From 1802eedc8bef1d0cfc14d2b64f3640effc80f956 Mon Sep 17 00:00:00 2001 From: Jiaxin Shan Date: Mon, 6 Apr 2020 14:57:45 -0700 Subject: [PATCH 1/8] Remove istio-ingress component in kfctl_aws --- kfdef/kfctl_aws.v1.0.0.yaml | 8 -------- kfdef/kfctl_aws.v1.0.1.yaml | 8 -------- kfdef/kfctl_aws.yaml | 8 -------- kfdef/source/master/kfctl_aws.yaml | 8 -------- 4 files changed, 32 deletions(-) diff --git a/kfdef/kfctl_aws.v1.0.0.yaml b/kfdef/kfctl_aws.v1.0.0.yaml index ca6dc2205e..91166b7c72 100644 --- a/kfdef/kfctl_aws.v1.0.0.yaml +++ b/kfdef/kfctl_aws.v1.0.0.yaml @@ -315,14 +315,6 @@ spec: name: manifests path: mpi-job/mpi-operator name: mpi-operator - - kustomizeConfig: - parameters: - - name: namespace - value: istio-system - repoRef: - name: manifests - path: aws/istio-ingress - name: istio-ingress - kustomizeConfig: overlays: - application diff --git a/kfdef/kfctl_aws.v1.0.1.yaml b/kfdef/kfctl_aws.v1.0.1.yaml index fda5359a88..ab5abd5c71 100644 --- a/kfdef/kfctl_aws.v1.0.1.yaml +++ b/kfdef/kfctl_aws.v1.0.1.yaml @@ -315,14 +315,6 @@ spec: name: manifests path: mpi-job/mpi-operator name: mpi-operator - - kustomizeConfig: - parameters: - - name: namespace - value: istio-system - repoRef: - name: manifests - path: aws/istio-ingress - name: istio-ingress - kustomizeConfig: overlays: - application diff --git a/kfdef/kfctl_aws.yaml b/kfdef/kfctl_aws.yaml index bb3581b737..61cb8020b8 100644 --- a/kfdef/kfctl_aws.yaml +++ b/kfdef/kfctl_aws.yaml @@ -315,14 +315,6 @@ spec: name: manifests path: mpi-job/mpi-operator name: mpi-operator - - kustomizeConfig: - parameters: - - name: namespace - value: istio-system - repoRef: - name: manifests - path: aws/istio-ingress - name: istio-ingress - kustomizeConfig: overlays: - application diff --git a/kfdef/source/master/kfctl_aws.yaml b/kfdef/source/master/kfctl_aws.yaml index 2afbdd5f86..6012ce8430 100644 --- a/kfdef/source/master/kfctl_aws.yaml +++ b/kfdef/source/master/kfctl_aws.yaml @@ -315,14 +315,6 @@ spec: name: manifests path: mpi-job/mpi-operator name: mpi-operator - - kustomizeConfig: - parameters: - - name: namespace - value: istio-system - repoRef: - name: manifests - path: aws/istio-ingress - name: istio-ingress - kustomizeConfig: overlays: - application From b3fdd12f4a41da11ca18430506ff703166918562 Mon Sep 17 00:00:00 2001 From: Richard Liu <39319471+richardsliu@users.noreply.github.com> Date: Tue, 7 Apr 2020 14:25:44 -0700 Subject: [PATCH 2/8] Cherry pick 949 - Kfserving gateway (#1072) * Adds kfserving ingressgateway for Istio 1.1.6 (#949) * Adds kfserving ingressgateway for Istio 1.1.6 Modifies KFServing and KNative Serving config-maps to use this gateway * Updates configs for Istio 1.1.6 * Updates tests for istio 1.1.6 * Adding kfserving gateway to kfdefs having istio-1-1-6 * Gateway name correction for kfserving config * Adds HPA config to gateway * revert changes to kfdef Co-authored-by: Krishna Durai --- istio/kfserving-gateway/base/deployment.yaml | 168 ++++++++++ .../base/horizontal-pod-autoscaler.yaml | 19 ++ .../kfserving-gateway/base/kustomization.yaml | 7 + istio/kfserving-gateway/base/service.yaml | 50 +++ .../kfserving-install/base/config-map.yaml | 4 +- .../base/config-map.yaml | 2 +- .../knative-serving-install/base/gateway.yaml | 21 +- tests/istio-kfserving-gateway-base_test.go | 300 ++++++++++++++++++ .../kfserving-kfserving-install-base_test.go | 4 +- ...rving-install-overlays-application_test.go | 4 +- ...ative-knative-serving-install-base_test.go | 23 +- ...rving-install-overlays-application_test.go | 23 +- 12 files changed, 613 insertions(+), 12 deletions(-) create mode 100644 istio/kfserving-gateway/base/deployment.yaml create mode 100644 istio/kfserving-gateway/base/horizontal-pod-autoscaler.yaml create mode 100644 istio/kfserving-gateway/base/kustomization.yaml create mode 100644 istio/kfserving-gateway/base/service.yaml create mode 100644 tests/istio-kfserving-gateway-base_test.go diff --git a/istio/kfserving-gateway/base/deployment.yaml b/istio/kfserving-gateway/base/deployment.yaml new file mode 100644 index 0000000000..1faccb9b9f --- /dev/null +++ b/istio/kfserving-gateway/base/deployment.yaml @@ -0,0 +1,168 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kfserving-ingressgateway + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway +spec: + selector: + matchLabels: + app: kfserving-ingressgateway + kfserving: ingressgateway + template: + metadata: + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: istio-ingressgateway-service-account + containers: + - name: istio-proxy + image: "docker.io/istio/proxyv2:1.1.6" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - '45s' #drainDuration + - --parentShutdownDuration + - '1m0s' #parentShutdownDuration + - --connectTimeout + - '10s' #connectTimeout + - --serviceCluster + - kfserving-ingressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + volumeMounts: + - name: istio-certs + mountPath: /etc/certs + readOnly: true + - name: ingressgateway-certs + mountPath: "/etc/istio/ingressgateway-certs" + readOnly: true + - name: ingressgateway-ca-certs + mountPath: "/etc/istio/ingressgateway-ca-certs" + readOnly: true + volumes: + - name: istio-certs + secret: + secretName: istio.istio-ingressgateway-service-account + optional: true + - name: ingressgateway-certs + secret: + secretName: "istio-ingressgateway-certs" + optional: true + - name: ingressgateway-ca-certs + secret: + secretName: "istio-ingressgateway-ca-certs" + optional: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x diff --git a/istio/kfserving-gateway/base/horizontal-pod-autoscaler.yaml b/istio/kfserving-gateway/base/horizontal-pod-autoscaler.yaml new file mode 100644 index 0000000000..c0a8737dc3 --- /dev/null +++ b/istio/kfserving-gateway/base/horizontal-pod-autoscaler.yaml @@ -0,0 +1,19 @@ +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway + name: kfserving-ingressgateway +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: kfserving-ingressgateway diff --git a/istio/kfserving-gateway/base/kustomization.yaml b/istio/kfserving-gateway/base/kustomization.yaml new file mode 100644 index 0000000000..a3a235ebc5 --- /dev/null +++ b/istio/kfserving-gateway/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- deployment.yaml +- horizontal-pod-autoscaler.yaml +- service.yaml diff --git a/istio/kfserving-gateway/base/service.yaml b/istio/kfserving-gateway/base/service.yaml new file mode 100644 index 0000000000..de83d27c6d --- /dev/null +++ b/istio/kfserving-gateway/base/service.yaml @@ -0,0 +1,50 @@ +apiVersion: v1 +kind: Service +metadata: + name: kfserving-ingressgateway + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway +spec: + type: LoadBalancer + selector: + app: kfserving-ingressgateway + kfserving: ingressgateway + ports: + - name: status-port + port: 15020 + targetPort: 15020 + - name: http2 + nodePort: 32380 + port: 80 + targetPort: 80 + - name: https + nodePort: 32390 + port: 443 + - name: tcp + nodePort: 32400 + port: 31400 + - name: tcp-pilot-grpc-tls + port: 15011 + targetPort: 15011 + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns-tls + port: 853 + targetPort: 853 + - name: https-kiali + port: 15029 + targetPort: 15029 + - name: http2-prometheus + port: 15030 + targetPort: 15030 + - name: http2-grafana + port: 15031 + targetPort: 15031 + - name: https-tracing + port: 15032 + targetPort: 15032 + - name: tls + port: 15443 + targetPort: 15443 diff --git a/kfserving/kfserving-install/base/config-map.yaml b/kfserving/kfserving-install/base/config-map.yaml index 8ccd809ce6..8a9d600798 100644 --- a/kfserving/kfserving-install/base/config-map.yaml +++ b/kfserving/kfserving-install/base/config-map.yaml @@ -89,8 +89,8 @@ data: } ingress: |- { - "ingressGateway" : "kubeflow-gateway.kubeflow", - "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local" + "ingressGateway" : "knative-ingress-gateway.knative-serving", + "ingressService" : "kfserving-ingressgateway.istio-system.svc.cluster.local" } logger: |- { diff --git a/knative/knative-serving-install/base/config-map.yaml b/knative/knative-serving-install/base/config-map.yaml index a493e66bdf..93b18b498f 100644 --- a/knative/knative-serving-install/base/config-map.yaml +++ b/knative/knative-serving-install/base/config-map.yaml @@ -658,7 +658,7 @@ data: # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} # is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `knative-serving` - gateway.kubeflow.kubeflow-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + gateway.knative-serving.knative-ingress-gateway: "kfserving-ingressgateway.istio-system.svc.cluster.local" # A cluster local gateway to allow pods outside of the mesh to access # Services and Routes not exposing through an ingress. If the users diff --git a/knative/knative-serving-install/base/gateway.yaml b/knative/knative-serving-install/base/gateway.yaml index 67bab98319..8b939397bc 100644 --- a/knative/knative-serving-install/base/gateway.yaml +++ b/knative/knative-serving-install/base/gateway.yaml @@ -1,4 +1,3 @@ ---- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: @@ -17,3 +16,23 @@ spec: name: http number: 80 protocol: HTTP + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + networking.knative.dev/ingress-provider: istio + name: knative-ingress-gateway + namespace: knative-serving +spec: + selector: + app: kfserving-ingressgateway + kfserving: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP diff --git a/tests/istio-kfserving-gateway-base_test.go b/tests/istio-kfserving-gateway-base_test.go new file mode 100644 index 0000000000..7f8a7b466d --- /dev/null +++ b/tests/istio-kfserving-gateway-base_test.go @@ -0,0 +1,300 @@ +package tests_test + +import ( + "sigs.k8s.io/kustomize/v3/k8sdeps/kunstruct" + "sigs.k8s.io/kustomize/v3/k8sdeps/transformer" + "sigs.k8s.io/kustomize/v3/pkg/fs" + "sigs.k8s.io/kustomize/v3/pkg/loader" + "sigs.k8s.io/kustomize/v3/pkg/plugins" + "sigs.k8s.io/kustomize/v3/pkg/resmap" + "sigs.k8s.io/kustomize/v3/pkg/resource" + "sigs.k8s.io/kustomize/v3/pkg/target" + "sigs.k8s.io/kustomize/v3/pkg/validators" + "testing" +) + +func writeKfservingGatewayBase(th *KustTestHarness) { + th.writeF("/manifests/istio/kfserving-gateway/base/deployment.yaml", ` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kfserving-ingressgateway + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway +spec: + selector: + matchLabels: + app: kfserving-ingressgateway + kfserving: ingressgateway + template: + metadata: + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway + annotations: + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: istio-ingressgateway-service-account + containers: + - name: istio-proxy + image: "docker.io/istio/proxyv2:1.1.6" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 15020 + - containerPort: 80 + - containerPort: 443 + - containerPort: 31400 + - containerPort: 15029 + - containerPort: 15030 + - containerPort: 15031 + - containerPort: 15032 + - containerPort: 15443 + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --log_output_level=default:info + - --drainDuration + - '45s' #drainDuration + - --parentShutdownDuration + - '1m0s' #parentShutdownDuration + - --connectTimeout + - '10s' #connectTimeout + - --serviceCluster + - kfserving-ingressgateway + - --zipkinAddress + - zipkin:9411 + - --proxyAdminPort + - "15000" + - --statusPort + - "15020" + - --controlPlaneAuthPolicy + - NONE + - --discoveryAddress + - istio-pilot:15010 + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15020 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 10m + memory: 40Mi + + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: ISTIO_META_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ISTIO_META_CONFIG_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat + volumeMounts: + - name: istio-certs + mountPath: /etc/certs + readOnly: true + - name: ingressgateway-certs + mountPath: "/etc/istio/ingressgateway-certs" + readOnly: true + - name: ingressgateway-ca-certs + mountPath: "/etc/istio/ingressgateway-ca-certs" + readOnly: true + volumes: + - name: istio-certs + secret: + secretName: istio.istio-ingressgateway-service-account + optional: true + - name: ingressgateway-certs + secret: + secretName: "istio-ingressgateway-certs" + optional: true + - name: ingressgateway-ca-certs + secret: + secretName: "istio-ingressgateway-ca-certs" + optional: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - ppc64le + - s390x + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - amd64 + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - ppc64le + - weight: 2 + preference: + matchExpressions: + - key: beta.kubernetes.io/arch + operator: In + values: + - s390x +`) + th.writeF("/manifests/istio/kfserving-gateway/base/horizontal-pod-autoscaler.yaml", ` +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway + name: kfserving-ingressgateway +spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + targetAverageUtilization: 80 + type: Resource + minReplicas: 1 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: kfserving-ingressgateway +`) + th.writeF("/manifests/istio/kfserving-gateway/base/service.yaml", ` +apiVersion: v1 +kind: Service +metadata: + name: kfserving-ingressgateway + labels: + app: kfserving-ingressgateway + kfserving: ingressgateway +spec: + type: LoadBalancer + selector: + app: kfserving-ingressgateway + kfserving: ingressgateway + ports: + - name: status-port + port: 15020 + targetPort: 15020 + - name: http2 + nodePort: 32380 + port: 80 + targetPort: 80 + - name: https + nodePort: 32390 + port: 443 + - name: tcp + nodePort: 32400 + port: 31400 + - name: tcp-pilot-grpc-tls + port: 15011 + targetPort: 15011 + - name: