{"id":18802159,"url":"https://github.com/oracle-quickstart/oke-kubeflow","last_synced_at":"2025-04-13T18:31:18.009Z","repository":{"id":79273933,"uuid":"379929985","full_name":"oracle-quickstart/oke-kubeflow","owner":"oracle-quickstart","description":"Kubeflow on OCI","archived":true,"fork":false,"pushed_at":"2022-07-27T19:14:55.000Z","size":417,"stargazers_count":10,"open_issues_count":1,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-19T21:12:39.048Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"upl-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oracle-quickstart.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-24T13:14:09.000Z","updated_at":"2024-05-02T18:28:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"ca5f95a1-a803-4b12-9e15-1afa2405a55b","html_url":"https://github.com/oracle-quickstart/oke-kubeflow","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":"oracle-quickstart/oci-quickstart-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-kubeflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-kubeflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-kubeflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oracle-quickstart%2Foke-kubeflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oracle-quickstart","download_url":"https://codeload.github.com/oracle-quickstart/oke-kubeflow/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248760331,"owners_count":21157340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T22:26:48.467Z","updated_at":"2025-04-13T18:31:18.000Z","avatar_url":"https://github.com/oracle-quickstart.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubeflow on OCI OKE\nThis quickstart template deploys [Kubeflow](https://www.kubeflow.org/#overview) on [Oracle Kubernetes Engine (OKE)](https://docs.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengoverview.htm).\n\n# Pre-Requisites\nPlease read the following prerequisites sections thoroughly prior to deployment.\n\n## Instance Principals \u0026 IAM Policy\nDeployment depends on use of [Instance Principals](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm) via OCI CLI to generate kube config for use with kubectl.  You should create a [dynamic group](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm) for the compartment where you are deploying Kubeflow.   In this example, I am using a [Default Tag](https://docs.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm) for all resources in the target compartment to define the Dynamic Group:\n\n\ttag.Kubeflow.InstancePrincipal.value='Enabled'\n\nAfter creating the group, you should set specific [IAM policies](https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm) for OCI service interaction:\n\n\tAllow dynamic-group Kubeflow to manage cluster-family in compartment Kubeflow\n\tAllow dynamic-group Kubeflow to manage object-family in compartment Kubeflow\n\t\n\nThis will allow interaction with the OKE cluster using instance principals, as well as Kubeflow to interact with Object Storage and OCI Vaults.\n\n\u003c!-- ## Kubeflow Security\nYou will also need an [OCI Vault](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm), and two [Vault Secrets](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingsecrets.htm) - one for Kubeflow Login and one for Kubeflow Password.  Create the vault and secrets prior to deployment, and capture the OCIDs of each secret to insert into the deployment template.  These will be retrieved during the deployment process so that they do not persist in any terraform metadata.\n\n*Note that the Vault should be in the same region you plan to deploy this template* - This is because the template uses OCI CLI to retrieve the vault secrets, and the OCI CLI configuration is localized to the deployment region.\n--\u003e\n# Deployment\nThis deployment uses [Oracle Resource Manager](https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm) and consists of a VCN, OKE Cluster with Node Pool, and an Edge node.   The Edge node installs OCI CLI, Kubectl, and Kustomize.  Kustomize is used to build [Kubeflow manifests](https://github.com/kubeflow/manifests) and deploy them to OKE using kubectl.   This is done using [cloudinit](userdata/cloudinit.sh) - the build process is logged in ``/var/log/OKE-kubeflow-initialize.log``.\n\n*Note that you should select shapes and scale your node pool as appropriate for your workload.*\n\nThis template deploys the following by default:\n\n* Virtual Cloud Network\n  * Public (Edge) Subnet\n  * Private Subnet\n  * Internet Gateway\n  * NAT Gateway\n  * Service Gateway\n  * Route tables\n  * Security Lists\n    * TCP 22 for Edge SSH on public subnet\n    * Ingress to both subnets from VCN CIDR\n    * Egress to Internet for both subnets\n* OCI Virtual Machine Edge Node\n* OKE Cluster and Node Pool\n\nSimply click the Deploy to OCI button to create an ORM stack, then walk through the menu driven deployment.  Once the stack is created, use the menu to Plan and Apply the template.\n\n[![Deploy to Oracle Cloud](https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg)](https://console.us-ashburn-1.oraclecloud.com/resourcemanager/stacks/create?region=home\u0026zipUrl=https://github.com/oracle-quickstart/oke-kubeflow/archive/v3.1.1.zip)\n\n## OKE post-deployment\nYou can check status of the OKE cluster using the following kubectl commands:\n\n\tkubectl get pods -n cert-manager\n\tkubectl get pods -n istio-system\n\tkubectl get pods -n auth\n\tkubectl get pods -n knative-eventing\n\tkubectl get pods -n knative-serving\n\tkubectl get pods -n kubeflow\n\tkubectl get pods -n kubeflow-user-example-com\n\n### Kubeflow Access\n\n\n\tssh -i ~/.ssh/PRIVATE_KEY opc@EDGE_NODE_IP\n\tcat /var/log/OKE-kubeflow-initialize.log|egrep -i \"Load Balancer IP\"\n\nThen load up your browser to https://\u003cload balancer ip\u003e \n\tNote: The certificate created above is a self signed certificate and hence the browser will issue warning. It needs to be accepted. \n\nLogin with the default user's credential. The default email address is ``user@example.com`` and the password is what was provided with ORM (default is Kubeflow54321)\n\n### Destroying the Stack\nNote that with the inclusion of SSL Load Balancer, you will need to remove the `` istio-ingressgateway `` service before you destroy the stack, or you will get an error. \n\n\tkubectl delete svc istio-ingressgateway -n istio-system\n\nThis will remove the service, then you can destroy the build without errors.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foke-kubeflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foracle-quickstart%2Foke-kubeflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foracle-quickstart%2Foke-kubeflow/lists"}