This is a module deploying kubeflow purely in Terraform. Versioning is following Terraform's own versions : 0.12.x and 0.13.x. The active development will be now done on Terraform 0.13, 0.12 will be "frozen".
Due to the difficulties to have proper optional dependencies, with TF 0.12 you need to install istio and cert-manager as part of the process (as intended by Kubeflow). With Terraform 0.13 it is possible to reuse an existing installation of cert-manager and istio.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cert_manager_namespace | The namespace for istio operator | string |
"cert-manager" |
no |
| cert_manager_version | The version of cert-manager | string |
"v0.16.1" |
no |
| certificate_name | The secret where the pre-generated certificate is stored | string |
"" |
no |
| dns_record | The DNS record for Kubeflow's ingresses | string |
"kubeflow" |
no |
| domain_name | The domain name for Kubeflow's ingresses DNS records | string |
"" |
no |
| ingress_gateway_annotations | A map of key-value annotations for istio ingressgateway | map(string) |
{} |
no |
| ingress_gateway_ip | The IP of istio ingressgateway | string |
"" |
no |
| ingress_gateway_selector | Istio ingressgateway selector | string |
"ingressgateway" |
no |
| install_cert_manager | n/a | bool |
false |
no |
| install_istio | Should this module install istio | bool |
false |
no |
| istio_namespace | The namespace for istio | string |
"istio-system" |
no |
| istio_operator_namespace | The namespace for istio operator | string |
"istio-operator" |
no |
| kubeflow_components | The list of components to install. KF Operator does not support updates so changes after initial deployment will not be reflected. | list(string) |
[ |
no |
| kubeflow_operator_namespace | The namespace for kubeflow operator | string |
"kubeflow-operator" |
no |
| kubeflow_operator_version | The version of kubeflow operator to install | string |
"1.1.0" |
no |
| kubeflow_version | The version of kubeflow to install | string |
"1.1.0" |
no |
| letsencrypt_email | The email to use for let's encrypt certificate requests | string |
"" |
no |
| oidc_auth_url | The auth url for OIDC | string |
"/dex/auth" |
no |
| oidc_client_id | The Client ID for OIDC | string |
"kubeflow-oidc-authservice" |
no |
| oidc_client_secret | The OIDC client secret. The default value is not safe ! | string |
"pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok" |
no |
| oidc_issuer | The OIDC issuer | string |
"http://dex.auth.svc.cluster.local:5556/dex" |
no |
| oidc_redirect_url | The OIDC redirect URL | string |
"/login/oidc" |
no |
| oidc_userid_claim | The claim for OIDC auth flows | string |
"email" |
no |
| use_cert_manager | Should we use cert-manager for ingresses certificates | bool |
false |
no |
module "kubeflow" {
providers = {
kubernetes = kubernetes
k8s = k8s
helm = helm
}
source = "datarootsio/kubeflow/module"
version = "~>0.12"
ingress_gateway_ip = "10.20.30.40"
use_cert_manager = true
domain_name = "foo.local"
letsencrypt_email = "[email protected]"
kubeflow_components = ["pipelines"]
}module "kubeflow" {
providers = {
kubernetes = kubernetes
k8s = k8s
helm = helm
}
source = "datarootsio/kubeflow/module"
version = "~>0.13"
ingress_gateway_ip = "10.20.30.40"
use_cert_manager = true
install_istio = false
install_cert_manager = false
domain_name = "foo.local"
letsencrypt_email = "[email protected]"
kubeflow_components = ["pipelines"]
}No output.
Contributions to this repository are very welcome! Found a bug or do you have a suggestion? Please open an issue. Do you know how to fix it? Pull requests are welcome as well! To get you started faster, a Makefile is provided.
Make sure to install Terraform, Go (for automated testing) and Make (optional, if you want to use the Makefile) on your computer. Install tflint to be able to run the linting.
- Setup tools & dependencies:
make tools - Format your code:
make fmt - Linting:
make lint - Run tests:
make test(orgo test -timeout 2h ./...without Make)
To run the automated tests, you need to be logged in to a kubernetes cluster. We use k3s in the test pipelines.
MIT license. Please see LICENSE for details.