tcp-citadel-grpc-tls + port: 8060 + targetPort: 8060 + - name: tcp-dns-tls + port: 853 + targetPort: 853 + - name: https-kiali + port: 15029 + targetPort: 15029 + - name: http2-prometheus + port: 15030 + targetPort: 15030 + - name: http2-grafana + port: 15031 + targetPort: 15031 + - name: https-tracing + port: 15032 + targetPort: 15032 + - name: tls + port: 15443 + targetPort: 15443 +`) + th.writeK("/manifests/istio/kfserving-gateway/base", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- deployment.yaml +- horizontal-pod-autoscaler.yaml +- service.yaml +`) +} + +func TestKfservingGatewayBase(t *testing.T) { + th := NewKustTestHarness(t, "/manifests/istio/kfserving-gateway/base") + writeKfservingGatewayBase(th) + m, err := th.makeKustTarget().MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + expected, err := m.AsYaml() + if err != nil { + t.Fatalf("Err: %v", err) + } + targetPath := "../istio/kfserving-gateway/base" + fsys := fs.MakeRealFS() + lrc := loader.RestrictionRootOnly + _loader, loaderErr := loader.NewLoader(lrc, validators.MakeFakeValidator(), targetPath, fsys) + if loaderErr != nil { + t.Fatalf("could not load kustomize loader: %v", loaderErr) + } + rf := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), transformer.NewFactoryImpl()) + pc := plugins.DefaultPluginConfig() + kt, err := target.NewKustTarget(_loader, rf, transformer.NewFactoryImpl(), plugins.NewLoader(pc, rf)) + if err != nil { + th.t.Fatalf("Unexpected construction error %v", err) + } + actual, err := kt.MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + th.assertActualEqualsExpected(actual, string(expected)) +} diff --git a/tests/kfserving-kfserving-install-base_test.go b/tests/kfserving-kfserving-install-base_test.go index f12ae28101..4046c5409b 100644 --- a/tests/kfserving-kfserving-install-base_test.go +++ b/tests/kfserving-kfserving-install-base_test.go @@ -344,8 +344,8 @@ data: } ingress: |- { - "ingressGateway" : "kubeflow-gateway.kubeflow", - "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local" + "ingressGateway" : "knative-ingress-gateway.knative-serving", + "ingressService" : "kfserving-ingressgateway.istio-system.svc.cluster.local" } logger: |- { diff --git a/tests/kfserving-kfserving-install-overlays-application_test.go b/tests/kfserving-kfserving-install-overlays-application_test.go index 682b39de07..a8f5115171 100644 --- a/tests/kfserving-kfserving-install-overlays-application_test.go +++ b/tests/kfserving-kfserving-install-overlays-application_test.go @@ -402,8 +402,8 @@ data: } ingress: |- { - "ingressGateway" : "kubeflow-gateway.kubeflow", - "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local" + "ingressGateway" : "knative-ingress-gateway.knative-serving", + "ingressService" : "kfserving-ingressgateway.istio-system.svc.cluster.local" } logger: |- { diff --git a/tests/knative-knative-serving-install-base_test.go b/tests/knative-knative-serving-install-base_test.go index 2d2e10319f..1f44fd0ab2 100644 --- a/tests/knative-knative-serving-install-base_test.go +++ b/tests/knative-knative-serving-install-base_test.go @@ -15,7 +15,6 @@ import ( func writeKnativeServingInstallBase(th *KustTestHarness) { th.writeF("/manifests/knative/knative-serving-install/base/gateway.yaml", ` ---- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: @@ -34,6 +33,26 @@ spec: name: http number: 80 protocol: HTTP + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + networking.knative.dev/ingress-provider: istio + name: knative-ingress-gateway + namespace: knative-serving +spec: + selector: + app: kfserving-ingressgateway + kfserving: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP `) th.writeF("/manifests/knative/knative-serving-install/base/cluster-role.yaml", ` --- @@ -1062,7 +1081,7 @@ data: # {{ingress_namespace}}.svc.cluster.local"`+"`"+`. The {{gateway_namespace}} # is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `+"`"+`knative-serving`+"`"+` - gateway.kubeflow.kubeflow-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + gateway.knative-serving.knative-ingress-gateway: "kfserving-ingressgateway.istio-system.svc.cluster.local" # A cluster local gateway to allow pods outside of the mesh to access # Services and Routes not exposing through an ingress. If the users diff --git a/tests/knative-knative-serving-install-overlays-application_test.go b/tests/knative-knative-serving-install-overlays-application_test.go index 717eda154f..8050504728 100644 --- a/tests/knative-knative-serving-install-overlays-application_test.go +++ b/tests/knative-knative-serving-install-overlays-application_test.go @@ -63,7 +63,6 @@ commonLabels: app.kubernetes.io/version: v0.11.1 `) th.writeF("/manifests/knative/knative-serving-install/base/gateway.yaml", ` ---- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: @@ -82,6 +81,26 @@ spec: name: http number: 80 protocol: HTTP + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + labels: + networking.knative.dev/ingress-provider: istio + name: knative-ingress-gateway + namespace: knative-serving +spec: + selector: + app: kfserving-ingressgateway + kfserving: ingressgateway + servers: + - hosts: + - '*' + port: + name: http + number: 80 + protocol: HTTP `) th.writeF("/manifests/knative/knative-serving-install/base/cluster-role.yaml", ` --- @@ -1110,7 +1129,7 @@ data: # {{ingress_namespace}}.svc.cluster.local"`+"`"+`. The {{gateway_namespace}} # is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `+"`"+`knative-serving`+"`"+` - gateway.kubeflow.kubeflow-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" + gateway.knative-serving.knative-ingress-gateway: "kfserving-ingressgateway.istio-system.svc.cluster.local" # A cluster local gateway to allow pods outside of the mesh to access # Services and Routes not exposing through an ingress. If the users From ecf8e1e858a9b9848ca96763954a02ee72d1fb6c Mon Sep 17 00:00:00 2001 From: "Yuan (Bob) Gong" Date: Wed, 8 Apr 2020 07:49:43 +0800 Subject: [PATCH 3/8] Fix pipeline default service account for GCP (#969 and #997) (#1064) --- kfdef/source/master/kfctl_gcp_iap.yaml | 2 + .../overlays/use-kf-user/deployment.yaml | 12 + .../overlays/use-kf-user/kustomization.yaml | 6 + .../use-kf-user/cluster-role-binding.yaml | 9 + .../overlays/use-kf-user/kustomization.yaml | 6 + ...e-api-service-overlays-use-kf-user_test.go | 222 ++++++++++++++++++ ...elines-runner-overlays-use-kf-user_test.go | 175 ++++++++++++++ 7 files changed, 432 insertions(+) create mode 100644 pipeline/api-service/overlays/use-kf-user/deployment.yaml create mode 100644 pipeline/api-service/overlays/use-kf-user/kustomization.yaml create mode 100644 pipeline/pipelines-runner/overlays/use-kf-user/cluster-role-binding.yaml create mode 100644 pipeline/pipelines-runner/overlays/use-kf-user/kustomization.yaml create mode 100644 tests/pipeline-api-service-overlays-use-kf-user_test.go create mode 100644 tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go diff --git a/kfdef/source/master/kfctl_gcp_iap.yaml b/kfdef/source/master/kfctl_gcp_iap.yaml index 44a238f14e..de3604af8f 100644 --- a/kfdef/source/master/kfctl_gcp_iap.yaml +++ b/kfdef/source/master/kfctl_gcp_iap.yaml @@ -264,6 +264,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/api-service @@ -308,6 +309,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/pipelines-runner diff --git a/pipeline/api-service/overlays/use-kf-user/deployment.yaml b/pipeline/api-service/overlays/use-kf-user/deployment.yaml new file mode 100644 index 0000000000..53541c0489 --- /dev/null +++ b/pipeline/api-service/overlays/use-kf-user/deployment.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: kf-user diff --git a/pipeline/api-service/overlays/use-kf-user/kustomization.yaml b/pipeline/api-service/overlays/use-kf-user/kustomization.yaml new file mode 100644 index 0000000000..9080da8b20 --- /dev/null +++ b/pipeline/api-service/overlays/use-kf-user/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +patchesStrategicMerge: +- deployment.yaml diff --git a/pipeline/pipelines-runner/overlays/use-kf-user/cluster-role-binding.yaml b/pipeline/pipelines-runner/overlays/use-kf-user/cluster-role-binding.yaml new file mode 100644 index 0000000000..168b3aeba2 --- /dev/null +++ b/pipeline/pipelines-runner/overlays/use-kf-user/cluster-role-binding.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: pipeline-runner +subjects: +# temporarily switched to kf-user, because pipeline-runner isn't bound to workload identity by default +- kind: ServiceAccount + name: kf-user + namespace: kubeflow diff --git a/pipeline/pipelines-runner/overlays/use-kf-user/kustomization.yaml b/pipeline/pipelines-runner/overlays/use-kf-user/kustomization.yaml new file mode 100644 index 0000000000..a7f830755a --- /dev/null +++ b/pipeline/pipelines-runner/overlays/use-kf-user/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +patchesStrategicMerge: +- cluster-role-binding.yaml diff --git a/tests/pipeline-api-service-overlays-use-kf-user_test.go b/tests/pipeline-api-service-overlays-use-kf-user_test.go new file mode 100644 index 0000000000..1049cceb6f --- /dev/null +++ b/tests/pipeline-api-service-overlays-use-kf-user_test.go @@ -0,0 +1,222 @@ +package tests_test + +import ( + "sigs.k8s.io/kustomize/v3/k8sdeps/kunstruct" + "sigs.k8s.io/kustomize/v3/k8sdeps/transformer" + "sigs.k8s.io/kustomize/v3/pkg/fs" + "sigs.k8s.io/kustomize/v3/pkg/loader" + "sigs.k8s.io/kustomize/v3/pkg/plugins" + "sigs.k8s.io/kustomize/v3/pkg/resmap" + "sigs.k8s.io/kustomize/v3/pkg/resource" + "sigs.k8s.io/kustomize/v3/pkg/target" + "sigs.k8s.io/kustomize/v3/pkg/validators" + "testing" +) + +func writeApiServiceOverlaysUseKfUser(th *KustTestHarness) { + th.writeF("/manifests/pipeline/api-service/overlays/use-kf-user/deployment.yaml", ` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: kf-user +`) + th.writeK("/manifests/pipeline/api-service/overlays/use-kf-user", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +patchesStrategicMerge: +- deployment.yaml +`) + th.writeF("/manifests/pipeline/api-service/base/config-map.yaml", ` +# The configuration for the ML pipelines APIServer +# Based on https://github.com/kubeflow/pipelines/blob/master/backend/src/apiserver/config/config.json +apiVersion: v1 +data: + # apiserver assumes the config is named config.json + config.json: | + { + "DBConfig": { + "DriverName": "mysql", + "DataSourceName": "", + "DBName": "mlpipeline" + }, + "ObjectStoreConfig":{ + "AccessKey": "minio", + "SecretAccessKey": "minio123", + "BucketName": "mlpipeline" + }, + "InitConnectionTimeout": "6m", + "DefaultPipelineRunnerServiceAccount": "pipeline-runner", + "ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST": "ml-pipeline-ml-pipeline-visualizationserver", + "ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT": 8888 + } +kind: ConfigMap +metadata: + name: ml-pipeline-config +`) + th.writeF("/manifests/pipeline/api-service/base/deployment.yaml", ` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/api-server + imagePullPolicy: IfNotPresent + command: + - apiserver + - --config=/etc/ml-pipeline-config + - --sampleconfig=/config/sample_config.json + - -logtostderr=true + ports: + - containerPort: 8888 + - containerPort: 8887 + volumeMounts: + - name: config-volume + mountPath: /etc/ml-pipeline-config + serviceAccountName: ml-pipeline + volumes: + - name: config-volume + configMap: + name: ml-pipeline-config +`) + th.writeF("/manifests/pipeline/api-service/base/role-binding.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline +`) + th.writeF("/manifests/pipeline/api-service/base/role.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1beta1 +# TODO: Does this need to be changed to a clusterrole? +# see manifests in kubeflow/pipelines +kind: Role +metadata: + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + +`) + th.writeF("/manifests/pipeline/api-service/base/service-account.yaml", ` +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline +`) + th.writeF("/manifests/pipeline/api-service/base/service.yaml", ` +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 +`) + th.writeK("/manifests/pipeline/api-service/base", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: ml-pipeline +resources: +- config-map.yaml +- deployment.yaml +- role-binding.yaml +- role.yaml +- service-account.yaml +- service.yaml +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 0.2.0 + newName: gcr.io/ml-pipeline/api-server +`) +} + +func TestApiServiceOverlaysUseKfUser(t *testing.T) { + th := NewKustTestHarness(t, "/manifests/pipeline/api-service/overlays/use-kf-user") + writeApiServiceOverlaysUseKfUser(th) + m, err := th.makeKustTarget().MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + expected, err := m.AsYaml() + if err != nil { + t.Fatalf("Err: %v", err) + } + targetPath := "../pipeline/api-service/overlays/use-kf-user" + fsys := fs.MakeRealFS() + lrc := loader.RestrictionRootOnly + _loader, loaderErr := loader.NewLoader(lrc, validators.MakeFakeValidator(), targetPath, fsys) + if loaderErr != nil { + t.Fatalf("could not load kustomize loader: %v", loaderErr) + } + rf := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), transformer.NewFactoryImpl()) + pc := plugins.DefaultPluginConfig() + kt, err := target.NewKustTarget(_loader, rf, transformer.NewFactoryImpl(), plugins.NewLoader(pc, rf)) + if err != nil { + th.t.Fatalf("Unexpected construction error %v", err) + } + actual, err := kt.MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + th.assertActualEqualsExpected(actual, string(expected)) +} diff --git a/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go b/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go new file mode 100644 index 0000000000..085452eb4e --- /dev/null +++ b/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go @@ -0,0 +1,175 @@ +package tests_test + +import ( + "sigs.k8s.io/kustomize/v3/k8sdeps/kunstruct" + "sigs.k8s.io/kustomize/v3/k8sdeps/transformer" + "sigs.k8s.io/kustomize/v3/pkg/fs" + "sigs.k8s.io/kustomize/v3/pkg/loader" + "sigs.k8s.io/kustomize/v3/pkg/plugins" + "sigs.k8s.io/kustomize/v3/pkg/resmap" + "sigs.k8s.io/kustomize/v3/pkg/resource" + "sigs.k8s.io/kustomize/v3/pkg/target" + "sigs.k8s.io/kustomize/v3/pkg/validators" + "testing" +) + +func writePipelinesRunnerOverlaysUseKfUser(th *KustTestHarness) { + th.writeF("/manifests/pipeline/pipelines-runner/overlays/use-kf-user/cluster-role-binding.