Azure Arc enabled ML supports both Azure RedHat OpenShift Service (ARO) and OpenShift Container Platform (OCP).
An ARO or OCP Kubernetes cluster is up and running.
- To setup ARO Kubernetes cluster on Azure, please follow instruction here
- to setup OCP Kubernetes clsuter, please follow instructure on RedHat website.
AzureML dataset, usually used in ML training jobs, is not supported on machines with SELinux enabled. Therefore, to use AzureML dataset, please make sure selinux is disabled on workers for AzureML usage.
For AzureML extension deployment on ARO or OCP cluster, grant privileged access to AzureML service accounts, run oc edit scc privileged command, and add following service accounts under "users:":
system:serviceaccount:azure-arc:azure-arc-kube-aad-proxy-sasystem:serviceaccount:azureml:{EXTENSION-NAME}-kube-state-metricssystem:serviceaccount:azureml:cluster-status-reportersystem:serviceaccount:azureml:prom-admissionsystem:serviceaccount:azureml:defaultsystem:serviceaccount:azureml:prom-operatorsystem:serviceaccount:azureml:csi-blob-node-sasystem:serviceaccount:azureml:csi-blob-controller-sasystem:serviceaccount:azureml:load-amlarc-selinux-policy-sasystem:serviceaccount:azureml:azureml-fesystem:serviceaccount:azureml:prom-prometheussystem:serviceaccount:{KUBERNETES-COMPUTE-NAMESPACE}:defaultsystem:serviceaccount:azureml:azureml-ingress-nginxsystem:serviceaccount:azureml:azureml-ingress-nginx-admission
Notes >* {EXTENSION-NAME}: is the extension name specified with
az k8s-extension create --nameCLI command. >* {KUBERNETES-COMPUTE-NAMESPACE}: is the namespace of kubernetes compute specified withaz ml compute attach --namespaceCLI command. Skip configuring 'system:serviceaccount:{KUBERNETES-COMPUTE-NAMESPACE}:default' if no namespace specified withaz ml compute attachCLI command.