Customizing Kubeflow on AWS

Tailoring a AWS deployment of Kubeflow

This guide describes how to customize your deployment of Kubeflow on Amazon EKS.These steps can be done before you run apply -V -f ${CONFIG_FILE} command. Please see the following sections for details. If you don’t understand the deployment process, please see deploy for details.

Customizing Kubeflow

Here are the optional configuration parameters for kfctl on the AWS platform.

OptionsDescriptionRequired
awsClusterNameName of your new or existing Amazon EKS clusterYES
awsRegionThe AWS Region to launch inYES
awsNodegroupRoleNamesThe IAM role names for your worker nodesYES for existing clusters / No for new clusters

Customize your Amazon EKS cluster

Before you run kfctl apply -V -f ${CONFIG_FILE}, you can edit the cluster configuration file to change cluster specification before you create the cluster.

Cluster configuration is stored in ${KF_DIR}/aws_config/cluster_config.yaml. Please see eksctl for configuration details.

For example, the following is a cluster manifest with one node group which has 2 p2.xlarge instances. You can easily enable SSH and configure a public key. All worker nodes will be in single Availability Zone.

  1. apiVersion: eksctl.io/v1alpha5
  2. kind: ClusterConfig
  3. metadata:
  4.   # AWS_CLUSTER_NAME and AWS_REGION will override `name` and `region` here.
  5.   name: kubeflow-example
  6.   region: us-west-2
  7.   version: '1.14'
  8. # If your region has multiple availability zones, you can specify 3 of them.
  9. #availabilityZones: ["us-west-2b", "us-west-2c", "us-west-2d"]
  11. # NodeGroup holds all configuration attributes that are specific to a nodegroup
  12. # You can have several node groups in your cluster.
  13. nodeGroups:
  14.   - name: eks-gpu
  15.     instanceType: p2.xlarge
  16.     availabilityZones: ["us-west-2b"]
  17.     desiredCapacity: 2
  18.     minSize: 0
  19.     maxSize: 2
  20.     volumeSize: 30
  21.     ssh:
  22.       allow: true
  23.       sshPublicKeyPath: '~/.ssh/id_rsa.pub'
  25.   # Example of GPU node group
  26.   # - name: Tesla-V100
  27.   # Choose your Instance type for the node group.
  28.   #   instanceType: p3.2xlarge
  29.   # GPU cluster can use single availability zone to improve network performance
  30.   #   availabilityZones: ["us-west-2b"]
  31.   # Autoscaling Groups settings
  32.   #   desiredCapacity: 0
  33.   #   minSize: 0
  34.   #   maxSize: 4
  35.   # Node Root Disk
  36.   #   volumeSize: 50
  37.   # Enable SSH out side your VPC.
  38.   #   allowSSH: true
  39.   #   sshPublicKeyPath: '~/.ssh/id_rsa.pub'
  40.   # Customize Labels
  41.   #   labels:
  42.   #     'k8s.amazonaws.com/accelerator': 'nvidia-tesla-k80'
  43.   # Setup pre-defined iam roles to node group.
  44.   #   iam:
  45.   #     withAddonPolicies:
  46.   #       autoScaler: true

Customize Authentication

Please see this section

Customize IAM Role for Pods

Please see this section

Customize Private Access

Please see this section

Customize Logging

Please see this section

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified 23.02.2020: Add more details on authn and authz settings for AWS (#1721) (7599a779)