Merge pull request #709 from jasonnovichRunAI/v2.17

V2.17

Author: jasonnovichRunAI

docs/admin/runai-setup/self-hosted/k8s/backend.md

@@ -1,20 +1,14 @@
 
 # Install the Run:ai Control Plane 
 
+## Prerequisites and preperations
 
-## Domain certificate
+Make sure you have followed the Control Plane [prerequisites](./prerequisites.md) and [preperations](./preperations.md).
 
-You must provide the [domain's](prerequisites.md#domain-name) private key and crt as a Kubernetes secret in the `runai-backend` namespace. Run: 
-
-```
-kubectl create secret tls runai-backend-tls -n runai-backend \
-    --cert /path/to/fullchain.pem --key /path/to/private.pem
-```
 ## Install the Control Plane
 
 Run the helm command below:
 
-
 === "Connected"
     ``` bash
     helm repo add runai-backend https://runai.jfrog.io/artifactory/cp-charts-prod
@@ -31,24 +25,22 @@ Run the helm command below:
 === "Airgapped"
     ``` bash
     helm upgrade -i runai-backend control-plane-<VERSION>.tgz  \ # (1)
-        --set global.domain=<DOMAIN>  # (2)
-        -n runai-backend -f custom-env.yaml  # (3)
+        --set global.domain=<DOMAIN>  \ # (2)
+        --set global.customCA.enabled=true \  # (3)
+        -n runai-backend -f custom-env.yaml  # (4)
     ```
 
     1. Replace `<VERSION>` with the Run:ai control plane version.
     2. Domain name described [here](prerequisites.md#domain-name). 
-    3. `custom-env.yaml` should have been created by the _prepare installation_ script in the previous section. 
+    3. See the Local Certificate Authority instructions below
+    4. `custom-env.yaml` should have been created by the _prepare installation_ script in the previous section. 
 
 !!! Tip
     Use the  `--dry-run` flag to gain an understanding of what is being installed before the actual installation. 
 
-## (Air-gapped only) Local Certificate Authority
-
-Perform the instructions for [local certificate authority](../../config/org-cert.md). 
 
 
-## (Optional) Additional Configurations
-
+### Additional configurations (optional)
 There may be cases where you need to set additional properties as follows:
 
 |  Key     | Change   | Description |
@@ -63,29 +55,29 @@ There may be cases where you need to set additional properties as follows:
 | `grafana.adminUser`  | Grafana username  |   Override the Run:ai default user name for accessing Grafana |
 | `grafana.adminPassword`  | Grafana password  |   Override the Run:ai default password for accessing Grafana |
 | `thanos.receive.persistence.storageClass` and `postgresql.primary.persistence.storageClass` | Storage class | The installation to work with a specific storage class rather than the default one |
-| `global.imagePullSecrets:` <br> &ensp; `- name: <secret-name>`  | Docker secret | Provide credentials for accessing the organization's docker registry. This is required for air-gapped environments  |
 | `<component>` <br> &ensp;`resources:` <br> &emsp; `limits:` <br> &emsp; &ensp; `cpu: 500m` <br> &emsp; &ensp; `memory: 512Mi` <br> &emsp; `requests:` <br> &emsp; &ensp; `cpu: 250m` <br> &emsp; &ensp; `memory: 256Mi`  | Pod request and limits  |  `<component>` may be anyone of the following: `backend`, `frontend`, `assetsService`, `identityManager`, `tenantsManager`, `keycloakx`, `grafana`, `authorization`, `orgUnitService`,`policyService`  |   
 |<div style="width:200px"></div>| | |
 
-
-
-
 Use the `--set` syntax in the helm command above.  
 
-### Connect to Run:ai User Interface
+## Next Steps
 
-Go to: `runai.<company-name>`. Log in using the default credentials: User: `test@run.ai`, Password: `Abcd!234`. Go to the Users area and change the password. 
+### Connect to Run:ai User interface
 
+Go to: `runai.<domain>`. Log in using the default credentials: User: `test@run.ai`, Password: `Abcd!234`. Go to the Users area and change the password. 
 
-## (Optional) Enable "Forgot password"
+### Enable Forgot Password (optional)
 
-To support the “Forgot password” functionality, follow the steps below.
+To support the *Forgot password* functionality, follow the steps below.
 
-* Go to `runai.<company-name>/auth` and Log in. 
+* Go to `runai.<domain>/auth` and Log in. 
 * Under `Realm settings`, select the `Login` tab and enable the `Forgot password` feature.
 * Under the `Email` tab, define an SMTP server, as explained [here](https://www.keycloak.org/docs/latest/server_admin/#_email){target=_blank}
 
-## Next Steps
 
+### Install Run:ai Cluster
 Continue with installing a [Run:ai Cluster](cluster.md).
 