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: pipeline-runner +subjects: +# temporarily switched to kf-user, because pipeline-runner isn't bound to workload identity by default +- kind: ServiceAccount + name: kf-user + namespace: kubeflow +`) + th.writeK("/manifests/pipeline/pipelines-runner/overlays/use-kf-user", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +patchesStrategicMerge: +- cluster-role-binding.yaml +`) + th.writeF("/manifests/pipeline/pipelines-runner/base/cluster-role-binding.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: pipeline-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner +`) + th.writeF("/manifests/pipeline/pipelines-runner/base/cluster-role.yaml", ` +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + - serving.kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +`) + th.writeF("/manifests/pipeline/pipelines-runner/base/service-account.yaml", ` +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner +`) + th.writeK("/manifests/pipeline/pipelines-runner/base", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app: pipeline-runner +resources: +- cluster-role-binding.yaml +- cluster-role.yaml +- service-account.yaml +`) +} + +func TestPipelinesRunnerOverlaysUseKfUser(t *testing.T) { + th := NewKustTestHarness(t, "/manifests/pipeline/pipelines-runner/overlays/use-kf-user") + writePipelinesRunnerOverlaysUseKfUser(th) + m, err := th.makeKustTarget().MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + expected, err := m.AsYaml() + if err != nil { + t.Fatalf("Err: %v", err) + } + targetPath := "../pipeline/pipelines-runner/overlays/use-kf-user" + fsys := fs.MakeRealFS() + lrc := loader.RestrictionRootOnly + _loader, loaderErr := loader.NewLoader(lrc, validators.MakeFakeValidator(), targetPath, fsys) + if loaderErr != nil { + t.Fatalf("could not load kustomize loader: %v", loaderErr) + } + rf := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), transformer.NewFactoryImpl()) + pc := plugins.DefaultPluginConfig() + kt, err := target.NewKustTarget(_loader, rf, transformer.NewFactoryImpl(), plugins.NewLoader(pc, rf)) + if err != nil { + th.t.Fatalf("Unexpected construction error %v", err) + } + actual, err := kt.MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + th.assertActualEqualsExpected(actual, string(expected)) +} From 453b816a58dd82a7b951964623542d18127131aa Mon Sep 17 00:00:00 2001 From: "Yuan (Bob) Gong" Date: Wed, 8 Apr 2020 09:03:44 +0800 Subject: [PATCH 4/8] Cherry pick of Fix KFP tensorboard no GCP permission (#970) (#1065) --- .../pipelines-ui/overlays/gcp/configmap.yaml | 11 +++++++++ .../pipelines-ui/overlays/gcp/deployment.yaml | 8 +++++++ .../overlays/gcp/kustomization.yaml | 2 ++ ...pipeline-pipelines-ui-overlays-gcp_test.go | 23 +++++++++++++++++++ 4 files changed, 44 insertions(+) create mode 100644 pipeline/pipelines-ui/overlays/gcp/configmap.yaml diff --git a/pipeline/pipelines-ui/overlays/gcp/configmap.yaml b/pipeline/pipelines-ui/overlays/gcp/configmap.yaml new file mode 100644 index 0000000000..65fcbe5ec7 --- /dev/null +++ b/pipeline/pipelines-ui/overlays/gcp/configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ml-pipeline-ui-configmap +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kf-user" + } + } diff --git a/pipeline/pipelines-ui/overlays/gcp/deployment.yaml b/pipeline/pipelines-ui/overlays/gcp/deployment.yaml index 490d8d1415..ebbe1621b9 100644 --- a/pipeline/pipelines-ui/overlays/gcp/deployment.yaml +++ b/pipeline/pipelines-ui/overlays/gcp/deployment.yaml @@ -9,12 +9,20 @@ spec: - name: gcp-sa-token secret: secretName: user-gcp-sa + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap containers: - name: ml-pipeline-ui env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/credentials/user-gcp-sa.json + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json volumeMounts: - name: gcp-sa-token mountPath: "/etc/credentials" readOnly: true + - name: config-volume + mountPath: /etc/config + readOnly: true diff --git a/pipeline/pipelines-ui/overlays/gcp/kustomization.yaml b/pipeline/pipelines-ui/overlays/gcp/kustomization.yaml index 9080da8b20..c14186bec7 100644 --- a/pipeline/pipelines-ui/overlays/gcp/kustomization.yaml +++ b/pipeline/pipelines-ui/overlays/gcp/kustomization.yaml @@ -4,3 +4,5 @@ bases: - ../../base patchesStrategicMerge: - deployment.yaml +resources: +- configmap.yaml diff --git a/tests/pipeline-pipelines-ui-overlays-gcp_test.go b/tests/pipeline-pipelines-ui-overlays-gcp_test.go index fb593b7c3e..4e19747c02 100644 --- a/tests/pipeline-pipelines-ui-overlays-gcp_test.go +++ b/tests/pipeline-pipelines-ui-overlays-gcp_test.go @@ -26,15 +26,36 @@ spec: - name: gcp-sa-token secret: secretName: user-gcp-sa + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap containers: - name: ml-pipeline-ui env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /etc/credentials/user-gcp-sa.json + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json volumeMounts: - name: gcp-sa-token mountPath: "/etc/credentials" readOnly: true + - name: config-volume + mountPath: /etc/config + readOnly: true +`) + th.writeF("/manifests/pipeline/pipelines-ui/overlays/gcp/configmap.yaml", ` +apiVersion: v1 +kind: ConfigMap +metadata: + name: ml-pipeline-ui-configmap +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kf-user" + } + } `) th.writeK("/manifests/pipeline/pipelines-ui/overlays/gcp", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -43,6 +64,8 @@ bases: - ../../base patchesStrategicMerge: - deployment.yaml +resources: +- configmap.yaml `) th.writeF("/manifests/pipeline/pipelines-ui/base/deployment.yaml", ` apiVersion: apps/v1 From be240ae7cb28a5610d8ceb90610b11d6e57e1aab Mon Sep 17 00:00:00 2001 From: "Yuan (Bob) Gong" Date: Fri, 10 Apr 2020 10:07:47 +0800 Subject: [PATCH 5/8] Update generated kfdefs (#1087) * Update generated kfdefs * Update kfctl_ibm.yaml * Update kfctl_ibm.yaml --- kfdef/kfctl_gcp_iap.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kfdef/kfctl_gcp_iap.yaml b/kfdef/kfctl_gcp_iap.yaml index 59a720e73a..912a359302 100644 --- a/kfdef/kfctl_gcp_iap.yaml +++ b/kfdef/kfctl_gcp_iap.yaml @@ -262,6 +262,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/api-service @@ -306,6 +307,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/pipelines-runner From 1c002357594ecec6c799943ab60537202d7eb106 Mon Sep 17 00:00:00 2001 From: "Yuan (Bob) Gong" Date: Fri, 10 Apr 2020 12:29:47 +0800 Subject: [PATCH 6/8] Cherry pick of #1083 Bump KFP to 0.2.5 (#1093) * Cherry pick of #1083 bump kfp to 0.2.5 * Regenerate tests * fix test --- kfdef/kfctl_gcp_iap.yaml | 1 + kfdef/source/master/kfctl_gcp_iap.yaml | 1 + metadata/base/kustomization.yaml | 6 +- metadata/base/metadata-deployment.yaml | 2 +- metadata/overlays/db/metadata-deployment.yaml | 4 +- .../external-mysql/metadata-deployment.yaml | 2 +- pipeline/api-service/base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../persistent-agent/base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../overlays/use-kf-user/deployment.yaml | 8 ++ .../overlays/use-kf-user/kustomization.yaml | 6 + .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- pipeline/pipelines-ui/base/deployment.yaml | 3 + pipeline/pipelines-ui/base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../pipelines-viewer/base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- .../scheduledworkflow/base/kustomization.yaml | 2 +- .../overlays/application/application.yaml | 4 +- .../overlays/application/kustomization.yaml | 4 +- tests/metadata-base_test.go | 10 +- tests/metadata-overlays-application_test.go | 11 +- tests/metadata-overlays-db_test.go | 24 ++-- .../metadata-overlays-external-mysql_test.go | 10 +- ...tadata-overlays-ibm-storage-config_test.go | 10 +- tests/metadata-overlays-istio_test.go | 10 +- tests/pipeline-api-service-base_test.go | 2 +- ...e-api-service-overlays-application_test.go | 10 +- ...pi-service-overlays-external-mysql_test.go | 2 +- ...e-api-service-overlays-use-kf-user_test.go | 2 +- ...ipeline-minio-overlays-application_test.go | 14 ++- ...ipeline-mysql-overlays-application_test.go | 14 ++- tests/pipeline-persistent-agent-base_test.go | 2 +- ...sistent-agent-overlays-application_test.go | 10 +- ...ipeline-visualization-service-base_test.go | 2 +- ...ation-service-overlays-application_test.go | 10 +- ...ation-service-overlays-use-kf-user_test.go | 117 ++++++++++++++++++ ...elines-runner-overlays-application_test.go | 8 +- tests/pipeline-pipelines-ui-base_test.go | 5 +- ...-pipelines-ui-overlays-application_test.go | 13 +- ...pipeline-pipelines-ui-overlays-gcp_test.go | 5 +- ...peline-pipelines-ui-overlays-istio_test.go | 5 +- tests/pipeline-pipelines-viewer-base_test.go | 2 +- ...elines-viewer-overlays-application_test.go | 10 +- tests/pipeline-scheduledworkflow-base_test.go | 2 +- ...duledworkflow-overlays-application_test.go | 10 +- 59 files changed, 311 insertions(+), 126 deletions(-) create mode 100644 pipeline/pipeline-visualization-service/overlays/use-kf-user/deployment.yaml create mode 100644 pipeline/pipeline-visualization-service/overlays/use-kf-user/kustomization.yaml create mode 100644 tests/pipeline-pipeline-visualization-service-overlays-use-kf-user_test.go diff --git a/kfdef/kfctl_gcp_iap.yaml b/kfdef/kfctl_gcp_iap.yaml index 912a359302..6934f4c709 100644 --- a/kfdef/kfctl_gcp_iap.yaml +++ b/kfdef/kfctl_gcp_iap.yaml @@ -338,6 +338,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/pipeline-visualization-service diff --git a/kfdef/source/master/kfctl_gcp_iap.yaml b/kfdef/source/master/kfctl_gcp_iap.yaml index de3604af8f..2f03033b14 100644 --- a/kfdef/source/master/kfctl_gcp_iap.yaml +++ b/kfdef/source/master/kfctl_gcp_iap.yaml @@ -340,6 +340,7 @@ spec: - kustomizeConfig: overlays: - application + - use-kf-user repoRef: name: manifests path: pipeline/pipeline-visualization-service diff --git a/metadata/base/kustomization.yaml b/metadata/base/kustomization.yaml index 2620858833..56708b7211 100644 --- a/metadata/base/kustomization.yaml +++ b/metadata/base/kustomization.yaml @@ -6,8 +6,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/metadata/base/metadata-deployment.yaml b/metadata/base/metadata-deployment.yaml index 7f4c9a911c..b93a92745a 100644 --- a/metadata/base/metadata-deployment.yaml +++ b/metadata/base/metadata-deployment.yaml @@ -54,7 +54,7 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] diff --git a/metadata/overlays/db/metadata-deployment.yaml b/metadata/overlays/db/metadata-deployment.yaml index c517b04ca6..b30d34d8f1 100644 --- a/metadata/overlays/db/metadata-deployment.yaml +++ b/metadata/overlays/db/metadata-deployment.yaml @@ -53,11 +53,11 @@ spec: - secretRef: name: metadata-db-secrets - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", "--mysql_config_host=$(metadata-db-service)", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(MYSQL_USER_NAME)", "--mysql_config_password=$(MYSQL_ROOT_PASSWORD)" - ] \ No newline at end of file + ] diff --git a/metadata/overlays/external-mysql/metadata-deployment.yaml b/metadata/overlays/external-mysql/metadata-deployment.yaml index 0848efd1db..44641268ba 100644 --- a/metadata/overlays/external-mysql/metadata-deployment.yaml +++ b/metadata/overlays/external-mysql/metadata-deployment.yaml @@ -53,7 +53,7 @@ spec: - secretRef: name: metadata-db-secrets - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", "--mysql_config_host=$(MYSQL_HOST)", "--mysql_config_database=$(MYSQL_DATABASE)", diff --git a/pipeline/api-service/base/kustomization.yaml b/pipeline/api-service/base/kustomization.yaml index abd4a01a26..c6d5fcbfb2 100644 --- a/pipeline/api-service/base/kustomization.yaml +++ b/pipeline/api-service/base/kustomization.yaml @@ -11,5 +11,5 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/api-server diff --git a/pipeline/api-service/overlays/application/application.yaml b/pipeline/api-service/overlays/application/application.yaml index cbfddfc18d..25805d5d9c 100644 --- a/pipeline/api-service/overlays/application/application.yaml +++ b/pipeline/api-service/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.0 + app.kubernetes.io/instance: api-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/api-service/overlays/application/kustomization.yaml b/pipeline/api-service/overlays/application/kustomization.yaml index dbab22d667..b6b7750beb 100644 --- a/pipeline/api-service/overlays/application/kustomization.yaml +++ b/pipeline/api-service/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.0 + app.kubernetes.io/instance: api-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/minio/overlays/application/application.yaml b/pipeline/minio/overlays/application/application.yaml index 1f4d02a210..8940b33771 100644 --- a/pipeline/minio/overlays/application/application.yaml +++ b/pipeline/minio/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.0 + app.kubernetes.io/instance: minio-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/minio/overlays/application/kustomization.yaml b/pipeline/minio/overlays/application/kustomization.yaml index 4f339beb54..0148466929 100644 --- a/pipeline/minio/overlays/application/kustomization.yaml +++ b/pipeline/minio/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.0 + app.kubernetes.io/instance: minio-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/mysql/overlays/application/application.yaml b/pipeline/mysql/overlays/application/application.yaml index f5c8b6ed73..fc2f482aa4 100644 --- a/pipeline/mysql/overlays/application/application.yaml +++ b/pipeline/mysql/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.0 + app.kubernetes.io/instance: mysql-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/mysql/overlays/application/kustomization.yaml b/pipeline/mysql/overlays/application/kustomization.yaml index c85db6b45e..3df02b0774 100644 --- a/pipeline/mysql/overlays/application/kustomization.yaml +++ b/pipeline/mysql/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.0 + app.kubernetes.io/instance: mysql-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/persistent-agent/base/kustomization.yaml b/pipeline/persistent-agent/base/kustomization.yaml index 6cee7cd796..d68241f594 100644 --- a/pipeline/persistent-agent/base/kustomization.yaml +++ b/pipeline/persistent-agent/base/kustomization.yaml @@ -10,5 +10,5 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/persistenceagent - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/persistenceagent diff --git a/pipeline/persistent-agent/overlays/application/application.yaml b/pipeline/persistent-agent/overlays/application/application.yaml index a63cdee561..d022865bd6 100644 --- a/pipeline/persistent-agent/overlays/application/application.yaml +++ b/pipeline/persistent-agent/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.0 + app.kubernetes.io/instance: persistent-agent-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/persistent-agent/overlays/application/kustomization.yaml b/pipeline/persistent-agent/overlays/application/kustomization.yaml index d6f01d7874..5bc6b752be 100644 --- a/pipeline/persistent-agent/overlays/application/kustomization.yaml +++ b/pipeline/persistent-agent/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.0 + app.kubernetes.io/instance: persistent-agent-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/pipeline-visualization-service/base/kustomization.yaml b/pipeline/pipeline-visualization-service/base/kustomization.yaml index d5e4b4f559..5c149c2b1e 100644 --- a/pipeline/pipeline-visualization-service/base/kustomization.yaml +++ b/pipeline/pipeline-visualization-service/base/kustomization.yaml @@ -8,5 +8,5 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/visualization-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/visualization-server diff --git a/pipeline/pipeline-visualization-service/overlays/application/application.yaml b/pipeline/pipeline-visualization-service/overlays/application/application.yaml index db559cf023..51bc479fea 100644 --- a/pipeline/pipeline-visualization-service/overlays/application/application.yaml +++ b/pipeline/pipeline-visualization-service/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.0 + app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/pipeline-visualization-service/overlays/application/kustomization.yaml b/pipeline/pipeline-visualization-service/overlays/application/kustomization.yaml index 1a493f20f8..45b0be549a 100644 --- a/pipeline/pipeline-visualization-service/overlays/application/kustomization.yaml +++ b/pipeline/pipeline-visualization-service/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.0 + app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/pipeline-visualization-service/overlays/use-kf-user/deployment.yaml b/pipeline/pipeline-visualization-service/overlays/use-kf-user/deployment.yaml new file mode 100644 index 0000000000..5446155cee --- /dev/null +++ b/pipeline/pipeline-visualization-service/overlays/use-kf-user/deployment.yaml @@ -0,0 +1,8 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-visualizationserver +spec: + template: + spec: + serviceAccountName: kf-user diff --git a/pipeline/pipeline-visualization-service/overlays/use-kf-user/kustomization.yaml b/pipeline/pipeline-visualization-service/overlays/use-kf-user/kustomization.yaml new file mode 100644 index 0000000000..b1f0331673 --- /dev/null +++ b/pipeline/pipeline-visualization-service/overlays/use-kf-user/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +bases: +- ../../base +kind: Kustomization +patchesStrategicMerge: +- deployment.yaml diff --git a/pipeline/pipelines-runner/overlays/application/application.yaml b/pipeline/pipelines-runner/overlays/application/application.yaml index 596b03b110..b4c2bfbb53 100644 --- a/pipeline/pipelines-runner/overlays/application/application.yaml +++ b/pipeline/pipelines-runner/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.0 + app.kubernetes.io/instance: pipelines-runner-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/pipelines-runner/overlays/application/kustomization.yaml b/pipeline/pipelines-runner/overlays/application/kustomization.yaml index a6b8a0d3c9..ec7c361c9d 100644 --- a/pipeline/pipelines-runner/overlays/application/kustomization.yaml +++ b/pipeline/pipelines-runner/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.0 + app.kubernetes.io/instance: pipelines-runner-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/pipelines-ui/base/deployment.yaml b/pipeline/pipelines-ui/base/deployment.yaml index e380ccbe60..5235897271 100644 --- a/pipeline/pipelines-ui/base/deployment.yaml +++ b/pipeline/pipelines-ui/base/deployment.yaml @@ -17,6 +17,9 @@ spec: - name: ml-pipeline-ui image: gcr.io/ml-pipeline/frontend imagePullPolicy: IfNotPresent + env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" ports: - containerPort: 3000 serviceAccountName: ml-pipeline-ui diff --git a/pipeline/pipelines-ui/base/kustomization.yaml b/pipeline/pipelines-ui/base/kustomization.yaml index a925eee3b0..b50d0be068 100644 --- a/pipeline/pipelines-ui/base/kustomization.yaml +++ b/pipeline/pipelines-ui/base/kustomization.yaml @@ -12,7 +12,7 @@ configMapGenerator: env: params.env images: - name: gcr.io/ml-pipeline/frontend - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/frontend vars: - name: ui-namespace diff --git a/pipeline/pipelines-ui/overlays/application/application.yaml b/pipeline/pipelines-ui/overlays/application/application.yaml index 0f1717abd6..00a7765053 100644 --- a/pipeline/pipelines-ui/overlays/application/application.yaml +++ b/pipeline/pipelines-ui/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.0 + app.kubernetes.io/instance: pipelines-ui-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/pipelines-ui/overlays/application/kustomization.yaml b/pipeline/pipelines-ui/overlays/application/kustomization.yaml index eee0faf74a..31d5ed5952 100644 --- a/pipeline/pipelines-ui/overlays/application/kustomization.yaml +++ b/pipeline/pipelines-ui/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.0 + app.kubernetes.io/instance: pipelines-ui-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/pipelines-viewer/base/kustomization.yaml b/pipeline/pipelines-viewer/base/kustomization.yaml index c73d683664..cb5f051567 100644 --- a/pipeline/pipelines-viewer/base/kustomization.yaml +++ b/pipeline/pipelines-viewer/base/kustomization.yaml @@ -12,5 +12,5 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/viewer-crd-controller diff --git a/pipeline/pipelines-viewer/overlays/application/application.yaml b/pipeline/pipelines-viewer/overlays/application/application.yaml index 4c026bf40c..1c4e9a63e3 100644 --- a/pipeline/pipelines-viewer/overlays/application/application.yaml +++ b/pipeline/pipelines-viewer/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.0 + app.kubernetes.io/instance: pipelines-viewer-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/pipelines-viewer/overlays/application/kustomization.yaml b/pipeline/pipelines-viewer/overlays/application/kustomization.yaml index 8cda73a617..f23f3171b3 100644 --- a/pipeline/pipelines-viewer/overlays/application/kustomization.yaml +++ b/pipeline/pipelines-viewer/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.0 + app.kubernetes.io/instance: pipelines-viewer-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/pipeline/scheduledworkflow/base/kustomization.yaml b/pipeline/scheduledworkflow/base/kustomization.yaml index f2ceac0cf6..3de5fe71e1 100644 --- a/pipeline/scheduledworkflow/base/kustomization.yaml +++ b/pipeline/scheduledworkflow/base/kustomization.yaml @@ -12,5 +12,5 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/scheduledworkflow diff --git a/pipeline/scheduledworkflow/overlays/application/application.yaml b/pipeline/scheduledworkflow/overlays/application/application.yaml index f573f24b83..e1ca998418 100644 --- a/pipeline/scheduledworkflow/overlays/application/application.yaml +++ b/pipeline/scheduledworkflow/overlays/application/application.yaml @@ -24,8 +24,8 @@ spec: selector: matchLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.0 + app.kubernetes.io/instance: scheduledworkflow-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 diff --git a/pipeline/scheduledworkflow/overlays/application/kustomization.yaml b/pipeline/scheduledworkflow/overlays/application/kustomization.yaml index 6f28f29e8d..ed9a8a2a51 100644 --- a/pipeline/scheduledworkflow/overlays/application/kustomization.yaml +++ b/pipeline/scheduledworkflow/overlays/application/kustomization.yaml @@ -3,11 +3,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.0 + app.kubernetes.io/instance: scheduledworkflow-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/tests/metadata-base_test.go b/tests/metadata-base_test.go index 56353538ae..94eea64017 100644 --- a/tests/metadata-base_test.go +++ b/tests/metadata-base_test.go @@ -71,13 +71,13 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] ports: - name: grpc-backendapi - containerPort: 8080 + containerPort: 8080 #The value of the port number needs to be in sync with value specified in grpc-params.env `) th.writeF("/manifests/metadata/base/metadata-service.yaml", ` kind: Service @@ -258,8 +258,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/metadata-overlays-application_test.go b/tests/metadata-overlays-application_test.go index 588c5a1a88..27d0c1143b 100644 --- a/tests/metadata-overlays-application_test.go +++ b/tests/metadata-overlays-application_test.go @@ -128,7 +128,7 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] @@ -304,7 +304,8 @@ uiClusterDomain=cluster.local `) th.writeF("/manifests/metadata/base/grpc-params.env", ` METADATA_GRPC_SERVICE_HOST=metadata-grpc-service -METADATA_GRPC_SERVICE_PORT=8080`) +METADATA_GRPC_SERVICE_PORT=8080 +`) th.writeK("/manifests/metadata/base", ` namePrefix: metadata- apiVersion: kustomize.config.k8s.io/v1beta1 @@ -314,8 +315,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/metadata-overlays-db_test.go b/tests/metadata-overlays-db_test.go index 137b52e507..18f9e751d7 100644 --- a/tests/metadata-overlays-db_test.go +++ b/tests/metadata-overlays-db_test.go @@ -147,21 +147,24 @@ spec: - secretRef: name: metadata-db-secrets - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", "--mysql_config_host=$(metadata-db-service)", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(MYSQL_USER_NAME)", "--mysql_config_password=$(MYSQL_ROOT_PASSWORD)" - ]`) + ] +`) th.writeF("/manifests/metadata/overlays/db/params.env", ` MYSQL_DATABASE=metadb MYSQL_PORT=3306 -MYSQL_ALLOW_EMPTY_PASSWORD=true`) +MYSQL_ALLOW_EMPTY_PASSWORD=true +`) th.writeF("/manifests/metadata/overlays/db/secrets.env", ` MYSQL_USER_NAME=root -MYSQL_ROOT_PASSWORD=test`) +MYSQL_ROOT_PASSWORD=test +`) th.writeK("/manifests/metadata/overlays/db", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization @@ -196,7 +199,8 @@ vars: name: metadata-db apiVersion: v1 fieldref: - fieldpath: metadata.name`) + fieldpath: metadata.name +`) th.writeF("/manifests/metadata/base/metadata-deployment.yaml", ` apiVersion: apps/v1 kind: Deployment @@ -254,13 +258,13 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] ports: - name: grpc-backendapi - containerPort: 8080 + containerPort: 8080 #The value of the port number needs to be in sync with value specified in grpc-params.env `) th.writeF("/manifests/metadata/base/metadata-service.yaml", ` kind: Service @@ -441,8 +445,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/metadata-overlays-external-mysql_test.go b/tests/metadata-overlays-external-mysql_test.go index a3ddcf8b83..3eaedc7d2d 100644 --- a/tests/metadata-overlays-external-mysql_test.go +++ b/tests/metadata-overlays-external-mysql_test.go @@ -70,7 +70,7 @@ spec: - secretRef: name: metadata-db-secrets - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", "--mysql_config_host=$(MYSQL_HOST)", "--mysql_config_database=$(MYSQL_DATABASE)", @@ -162,7 +162,7 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] @@ -349,8 +349,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/metadata-overlays-ibm-storage-config_test.go b/tests/metadata-overlays-ibm-storage-config_test.go index 5bc3265823..5d9bcccd0f 100644 --- a/tests/metadata-overlays-ibm-storage-config_test.go +++ b/tests/metadata-overlays-ibm-storage-config_test.go @@ -81,13 +81,13 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] ports: - name: grpc-backendapi - containerPort: 8080 + containerPort: 8080 #The value of the port number needs to be in sync with value specified in grpc-params.env `) th.writeF("/manifests/metadata/base/metadata-service.yaml", ` kind: Service @@ -268,8 +268,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/metadata-overlays-istio_test.go