Installing DKubeX on EKS Cluster using Terraform¶

The terraform scripts available in the dkubex-tf GitHub repository can be used to bring up an AWS EKS cluster and install DKubeX.

Prerequisites¶

Terraform needs to be installed in your system. If you do not have Terraform installed in your system, follow the steps in the following link to install Terraform.

Install Terraform
Make sure the latest version of AWS CLI, kubectl and Helm >=v3.5.0 is installed.

Note

For more information regarding AWS CLI installation, please visit Install or update the latest version of the AWS CLI. For more information regarding Helm installation, go to Helm installation.
Use the following command in the terminal to configure your AWS CLI. When prompted, provide your ‘Access Key’ and ‘Secret Key’ from your AWS account. When asked about ‘Region’, provide the AWS region in which the setup is going to be installed.
```
aws configure
```
Run the following command in the terminal to clone the repo:
```
git clone https://github.com/dkubeio/dkubex-tf.git
```
Make sure you have access to the DKubeX Dockerhub registry token. This token is needed to pull various container images which are created as part of DKubeX installation.

Note

For more details on installing kubectl in linux, click on ‘installing kubectl <https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/>’_

Initialize terraform¶

In your terminal, go into the dkubex-tf repository folder that was cloned in the Prerequisites section.
Initialize terraform backend by running the following command. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform init -backend-config=backend-dev-<aws-region>.tfvars
```

Installing DKubeX¶

Configuring Installation¶

Edit dkubex.tf and make the following changes:

Field	Description
eks_cluster_name	Provide the name of the EKS cluster to be created
eks_desired_instance_count	Provide the desired number of worker (CPU) nodes to be created
eks_max_instance_count	Provide the maximum number of worker (CPU) nodes that can be scaled up to
eks_min_instance_count	Provide the minimum number of worker (CPU) nodes that can be scaled down to
eks_worker_instance_types	Provide the instance type of the worker (CPU) nodes to be created
eks_worker_ng_gpu_count	Provide the type and number of GPU nodes to be created
installer_action	Set as install
release	Version of DKubeX to be installed
flyte_enabled	Set as true if you want to install Flyte along with DKubeX
kubeflow_enabled	Set as true if you want to install Kubeflow along with DKubeX
enable_ldap_server	Set as true if you want to enable internal ldap server

Edit securellm.tfvars and make the following changes:

Field

Description

securellm_action

Set as install

securellm_version

Version of SecureLLM to be installed

securellm_password

Set the password for SecureLLM

Field	Description
securellm_action	Set as install
securellm_version	Version of SecureLLM to be installed
securellm_password	Set the password for SecureLLM

Create terraform plan¶

Generate terraform plan which will summarise the resources to be created in aws by the scripts by running the following command. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform plan -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Run the scripts¶

Apply terraform scripts which will bring up an EKS setup and install DKubeX. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform apply -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Access DKubeX setup¶

You can access the installed DKubeX setup using loadbalancer ingress. Get the homepage url by running the following command:

kubectl get svc -n d3x  ingress-nginx-controller -o=go-template --template='{{(index .status.loadBalancer.ingress 0 ).hostname}}

Setting up Authentication¶

Set up authentication for your DKubeX setup by following the steps below.

You need to have a pre-created OAuth application.

Note

Currently DKubeX supports OAuth App by ADFS, Azure, GitHub, Google, Keycloak and Okta OAuth providers.

On the OAuth app, provide the following details.

Field	Description	Example
Homepage URL	`https://$homepage-url$`	`https://1182e8440d4c4d138415baf0d11b362-62d15cf634758ebd.elb.us-west-2.amazonaws.com`
Authorization callback URL	`https://$homepage-url$/oauth2/callback`	`https://1182e8440d4c4d138415baf0d11b362-62d15cf634758ebd.elb.us-west-2.amazonaws.com/oauth2/callback`

Open the admin page of your DKubeX setup by going to the following URL on your browser. Replace the $node-ip$ part with the IP address of the node on which you have installed DKubeX.
https://$homepage-url$/admin
https://1182e8440d4c4d138415baf0d11b362-62d15cf634758ebd.elb.us-west-2.amazonaws.com/admin
Note

For more information regarding the admin page, refer to Admin Guide.
On the Auth tab of the admin page, go to the tab corresponding to your OAuth provider and provide the details regarding the OAuth application you have created. Once done, click on the Save button.

Field

Description

Client ID

The client ID of the OAuth application.

Client Secret

The client secret of the OAuth application.

Field	Description
Client ID	The client ID of the OAuth application.
Client Secret	The client secret of the OAuth application.

Upgrading DKubeX¶

Configuring Upgrade¶

Edit dkubex.tf and make the following changes:

Field

Description

installer_action

Set as upgrade

release

Version of DKubeX to be upgraded to
Edit securellm.tfvars and make the following changes:

Field

Description

securellm_action

Set as reinstall

securellm_version

Version of SecureLLM to be upgraded to

Field	Description
installer_action	Set as upgrade
release	Version of DKubeX to be upgraded to

Field	Description
securellm_action	Set as reinstall
securellm_version	Version of SecureLLM to be upgraded to

Create terraform plan¶

Generate terraform plan which will summarise the resources to be created in aws by the scripts by running the following command. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform plan -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Run the scripts¶

Apply terraform scripts which will upgrade DKubeX and SecureLLM. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform apply -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Uninstalling DKubeX¶

Configuring Uninstall¶

Edit dkubex.tf and make the following changes:

Field

Description

installer_action

Set as uninstall
Edit securellm.tfvars and make the following changes:

Field

Description

securellm_action

Set as uninstall

Field	Description
installer_action	Set as uninstall

Field	Description
securellm_action	Set as uninstall

Create terraform plan¶

Generate terraform plan which will summarise the resources to be created in aws by the scripts by running the following command. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform plan -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Run the scripts¶

Apply terraform scripts which will uninstall DKubeX and SecureLLM. Replace the <aws-region> part in the command with the region you are going to create your setup in.
```
terraform apply -var-file=variables-<aws-region>.tfvars -var-file=securellm.tfvars -lock=false
```
Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.

Destroying the EKS Setup¶

Caution

This step will destroy the entire EKS setup along with all the resources created in it. Make sure that DKubeX and SecureLLM has been uninstalled along with all the changes done manually on the setup is reverted before running this step.

After uninstalling DKubeX and SecureLLM, you can destroy the EKS setup by running the following command. Replace the <aws-region> part in the command with the region you are going to create your setup in.

terraform destroy -var-file=variables-<aws-region>.tfvars -lock=false

Provide the following necessary details when asked:
- var.apply_method should be direct
- var.registry_password should be the DKubeX dockerhub registry password.