How to initialize cloud environment¶
This how-to guide shows you how to initialize the cloud environment where you will deploy your Charmed HPC cluster.
Charmed HPC uses a converged architecture where a machine cloud hosts compute plane applications like the cluster’s workload manager and filesystem, and a Kubernetes (K8s) cloud hosts common control plane applications like identity management and observability services. It is strongly recommended that you pair your machine cloud with a complimenting Kubernetes cloud to simplify the deployment and management of both clouds. For example, LXD should be paired with Canonical Kubernetes, Azure paired with AKS, AWS paired with EKS, and so on.
Note
To Charmed HPC, a cloud (or backing cloud) is any entity that has an API that can provide compute, networking, and optionally storage resources to applications deployed on them. This includes public clouds such as Amazon Web Services, Google Compute Engine, Microsoft Azure and Kubernetes as well as private OpenStack-based clouds. Charmed HPC can also make use of environments, such as MAAS and LXD, which are not necessarily considered clouds, but can be treated as a cloud.
Prerequisites¶
To initialize the cloud environment where you will deploy your Charmed HPC cluster, you will need:
Access to a supported machine cloud
Access to a supported Kubernetes cloud
The Juju CLI client installed on your machine
Initialize machine cloud¶
Follow the instructions below to initialize the charmed-hpc machine cloud.
Prerequisites for LXD
To use LXD as the machine cloud for your Charmed HPC cluster, you will need to have:
Hint
If you’re unfamiliar with operating an LXD server, see the First steps with LXD tutorial for a high-level introduction to LXD.
Add LXD cloud to Juju
To make your LXD cloud known to Juju, first create the file charmed-hpc-cloud.yaml and enter the following
content, substituting <public address of lxd server> with the public address of your LXD server:
charmed-hpc-cloud.yaml¶1clouds:
2 charmed-hpc:
3 type: lxd
4 description: "Machine cloud for Charmed HPC"
5 auth-types: [certificate, interactive]
6 endpoint: <public address of lxd server>
Now, after creating charmed-hpc-cloud.yaml, use juju add-cloud to add
your LXD cloud to Juju:
juju add-cloud charmed-hpc --file ./charmed-hpc-cloud.yaml
Add LXD cloud credentials to Juju
Before you can start deploying applications on your LXD server, you must add credentials for contacting
your LXD server to Juju. Create the file charmed-hpc-cloud-credentials.yaml and enter the following content, with
<lxd server trust password> substituted with your LXD server’s configured trust password:
charmed-hpc-cloud-credentials.yaml¶1credentials:
2 charmed-hpc:
3 accesskey:
4 auth-type: interactive
5 trust-password: <lxd server trust password>
Now use juju add-credential to add the credentials for contacting your LXD server to Juju:
juju add-credential charmed-hpc --file ./charmed-hpc-cloud-credentials.yaml
Note
Juju will use your LXD server’s configured trust password to automatically retrieve your server’s TLS certificates.
Bootstrap LXD cloud controller
With both your LXD server’s endpoint and credentials added to Juju, use juju bootstrap to deploy
the cloud controller:
juju bootstrap charmed-hpc charmed-hpc-controller
After a few minutes, your LXD cloud controller will become active. The output of juju status
command should be similar to the following:
~$ juju status -m controllerModel Controller Cloud/Region Version SLA Timestampcontroller charmed-hpc-controller charmed-hpc/default 3.6.2 unsupported 13:55:33-05:00 App Version Status Scale Charm Channel Rev Exposed Messagecontroller active 1 juju-controller 3.6/stable 116 no Unit Workload Agent Machine Public address Ports Messagecontroller/0* active idle 0 10.190.89.114 Machine State Address Inst id Base AZ Message0 started 10.190.89.114 juju-3b4cde-0 ubuntu@24.04 RunningTo use Microsoft Azure as the machine cloud for your Charmed HPC cluster, you will need to have:
To decide on suitable VMs, it may be useful to refer to Sizes for virtual machines in Azure. A typical Charmed HPC deployment will use a mix of high-performance and GPU-accelerated compute VMs for cluster compute nodes, and general purpose VMs for other node types.
Note
If the Azure Portal page for adjusting VM quota appears blank or contains the message “The selected provider is not registered for some of the selected subscriptions”, confirm that the Microsoft.Compute resource provider is registered for your subscription.
Add Azure cloud credentials to Juju
Azure supports a variety of authentication workflows with Juju. These instructions provide only a single example of creating a Service Principal to enable Juju to automatically create a Managed Identity. Refer to the Juju documentation for full details on authentication with Azure and ensure you choose a method which meets requirements for security in your environment.
To make your Azure credentials known to Juju, run:
juju add-credential azure
This will start a script where you will be asked:
credential-name— your choice of name that will help you identify the credential set, e.g.my-az-credential.region— a default region that is most convenient to deploy your controller and applications, e.g.eastus. Note that credentials are not region-specific.auth type— authentication type. Selectinteractive, the recommended way to authenticate to Azure using Juju.subscription-id— your Azure subscription ID, typical formatxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.application_name(optional) — any unique string to avoid collision with other users or applications. Leave blank to let the script decide.role-definition-name(optional) — any unique string to avoid collision with other users or applications. Leave blank to let the script decide.
You will be asked to authenticate the requests via your web browser with the following message:
To sign in, use a web browser to open the page https://microsoft.com/devicelogin
and enter the code <auth-code> to authenticate.
In a web browser, open the authentication page, sign in as required, and enter the <auth-code> from the end of the authentication request shown in the terminal window. You will be asked to authenticate twice, to allow creation of two different resources in Azure.
