An Open Container Initiative (OCI) registry is required to store OCI artifacts. Rather than using the default in‑cluster Zot registry, you can configure the PaletteAI Helm chart to use AWS Elastic Container Registry (ECR). ECR works on both AWS EKS and self‑managed Kubernetes on AWS (IaaS) and can be configured during or post-installation.
The Kubernetes API server can be configured to trust an OpenID Connect (OIDC) provider to authenticate users. We recommend you work with your Kubernetes administrator and security team to configure the Kubernetes API server to trust the OIDC provider. Depending on your infrastructure provider and the Kubernetes platform you are using, such as AWS EKS, Azure AKS, or Google GKE, the steps to configure the Kubernetes API server to trust the OIDC provider may vary.
PaletteAI supports Kubernetes User Impersonation. User impersonation is a feature that allows a user to impersonate another user. This is useful for scenarios where you are unable to configure the Kubernetes API server to trust the Dex as an OpenID Connect (OIDC) provider. Through the user impersonation feature, you can continue to use your existing OIDC provider or local Dex users, the key part is to ensure that proper group mappings are configured so that the user has the correct permissions to access the resources they need.
PaletteAI allows you to customize the appearance of the PaletteAI User Interface (UI) during installation or upgrades. Using Helm chart values, you can customize the following front-end elements:
This guide covers installing PaletteAI on a self-managed Kubernetes cluster deployed with AWS EC2 instances. The deployment uses the hub-as-spoke pattern with Zot as the Open Container Initiative (OCI) registry.
This guide covers installing PaletteAI on an EKS Kubernetes cluster. The deployment uses the hub-as-spoke pattern with Zot as the Open Container Initiative (OCI) registry.
This guide covers installing PaletteAI on Google Kubernetes Engine (GKE). The deployment uses the hub-as-spoke pattern with Zot as the Open Container Initiative (OCI) registry.
This guide covers installing PaletteAI on self-managed Kubernetes clusters where you have full control over the API server configuration. The deployment uses the hub-as-spoke pattern with Zot as the Open Container Initiative (OCI) registry. Use this guide if installing PaletteAI on:
The paletteai CLI is a command-line tool for authoring and testing Definitions, inspecting Workload statuses, and importing profile bundles downloaded from PaletteAI Studio. The CLI is useful for local development, CI/CD pipelines, and automation workflows.
PaletteAI enforces role-based access control (RBAC) across the UI. Actions such as creating, editing, or deleting resources are available only to users whose role includes the required permissions. If a button or action described below is not visible, your role likely does not grant the necessary access. Contact your administrator to request access.
To successfully deploy PaletteAI on EKS, specific resources must be created in the AWS accounts where your hub and spoke EKS clusters are located. Additionally, Kubernetes RBAC rules must be configured on your spoke EKS cluster. This guide provides step-by-step instructions for setting up everything required to deploy PaletteAI on an EKS cluster using shell scripts. These scripts enable your spoke clusters to connect to the hub using IAM Roles for Service Accounts (IRSA). The scripts perform the following steps:
This guide is only required if you are deploying PaletteAI with dedicated spoke clusters separate from your hub cluster. If using the default hub-as-spoke pattern, skip this guide and proceed to Install PaletteAI on GKE.
This page guides you through upgrading PaletteAI to a new version. PaletteAI consists of two Helm charts that must be upgraded in the following order: