Deployment setup
Currently Kfops supports two endpoints (production and staging) where ML models can be deployed. The settings below explain how to configure Kubernetes "production" and "staging" namespaces (with "staging" being optional) to work with Kfops.
The name of your staging and production namespaces can be set per each code repository that is being integrated with Kfops. For details refer to "deployment" section in main config file.
Configure deployment namespaces
Note: Steps below are based on this source.
Manifests below create deployment namespace and configure KServe access to the MinIO service where ML models are stored after training.
apiVersion: v1
kind: Namespace
metadata:
name: <NAMESPACE>
labels:
# Enable Istio (optional)
istio-injection: enabled
---
apiVersion: v1
kind: Secret
metadata:
name: minio-access-for-deployment
namespace: <NAMESPACE>
annotations:
serving.kserve.io/s3-endpoint: minio-service.kubeflow:9000
serving.kserve.io/s3-usehttps: "0"
serving.kserve.io/s3-verifyssl: "0"
serving.kserve.io/s3-region: us-east-1
type: Opaque
# Note: Use `stringData` for raw credential string or `data` for base64 encoded string
stringData:
# Modify only if you changed minio credentials
AWS_ACCESS_KEY_ID: minio
AWS_SECRET_ACCESS_KEY: minio123
Remember to replace <NAMESPACE>
with your namespace name.
Next, create ServiceAccount
as follows:
apiVersion: v1
kind: ServiceAccount
metadata:
name: deployer
namespace: <NAMESPACE>
secrets:
- name: minio-access-for-deployment
Remember to replace <NAMESPACE>
with your namespace name.
Created ServiceAccount
name
is going to be used by your repository's deployment function.
For details refer to deployment function in User guide.
Notice: Namespace
, Secret
and ServiceAccount
have to be created separately per each (production and staging) namespace.