Skip to main content
W&B recommends fully managed deployment options such as W&B Multi-tenant Cloud or W&B Dedicated Cloud deployment types. W&B fully managed services are simple and secure to use, with minimum to no configuration required.
This guide provides instructions for deploying W&B Platform on on-premises Kubernetes infrastructure, including datacenter and private cloud environments. For air-gapped or fully disconnected environments, see the Deploy on Air-Gapped Kubernetes guide. Reach out to the W&B Sales to learn more.

Prerequisites

Before deploying W&B on your on-premises Kubernetes infrastructure, ensure your environment meets all requirements. For complete details, see the Requirements page, which covers:
  • Kubernetes cluster requirements (versions, ingress, persistent volumes)
  • MySQL database configuration
  • Redis requirements
  • Object storage setup
  • SSL/TLS certificates
  • Networking and load balancer configuration
  • Hardware sizing recommendations
Additionally, refer to the Reference Architecture for infrastructure guidelines and best practices.

Object storage provisioning

W&B requires S3-compatible object storage. For detailed provisioning instructions for various storage providers, see:

Provision your storage bucket

Before configuring W&B, provision your object storage bucket with proper IAM policies, CORS configuration, and access credentials. See the Bring Your Own Bucket (BYOB) guide for detailed step-by-step provisioning instructions for:
  • Amazon S3 (including IAM policies and bucket policies)
  • Google Cloud Storage (including PubSub notifications)
  • Azure Blob Storage (including managed identities)
  • CoreWeave AI Object Storage
  • S3-compatible storage (MinIO Enterprise, NetApp StorageGRID, and other enterprise solutions)
After provisioning your object storage, you’ll configure it in the W&B Custom Resource as described in the deployment steps below.

Deploy W&B with the Kubernetes Operator

The recommended method for deploying W&B on Kubernetes is using the W&B Kubernetes Operator. The operator manages the W&B platform components and simplifies deployment, updates, and maintenance.

Choose your deployment method

The W&B Operator can be deployed using two methods:
  1. Helm CLI - Direct deployment using Helm commands
  2. Terraform - Infrastructure-as-code deployment using Terraform
For complete deployment instructions, including step-by-step guides for both methods, see Deploy W&B with Kubernetes Operator. The operator guide covers:
  • Installing the operator
  • Configuring the W&B Custom Resource (CR)
  • Object storage configuration
  • MySQL and Redis connection settings
  • SSL/TLS certificate configuration
  • Ingress and networking setup
  • Updates and maintenance

On-premises specific considerations

When deploying on on-premises infrastructure, pay special attention to the following:

Load balancer configuration

On-premises Kubernetes clusters typically require manual load balancer configuration. Options include:
  • External load balancer: Configure an existing hardware or software load balancer (F5, HAProxy, etc.)
  • Nginx Ingress Controller: Deploy nginx-ingress-controller with NodePort or host networking
  • MetalLB: For bare-metal Kubernetes clusters, MetalLB provides load balancer services
For detailed load balancer configuration examples, see the Reference Architecture networking section.

Persistent storage

Ensure your Kubernetes cluster has a StorageClass configured for persistent volumes. W&B components may require persistent storage for caching and temporary data. Common on-premises storage options:
  • NFS-based storage classes
  • Ceph/Rook storage
  • Local persistent volumes
  • Enterprise storage solutions (NetApp, Pure Storage, etc.)

DNS and certificate management

For on-premises deployments:
  • Configure internal DNS records to point to your W&B hostname
  • Provision SSL/TLS certificates from your internal Certificate Authority (CA)
  • If using self-signed certificates, configure the operator to trust your CA certificate
See the SSL/TLS requirements for certificate configuration details.

OpenShift deployments

W&B fully supports deployment on OpenShift Kubernetes clusters. OpenShift deployments require additional security context configurations due to OpenShift’s stricter security policies. For OpenShift-specific configuration details, see:

Object storage configuration

After provisioning your object storage bucket (see Prerequisites above), configure it in your W&B Custom Resource.

AWS S3 (on-premises)

For on-premises AWS S3 (via Outposts or compatible storage): 
bucket:
  kmsKey: <kms key arn>  # Optional KMS key for encryption
  name: <bucket name>    # Example: wandb
  path: ""               # Keep as empty string
  provider: s3
  region: <region>       # Example: us-east-1

S3-compatible storage (MinIO, Ceph, NetApp, etc.)

For S3-compatible storage systems: 
bucket:
  kmsKey: null
  name: <s3 endpoint>    # Example: s3.example.com:9000
  path: <bucket name>    # Example: wandb
  provider: s3
  region: <region>       # Example: us-east-1
To enable TLS for S3-compatible storage, append ?tls=true to the bucket path: 
bucket:
  path: "wandb?tls=true"
The certificate must be trusted. Self-signed certificates require additional configuration. See the SSL/TLS requirements for details.

Important considerations for on-premises object storage

When running your own object storage, consider:
  1. Storage capacity and performance: Monitor disk capacity carefully. Average W&B usage results in tens to hundreds of gigabytes. Heavy usage could result in petabytes of storage consumption.
  2. Fault tolerance: At minimum, use RAID arrays for physical disks. For S3-compatible storage, use distributed or highly available configurations.
  3. Availability: Configure monitoring to ensure the storage remains available.

MinIO considerations

MinIO Open Source is in maintenance mode with no active development. Pre-compiled binaries are no longer provided, and only critical security fixes are considered case-by-case. For production deployments, W&B recommends using managed object storage services or MinIO Enterprise (AIStor).
Enterprise alternatives for on-premises object storage include: If you are using an existing MinIO deployment or MinIO Enterprise, you can create a bucket using the MinIO client: 
mc config host add local http://$MINIO_HOST:$MINIO_PORT "$MINIO_ACCESS_KEY" "$MINIO_SECRET_KEY" --api s3v4
mc mb --region=us-east-1 local/wandb-files

Verify your installation

After deploying W&B, verify the installation is working correctly: To verify the installation, W&B recommends using the W&B CLI. The verify command executes several tests that verify all components and configurations.
This step assumes that the first admin user account is created with the browser.
Follow these steps to verify the installation:
  1. Install the W&B CLI:
pip install wandb
  1. Log in to W&B:
wandb login --host=https://YOUR_DNS_DOMAIN
For example: 
wandb login --host=https://wandb.company-name.com
  1. Verify the installation:
wandb verify
A successful installation and fully working W&B deployment shows the following output: 
Default host selected:  https://wandb.company-name.com
Find detailed logs for this test at: /var/folders/pn/b3g3gnc11_sbsykqkm3tx5rh0000gp/T/tmpdtdjbxua/wandb
Checking if logged in...................................................✅
Checking signed URL upload..............................................✅
Checking ability to send large payloads through proxy...................✅
Checking requests to base url...........................................✅
Checking requests made over signed URLs.................................✅
Checking CORs configuration of the bucket...............................✅
Checking wandb package version is up to date............................✅
Checking logged metrics, saving and downloading a file..................✅
Checking artifact save and download workflows...........................✅
Contact W&B Support if you encounter errors.

Next steps

After successful deployment:
  1. Configure user authentication: Set up SSO or other authentication methods
  2. Set up monitoring: Configure monitoring for your W&B instance and infrastructure
  3. Plan for updates: Review the Server upgrade process and establish an update cadence
  4. Configure backups: Establish backup procedures for your MySQL database

Getting help

If you encounter issues during deployment: