Before installing Wallaroo, verify that the following hardware and software requirements are met.
The following requirements are specific to the cluster that hosts Wallaroo.
The following system requirements are required for the minimum settings for running Wallaroo in a Kubernetes cloud cluster.
Wallaroo recommends at least 16 cores total to enable all services. At less than 16 cores, services will have to be disabled to allow basic functionality as detailed in this table.
Note that even when disabling these services, Wallaroo performance may be impacted by the models, pipelines, and data used. The greater the size of the models and steps in a pipeline, the more resources will be required for Wallaroo to operate efficiently. Pipeline resources are set by the pipeline configuration to control how many resources are allocated from the cluster to maintain peak effectiveness for other Wallaroo services. See the following guides for more details.
Cluster Size | 8 core | 16 core | 32 core | Description | |
Inference | ✔ | ✔ | ✔ | The Wallaroo inference engine that performs inference requests from deployed pipelines. | |
Dashboard | ✔ | ✔ | ✔ | The graphics user interface for configuring workspaces, deploying pipelines, tracking metrics, and other uses. | |
Jupyter HUB/Lab | The JupyterHub service for running Python scripts, JupyterNotebooks, and other related tasks within the Wallaroo instance. | ||||
Single Lab | ✔ | ✔ | ✔ | ||
Multiple Labs | ✘ | ✔ | ✔ | ||
Prometheus | ✔ | ✔ | ✔ | Used for collecting and reporting on metrics. Typical metrics are values such as CPU utilization and memory usage. | |
Alerting | ✘ | ✔ | ✔ | ||
Model Validation | ✘ | ✔ | ✔ | ||
Dashboard Graphs | ✔ | ✔ | ✔ | ||
Plateau | ✘ | ✔ | ✔ | A Wallaroo developed service for storing inference logs at high speed. This is not a long term service; organizations are encouraged to store logs in long term solutions if required. | |
Model Insights | ✘ | ✔ | ✔ | ||
Python API | |||||
Model Conversion | ✔ | ✔ | ✔ | Converts models into a native runtime for use with the Wallaroo inference engine. |
To install Wallaroo with minimum services, a configuration file will be used as parts of the kots
based installation. For full details on the Wallaroo installation process, see the Wallaroo Install Guides.
The following network requirements are required for the minimum settings for running Wallaroo:
For Wallaroo Enterprise users: 200 IP addresses are required to be allocated per cloud environment.
For Wallaroo Community Edition users: 98 IP addresses are required to be allocated per cloud environment.
DNS services integration is required for Wallaroo Enterprise edition. See the DNS Integration Guide for the instructions on configuring Wallaroo Enterprise with your DNS services.
DNS services integration is required to provide access to the various supporting services that are part of the Wallaroo instance. These include:
As part of the installation, Wallaroo deploys an envoy proxy. This terminates into the Wallaroo TLS and reverse proxies HTTPS to the Wallaroo services. If the installation ingress_mode
is set to internal
or external
, the envoy proxy is type LoadBalancer
with the cloud-appropriate annotations.
Wallaroo does not create Ingress or API Gateway objects as part of the installation.
Wallaroo requires TLS certificates that match the host name used to access Wallaroo services. The following details the how to generate CA-signed certificates used for the installation procedures.
wallaroo.example.com
, then the Subject CNs would be: wallaroo.example.com
..crt
) and TLS private key (.key
). Store these in a secure location - these will be installed into Wallaroo at a later step.The following details the resources and settings by Wallaroo as part of the installation in OpenShift.
The following software or runtimes are required for Wallaroo 2025.1. Most are automatically available through the supported cloud providers.
Software or Runtime | Description | Minimum Supported Version | Preferred Version(s) |
---|---|---|---|
OpenShift | Container Platform | 4.17 | 4.18 |
Kubernetes | Cluster deployment management | 1.29 with Container Management set to containerd . | 1.31 |
kubectl | Kubernetes administrative console application | 1.31 | 1.31 |
Organizations that choose to upgrade the Kubernetes version after Wallaroo is installed should consult with their Wallaroo support representative before starting the upgrade process.
Wallaroo does not recommend Kubernetes auto-updates after Wallaroo is installed.