Once the credentials have been added successfully, a message similar to the following will be displayed:
Credential "my-az-credential" added locally for cloud "azure".
Widen scope for credentials
To allow Juju to automatically create resources in Azure, further privileges should be granted to the credentials created above. Run, substituting my-az-credential with the name of your credential:
~$ juju show-credentials azure my-az-credentialwhich will show:
client-credentials: azure: my-az-credential: content: auth-type: service-principal-secret application-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx application-object-id: <application-object-id> subscription-id: <subscription-id>Copy the value of <application-object-id> and run:
az role assignment create --assignee <application-object-id> --role Owner --scope /subscriptions/<subscription-id>
This will grant the credential “full access to manage all resources”. Refer to Azure built-in roles for further details on the Owner role and other available roles.
Bootstrap Azure cloud controller
With your credentials added, the Juju cloud environment can now be initialized or “bootstrapped”. To bootstrap, first set the default region for deploying Azure instances, including the controller itself. Refer to What are Azure regions? for an overview of available regions. To set the default region to East US:
juju default-region azure eastus
Then deploy the cloud controller with the juju bootstrap command, optionally providing your choice of memorable name for the controller (here charmed-hpc-controller):
juju bootstrap azure charmed-hpc-controller --constraints "instance-role=auto"
After a few minutes, your Azure cloud controller will become active. The output of the juju status command should be similar to the following:
~$ juju status -m controllerModel Controller Cloud/Region Version SLA Timestampcontroller charmed-hpc-controller azure/eastus 3.6.3 unsupported 10:39:56Z App Version Status Scale Charm Channel Rev Exposed Messagecontroller active 1 juju-controller 3.6/stable 116 no Unit Workload Agent Machine Public address Ports Messagecontroller/0* active idle 0 x.x.x.x Machine State Address Inst id Base AZ Message0 started x.x.x.x juju-e63b38-0 ubuntu@24.04Clean up
Warning
Always clean Azure resources that are no longer necessary! Abandoned resources are tricky to detect and can become expensive over time.
Refer to How to clean up cloud resources for guidance on cleaning up an Azure cloud.
Initialize Kubernetes cloud¶
After initializing the charmed-hpc machine cloud, follow the instructions below to initialize the
charmed-hpc-k8s Kubernetes cloud.
Prerequisites for Canonical Kubernetes
To use Canonical Kubernetes as the Kubernetes cloud for your Charmed HPC cluster, you will need to have:
Hint
If you’re unfamiliar with operating a Canonical Kubernetes cluster, see the Canonical Kubernetes tutorials for a high-level introduction to Canonical Kubernetes.
Add Canonical Kubernetes cloud to deployed controller
To make your Canonical Kubernetes cloud known to Juju and use the same controller as your
machine cloud, pipe the output of k8s config to juju add-k8s by running the
following command:
sudo k8s config | \
juju add-k8s --controller charmed-hpc-controller charmed-hpc-k8s
juju add-k8s will immediately add your Canonical Kubernetes cloud to the controller of your machine
cloud. The output of juju clouds should be similar to the following:
~$ juju clouds --controller charmed-hpc-controller Clouds available on the controller:Cloud Regions Default Typecharmed-hpc 1 default lxdcharmed-hpc-k8s 1 default k8sPrerequisites for Azure Kubernetes Service (AKS)
To use AKS as the Kubernetes cloud for your Charmed HPC cluster, you will need to have:
To decide on suitable VMs, it may be useful to refer to Sizes for virtual machines in Azure. VM sizes should be chosen to accommodate control plane applications like identity management and observability services.
Create a new AKS cluster
Create a new Azure Resource Group with your choice of name (here aks) in the same region as the machine cloud. For the East US region:
az group create --name aks --location eastus
Bootstrap AKS in the new Azure Resource Group, using your choice of memorable name for the cluster instance (here charmed-aks-cluster) and adjusting node count and VM size to accommodate control plane applications and your requirements for availability:
az aks create -g aks -n charmed-aks-cluster --enable-managed-identity --node-count 1 --node-vm-size=Standard_D4s_v4 --generate-ssh-keys
For further information on creating and sizing an AKS cluster, see the Azure guide: Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using Azure CLI.
Add AKS cloud to deployed controller
To make your AKS cloud known to Juju and use the same controller as your machine cloud, first retrieve your AKS credentials:
az aks get-credentials --resource-group aks --name charmed-aks-cluster
This will add your AKS credentials to the file ~/.kube/config. Now, add the AKS cloud to the controller with the juju add-k8s command, providing the name of the existing controller, your choice of memorable name for the AKS cloud, and the name of the AKS cluster just added to the ~/.kube/config file (here charmed-hpc-controller, charmed-hpc-k8s, and charmed-aks-cluster respectively):
juju add-k8s --controller charmed-hpc-controller charmed-hpc-k8s --cluster-name=charmed-aks-cluster
With the AKS cloud added, the output of juju clouds for the controller should be similar to the following:
~$ juju clouds --controller charmed-hpc-controller Clouds available on the controller:Cloud Regions Default Typeazure 44 eastus azurecharmed-hpc-k8s 1 eastus k8sClean up
Warning
Always clean Azure resources that are no longer necessary! Abandoned resources are tricky to detect and can become expensive over time.
Refer to How to clean up cloud resources for guidance on cleaning up an Azure cloud.
Next Steps¶
Now that both the charmed-hpc machine cloud and charmed-hpc-k8s Kubernetes cloud are initialized,
you can start deploying applications with Juju. Go to the How to deploy Slurm guide
for how to deploy Slurm as the workload manager of your Charmed HPC cluster.