b/tests/metadata-overlays-istio_test.go index 6bb988a447..39678454c6 100644 --- a/tests/metadata-overlays-istio_test.go +++ b/tests/metadata-overlays-istio_test.go @@ -133,13 +133,13 @@ spec: - name: container envFrom: - configMapRef: - name: metadata-grpc-configmap + name: grpc-configmap image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 command: ["/bin/metadata_store_server"] args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)"] ports: - name: grpc-backendapi - containerPort: 8080 + containerPort: 8080 #The value of the port number needs to be in sync with value specified in grpc-params.env `) th.writeF("/manifests/metadata/base/metadata-service.yaml", ` kind: Service @@ -320,8 +320,12 @@ commonLabels: configMapGenerator: - name: ui-parameters env: params.env -- name: metadata-grpc-configmap +- name: grpc-configmap env: grpc-params.env +generatorOptions: + # TFX pipelines use metadata-grpc-configmap for finding grpc server host and + # port at runtime. Because they don't know the suffix, we have to disable it. + disableNameSuffixHash: true resources: - metadata-deployment.yaml - metadata-service.yaml diff --git a/tests/pipeline-api-service-base_test.go b/tests/pipeline-api-service-base_test.go index 86eff820a4..be992cc4a8 100644 --- a/tests/pipeline-api-service-base_test.go +++ b/tests/pipeline-api-service-base_test.go @@ -163,7 +163,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/api-server `) } diff --git a/tests/pipeline-api-service-overlays-application_test.go b/tests/pipeline-api-service-overlays-application_test.go index df66513f89..2b61417659 100644 --- a/tests/pipeline-api-service-overlays-application_test.go +++ b/tests/pipeline-api-service-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.0 + app.kubernetes.io/instance: api-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/api-service/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.0 + app.kubernetes.io/instance: api-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -211,7 +211,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/api-server `) } diff --git a/tests/pipeline-api-service-overlays-external-mysql_test.go b/tests/pipeline-api-service-overlays-external-mysql_test.go index 9725fc7ed3..2fa0619742 100644 --- a/tests/pipeline-api-service-overlays-external-mysql_test.go +++ b/tests/pipeline-api-service-overlays-external-mysql_test.go @@ -240,7 +240,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/api-server `) } diff --git a/tests/pipeline-api-service-overlays-use-kf-user_test.go b/tests/pipeline-api-service-overlays-use-kf-user_test.go index 1049cceb6f..35d7ffd634 100644 --- a/tests/pipeline-api-service-overlays-use-kf-user_test.go +++ b/tests/pipeline-api-service-overlays-use-kf-user_test.go @@ -185,7 +185,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/api-server `) } diff --git a/tests/pipeline-minio-overlays-application_test.go b/tests/pipeline-minio-overlays-application_test.go index 1227e5daa4..dc4abe9dc1 100644 --- a/tests/pipeline-minio-overlays-application_test.go +++ b/tests/pipeline-minio-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.0 + app.kubernetes.io/instance: minio-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/minio/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.0 + app.kubernetes.io/instance: minio-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -134,9 +134,11 @@ varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/minio/base/params.env", ` -minioPvcName=`) +minioPvcName= +`) th.writeK("/manifests/pipeline/minio/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/tests/pipeline-mysql-overlays-application_test.go b/tests/pipeline-mysql-overlays-application_test.go index dde91bb540..80b58bc2f6 100644 --- a/tests/pipeline-mysql-overlays-application_test.go +++ b/tests/pipeline-mysql-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.0 + app.kubernetes.io/instance: mysql-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/mysql/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.0 + app.kubernetes.io/instance: mysql-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -108,13 +108,15 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi`) + storage: 20Gi +`) th.writeF("/manifests/pipeline/mysql/base/params.yaml", ` varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/mysql/base/params.env", ` mysqlPvcName= `) diff --git a/tests/pipeline-persistent-agent-base_test.go b/tests/pipeline-persistent-agent-base_test.go index 70a2d7af74..c02fc964cc 100644 --- a/tests/pipeline-persistent-agent-base_test.go +++ b/tests/pipeline-persistent-agent-base_test.go @@ -88,7 +88,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/persistenceagent - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/persistenceagent `) } diff --git a/tests/pipeline-persistent-agent-overlays-application_test.go b/tests/pipeline-persistent-agent-overlays-application_test.go index 6a8d826a40..bc3377e910 100644 --- a/tests/pipeline-persistent-agent-overlays-application_test.go +++ b/tests/pipeline-persistent-agent-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.0 + app.kubernetes.io/instance: persistent-agent-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/persistent-agent/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.0 + app.kubernetes.io/instance: persistent-agent-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -136,7 +136,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/persistenceagent - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/persistenceagent `) } diff --git a/tests/pipeline-pipeline-visualization-service-base_test.go b/tests/pipeline-pipeline-visualization-service-base_test.go index b742f22404..32861a70ab 100644 --- a/tests/pipeline-pipeline-visualization-service-base_test.go +++ b/tests/pipeline-pipeline-visualization-service-base_test.go @@ -62,7 +62,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/visualization-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/visualization-server `) } diff --git a/tests/pipeline-pipeline-visualization-service-overlays-application_test.go b/tests/pipeline-pipeline-visualization-service-overlays-application_test.go index aeced4b511..d5a39bb68c 100644 --- a/tests/pipeline-pipeline-visualization-service-overlays-application_test.go +++ b/tests/pipeline-pipeline-visualization-service-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.0 + app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/pipeline-visualization-service/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.0 + app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -110,7 +110,7 @@ resources: - service.yaml images: - name: gcr.io/ml-pipeline/visualization-server - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/visualization-server `) } diff --git a/tests/pipeline-pipeline-visualization-service-overlays-use-kf-user_test.go b/tests/pipeline-pipeline-visualization-service-overlays-use-kf-user_test.go new file mode 100644 index 0000000000..934d731b4d --- /dev/null +++ b/tests/pipeline-pipeline-visualization-service-overlays-use-kf-user_test.go @@ -0,0 +1,117 @@ +package tests_test + +import ( + "sigs.k8s.io/kustomize/v3/k8sdeps/kunstruct" + "sigs.k8s.io/kustomize/v3/k8sdeps/transformer" + "sigs.k8s.io/kustomize/v3/pkg/fs" + "sigs.k8s.io/kustomize/v3/pkg/loader" + "sigs.k8s.io/kustomize/v3/pkg/plugins" + "sigs.k8s.io/kustomize/v3/pkg/resmap" + "sigs.k8s.io/kustomize/v3/pkg/resource" + "sigs.k8s.io/kustomize/v3/pkg/target" + "sigs.k8s.io/kustomize/v3/pkg/validators" + "testing" +) + +func writePipelineVisualizationServiceOverlaysUseKfUser(th *KustTestHarness) { + th.writeF("/manifests/pipeline/pipeline-visualization-service/overlays/use-kf-user/deployment.yaml", ` +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-visualizationserver +spec: + template: + spec: + serviceAccountName: kf-user +`) + th.writeK("/manifests/pipeline/pipeline-visualization-service/overlays/use-kf-user", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +bases: +- ../../base +kind: Kustomization +patchesStrategicMerge: +- deployment.yaml +`) + th.writeF("/manifests/pipeline/pipeline-visualization-service/base/deployment.yaml", ` +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 +`) + th.writeF("/manifests/pipeline/pipeline-visualization-service/base/service.yaml", ` +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver +`) + th.writeK("/manifests/pipeline/pipeline-visualization-service/base", ` +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +nameprefix: ml-pipeline- +commonLabels: + app: ml-pipeline-visualizationserver +resources: +- deployment.yaml +- service.yaml +images: +- name: gcr.io/ml-pipeline/visualization-server + newTag: 0.2.5 + newName: gcr.io/ml-pipeline/visualization-server +`) +} + +func TestPipelineVisualizationServiceOverlaysUseKfUser(t *testing.T) { + th := NewKustTestHarness(t, "/manifests/pipeline/pipeline-visualization-service/overlays/use-kf-user") + writePipelineVisualizationServiceOverlaysUseKfUser(th) + m, err := th.makeKustTarget().MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + expected, err := m.AsYaml() + if err != nil { + t.Fatalf("Err: %v", err) + } + targetPath := "../pipeline/pipeline-visualization-service/overlays/use-kf-user" + fsys := fs.MakeRealFS() + lrc := loader.RestrictionRootOnly + _loader, loaderErr := loader.NewLoader(lrc, validators.MakeFakeValidator(), targetPath, fsys) + if loaderErr != nil { + t.Fatalf("could not load kustomize loader: %v", loaderErr) + } + rf := resmap.NewFactory(resource.NewFactory(kunstruct.NewKunstructuredFactoryImpl()), transformer.NewFactoryImpl()) + pc := plugins.DefaultPluginConfig() + kt, err := target.NewKustTarget(_loader, rf, transformer.NewFactoryImpl(), plugins.NewLoader(pc, rf)) + if err != nil { + th.t.Fatalf("Unexpected construction error %v", err) + } + actual, err := kt.MakeCustomizedResMap() + if err != nil { + t.Fatalf("Err: %v", err) + } + th.assertActualEqualsExpected(actual, string(expected)) +} diff --git a/tests/pipeline-pipelines-runner-overlays-application_test.go b/tests/pipeline-pipelines-runner-overlays-application_test.go index 5ad83f9e08..8e3e76f6af 100644 --- a/tests/pipeline-pipelines-runner-overlays-application_test.go +++ b/tests/pipeline-pipelines-runner-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.0 + app.kubernetes.io/instance: pipelines-runner-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/pipelines-runner/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.0 + app.kubernetes.io/instance: pipelines-runner-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/tests/pipeline-pipelines-ui-base_test.go b/tests/pipeline-pipelines-ui-base_test.go index 2da4344c6e..bc6a01f08c 100644 --- a/tests/pipeline-pipelines-ui-base_test.go +++ b/tests/pipeline-pipelines-ui-base_test.go @@ -34,6 +34,9 @@ spec: - name: ml-pipeline-ui image: gcr.io/ml-pipeline/frontend imagePullPolicy: IfNotPresent + env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" ports: - containerPort: 3000 serviceAccountName: ml-pipeline-ui @@ -160,7 +163,7 @@ configMapGenerator: env: params.env images: - name: gcr.io/ml-pipeline/frontend - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/frontend vars: - name: ui-namespace diff --git a/tests/pipeline-pipelines-ui-overlays-application_test.go b/tests/pipeline-pipelines-ui-overlays-application_test.go index 005f23fc38..21a4eb46c2 100644 --- a/tests/pipeline-pipelines-ui-overlays-application_test.go +++ b/tests/pipeline-pipelines-ui-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.0 + app.kubernetes.io/instance: pipelines-ui-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/pipelines-ui/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.0 + app.kubernetes.io/instance: pipelines-ui-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -82,6 +82,9 @@ spec: - name: ml-pipeline-ui image: gcr.io/ml-pipeline/frontend imagePullPolicy: IfNotPresent + env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" ports: - containerPort: 3000 serviceAccountName: ml-pipeline-ui @@ -208,7 +211,7 @@ configMapGenerator: env: params.env images: - name: gcr.io/ml-pipeline/frontend - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/frontend vars: - name: ui-namespace diff --git a/tests/pipeline-pipelines-ui-overlays-gcp_test.go b/tests/pipeline-pipelines-ui-overlays-gcp_test.go index 4e19747c02..f28a788f1f 100644 --- a/tests/pipeline-pipelines-ui-overlays-gcp_test.go +++ b/tests/pipeline-pipelines-ui-overlays-gcp_test.go @@ -87,6 +87,9 @@ spec: - name: ml-pipeline-ui image: gcr.io/ml-pipeline/frontend imagePullPolicy: IfNotPresent + env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" ports: - containerPort: 3000 serviceAccountName: ml-pipeline-ui @@ -213,7 +216,7 @@ configMapGenerator: env: params.env images: - name: gcr.io/ml-pipeline/frontend - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/frontend vars: - name: ui-namespace diff --git a/tests/pipeline-pipelines-ui-overlays-istio_test.go b/tests/pipeline-pipelines-ui-overlays-istio_test.go index f9806207b5..f3b0c299d1 100644 --- a/tests/pipeline-pipelines-ui-overlays-istio_test.go +++ b/tests/pipeline-pipelines-ui-overlays-istio_test.go @@ -94,6 +94,9 @@ spec: - name: ml-pipeline-ui image: gcr.io/ml-pipeline/frontend imagePullPolicy: IfNotPresent + env: + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" ports: - containerPort: 3000 serviceAccountName: ml-pipeline-ui @@ -220,7 +223,7 @@ configMapGenerator: env: params.env images: - name: gcr.io/ml-pipeline/frontend - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/frontend vars: - name: ui-namespace diff --git a/tests/pipeline-pipelines-viewer-base_test.go