Wallaroo requires being installed in its own Kubernetes cluster. At this time, multi-tenancy is not supported. For additional details, consult your Wallaroo support representative.
Wallaroo uses different nodes for various services, which can be assigned to a different node pool to contain resources separate from other nodes. The following nodes selectors can be configured:
For Kubernetes based Wallaroo installations, Wallaroo must be installed to it’s own namespace - by default wallaroo
.For single node aka embedded Linux based Wallaroo installations the installation namespace is set to kotsadm
.
As part of its operations, Wallaroo dynamically creates additional namespaces for transient activities including:
assay-
.task-
.houseprice
with an id 28
uses the namespace houseprice-28
.velero
.This allows administrators to visualize and compartmentalize these activities and to facilitate cleanup if necessary. These namespaces typically contain pods, jobs, configmaps, and secrets and do not have persistent volumes or finalizers. All of Wallaroo Kubernetes objects have the label app.kubernetes.io/part-of=wallaroo
.
The namespaces kube-*
and default
are not modified by Wallaroo.
Nodepools created in Wallaroo require the following taints and labels.
For custom taints and labels, see the Custom Taints and Labels Guide.
Nodepool | Taints | Labels | Description |
---|---|---|---|
general | N/A | wallaroo.ai/node-purpose: general | For general Wallaroo services. No taints are applied to this nodepool to allow any process not assigned with a deployment label to run in this space. |
persistent | wallaroo.ai/persistent=true:NoSchedule | wallaroo.ai/node-purpose: persistent | For Wallaroo services with a persistentVolume settings, including JupyterHub, Minio, etc. |
pipelines-x86 | wallaroo.ai/pipelines=true:NoSchedule | wallaroo.ai/node-purpose: pipelines | For deploying pipelines for default x86 architectures. The taints and label must be applied to any nodepool used for model deployments. |
Wallaroo creates DaemonSet deployments. These run a pod on each cluster node. These are used for:
Wallaroo uses ClusterRoles and ClusterRoleBindings to create, destroy, manage, and assess namespaces and their resources. The following ClusterRoles are created by Wallaroo:
wallaroo-fluent-bit
wallaroo-multi-scaler
wallaroo-prometheus
wallaroo-rest-api
wallaroo-wallsvc
The following includes all of the permissions for the ClusterRoles.
Resources | Verbs |
---|---|
clusterroles.rbac.authorization.k8s.io | [bind,escalate] |
configmaps | [get,create,list,watch,update,patch,delete] |
cronjobs.batch | [get,create,list,watch,update,patch,delete] |
cronjobs.batch/status | [get,create,list,watch,update,patch,delete] |
deployments | [get,create,list,watch,update,patch,delete] |
endpoints | [get,list,watch] |
horizontalpodautoscalers.autoscaling | [get,list,create,update,patch] |
ingresses.extensions | [get,list,watch] |
jobs | [get,create,list,watch,update,patch,delete] |
jobs.apps | [get,create,list,update,patch,delete] |
jobs.batch | [get,create,list,watch,update,patch,delete] |
jobs.batch/status | [get,create,list,watch,update,patch,delete] |
metrics | [get] |
modelconfigs.wallaroo.ai | [*] |
namespaces | [get,create,list,watch,update,patch,delete] |
nodes | [get,list,watch] |
nodes/proxy | [get,list,watch] |
pipelines.wallaroo.ai | [*] |
pods | [get,create,list,watch,update,patch,delete] |
pods.apps | [get,list] |
replicasets.apps | [get,create,list,update,patch,delete] |
rolebindings.rbac.authorization.k8s.io | [get,create,list,update,patch,delete] |
roles.rbac.authorization.k8s.io | [get,create,list,update,patch,delete] |
secrets | [get,create,list,watch,update,patch,delete] |
services | [get,create,list,watch,update,patch,delete] |
tokenreviews.authentication.k8s.io | [create] |
The StorageClass called wallaroo-standard
is created to handle Kubernetes upgrades and differences across platforms. This requires the following volume binding modes:
WaitForFirstConsumer
AllowVolumeExpansion
wallaroo-standard
uses the default provisioner for the Kubernetes environment.