Using Tensorkube with Github Actions
How to create a tensorkube deployment with github actions
Permissions
-
Follow this blog to create an OIDC provider and associate a role and policy to it that will allow your github action to access and modify your AWS resources. Make sure that the
AmazonS3FullAccess
,AmazonEKSWorkerNodePolicy
andAmazonEKSClusterPolicy
policies are attached to the role you create. -
You will also need to give this role access to your tensorkube cluster. You can do this by running this command after you have completed the first step.
eksctl create iamidentitymapping \
--cluster tensorkube \
--region us-east-1 \
--arn <ROLE ARN> \
--group system:masters \
--username github
GitHub Action Workflow
A typical deployment workflow will look like this:
name: tensorkube deploy
on:
push:
branches : [ release ]
permissions:
id-token: write
contents: read
jobs:
deployment:
runs-on: ubuntu-latest
name: Tensorkube Deployment
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
path: <PROJECT_NAME>
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: <GITHUB ROLE ARN>
- name: Start Deployment
uses: tensorfuse/tensorkube-github-deploy@latest_release
with:
token: <TENSORKUBE_TOKEN> # Please use GitHub secrets for this
session_id: <TENSORKUBE_SESSION_ID> # Please use GitHub secrets for this
path: <PROJECT NAME>
gpus: <GPUS>
gpu_type: <GPU TYPE>
min_scale: <MIN PODS>
max_scale: <MAX PODS>
env: <DEPLOYMENT ENVIRONMENT>
secrets: |
<SECRET_1>
<SECRET_2>
...
Explanation
-
actions/checkout@v4
copies your code into theworkspace/<PROJECT NAME>
directory in the GitHub runner. The path/ project name is required because tensorkube creates the deployment using the name of the folder the code is in and the checkout action by default copies the code to theworkspace
directory, which will create a clash between different deployments because they will end up with the same deployment name. -
aws-actions/configure-aws-credentials@v4
gives the GitHub runner access to your AWS resources by allowing it to assume the role that you associated with the GitHub OIDC provider. -
tensorfuse/tensorkube-github-deploy@v1
deploys your application with tensorkube. Make sure that thepath
in this step and inactions/checkout@v4
is identical.
Parameters
The parameters you can specify in your deployment are:
-
token
, Required, Your tensorkubetoken
. Can be found in~/.tensorkube/token
after runningtensorkube login
. We recommend storing this as a GitHub action secret. -
session_id
, Required, Your tensorkubesession_id
. Can be found in~/.tensorkube/token
after runningtensorkube login
. We recommend storing this as a GitHub action secret. -
gpus
, Optional, Number of gpus to use. Default0
. -
gpu_type
, Optional, Type of GPU to use. Default isnull
. -
cpu
, Optional, Number of CPUs to use. Default is100
milli CPU. -
memory
, Optional, Amount of memory to use. Default is200
MB. -
min_scale
, Optional, Minimum number of replicas. Default is0
. -
max_scale
, Optional, Maximum number of replicas. Default is3
. -
env
, Optional, Environment in which to deploy. Default isnull
. -
secrets
, Optional, Secrets to be exposed as environment variables in your deployment. Default is -
path
, Optional, Path where to run the command. Default is