The cloud-native AI component consists of AI Dashboard and AI Developer Console. You can access AI Dashboard and AI Developer Console over the Internet or through a private network. This topic describes how to access AI Dashboard.
Prerequisites
A Container Service for Kubernetes (ACK) Pro cluster is created. Make sure that Monitoring Agents and Log Service are enabled on the Component Configurations wizard page when you create the cluster. For more information, see Create an ACK Pro cluster.
The Kubernetes version of the ACK Pro cluster is 1.18 or later.
Method 1: Access AI Dashboard over a private network
You can access AI Dashboard by using a private domain name or a private IP address. Before you access AI Dashboard through a private network, make sure that the cluster network is connected to your office network.
Use a private domain name
When you install the cloud-native AI suite, set Select one of the following methods to access AI Dashboard to Internal Domain and enter a private domain name.
After an ACK cluster is created, an NGINX Ingress controller with two pods is automatically deployed. An Internet-facing SLB instance is also created as the frontend load balancing Service.
For more information about how to deploy another independent NGINX Ingress controller, see Deploy multiple Ingress controllers in a cluster.
After the cloud-native AI component set is installed, you can use the private domain name to access AI Dashboard.
Use a private IP address
When you install the cloud-native AI suite, set Select one of the following methods to access AI Dashboard: to Private IP.
After the cloud-native AI component set is installed, you can use SSL-VPN or sshuttle to access AI Dashboard.
Use SSL-VPN to access AI Dashboard
SSL-VPN allows remote clients to connect to a virtual private cloud (VPC) and access the applications or services deployed in the VPC in a secure manner. You can configure SSL-VPN on a VPN gateway to access AI Dashboard from a remote client. For more information, see Connect a client to a VPC.
Use sshuttle to access AI Dashboard
Use sshuttle to access AI Dashboard. sshuttle is the most cost-effective VPN over SSH solution.
Prepare a jump server that has Internet access and runs Python 3.6 or later.
We recommend that you configure an IP whitelist in the security group of the cluster to limit IP addresses. For more information, see Configuration guide for ECS security groups.
Install sshuttle. macOS is used in the sample code and sshuttle 1.0.5 is installed. For more information about how to install sshuttle in other operating systems, see sshuttle.
brew install sshuttle@1.0.5
Enable the proxy feature of sshuttle. Specify the IP addresses of the SSH jump server and cluster node that you want to access. In the sample code, the public IP address of the jump server is
39.96.XX.XX
and the IP address of the cluster node is192.168.100.0
.sudo sshuttle -r jack@39.96.XX.XX 192.168.100.0/24 -vv
Run the following command to query all Services in the
kube-ai
namespace:kubectl get service -n kube-ai
Expected output:
The IP address of AI Dashboard follows
ack-ai-dashboard-admin-ui
.The IP address of AI Developer Console follows
ack-ai-dev-console
.
Access the IP address of AI Dashboard from a web browser.
Method 2: Access AI Dashboard over the Internet (not recommended for production environments)
This method does not use TLS. To access AI Dashboard, you need to prepare a domain name and configure a security certificate. If you use the public domain name provided by ACK for testing purposes, you need to configure a whitelist for your Server Load Balancer (SLB) instance. For more information, see Access control.
When you install the cloud-native AI suite, if you set Select one of the following methods to access AI Dashboard to Public Domain, you can access AI Dashboard over the Internet. To access AI Dashboard through a public domain name, make sure that an NGINX Ingress is installed in the ACK cluster.
After an ACK cluster is created, an NGINX Ingress controller with two pods is automatically deployed. An Internet-facing SLB instance is also created as the frontend load balancing Service.
For more information about how to deploy another independent NGINX Ingress controller, see Deploy multiple Ingress controllers in a cluster.
After the cloud-native AI suite is installed, the cluster creates an Ingress domain name for AI Dashboard.
Log on to the ACK console. In the left-side navigation pane, click Clusters.
Click the name of the cluster.
In the left-side navigation pane, choose Applications > Cloud-native AI Suite.
View the status of AI Dashboard and AI Developer Console. When the status of AI Dashboard is Ready, you can directly click AI Dashboard to access it.