Last updated
Was this helpful?
Last updated
Was this helpful?
The Azure Artifact Store is an flavor provided with the Azure ZenML integration that uses to store ZenML artifacts in an Azure Blob Storage container.
Running ZenML pipelines with is usually sufficient if you just want to evaluate ZenML or get started quickly without incurring the trouble and the cost of employing cloud storage services in your stack. However, the local Artifact Store becomes insufficient or unsuitable if you have more elaborate needs for your project:
if you want to share your pipeline run results with other team members or stakeholders inside or outside your organization
if you have other components in your stack that are running remotely (e.g. a Kubeflow or Kubernetes Orchestrator running in a public cloud).
if you outgrow what your local machine can offer in terms of storage space and need to use some form of private or public storage service that is shared with others
if you are running pipelines at scale and need an Artifact Store that can handle the demands of production-grade MLOps
In all these cases, you need an Artifact Store that is backed by a form of public cloud or self-hosted shared object storage service.
You should use the Azure Artifact Store when you decide to keep your ZenML artifacts in a shared object storage and if you have access to the Azure Blob Storage managed service. You should consider one of the other if you don't have access to the Azure Blob Storage service.
The Azure Artifact Store flavor is provided by the Azure ZenML integration, you need to install it on your local machine to be able to register an Azure Artifact Store and add it to your stack:
The only configuration parameter mandatory for registering an Azure Artifact Store is the root path URI, which needs to point to an Azure Blog Storage container and take the form az://container-name or abfs://container-name. Please read on how to configure an Azure Blob Storage container.
With the URI to your Azure Blob Storage container known, registering an Azure Artifact Store can be done as follows:
You will need the following information to configure Azure credentials for ZenML, depending on which type of Azure credentials you want to use:
an Azure connection string
an Azure account key
the client ID, client secret and tenant ID of the Azure service principal
This method uses the implicit Azure authentication available in the environment where the ZenML code is running. On your local machine, this is the quickest way to configure an Azure Artifact Store. You don't need to supply credentials explicitly when you register the Azure Artifact Store, instead, you have to set one of the following sets of environment variables:
Certain dashboard functionality, such as visualizing or deleting artifacts, is not available when using an implicitly authenticated artifact store together with a deployed ZenML server because the ZenML server will not have permission to access the filesystem.
The implicit authentication method also needs to be coordinated with other stack components that are highly dependent on the Artifact Store and need to interact with it directly to the function. If these components are not running on your machine, they do not have access to the local environment variables and will encounter authentication failures while trying to access the Azure Artifact Store:
Depending on your use case, however, you may also need to provide additional configuration parameters pertaining to to match your deployment scenario.
Integrating and using an Azure Artifact Store in your pipelines is not possible without employing some form of authentication. If you're looking for a quick way to get started locally, you can use the Implicit Authentication method. However, the recommended way to authenticate to the Azure cloud platform is through . This is particularly useful if you are configuring ZenML stacks that combine the Azure Artifact Store with other remote stack components also running in Azure.
For more information on how to retrieve information about your Azure Storage Account and Access Key or connection string, please refer to this .
For information on how to configure an Azure service principal, please consult the .
to use , set AZURE_STORAGE_ACCOUNT_NAME to your account name and one of AZURE_STORAGE_ACCOUNT_KEY or AZURE_STORAGE_SAS_TOKEN to the Azure key value.
to use , set AZURE_STORAGE_CONNECTION_STRING to your Azure Storage Key connection string
to use , and then set AZURE_STORAGE_ACCOUNT_NAME to your account name and AZURE_STORAGE_CLIENT_ID , AZURE_STORAGE_CLIENT_SECRET and AZURE_STORAGE_TENANT_ID to the client ID, secret and tenant ID of your service principal
need to access the Artifact Store to manage pipeline artifacts
need to access the Artifact Store to manage step-level artifacts
need to access the Artifact Store to load served models
To enable these use cases, it is recommended to use to link your Azure Artifact Store to the remote Azure Blob storage container.
To set up the Azure Artifact Store to authenticate to Azure and access an Azure Blob storage container, it is recommended to leverage the many features provided by such as auto-configuration, best security practices regarding long-lived credentials and reusing the same credentials across multiple stack components.
A non-interactive CLI example that uses to configure an Azure Service Connector targeting a single Azure Blob storage container is:
Note: Please remember to grant the Azure service principal permissions to read and write to your Azure Blob storage container as well as to list accessible storage accounts and Blob containers. For a full list of permissions required to use an AWS Service Connector to access one or more S3 buckets, please refer to the or read the documentation available in the interactive CLI commands and dashboard. The Azure Service Connector supports with different levels of security and convenience. You should pick the one that best fits your use-case.
When you register the Azure Artifact Store, you can create a to store a variety of Azure credentials and then reference it in the Artifact Store configuration:
to use , set account_name to your account name and one of account_key or sas_token to the Azure key or SAS token value as attributes in the ZenML secret
to use , configure the connection_string attribute in the ZenML secret to your Azure Storage Key connection string
to use , and then set account_name to your account name and client_id, client_secret and tenant_id to the client ID, secret and tenant ID of your service principal in the ZenML secret
For more, up-to-date information on the Azure Artifact Store implementation and its configuration, you can have a look at .
Aside from the fact that the artifacts are stored in Azure Blob Storage, using the Azure Artifact Store is no different from .
Storing artifacts using Azure Blob Storage
