Skip to content

Configure

This section describes the steps that an administrator from the platform team has to follow to deploy and operate "Ray as Service" on their infrastructure. The high level steps that the administrator has to follow to get this operational on their infrastructure are:

As an Org Admin,

  • Clone the Ray Template from Rafay's Template Catalog
  • Configure and Customize the template

As a PaaS Project Admin (or Org Admin),

  • Create a Service Profile in PaaS Studio for End User Self Service

High Level Steps

The sequence diagram below describes the high level steps visually. 

sequenceDiagram 
    participant plat as Platform Team 
    participant rafay as Template Catalog
    participant studio as PaaS Admin

    plat->>rafay: Clone Ray Template
    plat->>rafay: Configure Template
    studio->>rafay: Create Service Profile
    rafay-->>plat: Setup Complete

Clone Template from Catalog

The step below is typically a one time activity for administrators. Login into your Rafay Org as an Org Admin and follow the steps below:

  • Click on "System -> Template Catalog"
  • Click on "Get Started" on the KubeRay template
  • Follow the wizard i.e. provide a name, version and select the name of the project you created in the previous step (e.g. gpu-paas)
  • Save as Draft

Ray on Kubernetes

Configure Template

When executed, the Rafay agent operating behind the firewall will receive the configured template, the associated Infra as Code (IaC), credentials and policies from the Rafay Platform. It will then execute this code on the behalf of the user.

1. Specify Agent

Let's configure the template to be received and executed by the Rafay Agent we created in a prior step.

  • Under the "Agents" tab, click on "Add Agent"
  • Select the name of the agent you configured in the prior step
  • Ensure that the override configuration is specified to "Not Allowed" because we do not want the downstream users to be able to change this
  • Save your changes

Select Agent

2. Config Context

The config context will typically encapsulate credentials and environment variables required for the agent to perform its job. In this case, we will configure the Rafay Agent with credentials so that it can make programmatic (API) calls to the specified Rafay Org.

To get the API Key + Secret for the administrator user,

  • Navigate to "My Tools -> Manage Keys" and click on "New API Key".
  • Copy the API Key + Secret combination.

Info

Click here to learn more about API Key & Secret for programmatic access.

Now, we are ready to configure our agent's config context.

  • Click on the Environment Template → Config Context
  • Click on the Edit icon in the config context for "kuberay-config-context"

  • Expand "Environment Variables" and you should see two entries: "API Key & Controller Endpoint"

  • Click on Edit for API Key

  • Paste the API Key/Secret string from the above step
  • Select Override to "Not Allowed" to ensure none of the downstream users have visibility or access to the config context
  • Save & Continue

Paste API Key

Controller API Endpoint

Info

For self hosted Rafay Controller deployments, the agent will need to be configured to point to your custom domain.

In this guide, we will be using the URL for Rafay's SaaS option i.e. "console.rafay.dev"

  • Click on Edit for "Controller Endpoint".
  • Note that Rafay's SaaS Endpoint URL is already configured
  • Select Override to "Not Allowed" to ensure none of the downstream users have visibility or access to the config context
  • Save & Continue

Controller Endpoint

Input Variables

The Rafay template allows administrators to customize a number of input variables. Please review the table below for a detailed description of the input variables. Typically, the Org Admin only needs to specify/configure the following from the list.

  • Domain related details
  • Certificate related details

Note

For testing and evaluation purposes, by default, Rafay automatically programs DNS for the Ray Endpoint URL and configures it for secure access using a trusted digital certificate. For production deployments, administrators should specify both DNS and Certificate details. Customers are recommended to try with the Rafay Defaults first before attempting advanced configuration.

Name Value Type Description
cluster_name Text Name of the Kubernetes cluster (virtual or dedicated). This is automatically detected when user selects compute instance
Host Project Expressions Rafay Project where the compute instance is deployed. This is automatically specified during end user self-service
Environment Name Expressions Name of the Rafay environment instance of the template. This is automatically specified during end user self-service
Ingress Domain Text The ingress domain for the Ray Dashboard. Defaults to Rafay. Administrators should customize
Kuberay Host Name Text Hostname for Ray Dashboard. Required for Custom Ingress Domain
Kuberay Host Cert Text Certificate for Ray Dashboard URL. Starts with BEGIN CERTIFICATE, necessary for Custom Ingress Domain
Kuberay Host Key Text Key associated with Certificate for Ray Dashboard URL. Starts with BEGIN PRIVATE KEY, necessary for Custom Ingress Domain
Ingress IP Text Public Ingress IP of Cluster, necessary for Rafay Ingress Domain. Typically specified in Service Profile
Ingress Namespace Text Namespace where ingress controller is installed on the host cluster. Defaults to ingress-nginx
Ingress Class Name Text Ingress Class Name. Defaults to nginx
Sub Domain Expressions Subdomain for unique Ray Dashboard URL per user
Ingress User Text Username to access Ray Dashboard. Defaults to "admin"
Enable Volcano True/False Toggle true if Volcano should be installed on the cluster. Ideal for on-premises host clusters where auto scaling is challenging
Kuberay Head Config HCL Kuberay head node configurations. Update only if defaults do not work
Kuberay Worker Config HCL Kuberay worker node configurations. Update as required
Kuberay Worker Tolerations HCL Tolerations for KubeRay worker nodes. Update only if required
Kuberay Worker Node Selector HCL Node Selector Config for KubeRay worker nodes. Update only if required
Host server Expressions Host Cluster details used to configure Ingress etc on the host cluster using Kubeconfig. Automatically detected
Client Certificate Data Expressions Kubeconfig Client Certificate Data. Automatically detected
Client Key Data Expressions Kubeconfig Client Key Data. Automatically detected
Certificate Authority Data Expressions Kubeconfig Certificate Authority Data. Automatically detected
Kubeconfig Expressions Kubeconfig for programmatic access to Host Cluster. Automatically detected