Provisioning ML Workspaces

This topic describes how to provision machine learning (ML) workspaces.

The first user to access the ML workspace after it is created must have both the MLAdmin role and the EnvironmentAdmin account role assigned. See Configuring User Access to CML and Understanding account roles and resource roles for information about this resource role.
  1. Log in to the CDP web interface.

    On Public Cloud, log in to using your corporate credentials or any other credentials that you received from your CDP administrator.

  2. Click ML Workspaces.
  3. Click Provision Workspace.
  4. Fill out the following fields.
    • Workspace Name - Give the ML workspace a name. For example, user1_dev.
    • Select Environment - From the dropdown, select the environment where the ML workspaces must be provisioned. If you do not have any environments available to you in the dropdown, contact your CDP administrator to gain access.
    • Existing NFS - (Azure only) Enter the mount path from the environment creation procedure.
    • NFS Protocol version - (Azure only) Specify the protocol version to use when communicating with the existing NFS server.
  5. Switch the toggle to display Advanced Settings.
    1. CPU Settings - From the dropdown, select the following:
      • Instance Type
      • Autoscale Range
      • Root Volume Size: If necessary, you can also change the default size of the root volume disk for the nodes in the group.
    2. GPU Settings - Click the GPU Instances toggle to enable GPUs for the cluster, and set the following:
      • Instance Type
      • Autoscale Range
      • Root Volume Size: If necessary, you can also change the default size of the root volume disk for the nodes in the group.
    3. Kubernetes Config - Upload or directly enter the Kubernetes config information.
    4. Network Settings
      • Subnets: Optionally select one or more subnets to use for Kubernetes worker nodes.
      • Load Balancer Source Ranges - (Azure only) Enter a CIDR range of IP addresses allowed to access the cluster.
        • If the CML workspace is provisioned with public access, enter the allowed public IP address range.
        • If the CML workspace is provisioned with private access, enter the allowed private IP address range.
      • Restrict access to Kubernetes API server to authorized IP ranges

        You can specify a range of IP addresses in CIDR format that are allowed to access the Kubernetes API server. By default, the Kubernetes API services of CML workspaces are accessible to all public IP addresses ( that have proper credentials.

        To specify an address to authorize, enter an address in CIDR format (for example, in API Server Authorized IP Ranges, and click the plus (+) icon. In this case, the API server is accessible by the user-provided address as well as control-plane-exit-ips over the public internet.

        If the feature is enabled and no IP authorized addresses are specified, then the Kubernetes API server is only accessible by control-plane-exit-ips from the public internet.

    5. Production Machine Learning
      • Enable Governance - Must be enabled to capture and view information about your ML projects, models, and builds from Apache Atlas for a given environment. If you do not select this option, then integration with Atlas won't work.
      • Enable Model Metrics - When enabled, stores metrics in a scalable metrics store, enables you to track individual model predictions, and also track and analyze metrics using custom code.
    6. Other Settings
      • Enable TLS - Select this checkbox if you want the workspace to use HTTPS for web communication.
      • Enable public Internet access - When enabled, the CML workspace will be available on the public Internet. When disabled, it is assumed that connectivity is achieved through a corporate VPC.
      • Enable Monitoring - Administrators (users with the MLAdmin role) can use a Grafana dashboard to monitor resource usage in the provisioned workspace.
      • Skip Validation - If selected, validation checks are not performed before a workspace is provisioned. Select this only if validation checks are failing incorrectly.
      • Tags - Tags added to cloud infrastructure, compute, and storage resources associated with this CML workspace.

        Note that these tags are propagated to your cloud service provider account. See Related information for links to AWS and Azure tagging strategies.

  6. Click Provision Workspace.
It can take up to an hour for an ML workspace to be provisioned and installed. Once the status changes to show that the workspace has been successfully provisioned, click on the workspace name to go to the web application.

Note that the domain name for the provisioned workspace is randomly generated and cannot be changed.

Grant users access to this ML workspace using the instructions at Configuring User Access to CML.