Last active
March 20, 2020 07:52
-
-
Save cloudbow/440a85f8871bebbe5a30767532ad16da to your computer and use it in GitHub Desktop.
Install kubeflow with Cognito
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function first_names() { | |
| echo ${CLUSTER_NAME} | |
| export CLUSTER_NAME=${CLUSTER_NAME} | |
| export AWS_REGION=${REGION} | |
| export AWS_DEFAULT_REGION=${AWS_REGION} | |
| } | |
| function aws_account_id_settings(){ | |
| aws configure set default.region ${AWS_REGION} | |
| aws configure get default.region | |
| rm -vf ${HOME}/.aws/credentials | |
| export ACCOUNT_ID=${ACCOUNT_ID} | |
| export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region') | |
| test -n "$AWS_REGION" && echo AWS_REGION is "$AWS_REGION" || echo AWS_REGION is not set | |
| echo "export ACCOUNT_ID=${ACCOUNT_ID}" | tee -a ~/.bash_profile | |
| echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile | |
| aws sts get-caller-identity | |
| } | |
| function generate_and_upload_key(){ | |
| test -n "$(aws ec2 describe-key-pairs --key-name $1)" && return | |
| ssh-keygen | |
| aws ec2 import-key-pair --key-name $1 --public-key-material file://~/.ssh/id_rsa.pub | |
| } | |
| function install_kubectl() { | |
| test -e /usr/local/bin/kubectl && return | |
| sudo curl --silent --location -o /usr/local/bin/kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/kubectl | |
| sudo chmod +x /usr/local/bin/kubectl | |
| sudo yum -y install jq gettext bash-completion | |
| for command in kubectl jq envsubst | |
| do | |
| which $command &>/dev/null && echo "$command in path" || echo "$command NOT FOUND" | |
| done | |
| kubectl completion bash >> ~/.bash_completion | |
| . /etc/profile.d/bash_completion.sh | |
| } | |
| function install_eksctl { | |
| test -e /usr/local/bin/eksctl && return | |
| curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp | |
| sudo mv -v /tmp/eksctl /usr/local/bin | |
| eksctl version | |
| eksctl completion bash >> ~/.bash_completion | |
| . /etc/profile.d/bash_completion.sh | |
| . ~/.bash_completion | |
| } | |
| function create_eks_cluster(){ | |
| test -n "$(eksctl get cluster --name $CLUSTER_NAME)" && return | |
| eksctl create cluster --name=$CLUSTER_NAME --nodes=$1 --managed --alb-ingress-access --region=${AWS_REGION} | |
| } | |
| function list_stacks() { | |
| aws cloudformation list-stacks | |
| } | |
| function export_names() { | |
| list_stacks | |
| #export CONFIG_URI=/home/ec2-user/environment/$CLUSTER_NAME/kfctl_aws.0.7.0.yaml | |
| #export CONFIG_URI="https://raw.githubusercontent.com/kubeflow/manifests/v0.7-branch/kfdef/kfctl_aws.0.7.1.yaml" | |
| export CONFIG_URI="https://raw.githubusercontent.com/kubeflow/manifests/v1.0-branch/kfdef/kfctl_aws_cognito.v1.0.0.yaml" | |
| #export CONFIG_URI="https://raw.githubusercontent.com/kubeflow/manifests/v1.0-branch/kfdef/kfctl_aws.v1.0.0.yaml" | |
| export NODEGROUP_NAME=$(eksctl get nodegroups --cluster $CLUSTER_NAME -o json | jq -r '.[0].Name') | |
| export AWS_CLUSTER_NAME=$CLUSTER_NAME | |
| export KF_NAME=${AWS_CLUSTER_NAME} | |
| export BASE_DIR=~/environment | |
| export KF_DIR=${BASE_DIR}/${KF_NAME} | |
| export AWS_REGION=$AWS_DEFAULT_REGION | |
| } | |
| # autoscale | |
| function auto_scale() { | |
| export_names | |
| COUNT=$(eksctl get nodegroup --cluster ml-eks-v8 | awk 'NR==2' | awk '{print $6}') | |
| test $COUNT -eq $1 && return | |
| eksctl scale nodegroup --cluster $CLUSTER_NAME --name $NODEGROUP_NAME --nodes $1 | |
| } | |
| function install_kfctl() { | |
| test -e /usr/local/bin/kfctl && return | |
| curl --silent --location "$1" | tar xz -C /tmp | |
| sudo mv -v /tmp/kfctl /usr/local/bin | |
| } | |
| function download_iam_auth() { | |
| test -e /usr/local/bin/aws-iam-authenticator && return | |
| curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.13.7/2019-06-11/bin/linux/amd64/aws-iam-authenticator | |
| chmod +x aws-iam-authenticator | |
| sudo mv aws-iam-authenticator /usr/local/bin | |
| } | |
| function role_name() { | |
| list_stacks | |
| STACK_NAME=$(eksctl get nodegroup --cluster $CLUSTER_NAME -o json | jq -r '.[].StackName') | |
| ROLE_NAME=$(aws cloudformation describe-stack-resources --stack-name $STACK_NAME | jq -r '.StackResources[] | select(.ResourceType=="AWS::IAM::Role") | .PhysicalResourceId') | |
| export ROLE_NAME=${ROLE_NAME} | |
| echo $ROLE_NAME | |
| } | |
| function build_kf() { | |
| export_names | |
| install_kfctl "https://github.com/kubeflow/kfctl/releases/download/v1.0-rc.4/kfctl_v1.0-rc.3-1-g24b60e8_linux.tar.gz" | |
| download_iam_auth | |
| echo ${KF_DIR} | |
| mkdir -p ${KF_DIR} | |
| cd ${KF_DIR} | |
| echo `pwd` | |
| rm -rf * | |
| kfctl build -V -f ${CONFIG_URI} | |
| } | |
| function repalce_kube_config() { | |
| export_names | |
| download_iam_auth | |
| role_name | |
| TMP_FILE=/tmp/config.$(date +%s) | |
| export CONFIG_FILE=${KF_DIR}/$1 | |
| cp ${CONFIG_FILE} $TMP_FILE | |
| echo copied config is "$TMP_FILE" | |
| sed -i -e 's/kubeflow-aws/'"$AWS_CLUSTER_NAME"'/' ${CONFIG_FILE} | |
| sed -i "s@region: us-west-2@region: $AWS_REGION@" ${CONFIG_FILE} | |
| test -n "$ROLE_NAME" && echo ROLE_NAME is "$ROLE_NAME" || echo ROLE_NAME is not set | |
| sed -i "s@eksctl-$CLUSTER_NAME-nodegroup-ng-a2-NodeInstanceRole-xxxxx@$ROLE_NAME@" ${CONFIG_FILE} | |
| #diff $TMP_FILE ${CONFIG_FILE} | |
| } | |
| function create_certificate_arn() { | |
| LOCAL_STATE_FILE=$HOME/kubeflow | |
| mkdir -p ${LOCAL_STATE_FILE}/${CLUSTER_NAME} | |
| CERTIFICATE_ARN=`cat ${LOCAL_STATE_FILE}/${CLUSTER_NAME}/cert-arn | jq -r ".CertificateArn"` | |
| test -n $CERTIFICATE_ARN || return | |
| #test -n "$(aws acm get-certificate --certificate-arn $CERTIFICATE_ARN)" && return | |
| aws acm request-certificate \ | |
| --domain-name ${DNS_NAME} \ | |
| --validation-method DNS \ | |
| --idempotency-token ${IDEMPOTENCY_TOKEN} \ | |
| --options CertificateTransparencyLoggingPreference=DISABLED > ${LOCAL_STATE_FILE}/${CLUSTER_NAME}/cert-arn | |
| CERTIFICATE_ARN=`cat ${LOCAL_STATE_FILE}/${CLUSTER_NAME}/cert-arn | jq -r ".CertificateArn"` | |
| export CERTIFICATE_ARN=${CERTIFICATE_ARN} | |
| } | |
| function cert_arn_from_env(){ | |
| CERTIFICATE_ARN=${CERTIFICATE_ARN} | |
| } | |
| function replace_cognito_config(){ | |
| create_certificate_arn | |
| TMP_FILE=/tmp/config.$(date +%s) | |
| export CONFIG_FILE=${KF_DIR}/$1 | |
| cp ${CONFIG_FILE} $TMP_FILE | |
| echo copied config is "$TMP_FILE" | |
| sed -i "s@arn:aws:cognito-idp:us-west-2:xxxxx:userpool/us-west-2_xxxxxx@$USER_POOL_ARN@" ${CONFIG_FILE} | |
| sed -i "s@xxxxxbxxxxxx@$APP_CLIENT_ID@" ${CONFIG_FILE} | |
| sed -i "s@your-user-pool@$USER_POOL_DOMAIN_NAME@" ${CONFIG_FILE} | |
| sed -i "s@arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxxxxxxxx-xxxx@$CERTIFICATE_ARN@" ${CONFIG_FILE} | |
| #diff $TMP_FILE ${CONFIG_FILE} | |
| cp ${CONFIG_FILE} $TMP_FILE | |
| } | |
| function create_kubeflow() { | |
| rm -rf kustomize | |
| kfctl apply -V -f ${CONFIG_FILE} | |
| } | |
| function get_istio_endpoint() { | |
| kubectl get ingress -n istio-system -o jsonpath='{.items[0].status.loadBalancer.ingress[0].hostname}' | |
| } | |
| first_names | |
| install_kubectl | |
| aws_account_id_settings | |
| generate_and_upload_key "eksworkshop" | |
| install_eksctl | |
| create_eks_cluster 2 | |
| #auto_scale 6 | |
| build_kf | |
| repalce_kube_config "kfctl_aws_cognito.v1.0.0.yaml" | |
| cert_arn_from_env | |
| replace_cognito_config "kfctl_aws_cognito.v1.0.0.yaml" | |
| create_kubeflow | |
| get_istio_endpoint |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment