How to initialize cloud environment

This how-to guide shows you how to initialize the cloud environment where you will deploy your Charmed HPC cluster.

Charmed HPC uses a converged architecture where a machine cloud hosts compute plane applications like the cluster’s workload manager and filesystem, and a Kubernetes (K8s) cloud hosts common control plane applications like identity management and observability services. It is strongly recommended that you pair your machine cloud with a complimenting Kubernetes cloud to simplify the deployment and management of both clouds. For example, LXD should be paired with Canonical Kubernetes, Azure paired with AKS, AWS paired with EKS, and so on.

Note

To Charmed HPC, a cloud (or backing cloud) is any entity that has an API that can provide compute, networking, and optionally storage resources to applications deployed on them. This includes public clouds such as Amazon Web Services, Google Compute Engine, Microsoft Azure and Kubernetes as well as private OpenStack-based clouds. Charmed HPC can also make use of environments, such as MAAS and LXD, which are not necessarily considered clouds, but can be treated as a cloud.

Prerequisites

To initialize the cloud environment where you will deploy your Charmed HPC cluster, you will need:

Initialize machine cloud

Follow the instructions below to initialize the charmed-hpc machine cloud.

Prerequisites for LXD

To use LXD as the machine cloud for your Charmed HPC cluster, you will need to have:

Hint

If you’re unfamiliar with operating an LXD server, see the First steps with LXD tutorial for a high-level introduction to LXD.

Add LXD cloud to Juju

To make your LXD cloud known to Juju, first create the file charmed-hpc-cloud.yaml and enter the following content, substituting <public address of lxd server> with the public address of your LXD server:

charmed-hpc-cloud.yaml
1clouds:
2  charmed-hpc:
3    type: lxd
4    description: "Machine cloud for Charmed HPC"
5    auth-types: [certificate, interactive]
6    endpoint: <public address of lxd server>

Now, after creating charmed-hpc-cloud.yaml, use juju add-cloud to add your LXD cloud to Juju:

juju add-cloud charmed-hpc --file ./charmed-hpc-cloud.yaml

Add LXD cloud credentials to Juju

Before you can start deploying applications on your LXD server, you must add credentials for contacting your LXD server to Juju. Create the file charmed-hpc-cloud-credentials.yaml and enter the following content, with <lxd server trust password> substituted with your LXD server’s configured trust password:

charmed-hpc-cloud-credentials.yaml
1credentials:
2  charmed-hpc:
3    accesskey:
4      auth-type: interactive
5      trust-password: <lxd server trust password>

Now use juju add-credential to add the credentials for contacting your LXD server to Juju:

juju add-credential charmed-hpc --file ./charmed-hpc-cloud-credentials.yaml

Note

Juju will use your LXD server’s configured trust password to automatically retrieve your server’s TLS certificates.

Bootstrap LXD cloud controller

With both your LXD server’s endpoint and credentials added to Juju, use juju bootstrap to deploy the cloud controller:

juju bootstrap charmed-hpc charmed-hpc-controller

After a few minutes, your LXD cloud controller will become active. The output of juju status command should be similar to the following:

~$ juju status -m controller
Model       Controller              Cloud/Region         Version  SLA          Timestampcontroller  charmed-hpc-controller  charmed-hpc/default  3.6.2    unsupported  13:55:33-05:00 App         Version  Status  Scale  Charm            Channel     Rev  Exposed  Messagecontroller           active      1  juju-controller  3.6/stable  116  no Unit           Workload  Agent  Machine  Public address  Ports  Messagecontroller/0*  active    idle   0        10.190.89.114 Machine  State    Address        Inst id        Base          AZ  Message0        started  10.190.89.114  juju-3b4cde-0  ubuntu@24.04      Running

To use Microsoft Azure as the machine cloud for your Charmed HPC cluster, you will need to have:

To decide on suitable VMs, it may be useful to refer to Sizes for virtual machines in Azure. A typical Charmed HPC deployment will use a mix of high-performance and GPU-accelerated compute VMs for cluster compute nodes, and general purpose VMs for other node types.

Note

If the Azure Portal page for adjusting VM quota appears blank or contains the message “The selected provider is not registered for some of the selected subscriptions”, confirm that the Microsoft.Compute resource provider is registered for your subscription.

Add Azure cloud credentials to Juju

Azure supports a variety of authentication workflows with Juju. These instructions provide only a single example of creating a Service Principal to enable Juju to automatically create a Managed Identity. Refer to the Juju documentation for full details on authentication with Azure and ensure you choose a method which meets requirements for security in your environment.

To make your Azure credentials known to Juju, run:

juju add-credential azure

This will start a script where you will be asked:

  • credential-name — your choice of name that will help you identify the credential set, e.g. my-az-credential.

  • region — a default region that is most convenient to deploy your controller and applications, e.g. eastus. Note that credentials are not region-specific.

  • auth type — authentication type. Select interactive, the recommended way to authenticate to Azure using Juju.

  • subscription-id — your Azure subscription ID, typical format xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.

  • application_name (optional) — any unique string to avoid collision with other users or applications. Leave blank to let the script decide.

  • role-definition-name (optional) — any unique string to avoid collision with other users or applications. Leave blank to let the script decide.

You will be asked to authenticate the requests via your web browser with the following message:

To sign in, use a web browser to open the page https://microsoft.com/devicelogin
and enter the code <auth-code> to authenticate.

In a web browser, open the authentication page, sign in as required, and enter the <auth-code> from the end of the authentication request shown in the terminal window. You will be asked to authenticate twice, to allow creation of two different resources in Azure.

Once the credentials have been added successfully, a message similar to the following will be displayed:

Credential "my-az-credential" added locally for cloud "azure".

