KFP extension modules

kfp.onprem module

kfp.onprem.add_default_resource_spec(memory_limit: Optional[str] = None, cpu_limit: Optional[str] = None, memory_request: Optional[str] = None, cpu_request: Optional[str] = None)[source]

Add default resource requests and limits.

For resource units, refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

  • memory_limit – optional, memory limit. Format can be 512Mi, 2Gi etc.
  • cpu_limit – optional, cpu limit. Format can be 0.5, 500m etc.
  • memory_request – optional, defaults to memory limit.
  • cpu_request – optional, defaults to cpu limit.
kfp.onprem.mount_pvc(pvc_name='pipeline-claim', volume_name='pipeline', volume_mount_path='/mnt/pipeline')[source]

Modifier function to apply to a Container Op to simplify volume, volume mount addition and enable better reuse of volumes, volume claims across container ops.


train = train_op(...)
train.apply(mount_pvc('claim-name', 'pipeline', '/mnt/pipeline'))
kfp.onprem.use_k8s_secret(secret_name: str = 'k8s-secret', k8s_secret_key_to_env: Optional[Dict[KT, VT]] = None)[source]

An operator that configures the container to use k8s credentials.

k8s_secret_key_to_env specifies a mapping from the name of the keys in the k8s secret to the name of the environment variables where the values will be added.

The secret needs to be deployed manually a priori.


train = train_op(...)
k8s_secret_key_to_env={'secret_key': 'AWS_SECRET_ACCESS_KEY'}))

This will load the value in secret ‘s3-secret’ at key ‘secret_key’ and source it as the environment variable ‘AWS_SECRET_ACCESS_KEY’. I.e. it will produce the following section on the pod: env: - name: AWS_SECRET_ACCESS_KEY

name: s3-secret key: secret_key

kfp.gcp module

Extension module for KFP on GCP deployment.

kfp.gcp.add_gpu_toleration(toleration: kubernetes.client.models.v1_toleration.V1Toleration = {'effect': 'NoSchedule', 'key': 'nvidia.com/gpu', 'operator': 'Equal', 'toleration_seconds': None, 'value': 'true'})[source]

An operator that configures the GKE GPU nodes in a container op.

Parameters:toleration – toleration to pods, default is the nvidia.com/gpu label.
kfp.gcp.use_gcp_secret(secret_name='user-gcp-sa', secret_file_path_in_volume=None, volume_name=None, secret_volume_mount_path='/secret/gcp-credentials')[source]

An operator that configures the container to use GCP service account by service account key stored in a Kubernetes secret.

For cluster setup and alternatives to using service account key, check https://www.kubeflow.org/docs/gke/authentication-pipelines/.

kfp.gcp.use_preemptible_nodepool(toleration: kubernetes.client.models.v1_toleration.V1Toleration = {'effect': 'NoSchedule', 'key': 'preemptible', 'operator': 'Equal', 'toleration_seconds': None, 'value': 'true'}, hard_constraint: bool = False)[source]

An operator that configures the GKE preemptible in a container op.

  • toleration – toleration to pods, default is the preemptible label.
  • hard_constraint – the constraint of scheduling the pods on preemptible nodepools is hard. (Default: False)
kfp.gcp.use_tpu(tpu_cores: int, tpu_resource: str, tf_version: str)[source]

An operator that configures GCP TPU spec in a container op.


kfp.aws module

kfp.aws.use_aws_secret(secret_name='aws-secret', aws_access_key_id_name='AWS_ACCESS_KEY_ID', aws_secret_access_key_name='AWS_SECRET_ACCESS_KEY', aws_region=None)[source]

An operator that configures the container to use AWS credentials.

AWS doesn’t create secret along with kubeflow deployment and it requires users to manually create credential secret with proper permissions.

apiVersion: v1
kind: Secret
  name: aws-secret
type: Opaque

kfp.azure module


An operator that configures the container to use Azure user credentials.

The azcreds secret is created as part of the kubeflow deployment that stores the client ID and secrets for the kubeflow azure service principal.

With this service principal, the container has a range of Azure APIs to access to.