+
+
+

docs/admin/runai-setup/self-hosted/k8s/preparations.md

@@ -1,38 +1,44 @@
 ---
-title: Self-Hosted Installation over Kubernetes - Preparations
+title: Self Hosted installation over Kubernetes - preparations
 ---
+# Preparing for a Run:ai Kubernetes installation
 
-## Prerequisites 
+The following section provides IT with the information needed to prepare for a Run:ai installation.
 
-See the Prerequisites section [above](prerequisites.md).
+## Prerequisites
 
+Follow the prerequisites as explained in [Self-Hosted installation over Kubernetes](prerequisites.md).
 
-## Prepare Installation Artifacts
-
-### Run:ai Software Files
-
-SSH into a node with `kubectl` access to the cluster and `Docker` installed.
-
+## Software artifacts
 
 === "Connected"
+    You should receive a file: `runai-gcr-secret.yaml` from Run:ai Customer Support. The file provides access to the Run:ai Container registry.
+
+    SSH into a node with `kubectl` access to the cluster and `Docker` installed.
     Run the following to enable image download from the Run:ai Container Registry on Google cloud:
 
     ``` bash
     kubectl create namespace runai-backend
-    kubectl apply -f runai-gcr-secret.yaml
+    kubectl apply -f runai-reg-creds.yaml
     ```
 
-=== "Airgapped" 
+=== "Airgapped"
+    You should receive a single file `runai-air-gapped-<version>.tar.gz` from Run:ai customer support
+
+    SSH into a node with `kubectl` access to the cluster and `Docker` installed.
+
+    Run:ai assumes the existence of a Docker registry for images. Most likely installed within the organization. The installation requires the network address and port for the registry (referenced below as `<REGISTRY_URL>`). 
+
     To extract Run:ai files, replace `<VERSION>` in the command below and run: 
 
     ``` bash
-    tar xvf runai-air-gapped-<version>.tar.gz
+    tar xvf runai-air-gapped-<VERSION>.tar.gz
     cd deploy
 
     kubectl create namespace runai-backend
     ```
 
-    __Upload images__
+    **Upload images**
 
     Upload images to a local Docker Registry. Set the Docker Registry address in the form of `NAME:PORT` (do not add `https`):
 
@@ -50,25 +56,67 @@ SSH into a node with `kubectl` access to the cluster and `Docker` installed.
 
     The script should create a file named `custom-env.yaml` which will be used by the control-plane installation.
 
+### Private Docker Registry (optional)
+
+To access the organization's docker registry it is required to set the registry's credentials (imagePullSecret)
+
+Create the secret named `runai-reg-creds` based on your existing credentials. For more information, see [Allowing pods to reference images from other secured registries](https://docs.openshift.com/container-platform/latest/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-from-secure-registries_using-image-pull-secrets){target=_blank}.
+
+## Configure your environment
+
+### Domain Certificate
+
+The Run:ai control plane requires a domain name (FQDN). You must supply a domain name as well as a trusted certificate for that domain.
+
+* When installing the first Run:ai cluster on the same Kubernetes cluster as the control plane, the Run:ai cluster URL will be the same as the control-plane URL.
+* When installing the Run:ai cluster on a separate Kubernetes cluster, follow the Run:ai [domain name](../../cluster-setup/cluster-prerequisites.md#cluster-url) requirements.
+* If your network is air-gapped, you will need to provide the Run:ai control-plane and cluster with information about the [local certificate authority](../../config/org-cert.md).
+
+You must provide the domain's private key and crt as a Kubernetes secret in the `runai-backend` namespace. Run:
 
-## (Optional) Mark Run:ai System Workers
+```
+kubectl create secret tls runai-backend-tls -n runai-backend \
+    --cert /path/to/fullchain.pem --key /path/to/private.pem
+```
+### Local Certificate Authority (air-gapped only)
+
+In air-gapped environments, you must prepare the public key of your local certificate authority as described [here](../../config/org-cert.md). It will need to be installed in Kubernetes for the installation to succeed.
+
+### Mark Run:ai system workers (optional)
 
-You can __optionally__ set the Run:ai control plane to run on specific nodes. Kubernetes will attempt to schedule Run:ai pods to these nodes. If lacking resources, the Run:ai nodes will move to another, non-labeled node.  
+You can **optionally** set the Run:ai control plane to run on specific nodes. Kubernetes will attempt to schedule Run:ai pods to these nodes. If lacking resources, the Run:ai nodes will move to another, non-labeled node.  
 
 To set system worker nodes run:
 
 ```
 kubectl label node <NODE-NAME> node-role.kubernetes.io/runai-system=true
 ```
- 
+
 !!! Warning
     Do not select the Kubernetes master as a `runai-system` node. This may cause Kubernetes to stop working (specifically if Kubernetes API Server is configured on 443 instead of the default 6443).
 
