In-browser assisted full cloud stack deployments

[stefannica]

Describe changes

Implements a new automated experience of deploying cloud infrastructure and registering full cloud ZenML stacks two-in-one with minimal user input. This experience is meant to reduce the friction and technical difficulties usually encountered when a user has to create a cloud ZenML stack from scratch.

The zenml stack deploy CLI command has been repurposed to support this new experience as showcased here:

$ zenml stack deploy -p aws --set

AWS ZenML Cloud Stack Deployment                                                                                                                                                                                   
================================

Provision and register a basic AWS ZenML stack authenticated and connected to all the necessary cloud infrastructure resources required to run pipelines in AWS.                                                   

**Instructions**                                                                                                                                                                                                       

You will be redirected to the AWS console in your browser where you'll be asked to log into your AWS account and create a CloudFormation ZenML stack. The stack parameters will be pre-filled with the necessary   
information to connect ZenML to your AWS account, so you should only need to review and confirm the stack.                                                                                                         

After the CloudFormation stack is deployed, you can return to the CLI to view details about the associated ZenML stack automatically registered with ZenML.                                                        

NOTE: The CloudFormation stack will create the following new resources in your AWS account. Please ensure you have the necessary permissions and are aware of any potential costs:                                 

 • An S3 bucket registered as a ZenML artifact store.                                                                                                                                                              
 • An ECR repository registered as a ZenML container registry.                                                                                                                                                     
 • Sagemaker registered as a ZenML orchestrator.                                                                                                                                                                   
 • An IAM user and IAM role with the minimum necessary permissions to access the above resources.                                                                                                                  
 • An AWS access key used to give access to ZenML to connect to the above resources through a ZenML service connector.                                                                                             

The CloudFormation stack will automatically create an AWS secret key and will share it with ZenML to give it permissions to access the resources created by the stack. You can revoke these permissions at any time
by deleting the CloudFormation stack.                                                                                                                                                                              


Proceed to continue with the deployment. You will be automatically redirected to AWS in your browser. [y/n]: y
If your browser did not open automatically, please open the following URL into your browser to deploy the stack to AWS: AWS CloudFormation Console.                                                                

**Stack successfully registered! 🚀**                                                                                                                                                                                  

Stack stack:                                                                                                                                                                                                       

 • sagemaker orchestrator: aws-cf-eu-central-1-wpyh                                                                                                                                                                
 • s3 artifact_store: aws-cf-eu-central-1-iaiy                                                                                                                                                                     
 • aws container_registry: aws-cf-eu-central-1-smep                                                                                                                                                                
 • Service Connector: aws-cf-eu-central-1-pabl                                                                                                                                                                     

**Follow-up**                                                                                                                                                                                                          

The ZenML stack has been successfully deployed and registered. You can delete the CloudFormation at any time to revoke ZenML's access to your AWS account and to clean up the resources created by the stack by    
using the AWS CloudFormation console.                                                                                                                   

AWS is currently the only supported provider with Google and Azure to follow shortly.

Side changes

Make the zenml repository name configurable in the container registry stack component

Currently, ZenML uses the .../zenml docker repository by default for all pipeline images it builds/pushes. This can be overridden, but it's a docker settings that must be configured in code.
At the same time, we want these full stack deployment templates to create unique cloud resources, which includes container registries. Therefore, we need the ability to configure the container registry stack components to use a "default repository name" that is different than zenml. This PR also adds that capability by modeling a new (optional) default_repository configuration attribute to all container registry stack components.

Use the region from the AWS service connector in the S3 artifact store

The S3 artifact store doesn't explicitly configure the AWS region in the s3fs client. This can lead to errors in environments such as Sagemaker, because the region might default to something else. This PR now uses the AWS region in the service connector to explicitly configure the s3fs client.

Deprecations

The zenml stack deploy CLI command has been renamed to zenml stack deploy-mlstack and marked as deprecated. Users should use the new zenml stack deploy CLI command to benefit from the new experience or use the mlstacks project stacks separately.

Pre-requisites

Please ensure you have done the following:

• I have read the CONTRIBUTING.md document.
• If my change requires a change to docs, I have updated the documentation accordingly.
• I have added tests to cover my changes.
• I have based my new branch on develop and the open PR is targeting develop. If your branch wasn't based on develop read Contribution guide on rebasing branch to develop.
• If my changes require changes to the dashboard, these changes are communicated/requested.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Other (add details above)

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[stefannica]

@schustmi I might need you to take a quick look at the side-change documented in the PR description. It affects the way we build docker container images to run pipelines.

[bcdurak]

I left a few comments, mostly minor things.

[schustmi]

Docker changes LGTM

[schustmi]

Where else would a stack be deployed? 😅

Isn't there a better wording for this to explain what it really does?

[stefannica]

@schustmi there already is a DEPLOY_STACK event related to stacks deployed through mlstacks. I don't want to reuse that event. @bcdurak may be able to give me a better alternative.

[schustmi]

Maybe something with One Click in there so we know this is what happened? Also, this is currently only being tracked in the CLI, which means we'll miss all users that run this from the dashboard (which I assume will be the majority of them?).

At some point it was mentioned that you're planning to add some special metadata to the components/stacks created using this feature, which we could then track in our Stack/Componenent/Connector registered events. Is this still planned?

[stefannica]

Okay, I named the event DEPLOY_FULL_STACK. On the server side, there is the event REGISTERED_STACK that we already had, but it will have new metadata fields:

• wizard = True if the full stack was registered via the CLI wizard
• deployment = cloud-formation if the full stack was deployed from scratch in AWS
• provider = aws if either happened

[schustmi]

The stack name is not an input here. This I guess just gives the latest, I'm not sure how this would be used if there are multiple such stacks?

[stefannica]

Check the comment below. I can't rely on the stack name to be the same because the user can change it before they deploy the infrastructure in AWS. Therefore I'm using another approach: I'm searching for the stack most likely to match the one deployed by the user in AWS.

[schustmi]

Yeah, just the docstring is wrong here. I guess this method is only used for polling until the stack gets deployed right?

IMO, this could again be improved (similar to my analytics comment) by some metadata on the stack. The lambda function registering the stack could add a specific label to the stack, which could then be passed to this endpoint when waiting for the stack.

[stefannica]

I added labels to the full stack model. These are set differently depending on where and how the endpoint is called and used as metadata in the REGISTERED_STACK event. They are also set on the stack components and service connectors being created (not yet possible to do so directly on the stack). These labels are also used to "detect" the stack here in fewer steps.

[schustmi]

Should we maybe already check here that the user has permissions to create service connectors, stacks and components? Otherwise I assume the lambda function downstream will fail, which leaves users with deployed infra that is not tracked in ZenML?

[stefannica]

Good point, but not something I can check in the client. I would need a new endpoint just for this purpose and I would need to check all permissions, not just the service connectors. Perhaps I can use the endpoint that @bcdurak already set up. Maybe add a "verify" flag to it.

[schustmi]

Can;t we have those checks on this exact URL endpoint? Or what is the purpose for creating this URL other than to open it and create stacks?

[stefannica]

Done

[github-actions]

LLM Finetuning template updates in examples/llm_finetuning have been pushed.

[github-actions]

LLM Finetuning template updates in examples/llm_finetuning have been pushed.