Terraform Deployment Guide

Deploy Kubeflow with AWS Cognito as an identity provider using Terraform

Note: Terraform deployment option is still in preview.

Background

This guide will walk you through using Terraform to:

  • Create a VPC
  • Create an EKS cluster
  • Create a Route53 subdomain
  • Create a Cognito user pool
  • Deploy Kubeflow with Cognito as an identity provider

Find additional information on using Cognito with the AWS Distribution for Kubeflow in this guide. You can also check Terraform documentation.

Prerequisites

Be sure that you have satisfied the installation prerequisites before working through this guide.

Specifially, you must:

Additionally, ensure you are in the REPO_ROOT/deployments/cognito/terraform folder.

From the repository’s root folder, run:

cd deployments/cognito/terraform
pwd

Deployment Steps

Configure

  1. Register a domain using Route 53. When you register a domain with Route 53, it automatically creates a hosted zone for the domain.

    • The provided Terraform stack will create and delegate a subdomain for the Kubeflow platform automatically.
    • If you do not use Route53 for your top level domain, you can follow the steps in create a subdomain section of the load balancer guide to create a subdomain manually and provide the route 53 subdomain hosted zone name as input to the terraform stack. Additionally you have to set the Terraform variable create_subdomain=false:
      export TF_VAR_create_subdomain="false"
      
  2. Set the following environment variables:

    # Region to create the cluster in
    export CLUSTER_REGION=
    # Name of the cluster to create
    export CLUSTER_NAME=
    # Name of an existing Route53 root domain (e.g. example.com)
    export ROOT_DOMAIN=
    # Name of the subdomain to create (e.g. platform.example.com)
    export SUBDOMAIN=
    # Name of the cognito user pool to create
    export USER_POOL_NAME=
    # Load balancer scheme
    export LOAD_BALANCER_SCHEME=internet-facing
    

    NOTE: Configure Load Balancer Scheme (e.g. internet-facing or internal). Default is set to internet-facing. Use internal as the load balancer scheme if you want the load balancer to be accessible only within your VPC. See Load balancer scheme in the AWS documentation

  3. Save the variables to a .tfvars file:

    cat <<EOF > sample.auto.tfvars
    cluster_name="${CLUSTER_NAME}"
    cluster_region="${CLUSTER_REGION}"
    aws_route53_root_zone_name="${ROOT_DOMAIN}"
    aws_route53_subdomain_zone_name="${SUBDOMAIN}"
    cognito_user_pool_name="${USER_POOL_NAME}"
    load_balancer_scheme="${LOAD_BALANCER_SCHEME}"
    EOF
    

(Optional) Configure Culling for Notebooks

Enable culling for notebooks by following the instructions in configure culling for notebooks guide.

Optionally enable AWS S3 as a Terraform backend by following the instructions here.

View all configurations

View all possible configuration options of the terraform stack in the variables.tf file.

Preview

To check the configuration you are about to apply, run:

terraform init && terraform plan

Apply

Deploy Kubeflow with Cognito:

make deploy

Connect to your Kubeflow dashboard

  1. Go to the Cognito console and create some users in Users and groups using their email user@example.com.
  2. Get the link to the central dashboard:
    terraform output -raw kubelow_platform_domain
    
  3. Open the link in the browser and connect via the user credentials that were just configured.

Cleanup

Uninstall Kubeflow on AWS.

make delete
Last modified April 19, 2023: Update TF S3 backend guide (#688) (41e87484)