Widen scope for credentials

To allow Juju to automatically create resources in Azure, further privileges should be granted to the credentials created above. Run, substituting my-az-credential with the name of your credential:

~$ juju show-credentials azure my-az-credential

which will show:

client-credentials:  azure:    my-az-credential:      content:        auth-type: service-principal-secret        application-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx        application-object-id: <application-object-id>        subscription-id: <subscription-id>

Copy the value of <application-object-id> and run:

az role assignment create --assignee <application-object-id> --role Owner --scope /subscriptions/<subscription-id>

This will grant the credential “full access to manage all resources”. Refer to Azure built-in roles for further details on the Owner role and other available roles.

Bootstrap Azure cloud controller

With your credentials added, the Juju cloud environment can now be initialized or “bootstrapped”. To bootstrap, first set the default region for deploying Azure instances, including the controller itself. Refer to What are Azure regions? for an overview of available regions. To set the default region to East US:

juju default-region azure eastus

Then deploy the cloud controller with the juju bootstrap command, optionally providing your choice of memorable name for the controller (here charmed-hpc-controller):

juju bootstrap azure charmed-hpc-controller --constraints "instance-role=auto"

After a few minutes, your Azure cloud controller will become active. The output of the juju status command should be similar to the following:

~$ juju status -m controller
Model       Controller              Cloud/Region  Version  SLA          Timestampcontroller  charmed-hpc-controller  azure/eastus  3.6.3    unsupported  10:39:56Z App         Version  Status  Scale  Charm            Channel     Rev  Exposed  Messagecontroller           active      1  juju-controller  3.6/stable  116  no Unit           Workload  Agent  Machine  Public address  Ports  Messagecontroller/0*  active    idle   0        x.x.x.x Machine  State    Address      Inst id        Base          AZ  Message0        started  x.x.x.x      juju-e63b38-0  ubuntu@24.04

Clean up

Warning

Always clean Azure resources that are no longer necessary! Abandoned resources are tricky to detect and can become expensive over time.

Refer to How to clean up cloud resources for guidance on cleaning up an Azure cloud.

Initialize Kubernetes cloud

After initializing the charmed-hpc machine cloud, follow the instructions below to initialize the charmed-hpc-k8s Kubernetes cloud.

Prerequisites for Canonical Kubernetes

To use Canonical Kubernetes as the Kubernetes cloud for your Charmed HPC cluster, you will need to have:

Hint

If you’re unfamiliar with operating a Canonical Kubernetes cluster, see the Canonical Kubernetes tutorials for a high-level introduction to Canonical Kubernetes.

Add Canonical Kubernetes cloud to deployed controller

To make your Canonical Kubernetes cloud known to Juju and use the same controller as your machine cloud, pipe the output of k8s config to juju add-k8s by running the following command:

sudo k8s config | \
  juju add-k8s --controller charmed-hpc-controller charmed-hpc-k8s

juju add-k8s will immediately add your Canonical Kubernetes cloud to the controller of your machine cloud. The output of juju clouds should be similar to the following:

~$ juju clouds --controller charmed-hpc-controller
Clouds available on the controller:Cloud            Regions  Default  Typecharmed-hpc      1        default  lxdcharmed-hpc-k8s  1        default  k8s

Prerequisites for Azure Kubernetes Service (AKS)

To use AKS as the Kubernetes cloud for your Charmed HPC cluster, you will need to have:

To decide on suitable VMs, it may be useful to refer to Sizes for virtual machines in Azure. VM sizes should be chosen to accommodate control plane applications like identity management and observability services.

Create a new AKS cluster

Create a new Azure Resource Group with your choice of name (here aks) in the same region as the machine cloud. For the East US region:

az group create --name aks --location eastus

Bootstrap AKS in the new Azure Resource Group, using your choice of memorable name for the cluster instance (here charmed-aks-cluster) and adjusting node count and VM size to accommodate control plane applications and your requirements for availability:

az aks create -g aks -n charmed-aks-cluster --enable-managed-identity --node-count 1 --node-vm-size=Standard_D4s_v4 --generate-ssh-keys

For further information on creating and sizing an AKS cluster, see the Azure guide: Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Azure CLI.

Add AKS cloud to deployed controller

To make your AKS cloud known to Juju and use the same controller as your machine cloud, first retrieve your AKS credentials:

az aks get-credentials --resource-group aks --name charmed-aks-cluster

This will add your AKS credentials to the file ~/.kube/config. Now, add the AKS cloud to the controller with the juju add-k8s command, providing the name of the existing controller, your choice of memorable name for the AKS cloud, and the name of the AKS cluster just added to the ~/.kube/config file (here charmed-hpc-controller, charmed-hpc-k8s, and charmed-aks-cluster respectively):

juju add-k8s --controller charmed-hpc-controller charmed-hpc-k8s --cluster-name=charmed-aks-cluster

With the AKS cloud added, the output of juju clouds for the controller should be similar to the following:

~$ juju clouds --controller charmed-hpc-controller
Clouds available on the controller:Cloud            Regions  Default  Typeazure            44       eastus   azurecharmed-hpc-k8s  1        eastus   k8s

Clean up

Warning

Always clean Azure resources that are no longer necessary! Abandoned resources are tricky to detect and can become expensive over time.

Refer to How to clean up cloud resources for guidance on cleaning up an Azure cloud.

Next Steps

Now that both the charmed-hpc machine cloud and charmed-hpc-k8s Kubernetes cloud are initialized, you can start deploying applications with Juju. Go to the How to deploy Slurm guide for how to deploy Slurm as the workload manager of your Charmed HPC cluster.