Integrate with Palette
Integrations are external service connections configured in a Settings resource that provide credentials and endpoints for PaletteAI to interact with external platforms. Integrations can be added while creating a Tenant, Project, or at any time within the Project scope. A Palette integration is required to deploy applications and models.
When Palette is integrated with PaletteAI, Palette is used as your infrastructure provider to deploy dedicated or shared Compute Pools to host your artificial intelligence and machine learning (AI/ML) applications.
This page covers the Palette integration prerequisites. For information on configuring Hugging Face and NVIDIA NGC integrations, refer to the Settings page.
Integration Prerequisites
Before you can add a Palette integration to your Tenant or Project, you must complete the following tasks in Palette.
When PaletteAI is installed with systemDefaultResources: true (the default), a default Tenant and Project are automatically created. You can use these defaults or create custom Tenants and Projects by completing the prerequisites that follow.
-
Create Palette Tenant - Similar to PaletteAI Tenants, Palette tenants are top-level organizational units that represent a department or business, under which you create individual projects for deploying and managing clusters. If you use Palette in a dedicated- or multi-tenant SaaS environment, tenants are created for you by the Spectro Cloud Customer Support team. In self-hosted Palette environments, you must manually create tenants.
-
Create Palette Project - Within your Palette tenant, create one or multiple projects where you deploy your AI/ML applications. Palette projects are similar to PaletteAI Projects, allowing you to group clusters and related resources and set role-based access controls. You can use an out-of-box project or create your own. Refer to the Palette Create and Manage Projects guide for instructions on creating projects in Palette. If you have multiple tenants, refer to the Switch Tenant guide to ensure you are in the correct tenant prior to creating your project.
Record the Palette project ID, not the project name. PaletteAI uses this ID as the
defaultProjectIDvalue. To find the ID, log in to Palette and copy the Project ID field on the Project Overview tab. -
Create Palette API Key - Your Palette API key is used in the Settings resource to authenticate PaletteAI with Palette, allowing PaletteAI to discover edge nodes and use those nodes to create clusters for deploying your AI/ML applications.
Deployment Prerequisites
PaletteAI can communicate with Palette once you add your integration. However, you cannot deploy AI/ML applications until a sufficient number of edge nodes with the required specifications are discovered through PaletteAI's Compute resource. Before you can deploy clusters, you must complete the following tasks in Palette:
-
Deploy Edge Nodes - Deploy and use edge nodes to form the clusters that host your AI/ML applications. Turn existing machines into Palette-compatible edge nodes using either the EdgeForge Workflow (Appliance Mode) or Agent Mode, and register the nodes with Palette.
-
Label Edge Nodes - Edge nodes must be properly labeled with the appropriate PaletteAI tags to be discovered by the Compute resource. To tag your edge nodes, add labels below the
stylus.site.tagsparameter in your edge node'suser-datafile or tag edge nodes once they are registered with Palette using Edge Host Grid View. -
Create Cluster Profiles - Cluster Profiles are created and managed in Palette. They are a required component of Infrastructure and Fullstack Profile Bundles that define the base infrastructure used in your Kubernetes clusters.
When PaletteAI provisions a Compute Pool, it references the applicable Cluster Profile to configure the underlying Kubernetes cluster through Palette.
-
Provide Palette a Trusted SSL Certificate - By default, self-hosted Palette uses a self-signed Secure Sockets Layer (SSL) certificate. If you are using a custom SSL certificate, you can provide it to Palette by updating the system certificate in the System console settings. Refer to the System Address Management guide for instructions on how to update the system certificate. If Palette uses a self-signed certificate, you can either skip SSL verification or provide a custom Certificate Authority (CA) certificate in the Palette secret. Refer to Custom CA Certificates for configuration details.
Custom CA Certificates
When Palette uses a self-signed SSL certificate, PaletteAI offers two ways to communicate with it:
-
Enable the
skipSSLCertificateVerificationflag in the Palette secret to bypass SSL certificate validation when calling Palette. -
Provide a custom Certificate Authority (CA) certificate by setting
tlsSecretRefto the name of a Kubernetes Secret in the same namespace that contains aca.crtkey with the PEM-encoded CA certificate.
Apply either option through a manifest or through the UI when you add a Palette integration to your Settings resource, either during or after creating or managing a Project.
Leave the skipSSLCertificateVerification flag disabled in production environments. When enabled, all API calls to Palette skip SSL certificate validation, which is acceptable for demo or experimentation but exposes production traffic. Use a valid SSL certificate signed by a trusted CA, or provide a custom CA certificate.
The following example shows a Palette secret that references a custom CA certificate through tlsSecretRef. In this case, palette-ca-cert is the name of an existing Kubernetes Secret in the same namespace that contains a ca.crt key with the PEM-encoded CA certificate.
apiVersion: v1
kind: Secret
metadata:
name: palette-api-secret
namespace: primary-dev
type: Opaque
stringData:
palette: |
{
"apiKey": "***************************",
"defaultProjectID": "<palette-default-project-id>",
"hostUrl": "https://console.spectrocloud.com",
"tenant": "docs",
"skipSSLCertificateVerification": false,
"tlsSecretRef": "palette-ca-cert"
}
apiVersion: v1
kind: Secret
metadata:
name: palette-ca-cert
namespace: primary-dev
type: Opaque
stringData:
ca.crt: |
-----BEGIN CERTIFICATE-----
***************************
-----END CERTIFICATE-----
For the full list of Palette secret fields, refer to the Settings CRD reference.
Additional Self-Hosted Palette Setup
This section applies to self-hosted Palette environments only. It does not apply to dedicated or multi-tenant SaaS environments.
While not required to deploy Compute Pools and applications with PaletteAI, we recommend configuring your self-hosted Palette environment to meet your organization's needs prior to deploying clusters. Refer to the following Palette guides for additional information:
-
Activate Palette License - After installing self-hosted Palette, you have 30 days to activate it. During the 30-day trial period, you can use Palette without any restrictions. After 30 days, you can continue to use Palette, but you cannot deploy additional clusters or perform any Day-2 operations on existing clusters until Palette is activated. We recommend activating Palette as soon as possible to avoid any disruptions.
-
Add Pack Registries - Add pack registries to your Palette tenants so that you can use them to create Cluster Profiles. Review the list of Pack registries, select the ones you want to use, and follow the Add System-Level Registry guide to add them to your Palette tenants.
Refer to Palette's System Management guide to discover additional system configuration options, such as feature flags, login banners, and more.