LG setup list 20-kubeflow/

01-kubernetes/
02-helm/
03-calico/
04-metallb/
05-ingress-nginx/

---------------------------------
06-csi-driver/
07-prometheus-grafana/
08-grafana/
100-airflow-metadata-db/
101-samba-storage/

---------------------------------
102-netdata/
103-metric-server/
10-airflow/
200-volumes/
20-kubeflow/

---------------------------------
30-harbor/
31-jenkins/
32-argocd/
40-kubernetes-dashboard/
50-ray/

---------------------------------
99-kubernetes-uninstall/

2023 cert/
storageclasses/

root@master:~/setup/20-kubeflow# cat README.md ## Kubeflow 구축 ### 개요 - Cloud native 환경에서 머신러닝 워크플로우를 구축하고 실행 할 수 있는 플랫폼인 kubeflow 환경 구축 ### 환경 - v1.7 설치 - v1.8 (2023. 09. 08 released) 적용 예정 ### 절차 ##### manifest repository clone ```bash git clone https://github.com/kubeflow/manifests.git git checkout v1.7-branch ``` ##### 설정 변경 - 향후 세부 설정이 진행됨에 따라 작성 내용이 추가되거나 변경 될 수 있습니다. ###### jupyter 서비스 http 접속 제한 해제 - `apps/jupyter/jupyter-web-app/upstream/base/params.env` ```conf JWA_APP_SECURE_COOKIES=false ``` ###### volume 서비스 http 접속 제한 해제 - `apps/volumes-web-app/upstream/base/params.env` ```conf JWA_APP_SECURE_COOKIES=false ``` ###### Storage class 생성 - Kubeflow가 사용할 storage class의 secret key 생성 - Samba storage 경로를 생성하고 csi driver로 storage class와 pv 연결 - secret 생성 ```bash #!/bin/bash kubectl create ns kubeflow-sc kubectl create ns istio-system kubectl create secret generic smbcreds --from-literal username="ubuntu" --from-literal password="test" kubectl create secret generic smbcreds --from-literal username="ubuntu" --from-literal password="test" -n kubeflow-sc kubectl create secret generic smbcreds --from-literal username="ubuntu" --from-literal password="test" -n istio-system ``` - storage class 생성   - uid 1000 / gid 100 변경 금지   - default storage 설정 필수 ```yaml --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata:   # storage class 이름   name: sc-smb-kubeflow # storage class provisioner 이름 provisioner: kubeflow.smb.csi.k8s.io parameters:   # samba server entry point   source: "//10.175.41.91/kubeflow"   # 이전 단계에서 만든 secret 입력   csi.storage.k8s.io/provisioner-secret-name: "smbcreds"   csi.storage.k8s.io/provisioner-secret-namespace: "kubeflow-sc"   csi.storage.k8s.io/node-stage-secret-name: "smbcreds"   csi.storage.k8s.io/node-stage-secret-namespace: "kubeflow-sc" volumeBindingMode: Immediate reclaimPolicy: Retain # mount option: 추가 리서치 필요 mountOptions:   - dir_mode=0644   - file_mode=0755   - uid=1000   - gid=100   - noperm   - mfsymlinks   - noserverino  # required to prevent data corruption ``` - csi driver 설치 ```bash helm install kubeflow-smb-driver csi-driver-smb/csi-driver-smb \ --version=v1.12.0 \ --namespace kubeflow-sc \ --set driver.name="kubeflow.smb.csi.k8s.io" \ --set controller.name="smb-controller-kf" \ --set rbac.name=smb-controller-kf \ --set serviceAccount.controller=smb-controller-kf-sa \ --set serviceAccount.node=smb-node-kf-sa \ --set node.name=smb-node-kf \ --set controller.metricsPort=38000 \ --set controller.livenessProbe.healthPort=38001 \ --set node.livenessProbe.healthPort=38002 \ --set username=ubuntu \ --set password=test \ --wait -v=5 --debug ``` ##### kustomize 설치 - 설치 스크립트를 수행하여 kustomize download ```bash curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash mv kustomize /usr/local/bin/ ``` ##### kubeflow 설치 - Kubeflow 플랫폼 전체 서비스 설치는 `example/kustomization.yaml` 파일로 진행 ```bash # 설치 진행 while ! kustomize build example | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done ``` ##### central dashboard ingress 설정 - kubeflow istio-system의 ingress-gateway를 metallb load balancer에 연결하여 외부 접속 허용 ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata:   annotations:   generation: 1   labels:   name: istio-ingressgateway   namespace: istio-system spec:   ingressClassName: nginx   rules:   - host: notebook-tms.com     http:       paths:       - backend:           service:             name: istio-ingressgateway             port:               name: 80         path: / status:   loadBalancer:     ingress:     - ip: 165.186.85.115