-## Additional Permissions
+## Additional permissions
+
+As part of the installation, you will be required to install the [Run:ai Control Plane](backend.md) and [Cluster](cluster.md) Helm [Charts](https://helm.sh/){target=_blank}. The Helm Charts require Kubernetes administrator permissions. You can review the exact permissions provided by using the `--dry-run` on both helm charts.
+
+## Validate Prerequisites
+
+Once you believe that the Run:ai prerequisites and preperations are met, we highly recommend installing and running the Run:ai [pre-install diagnostics script](https://github.com/run-ai/preinstall-diagnostics){target=_blank}. The tool:
+
+* Tests the below requirements as well as additional failure points related to Kubernetes, NVIDIA, storage, and networking.
+* Looks at additional components installed and analyze their relevance to a successful Run:ai installation.
+
+To use the script [download](https://github.com/run-ai/preinstall-diagnostics/releases){target=_blank} the latest version of the script and run:
+
+```
+chmod +x preinstall-diagnostics-<platform>
+./preinstall-diagnostics-<platform> --domain <dns-entry>
+```
 
-As part of the installation, you will be required to install the [Run:ai Control Plane](backend.md) and [Cluster](cluster.md) Helm [Charts](https://helm.sh/){target=_blank}. The Helm Charts require Kubernetes administrator permissions. You can review the exact permissions provided by using the `--dry-run` on both helm charts. 
+If the script fails, or if the script succeeds but the Kubernetes system contains components other than Run:ai, locate the file `runai-preinstall-diagnostics.txt` in the current directory and send it to Run:ai technical support.
 
+For more information on the script including additional command-line flags, see [here](https://github.com/run-ai/preinstall-diagnostics){target=_blank}.
 
-## Next Steps
+## Next steps
 
 Continue with installing the [Run:ai Control Plane](backend.md).

docs/admin/runai-setup/self-hosted/k8s/prerequisites.md

@@ -1,35 +1,41 @@
--title: Self-Hosted installation over Kubernetes - Prerequisites
----
+# Self-Hosted installation over Kubernetes - Prerequisites
 
 Before proceeding with this document, please review the [installation types](../../installation-types.md) documentation to understand the difference between _air-gapped_ and _connected_ installations. 
 
-
-## Control-plane and clusters
+## Run:ai Components
 
 As part of the installation process you will install:
 
 * A control-plane managing cluster
-* One or more Run:ai clusters
+* One or more clusters
 
 Both the control plane and clusters require Kubernetes. Typically the control plane and first cluster are installed on the same Kubernetes cluster but this is not a must. 
 
-## Hardware Requirements
+!!! Important
+    In OpenShift environments, adding a cluster connecting to a __remote__ control plane currently requires the assistance of customer support.  
 
-See Cluster prerequisites [hardware](../../cluster-setup/cluster-prerequisites.md#hardware-requirements) requirements.
+## Installer machine
 
-In addition, the control plane installation of Run:ai requires the configuration of Kubernetes Persistent Volumes of a total size of 110GB. 
+The machine running the installation script (typically the Kubernetes master) must have:
+
+* At least 50GB of free space.
+* Docker installed.
+
+
+### Helm
 
-## Run:ai Software
+Run:ai requires [Helm](https://helm.sh/){target=_blank} 3.10 or later. To install Helm, see [Installing Helm](https://helm.sh/docs/intro/install/){target=_blank}. If you are installing an air-gapped version of Run:ai, The Run:ai tar file contains the helm binary. 
 
-=== "Connected"
-    You should receive a file: `runai-gcr-secret.yaml` from Run:ai Customer Support. The file provides access to the Run:ai Container registry.
+## Cluster hardware requirements
 
-=== "Airgapped"
-    You should receive a single file `runai-air-gapped-<version>.tar.gz` from Run:ai customer support
+See Cluster prerequisites [hardware](../../cluster-setup/cluster-prerequisites.md#hardware-requirements) requirements.
 
-## Run:ai Software Prerequisites
+In addition, the control plane installation of Run:ai requires the configuration of Kubernetes Persistent Volumes of a total size of 110GB. 
 
-### Operating System
+
+## Run:ai software requirements
+
+### Operating system
 
 See Run:ai Cluster prerequisites [operating system](../../cluster-setup/cluster-prerequisites.md#operating-system) requirements.
 
@@ -53,77 +59,31 @@ The Run:ai control-plane requires a __default storage class__ to create persiste
     kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
     ```
 
+## Install prerequisites
 
-### (Air-gapped only) Local Certificate Authority
-
-In Air-gapped environments, you must prepare the public key of your local certificate authority as described [here](../../config/org-cert.md). It will need to be installed in Kubernetes for the installation to succeed. 
+### Ingress Controller
 
+The Run:ai control plane installation assumes an existing installation of NGINX as the ingress controller. You can follow the Run:ai _Cluster_ prerequisites [ingress controller](../../cluster-setup/cluster-prerequisites.md#ingress-controller) installation.
 
