Cloudera AI Inference service cannot discover AI Registry
Learn about scenarios or issues that may be resolved by using the steps in the Manually updating AI Registry configuration solution.
- ML Serving installed before AI Registry
If the AI Registry has not been created yet, when ML Serving is installed it will not be able to generate the ConfigMap.
- AI Registry upgraded after ML Serving
installed
When the AI Registry is upgraded, it will require an updated ConfigMap.
- AI Registry certificate expiredAfter 90 days, AI Registry will have a certificate update, it will require an updated ConfigMap.
Manually updating AI Registry configuration
If you upgrade the AI Registry after creating your Cloudera AI Inference service cluster, the AI Registry configuration stored by the Cloudera AI Inference service will get out of synchronization. Follow the steps below to manually reconcile the configuration, so that Cloudera AI Inference service will be able to connect to AI Registry.
- Get
KubeConfig
for ML Serving Cluster.- In a terminal where Cloudera Data Platform
CLI is installed, run the
cdp ml list-ml-serving-apps
command. - Find the appCrn of the ML Serving instance you wish to update.
- Retrieve the
KubeConfig
with this command:cdp ml get-ml-serving-app-kubeconfig --app-crn <YOUR-APP-CRN> |jq .kubeconfig|yq --prettyPrint
Here:
-
cdp ml get-ml-serving-app-kubeconfig --app-crn <YOUR-APP-CRN> : returns raw json response containing
KubeConfig
. -
|jq .kubeconfig: returns only the actual
KubeConfig
(removes json wrapper). -
|yq --prettyPrint: prints the k
KubeConfig
response into a format both machine and user-readable.
-
- Direct the output to the standard
KubeConfig
location:cdp ml get-ml-serving-app-kubeconfig --app-crn <YOUR-APP-CRN> |jq .kubeconfig|yq --prettyPrint>~/.kube/config
Make sure this is the active
KubeConfig
by running the kubectl config view command. The output of the above command shall now show theKubeConfig
data returned above.
- In a terminal where Cloudera Data Platform
CLI is installed, run the
- Grant your user ML Serving App access.Add your cloud provider user identifier to the ML Serving App access control list. Use the following command, with your ARN, or other cloud provider user identifier.
cdp ml grant-ml-serving-app-access --resource-crn crn:cdp:ml:us-west-1:9d74eee4-1cad-45d7-b645-7ccf9edbb73d:mlserving:2c982e74-c60e-43b9-be85-357cffb1d419 --identifier <Your Cloud Provider User ID>
- Get new ConfigMap data.
- Find the new AI Registry ConfigMap. Use the grant-model-registry-access API in Cloudera Data Platform CLI to add your user name to the new AI Registry, or use the UI, as shown:
- After your user ARN has been granted access to the AI Registry, get the ConfigMap data in the following
way:
- Download the AI Registry
KubeConfig
. - Set the AI Registry
KubeConfig
(save it to ~/.kube/config). - kubectl get cm -n mlx: lists all the available ConfigMaps.
- kubectl describe cm jwks-rootca -n mlx: Returns the TLS Certificate for AI Registry.
- cdp ml list-model-registries: The response will contain the domain for the updated AI Registry.
- Download the AI Registry
- Copy the entire
rootca.pem
output from the command.kubectl describe cm jwks-rootca -n mlx
The domain of the new AI Registry is contained in thelist-model-registries
response:
- Apply
ConfigMap
Update.- Update the
KubeConfig
back to the ML ServingKubeConfig
. - Edit the ConfigMap of the ML Serving Cluster:
- kubectl edit cm modelregistry-config-controlplane -n serving: Update tls.crt with the data from above.
-
kubectl describe cm api-config -n serving: Update model.registry.url with the data from above.
- Restart the deployment to force the Cloudera Manager changes
to take effect.
- kubectl scale deployment api -n serving --replicas=0
- kubectl scale deployment api -n serving --replicas=1
- Update the