b/tests/pipeline-pipelines-viewer-base_test.go index 406d566696..dc2278a311 100644 --- a/tests/pipeline-pipelines-viewer-base_test.go +++ b/tests/pipeline-pipelines-viewer-base_test.go @@ -175,7 +175,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/viewer-crd-controller `) } diff --git a/tests/pipeline-pipelines-viewer-overlays-application_test.go b/tests/pipeline-pipelines-viewer-overlays-application_test.go index ee6cd5ac2b..9bef5566f9 100644 --- a/tests/pipeline-pipelines-viewer-overlays-application_test.go +++ b/tests/pipeline-pipelines-viewer-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.0 + app.kubernetes.io/instance: pipelines-viewer-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/pipelines-viewer/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.0 + app.kubernetes.io/instance: pipelines-viewer-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -223,7 +223,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/viewer-crd-controller `) } diff --git a/tests/pipeline-scheduledworkflow-base_test.go b/tests/pipeline-scheduledworkflow-base_test.go index af677173c9..303a7fd0e3 100644 --- a/tests/pipeline-scheduledworkflow-base_test.go +++ b/tests/pipeline-scheduledworkflow-base_test.go @@ -175,7 +175,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/scheduledworkflow `) } diff --git a/tests/pipeline-scheduledworkflow-overlays-application_test.go b/tests/pipeline-scheduledworkflow-overlays-application_test.go index 5f6529072a..cedd3d8eb6 100644 --- a/tests/pipeline-scheduledworkflow-overlays-application_test.go +++ b/tests/pipeline-scheduledworkflow-overlays-application_test.go @@ -41,11 +41,11 @@ spec: selector: matchLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.0 + app.kubernetes.io/instance: scheduledworkflow-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 `) th.writeK("/manifests/pipeline/scheduledworkflow/overlays/application", ` apiVersion: kustomize.config.k8s.io/v1beta1 @@ -53,11 +53,11 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.0 + app.kubernetes.io/instance: scheduledworkflow-0.2.5 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.0 + app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml @@ -223,7 +223,7 @@ resources: - service-account.yaml images: - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 0.2.0 + newTag: 0.2.5 newName: gcr.io/ml-pipeline/scheduledworkflow `) } From bb0535c40d83ed8e7d7aa6238252637861c960cf Mon Sep 17 00:00:00 2001 From: Richard Liu <39319471+richardsliu@users.noreply.github.com> Date: Fri, 10 Apr 2020 17:03:47 -0700 Subject: [PATCH 7/8] Automated cherry pick of #1100: v1.0.2 manifests Cherry pick of #1100 on v1.0-branch. #1100: v1.0.2 manifests (#1101) * v1.0.2 manifests * fix version --- kfdef/kfctl_anthos.v1.0.2.yaml | 319 +++++++++++++ kfdef/kfctl_aws.v1.0.2.yaml | 351 ++++++++++++++ kfdef/kfctl_aws_cognito.v1.0.2.yaml | 378 +++++++++++++++ kfdef/kfctl_gcp_basic_auth.v1.0.2.yaml | 431 ++++++++++++++++++ kfdef/kfctl_gcp_iap.v1.0.2.yaml | 429 +++++++++++++++++ kfdef/kfctl_ibm.v1.0.2.yaml | 361 +++++++++++++++ kfdef/kfctl_istio_dex.v1.0.2.yaml | 374 +++++++++++++++ kfdef/kfctl_k8s_istio.v1.0.2.yaml | 356 +++++++++++++++ kfdef/source/v1.0.2/kfctl_anthos.yaml | 13 + kfdef/source/v1.0.2/kfctl_aws.yaml | 13 + kfdef/source/v1.0.2/kfctl_aws_cognito.yaml | 13 + kfdef/source/v1.0.2/kfctl_gcp_basic_auth.yaml | 13 + kfdef/source/v1.0.2/kfctl_gcp_iap.yaml | 12 + kfdef/source/v1.0.2/kfctl_ibm.yaml | 13 + kfdef/source/v1.0.2/kfctl_istio_dex.yaml | 14 + kfdef/source/v1.0.2/kfctl_k8s_istio.yaml | 13 + kfdef/source/v1.0.2/kustomization.yaml | 14 + 17 files changed, 3117 insertions(+) create mode 100644 kfdef/kfctl_anthos.v1.0.2.yaml create mode 100644 kfdef/kfctl_aws.v1.0.2.yaml create mode 100644 kfdef/kfctl_aws_cognito.v1.0.2.yaml create mode 100644 kfdef/kfctl_gcp_basic_auth.v1.0.2.yaml create mode 100644 kfdef/kfctl_gcp_iap.v1.0.2.yaml create mode 100644 kfdef/kfctl_ibm.v1.0.2.yaml create mode 100644 kfdef/kfctl_istio_dex.v1.0.2.yaml create mode 100644 kfdef/kfctl_k8s_istio.v1.0.2.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_anthos.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_aws.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_aws_cognito.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_gcp_basic_auth.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_gcp_iap.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_ibm.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_istio_dex.yaml create mode 100644 kfdef/source/v1.0.2/kfctl_k8s_istio.yaml create mode 100644 kfdef/source/v1.0.2/kustomization.yaml diff --git a/kfdef/kfctl_anthos.v1.0.2.yaml b/kfdef/kfctl_anthos.v1.0.2.yaml new file mode 100644 index 0000000000..180525ce03 --- /dev/null +++ b/kfdef/kfctl_anthos.v1.0.2.yaml @@ -0,0 +1,319 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'OFF' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: admin + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_aws.v1.0.2.yaml b/kfdef/kfctl_aws.v1.0.2.yaml new file mode 100644 index 0000000000..0e77f76137 --- /dev/null +++ b/kfdef/kfctl_aws.v1.0.2.yaml @@ -0,0 +1,351 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'OFF' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/add-anonymous-user-filter + name: add-anonymous-user-filter + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - application + parameters: + - name: webhookNamePrefix + value: admission-webhook- + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: mpi-job/mpi-operator + name: mpi-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: clusterName + value: kubeflow-aws + repoRef: + name: manifests + path: aws/aws-alb-ingress-controller + name: aws-alb-ingress-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: aws/nvidia-device-plugin + name: nvidia-device-plugin + plugins: + - kind: KfAwsPlugin + metadata: + name: aws + spec: + auth: + basicAuth: + password: + name: password + username: admin + region: us-west-2 + roles: + - eksctl-kubeflow-aws-nodegroup-ng-a2-NodeInstanceRole-xxxxxxx + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_aws_cognito.v1.0.2.yaml b/kfdef/kfctl_aws_cognito.v1.0.2.yaml new file mode 100644 index 0000000000..7e90d001da --- /dev/null +++ b/kfdef/kfctl_aws_cognito.v1.0.2.yaml @@ -0,0 +1,378 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'ON' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - application + parameters: + - name: webhookNamePrefix + value: admission-webhook- + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvName + value: minio-pv + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvName + value: mysql-pv + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: mpi-job/mpi-operator + name: mpi-operator + - kustomizeConfig: + overlays: + - cognito + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: aws/istio-ingress + name: istio-ingress + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: istio-system + - name: origin-header + value: x-amzn-oidc-data + - name: custom-header + value: kubeflow-userid + repoRef: + name: manifests + path: aws/aws-istio-authz-adaptor + name: aws-istio-authz-adaptor + - kustomizeConfig: + overlays: + - application + parameters: + - name: clusterName + value: kubeflow-aws + repoRef: + name: manifests + path: aws/aws-alb-ingress-controller + name: aws-alb-ingress-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: aws/nvidia-device-plugin + name: nvidia-device-plugin + plugins: + - kind: KfAwsPlugin + metadata: + name: aws + spec: + auth: + cognito: + certArn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxxxxxxxx-xxxx + cognitoAppClientId: xxxxxbxxxxxx + cognitoUserPoolArn: arn:aws:cognito-idp:us-west-2:xxxxx:userpool/us-west-2_xxxxxx + cognitoUserPoolDomain: your-user-pool + region: us-west-2 + roles: + - eksctl-kubeflow-aws-nodegroup-ng-a2-NodeInstanceRole-xxxxx + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_gcp_basic_auth.v1.0.2.yaml b/kfdef/kfctl_gcp_basic_auth.v1.0.2.yaml new file mode 100644 index 0000000000..d0e7123546 --- /dev/null +++ b/kfdef/kfctl_gcp_basic_auth.v1.0.2.yaml @@ -0,0 +1,431 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'OFF' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - application + parameters: + - name: webhookNamePrefix + value: admission-webhook- + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: injectGcpCredentials + value: 'true' + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: '2700513155662330975' + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - minioPd + - application + parameters: + - name: minioPd + value: test1-storage-artifact-store + - name: minioPvName + value: minio-pv + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - mysqlPd + - application + parameters: + - name: mysqlPd + value: test1-storage-metadata-store + - name: mysqlPvName + value: mysql-pv + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - gcp + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: ipName + value: ipName + - name: hostname + repoRef: + name: manifests + path: gcp/cloud-endpoints + name: cloud-endpoints + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: admin + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: gcp/gpu-driver + name: gpu-driver + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + - kustomizeConfig: + parameters: + - name: ambassadorServiceType + value: NodePort + - name: namespace + value: istio-system + repoRef: + name: manifests + path: common/ambassador + name: ambassador + - kustomizeConfig: + repoRef: + name: manifests + path: common/basic-auth + name: basic-auth + - kustomizeConfig: + overlays: + - managed-cert + - application + parameters: + - name: namespace + value: istio-system + - name: ipName + - name: hostname + - name: project + - name: ingressName + value: envoy-ingress + - name: issuer + value: letsencrypt-prod + repoRef: + name: manifests + path: gcp/basic-auth-ingress + name: basic-auth-ingress + - kustomizeConfig: + repoRef: + name: manifests + path: default-install + name: default-install + plugins: + - kind: KfGcpPlugin + metadata: + creationTimestamp: null + name: gcp + spec: + createPipelinePersistentStorage: true + deploymentManagerConfig: + repoRef: + name: manifests + path: gcp/deployment_manager_configs + enableWorkloadIdentity: true + skipInitProject: true + useBasicAuth: true + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_gcp_iap.v1.0.2.yaml b/kfdef/kfctl_gcp_iap.v1.0.2.yaml new file mode 100644 index 0000000000..6d4f0e86ec --- /dev/null +++ b/kfdef/kfctl_gcp_iap.v1.0.2.yaml @@ -0,0 +1,429 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'ON' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - application + parameters: + - name: webhookNamePrefix + value: admission-webhook- + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: injectGcpCredentials + value: 'true' + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: '7439583937720421527' + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + - use-kf-user + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - minioPd + - application + parameters: + - name: minioPd + value: test1-storage-artifact-store + - name: minioPvName + value: minio-pv + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - mysqlPd + - application + parameters: + - name: mysqlPd + value: test1-storage-metadata-store + - name: mysqlPvName + value: mysql-pv + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + - use-kf-user + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - gcp + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + - use-kf-user + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: gcp/cloud-endpoints + name: cloud-endpoints + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: admin + - name: userid-header + value: X-Goog-Authenticated-User-Email + - name: userid-prefix + value: 'accounts.google.com:' + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: gcp/gpu-driver + name: gpu-driver + - kustomizeConfig: + overlays: + - managed-cert + - application + parameters: + - name: namespace + value: istio-system + - name: ipName + value: test1-ip + - name: hostname + repoRef: + name: manifests + path: gcp/iap-ingress + name: iap-ingress + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + - kustomizeConfig: + parameters: + - name: user + - name: profile-name + value: anonymous + repoRef: + name: manifests + path: default-install + name: default-install + plugins: + - kind: KfGcpPlugin + metadata: + creationTimestamp: null + name: gcp + spec: + createPipelinePersistentStorage: true + deploymentManagerConfig: + repoRef: + name: manifests + path: gcp/deployment_manager_configs + enableWorkloadIdentity: true + skipInitProject: true + useBasicAuth: false + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_ibm.v1.0.2.yaml b/kfdef/kfctl_ibm.v1.0.2.yaml new file mode 100644 index 0000000000..ac2ddbe9de --- /dev/null +++ b/kfdef/kfctl_ibm.v1.0.2.yaml @@ -0,0 +1,361 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'OFF' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/add-anonymous-user-filter + name: add-anonymous-user-filter + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: containerRuntimeExecutor + value: pns + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - ibm-storage-config + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + - ibm-storage-config + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: admin + value: example@kubeflow.org + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_istio_dex.v1.0.2.yaml b/kfdef/kfctl_istio_dex.v1.0.2.yaml new file mode 100644 index 0000000000..c12f18233c --- /dev/null +++ b/kfdef/kfctl_istio_dex.v1.0.2.yaml @@ -0,0 +1,374 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio-1-3-1/istio-crds-1-3-1 + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio-1-3-1/istio-install-1-3-1 + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio-1-3-1/cluster-local-gateway-1-3-1 + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'ON' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: istio-system + - name: userid-header + value: kubeflow-userid + - name: oidc_provider + value: http://dex.auth.svc.cluster.local:5556/dex + - name: oidc_redirect_uri + value: /login/oidc + - name: oidc_auth_url + value: /dex/auth + - name: skip_auth_uri + value: /dex + - name: client_id + value: kubeflow-oidc-authservice + repoRef: + name: manifests + path: istio/oidc-authservice + name: oidc-authservice + - kustomizeConfig: + overlays: + - istio + parameters: + - name: namespace + value: auth + - name: issuer + value: http://dex.auth.svc.cluster.local:5556/dex + - name: client_id + value: kubeflow-oidc-authservice + - name: oidc_redirect_uris + value: '["/login/oidc"]' + - name: static_email + value: admin@kubeflow.org + - name: static_password_hash + value: $2y$12$ruoM7FqXrpVgaol44eRZW.4HWS8SAvg6KYVVSCIwKQPBmTpCm.EeO + repoRef: + name: manifests + path: dex-auth/dex-crds + name: dex + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - cert-manager + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/kfctl_k8s_istio.v1.0.2.yaml b/kfdef/kfctl_k8s_istio.v1.0.2.yaml new file mode 100644 index 0000000000..0bdc01e6b6 --- /dev/null +++ b/kfdef/kfctl_k8s_istio.v1.0.2.yaml @@ -0,0 +1,356 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/cluster-local-gateway + name: cluster-local-gateway + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: 'OFF' + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/add-anonymous-user-filter + name: add-anonymous-user-filter + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + parameters: + - name: namespace + value: kube-system + repoRef: + name: manifests + path: cert-manager/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + overlays: + - self-signed + - application + parameters: + - name: namespace + value: cert-manager + repoRef: + name: manifests + path: cert-manager/cert-manager + name: cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + repoRef: + name: manifests + path: kubeflow-roles + name: kubeflow-roles + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - istio + - application + parameters: + - name: userid-header + value: kubeflow-userid + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: spark/spark-operator + name: spark-operator + - kustomizeConfig: + overlays: + - istio + - application + - db + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + overlays: + - application + parameters: + - name: usageId + value: + - name: reportUsage + value: 'true' + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-crds + name: tf-job-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: katib/katib-crds + name: katib-crds + - kustomizeConfig: + overlays: + - application + - istio + repoRef: + name: manifests + path: katib/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + overlays: + - application + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + overlays: + - application + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: pipeline/pipeline-visualization-service + name: pipeline-visualization-service + - kustomizeConfig: + overlays: + - application + - istio + parameters: + - name: admin + value: johnDoe@acme.com + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_anthos.yaml b/kfdef/source/v1.0.2/kfctl_anthos.yaml new file mode 100644 index 0000000000..6a8c63696b --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_anthos.yaml @@ -0,0 +1,13 @@ +# This is the config to install Kubeflow on an Anthos. +# The cluster comes with customized Istio installation. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-anthos +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_aws.yaml b/kfdef/source/v1.0.2/kfctl_aws.yaml new file mode 100644 index 0000000000..bb33fd1d4c --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_aws.yaml @@ -0,0 +1,13 @@ +# This is the config to install Kubeflow on an Anthos. +# The cluster comes with customized Istio installation. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-aws +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_aws_cognito.yaml b/kfdef/source/v1.0.2/kfctl_aws_cognito.yaml new file mode 100644 index 0000000000..be4aa7f654 --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_aws_cognito.yaml @@ -0,0 +1,13 @@ +# This is the config to install Kubeflow on an Anthos. +# The cluster comes with customized Istio installation. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-aws-cognito +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_gcp_basic_auth.yaml b/kfdef/source/v1.0.2/kfctl_gcp_basic_auth.yaml new file mode 100644 index 0000000000..7c7593fce9 --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_gcp_basic_auth.yaml @@ -0,0 +1,13 @@ +# Please set project and email! +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-gcp-basic-auth +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 + diff --git a/kfdef/source/v1.0.2/kfctl_gcp_iap.yaml b/kfdef/source/v1.0.2/kfctl_gcp_iap.yaml new file mode 100644 index 0000000000..4743e357c5 --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_gcp_iap.yaml @@ -0,0 +1,12 @@ +# Please set project and email! +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-gcp-iap +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_ibm.yaml b/kfdef/source/v1.0.2/kfctl_ibm.yaml new file mode 100644 index 0000000000..717ec6be3d --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_ibm.yaml @@ -0,0 +1,13 @@ +# This is the config to install Kubeflow on an Anthos. +# The cluster comes with customized Istio installation. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-ibm +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_istio_dex.yaml b/kfdef/source/v1.0.2/kfctl_istio_dex.yaml new file mode 100644 index 0000000000..b569c1d8d6 --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_istio_dex.yaml @@ -0,0 +1,14 @@ +# This is the config to install Kubeflow on an existing K8s cluster, with support +# for multi-user and LDAP auth using Dex. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-istio-dex + namespace: kubeflow +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kfctl_k8s_istio.yaml b/kfdef/source/v1.0.2/kfctl_k8s_istio.yaml new file mode 100644 index 0000000000..5b85cb84ca --- /dev/null +++ b/kfdef/source/v1.0.2/kfctl_k8s_istio.yaml @@ -0,0 +1,13 @@ +# This is the config to install Kubeflow on an Anthos. +# The cluster comes with customized Istio installation. +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: kfctl-k8s-istio +spec: + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.0-branch.tar.gz + # To get manifest at a PR: + #uri: https://github.com/kubeflow/manifests/archive/pull/235/head.tar.gz + version: v1.0.2 diff --git a/kfdef/source/v1.0.2/kustomization.yaml b/kfdef/source/v1.0.2/kustomization.yaml new file mode 100644 index 0000000000..b65186a4a2 --- /dev/null +++ b/kfdef/source/v1.0.2/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +bases: + - ../master +patchesStrategicMerge: +- kfctl_anthos.yaml +- kfctl_aws.yaml +- kfctl_aws_cognito.yaml +- kfctl_gcp_iap.yaml +- kfctl_gcp_basic_auth.yaml +- kfctl_ibm.yaml +- kfctl_istio_dex.yaml +- kfctl_k8s_istio.yaml From 95f88c1bd74f98980579728a851b7205be03bd90 Mon Sep 17 00:00:00 2001 From: Jiaxin Shan Date: Wed, 15 Apr 2020 12:22:45 -0700 Subject: [PATCH 8/8] Cherry-pick #1041 #1060 #1081 to v1.0-branch (#1105) * Update resources in pipeline-runner role (#1060) Signed-off-by: Jiaxin Shan * Update AWS storage options to 1.14 CSI compatible (#1081) * add knative and kfserving in AWS kfdef (#1041) * add knative and kfserving in AWS kfdef * add knative and kfserving in AWS kfdef * add knative, kfserving and gateway in v1.0.2 * revert changes on versions previous than v1.0.2 * run build_kfdef_specs and revert previous versions --- .../csi-attacher-cluster-role-binding.yaml | 12 - .../base/csi-attacher-cluster-role.yaml | 14 - .../base/csi-controller-sa.yaml | 4 - .../base/csi-controller-stateful-set.yaml | 51 ---- .../base/csi-default-storage.yaml | 5 - aws/aws-efs-csi-driver/base/csi-driver.yaml | 7 + .../base/csi-node-cluster-role-binding.yaml | 12 - .../base/csi-node-cluster-role.yaml | 23 -- ...aemon-set.yaml => csi-node-daemonset.yaml} | 54 ++-- aws/aws-efs-csi-driver/base/csi-node-sa.yaml | 4 - .../base/kustomization.yaml | 19 +- .../csi-attacher-cluster-role-binding.yaml | 12 - .../base/csi-attacher-cluster-role.yaml | 14 - .../csi-controller-cluster-role-binding.yaml | 12 - .../base/csi-controller-cluster-role.yaml | 17 -- .../base/csi-controller-sa.yaml | 4 + ...-stateful-set.yaml => csi-controller.yaml} | 42 +-- .../base/csi-default-storage.yaml | 5 - aws/aws-fsx-csi-driver/base/csi-driver.yaml | 7 + .../base/csi-node-cluster-role-binding.yaml | 12 - .../base/csi-node-cluster-role.yaml | 23 -- .../base/csi-node-daemonset.yaml | 47 ++-- aws/aws-fsx-csi-driver/base/csi-node-sa.yaml | 4 - .../csi-provisioner-cluster-role-binding.yaml | 4 +- .../base/csi-provisioner-cluster-role.yaml | 13 +- .../base/kustomization.yaml | 22 +- kfdef/kfctl_aws.v1.0.2.yaml | 42 +++ kfdef/kfctl_aws.yaml | 42 +++ kfdef/kfctl_aws_cognito.v1.0.2.yaml | 42 +++ kfdef/kfctl_aws_cognito.yaml | 42 +++ kfdef/source/master/kfctl_aws.yaml | 42 +++ kfdef/source/master/kfctl_aws_cognito.yaml | 42 +++ .../pipelines-runner/base/cluster-role.yaml | 17 +- ...ws-aws-alb-ingress-controller-base_test.go | 3 +- ...ss-controller-overlays-application_test.go | 3 +- ...lb-ingress-controller-overlays-vpc_test.go | 3 +- tests/aws-aws-efs-csi-driver-base_test.go | 219 ++++----------- tests/aws-aws-fsx-csi-driver-base_test.go | 258 ++++++------------ tests/pipeline-pipelines-runner-base_test.go | 17 +- ...elines-runner-overlays-application_test.go | 17 +- ...elines-runner-overlays-use-kf-user_test.go | 17 +- 41 files changed, 573 insertions(+), 676 deletions(-) delete mode 100644 aws/aws-efs-csi-driver/base/csi-attacher-cluster-role-binding.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-attacher-cluster-role.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-controller-sa.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-controller-stateful-set.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-default-storage.yaml create mode 100644 aws/aws-efs-csi-driver/base/csi-driver.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-node-cluster-role-binding.yaml delete mode 100644 aws/aws-efs-csi-driver/base/csi-node-cluster-role.yaml rename aws/aws-efs-csi-driver/base/{csi-node-daemon-set.yaml => csi-node-daemonset.yaml} (64%) delete mode 100644 aws/aws-efs-csi-driver/base/csi-node-sa.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role-binding.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-controller-cluster-role-binding.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-controller-cluster-role.yaml rename aws/aws-fsx-csi-driver/base/{csi-controller-stateful-set.yaml => csi-controller.yaml} (62%) delete mode 100644 aws/aws-fsx-csi-driver/base/csi-default-storage.yaml create mode 100644 aws/aws-fsx-csi-driver/base/csi-driver.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-node-cluster-role-binding.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-node-cluster-role.yaml delete mode 100644 aws/aws-fsx-csi-driver/base/csi-node-sa.yaml diff --git a/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role-binding.yaml b/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role-binding.yaml deleted file mode 100644 index ec284ac2b9..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-external-attacher-clusterrole-binding -subjects: - - kind: ServiceAccount - name: efs-csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: efs-csi-external-attacher-clusterrole - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role.yaml b/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role.yaml deleted file mode 100644 index 6a946b30f5..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-external-attacher-clusterrole -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-controller-sa.yaml b/aws/aws-efs-csi-driver/base/csi-controller-sa.yaml deleted file mode 100644 index 2fffbae4bd..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-controller-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: efs-csi-controller-sa \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-controller-stateful-set.yaml b/aws/aws-efs-csi-driver/base/csi-controller-stateful-set.yaml deleted file mode 100644 index 6d78963b3f..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-controller-stateful-set.yaml +++ /dev/null @@ -1,51 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: efs-csi-controller -spec: - serviceName: efs-csi-controller - replicas: 1 - selector: - matchLabels: - app: efs-csi-controller - template: - metadata: - labels: - app: efs-csi-controller - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccount: efs-csi-controller-sa - #priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - containers: - - name: efs-plugin - image: amazon/aws-efs-csi-driver:latest - imagePullPolicy: Always - args : - - --endpoint=$(CSI_ENDPOINT) - - --logtostderr - - --v=5 - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.4.2 - imagePullPolicy: Always - args: - - --csi-address=$(ADDRESS) - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} diff --git a/aws/aws-efs-csi-driver/base/csi-default-storage.yaml b/aws/aws-efs-csi-driver/base/csi-default-storage.yaml deleted file mode 100644 index 9588ee67c4..