-### NVIDIA Prerequisites
+### NVIDIA GPU Operator
 
 See Run:ai Cluster prerequisites [NVIDIA](../../cluster-setup/cluster-prerequisites.md#nvidia) requirements.
 
 The Run:ai control plane, when installed without a Run:ai cluster, does not require the NVIDIA prerequisites.
 
-### Prometheus Prerequisites
+### Prometheus
 
 See Run:ai Cluster prerequisites [Prometheus](../../cluster-setup/cluster-prerequisites.md#prometheus) requirements.
 
 The Run:ai control plane, when installed without a Run:ai cluster, does not require the Prometheus prerequisites. 
 
-### (Optional) Inference Prerequisites 
+
+### Inference (optional)
 
 See Run:ai Cluster prerequisites [Inference](../../cluster-setup/cluster-prerequisites.md#inference) requirements.
 
 The Run:ai control plane, when installed without a Run:ai cluster, does not require the Inference prerequisites. 
 
-### Helm
-
-Run:ai requires [Helm](https://helm.sh/){target=_blank} 3.10 or later. To install Helm, see [https://helm.sh/docs/intro/install/](https://helm.sh/docs/intro/install/){target=_blank}. If you are installing an air-gapped version of Run:ai, The Run:ai tar file contains the helm binary. 
-
-
-## Network Requirements
-
-### Ingress Controller
-
-The Run:ai control plane installation assumes an existing installation of NGINX as the ingress controller. You can follow the Run:ai _Cluster_ prerequisites [ingress controller](../../cluster-setup/cluster-prerequisites.md#ingress-controller) installation.
-
-### Domain name
-
-The Run:ai control plane requires a domain name (FQDN). You must supply a domain name as well as a trusted certificate for that domain. 
-
-* When installing the first Run:ai cluster on the same Kubernetes cluster as the control plane, the Run:ai cluster URL will be the same as the control-plane URL.
-* When installing the Run:ai cluster on a separate Kubernetes cluster, follow the Run:ai [domain name](../../cluster-setup/cluster-prerequisites.md#cluster-url) requirements. 
-* If your network is air-gapped, you will need to provide the Run:ai control-plane and cluster with information about the [local certificate authority](../../config/org-cert.md).
-
-## Installer Machine
-
-The machine running the installation script (typically the Kubernetes master) must have:
-
-* At least 50GB of free space.
-* Docker installed.
-
-## Other
-
-* (Airgapped installation only)  __Private Docker Registry__. Run:ai assumes the existence of a Docker registry for images. Most likely installed within the organization. The installation requires the network address and port for the registry (referenced below as `<REGISTRY_URL>`). 
-* (Optional) __SAML Integration__ as described under [single sign-on](../../authentication/sso.md). 
-
-
-## Pre-install Script
-
-Once you believe that the Run:ai prerequisites are met, we highly recommend installing and running the Run:ai [pre-install diagnostics script](https://github.com/run-ai/preinstall-diagnostics){target=_blank}. The tool:
-
-* Tests the below requirements as well as additional failure points related to Kubernetes, NVIDIA, storage, and networking.
-* Looks at additional components installed and analyze their relevance to a successful Run:ai installation. 
-
-To use the script [download](https://github.com/run-ai/preinstall-diagnostics/releases){target=_blank} the latest version of the script and run:
-
-```
-chmod +x preinstall-diagnostics-<platform>
-./preinstall-diagnostics-<platform> --domain <dns-entry>
-```
-
-If the script fails, or if the script succeeds but the Kubernetes system contains components other than Run:ai, locate the file `runai-preinstall-diagnostics.txt` in the current directory and send it to Run:ai technical support. 
-
-For more information on the script including additional command-line flags, see [here](https://github.com/run-ai/preinstall-diagnostics){target=_blank}.
-
+## Next steps
+Continue to [Preparing for a Run:ai Kubernetes Installation
+](./preparations.md).

docs/admin/runai-setup/self-hosted/k8s/upgrade.md

@@ -20,6 +20,16 @@ title: Upgrade self-hosted Kubernetes installation
 
 ## Upgrade Control Plane
 
+### Upgrade from Version 2.9, 2.13, 2.15 or 2.16
+
+Before upgrading the control plane, run:
+
+``` bash
+POSTGRES_PV=$(kubectl get pvc pvc-postgresql -n runai-backend -o jsonpath='{.spec.volumeName}')
+THANOS_PV=$(kubectl get pvc pvc-thanos-receive -n runai-backend -o jsonpath='{.spec.volumeName}')
+kubectl patch pv $POSTGRES_PV $THANOS_PV -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
+```
+
 ### Upgrade from Version 2.7 or 2.8
 
 Before upgrading the control plane, run: