMIN_PASSWORD | base64decode }}'

Create a New User with the Admin Role

Creating users is managed through the Platform Admin Dashboard. The following steps are used to create an initial user with the role admin.

Access the Wallaroo Dashboard through the DNS name set up in the DNS Services Integration step. For example, if the DNS name of the Wallaroo Ops center is wallaroo.example.com, the Wallaroo Dashboard is available at https://wallaroo.example.com.
Login with the username admin and the password retrieved in the step Obtaining the admin User Credentials.
Select Create Users and enter the following:
1. User Email: The email address for the user. This must be in the valid email address format.
2. Assign Type: Select Admin.
3. Password: Enter the user’s password. This user password be sent to the new user.
4. Temporary or Permanent:
  1. Temporary: The user will be forced to change their login password upon their next login (Recommended).
  2. Permanent: The user will keep their password.
Create any additional users as needed. When finished, select the Wallaroo icon drop down and select Logout.

At this point, users can log in to Wallaroo Dashboard with their provided identities. For guides on setting up Single Sign-On (SSO) and other features, see Wallaroo User Management for full guides on setting up users, identity providers, and other user configuration options.

Uninstall

To uninstall Wallaroo from an air-gapped environment, see How to Uninstall Wallaroo from a Cluster.