Customizing Kubeflow on AWS

Tailoring a AWS deployment of Kubeflow

This guide describes how to customize your deployment of Kubeflow on Amazon EKS. These steps can be done before you run apply -V -f ${CONFIG_FILE} command. Please see the following sections for details. If you don’t understand the deployment process, please see deploy for details.

Customize your Amazon EKS cluster

Note: This is only working for user who like kfctl to create a new EKS cluster. If you already have the cluster, you can skip this section.

Before you run kfctl apply -V -f ${CONFIG_FILE}, you can edit the cluster configuration file to change cluster specification before you create the cluster.

For example, the following is a cluster manifest with one node group which has 2 p2.xlarge instances. You can easily enable SSH and configure a public key. All worker nodes will be in single Availability Zone.

  1. apiVersion: eksctl.io/v1alpha5
  2. kind: ClusterConfig
  3. metadata:
  4.   # AWS_CLUSTER_NAME and AWS_REGION will override `name` and `region` here.
  5.   name: kubeflow-example
  6.   region: us-west-2
  7.   version: '1.17'
  8. # If your region has multiple availability zones, you can specify 3 of them.
  9. #availabilityZones: ["us-west-2b", "us-west-2c", "us-west-2d"]
  11. # NodeGroup holds all configuration attributes that are specific to a nodegroup
  12. # You can have several node groups in your cluster.
  13. nodeGroups:
  14.   - name: eks-gpu
  15.     instanceType: p2.xlarge
  16.     availabilityZones: ["us-west-2b"]
  17.     desiredCapacity: 2
  18.     minSize: 0
  19.     maxSize: 2
  20.     volumeSize: 30
  21.     ssh:
  22.       allow: true
  23.       publicKeyPath: '~/.ssh/id_rsa.pub'
  25.   # Example of GPU node group
  26.   # - name: Tesla-V100
  27.   # Choose your Instance type for the node group.
  28.   #   instanceType: p3.2xlarge
  29.   # GPU cluster can use single availability zone to improve network performance
  30.   #   availabilityZones: ["us-west-2b"]
  31.   # Autoscaling Groups settings
  32.   #   desiredCapacity: 0
  33.   #   minSize: 0
  34.   #   maxSize: 4
  35.   # Node Root Disk
  36.   #   volumeSize: 50
  37.   # Enable SSH out side your VPC.
  38.   #   allowSSH: true
  39.   #   publicKeyPath: '~/.ssh/id_rsa.pub'
  40.   # Customize Labels
  41.   #   labels:
  42.   #     'k8s.amazonaws.com/accelerator': 'nvidia-tesla-k80'
  43.   # Setup pre-defined iam roles to node group.
  44.   #   iam:
  45.   #     withAddonPolicies:
  46.   #       autoScaler: true

Customize Authentication

If you use https://raw.githubusercontent.com/kubeflow/manifests/v1.1-branch/kfdef/kfctl_aws.v1.1.0.yaml, you can consider to change the default password in the configuration file. The configuration file contains:

  1. spec:
  2.   auth:
  3.   basicAuth:
  4.     password: 12341234
  5.     username: admin@kubeflow.org

If you use https://raw.githubusercontent.com/kubeflow/manifests/v1.1-branch/kfdef/kfctl_aws_cognito.v1.1.0.yaml, please see this section

Customize IAM Role for Pods

Please see this section

Customize Private Access

Please see this section

Customize Logging

Please see this section

Last modified 04.08.2020: Remove outdate banner for AWS docs (#2080) (efc5b0cf)