is
the practice of managing and provisioning infrastructure through code
instead of through manual processes.
In this section, we will show you how to integrate ZenML with popular
IaC tools such as .
Terraform is a powerful tool for managing infrastructure as code, and is by far the
most popular IaC tool. Many companies already have existing Terraform setups,
and it is often desirable to integrate ZenML with this setup.
Understanding the Two-Phase Approach
When working with ZenML stacks, there are two distinct phases:
Infrastructure Deployment: Creating cloud resources (typically handled by platform teams)
ZenML Registration: Registering these resources as ZenML stack components
Phase 1: Infrastructure Deployment
You likely already have this handled in your existing Terraform configurations:
# Example of existing GCP infrastructure
resource "google_storage_bucket" "ml_artifacts" {
name = "company-ml-artifacts"
location = "US"
}
resource "google_artifact_registry_repository" "ml_containers" {
repository_id = "ml-containers"
format = "DOCKER"
}
Phase 2: ZenML Registration
Setup the ZenML Provider
terraform {
required_providers {
zenml = {
source = "zenml-io/zenml"
}
}
}
provider "zenml" {
# Configuration options will be loaded from environment variables:
# ZENML_SERVER_URL (for Pro users, this should be your Workspace URL from the dashboard)
# ZENML_API_KEY
}
<div data-gb-custom-block data-tag="hint" data-style='info'>
**For ZenML Pro users:** The `ZENML_SERVER_URL` should be your Workspace URL, which can be found in your dashboard. It typically looks like: `https://1bfe8d94-zenml.cloudinfra.zenml.io`. Make sure you use the complete URL of your workspace, not just the domain.
</div>
This will create a service account and generate an API key that you can use to authenticate with the ZenML server.
The API key is shown only once during creation. Make sure to save it securely, as you cannot retrieve it later. If you lose it, you'll need to create a new key.
Create the service connectors
# First, create a service connector
resource "zenml_service_connector" "gcp_connector" {
name = "gcp-${var.environment}-connector"
type = "gcp"
auth_method = "service-account"
configuration = {
project_id = var.project_id
service_account_json = file("service-account.json")
}
}
# Create a stack component referencing the connector
resource "zenml_stack_component" "artifact_store" {
name = "existing-artifact-store"
type = "artifact_store"
flavor = "gcp"
configuration = {
path = "gs://${google_storage_bucket.ml_artifacts.name}"
}
connector_id = zenml_service_connector.gcp_connector.id
}
# outputs.tf
output "stack_id" {
description = "ID of the created ZenML stack"
value = zenml_stack.gcp_stack.id
}
output "stack_name" {
description = "Name of the created ZenML stack"
value = zenml_stack.gcp_stack.name
}
output "artifact_store_path" {
description = "GCS path for artifacts"
value = "${google_storage_bucket.artifacts.name}/artifacts"
}
output "container_registry_uri" {
description = "URI of the container registry"
value = "${var.region}-docker.pkg.dev/${var.project_id}/${google_artifact_registry_repository.containers.repository_id}"
}
Step 4: terraform.tfvars Configuration
Create a terraform.tfvars file (remember to never commit this to version control):
zenml_server_url = "https://your-zenml-server.com" # For Pro users: your Workspace URL from dashboard
project_id = "your-gcp-project-id"
region = "us-central1"
environment = "dev"
Store sensitive variables in environment variables:
Install required providers and initializing Terraform:
terraform init
Install required ZenML integrations:
zenml integration install gcp
Review the planned changes:
terraform plan
Apply the configuration:
terraform apply
Set the newly created stack as active:
zenml stack set $(terraform output -raw stack_name)
Verify the configuration:
zenml stack describe
This complete example demonstrates:
Setting up necessary GCP infrastructure
Creating a service connector with proper authentication
Registering stack components with the infrastructure
Creating a complete ZenML stack
Proper variable management and output configuration
Best practices for sensitive information handling
The same pattern can be adapted for AWS and Azure infrastructure by adjusting the provider configurations and resource types accordingly.
Remember to:
Use appropriate IAM roles and permissions
Follow your organization's security practices for handling credentials
Consider using Terraform workspaces for managing multiple environments
Regular backup of your Terraform state files
Version control your Terraform configurations (excluding sensitive files)
We already got a glimpse on how to
using existing Terraform modules that are maintained by the ZenML team. While this
is a great solution for quickly getting started, it might not always be suitable for
your use case.
This guide is for advanced users who want to manage their own custom Terraform code but
want to use ZenML to manage their stacks. For this, the is a better choice.
While our official modules (, , ) handle both phases, you might already have infrastructure deployed. Let's explore how to register existing infrastructure with ZenML.
First, configure the to communicate with your ZenML server:
You can learn more about how to generate a ZENML_API_KEY via service accounts.
The key to successful registration is proper authentication between the components. are ZenML's way of managing this:
Register different types of :
To learn more about the ZenML terraform provider, visit the.
