Hi, Coming from https://docs.flyte.org/en/latest/deployment/aws/opta.html. I would like to customize the resources made by Opta (for example the parameters of AWS ASG worker nodes, like EC2 key pair name, auto public IP, or VPC ACLs), but can't see how to do that and where are they defined. Any ideas/pointers?

Hi @Attila Nagy welcome. I think these are indeed changeable- but let me point to expert's. Cc @Yuvraj @JD Palomino

@Attila Nagy You can check opta terraform module that they are using and you can only configure these values from opta https://docs.opta.dev/reference/aws/modules/aws-base/#fields I think few inputs are not configurable, what do say @JD Palomino ?

So the infrastructure made by an

opta apply

from the flyte repo actually just creates resources defined in opta itself, with a very limited ability to customize them? Is the preferred way to modify them is to generate the terraform files, edit them and apply those (with terraform itself, or with opta?)?

really an opta question, but you can use flyte helm charts directly

1. EKS Node groups do not support EC2 key pairs for ssh access last I checked 2. What do you want public ips for? We already give you a load balancer 3. VPC ACLs-- you mean security groups?

I would like to have a playground where the machines are (ssh) accessible without any further configuration. That's what key pairs and public IPs would be needed for, to make this easy. The load balancer only configures HTTP/HTTPS ports (BTW, after running opta apply, three instances are created, but the LB reports two of them as unhealthy, I'm not sure if this is normal), and I guess it wouldn't be useful for accessing the instances directly. Nope, VPC ACLs. I don't like that the deployment is open to the public by default and a VPC ACL can quickly solve that. (but instance security groups are fine as well). Thanks.

EKS does not allow you to ssh into their nodegroups ec2s

The three nodes behind the LB are the EKS nodes?

yup

And is it normal for two of them to be unhealthy?

That’s a misnomer, but yes that should be fine

That would be awesome, yes

very well

Oh! So is deploying with Opta recommended for prod setups (where HA would be great)? If so, how?

If you’re ready for prod and the extra load of HA sure

Is that nginx used only for the web UI or all flyte-related communications?

everything shown through the lb

So what is the recommended way of: • deploying prod clusters with Opta • changing the cluster size/instance types • adding GPU nodes?

1. Other than the HA settings (see https://docs.opta.dev/reference/aws/modules/aws-k8s-base/), you should be good to go 2. The k8s-cluster module comes with a default nodegroup which you can configure (again, see our docs https://docs.opta.dev/reference/aws/modules/aws-eks/ ) 3. You can have multiple nodegroups for different node instance configurations (e.g. one with GPUS-- that can be set via the

use_gpu

bool input). See our nodegroup docs

OK, I hope I'm starting to get it. Thanks a lot for your help!

Anytime

thank you @JD Palomino