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-default-storage.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: efs-default -provisioner: efs.csi.aws.com \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-driver.yaml b/aws/aws-efs-csi-driver/base/csi-driver.yaml new file mode 100644 index 0000000000..092a69acfc --- /dev/null +++ b/aws/aws-efs-csi-driver/base/csi-driver.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: efs.csi.aws.com +spec: + attachRequired: false \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-node-cluster-role-binding.yaml b/aws/aws-efs-csi-driver/base/csi-node-cluster-role-binding.yaml deleted file mode 100644 index c99b8884bd..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-node-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-node-clusterole-binding -subjects: - - kind: ServiceAccount - name: efs-csi-node-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: efs-csi-node-clusterrole - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-node-cluster-role.yaml b/aws/aws-efs-csi-driver/base/csi-node-cluster-role.yaml deleted file mode 100644 index 77bdc5dd37..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-node-cluster-role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-node-clusterrole -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch", "update"] \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/csi-node-daemon-set.yaml b/aws/aws-efs-csi-driver/base/csi-node-daemonset.yaml similarity index 64% rename from aws/aws-efs-csi-driver/base/csi-node-daemon-set.yaml rename to aws/aws-efs-csi-driver/base/csi-node-daemonset.yaml index a64478e1de..8a263ce5ca 100644 --- a/aws/aws-efs-csi-driver/base/csi-node-daemon-set.yaml +++ b/aws/aws-efs-csi-driver/base/csi-node-daemonset.yaml @@ -1,3 +1,5 @@ +--- +# Node Service kind: DaemonSet apiVersion: apps/v1 metadata: @@ -11,14 +13,16 @@ spec: labels: app: efs-csi-node spec: - serviceAccount: efs-csi-node-sa + nodeSelector: + beta.kubernetes.io/os: linux hostNetwork: true + tolerations: + - operator: Exists containers: - name: efs-plugin securityContext: privileged: true image: amazon/aws-efs-csi-driver:latest - imagePullPolicy: Always args: - --endpoint=$(CSI_ENDPOINT) - --logtostderr @@ -32,16 +36,24 @@ spec: mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /csi - - name: device-dir - mountPath: /dev + - name: efs-state-dir + mountPath: /var/run/efs + ports: + - containerPort: 9809 + name: healthz + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + failureThreshold: 5 - name: csi-driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.4.2 - imagePullPolicy: Always + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 args: - --csi-address=$(ADDRESS) - - --mode=node-register - - --driver-requires-attachment=true - - --pod-info-mount-version="v1" - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=5 env: @@ -58,20 +70,30 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + - name: liveness-probe + imagePullPolicy: Always + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --health-port=9809 + volumeMounts: + - mountPath: /csi + name: plugin-dir volumes: - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/efs.csi.aws.com/ type: DirectoryOrCreate - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins/ - type: Directory - - name: device-dir + - name: efs-state-dir hostPath: - path: /dev - type: Directory + path: /var/run/efs + type: DirectoryOrCreate + diff --git a/aws/aws-efs-csi-driver/base/csi-node-sa.yaml b/aws/aws-efs-csi-driver/base/csi-node-sa.yaml deleted file mode 100644 index 1b9165c1f0..0000000000 --- a/aws/aws-efs-csi-driver/base/csi-node-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: efs-csi-node-sa \ No newline at end of file diff --git a/aws/aws-efs-csi-driver/base/kustomization.yaml b/aws/aws-efs-csi-driver/base/kustomization.yaml index 7f3d5b39ec..70cefc0717 100644 --- a/aws/aws-efs-csi-driver/base/kustomization.yaml +++ b/aws/aws-efs-csi-driver/base/kustomization.yaml @@ -2,24 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- csi-controller-stateful-set.yaml -- csi-attacher-cluster-role.yaml -- csi-attacher-cluster-role-binding.yaml -- csi-controller-sa.yaml -- csi-node-cluster-role.yaml -- csi-node-cluster-role-binding.yaml -- csi-node-daemon-set.yaml -- csi-node-sa.yaml -- csi-default-storage.yaml +- csi-driver.yaml +- csi-node-daemonset.yaml generatorOptions: disableNameSuffixHash: true images: -- name: quay.io/k8scsi/driver-registrar - newName: quay.io/k8scsi/driver-registrar - newTag: v0.4.2 - name: amazon/aws-efs-csi-driver newName: amazon/aws-efs-csi-driver - newTag: latest -- name: quay.io/k8scsi/csi-attacher - newName: quay.io/k8scsi/csi-attacher - newTag: v0.4.2 + newTag: v0.3.0 \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role-binding.yaml b/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role-binding.yaml deleted file mode 100644 index 37740bc873..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-external-attacher-clusterrole-binding -subjects: - - kind: ServiceAccount - name: fsx-csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: fsx-csi-external-attacher-clusterrole - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role.yaml b/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role.yaml deleted file mode 100644 index a2a898f47d..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-external-attacher-clusterrole -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role-binding.yaml b/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role-binding.yaml deleted file mode 100644 index ec55a48535..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: external-provisioner-role - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role.yaml b/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role.yaml deleted file mode 100644 index f31682f695..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-controller-sa.yaml b/aws/aws-fsx-csi-driver/base/csi-controller-sa.yaml index 1d6bb6c5f4..4404ec2d3e 100644 --- a/aws/aws-fsx-csi-driver/base/csi-controller-sa.yaml +++ b/aws/aws-fsx-csi-driver/base/csi-controller-sa.yaml @@ -2,3 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: fsx-csi-controller-sa + namespace: kubeflow + #Enable if EKS IAM for SA is used + #annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/fsx-csi-role \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-controller-stateful-set.yaml b/aws/aws-fsx-csi-driver/base/csi-controller.yaml similarity index 62% rename from aws/aws-fsx-csi-driver/base/csi-controller-stateful-set.yaml rename to aws/aws-fsx-csi-driver/base/csi-controller.yaml index db76f27976..ce8fff6098 100644 --- a/aws/aws-fsx-csi-driver/base/csi-controller-stateful-set.yaml +++ b/aws/aws-fsx-csi-driver/base/csi-controller.yaml @@ -1,10 +1,10 @@ -kind: StatefulSet +--- +kind: Deployment apiVersion: apps/v1 metadata: name: fsx-csi-controller spec: - serviceName: fsx-csi-controller - replicas: 1 + replicas: 2 selector: matchLabels: app: fsx-csi-controller @@ -12,11 +12,11 @@ spec: metadata: labels: app: fsx-csi-controller - annotations: - sidecar.istio.io/inject: "false" spec: + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 serviceAccount: fsx-csi-controller-sa -# priorityClassName: system-cluster-critical tolerations: - key: CriticalAddonsOnly operator: Exists @@ -30,27 +30,29 @@ spec: env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: AWS_ACCESS_KEY_ID + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: AWS_SECRET_ACCESS_KEY + optional: true volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v0.4.2 - args: - - --provisioner=fsx.csi.aws.com - - --csi-address=$(ADDRESS) - - --connection-timeout=5m - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.4.2 + image: quay.io/k8scsi/csi-provisioner:v1.3.0 args: + - --timeout=5m - --csi-address=$(ADDRESS) - --v=5 + - --enable-leader-election + - --leader-election-type=leases env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock diff --git a/aws/aws-fsx-csi-driver/base/csi-default-storage.yaml b/aws/aws-fsx-csi-driver/base/csi-default-storage.yaml deleted file mode 100644 index 8f9f8c7ec5..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-default-storage.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: fsx-default -provisioner: fsx.csi.aws.com \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-driver.yaml b/aws/aws-fsx-csi-driver/base/csi-driver.yaml new file mode 100644 index 0000000000..71b99a00fd --- /dev/null +++ b/aws/aws-fsx-csi-driver/base/csi-driver.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: fsx.csi.aws.com +spec: + attachRequired: false \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-node-cluster-role-binding.yaml b/aws/aws-fsx-csi-driver/base/csi-node-cluster-role-binding.yaml deleted file mode 100644 index f919a04f30..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-node-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-node-clusterrole-binding -subjects: - - kind: ServiceAccount - name: fsx-csi-node-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: fsx-csi-node-clusterrole - apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-node-cluster-role.yaml b/aws/aws-fsx-csi-driver/base/csi-node-cluster-role.yaml deleted file mode 100644 index a338f44250..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-node-cluster-role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-node-clusterrole -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch", "update"] diff --git a/aws/aws-fsx-csi-driver/base/csi-node-daemonset.yaml b/aws/aws-fsx-csi-driver/base/csi-node-daemonset.yaml index a461b85ef4..6f231d1e49 100644 --- a/aws/aws-fsx-csi-driver/base/csi-node-daemonset.yaml +++ b/aws/aws-fsx-csi-driver/base/csi-node-daemonset.yaml @@ -1,7 +1,8 @@ +--- kind: DaemonSet apiVersion: apps/v1 metadata: - name: fsx-csi-node-ds + name: fsx-csi-node spec: selector: matchLabels: @@ -11,7 +12,9 @@ spec: labels: app: fsx-csi-node spec: - serviceAccount: fsx-csi-node-sa + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 hostNetwork: true containers: - name: fsx-plugin @@ -31,15 +34,22 @@ spec: mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /csi - - name: device-dir - mountPath: /dev + ports: + - containerPort: 9810 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 - name: csi-driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.4.2 + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 args: - --csi-address=$(ADDRESS) - - --mode=node-register - - --driver-requires-attachment=true - - --pod-info-mount-version="v1" - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=5 env: @@ -56,20 +66,25 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + - name: liveness-probe + imagePullPolicy: Always + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --health-port=9810 + volumeMounts: + - mountPath: /csi + name: plugin-dir volumes: - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/fsx.csi.aws.com/ - type: DirectoryOrCreate - name: registration-dir hostPath: - path: /var/lib/kubelet/plugins/ + path: /var/lib/kubelet/plugins_registry/ type: Directory - - name: device-dir + - name: plugin-dir hostPath: - path: /dev - type: Directory + path: /var/lib/kubelet/plugins/fsx.csi.aws.com/ + type: DirectoryOrCreate \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-node-sa.yaml b/aws/aws-fsx-csi-driver/base/csi-node-sa.yaml deleted file mode 100644 index b96326c209..0000000000 --- a/aws/aws-fsx-csi-driver/base/csi-node-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: fsx-csi-node-sa diff --git a/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role-binding.yaml b/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role-binding.yaml index fb9222a13f..156b19f47b 100644 --- a/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role-binding.yaml +++ b/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role-binding.yaml @@ -1,12 +1,12 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: fsx-csi-provisioner-clusterrole-binding + name: fsx-csi-external-provisioner-binding subjects: - kind: ServiceAccount name: fsx-csi-controller-sa namespace: kubeflow roleRef: kind: ClusterRole - name: fsx-external-provisioner-clusterrole + name: fsx-csi-external-provisioner-role apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role.yaml b/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role.yaml index 8b6271971b..29ab1d07ec 100644 --- a/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role.yaml +++ b/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role.yaml @@ -1,7 +1,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: fsx-external-provisioner-clusterrole + name: fsx-csi-external-provisioner-role rules: - apiGroups: [""] resources: ["persistentvolumes"] @@ -14,4 +14,13 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/aws/aws-fsx-csi-driver/base/kustomization.yaml b/aws/aws-fsx-csi-driver/base/kustomization.yaml index b57f8cfb74..60c5670eb3 100644 --- a/aws/aws-fsx-csi-driver/base/kustomization.yaml +++ b/aws/aws-fsx-csi-driver/base/kustomization.yaml @@ -2,31 +2,15 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- csi-controller-stateful-set.yaml -- csi-attacher-cluster-role.yaml -- csi-attacher-cluster-role-binding.yaml -- csi-controller-cluster-role.yaml -- csi-controller-cluster-role-binding.yaml +- csi-driver.yaml +- csi-controller.yaml - csi-controller-sa.yaml -- csi-node-cluster-role.yaml -- csi-node-cluster-role-binding.yaml - csi-node-daemonset.yaml -- csi-node-sa.yaml - csi-provisioner-cluster-role.yaml - csi-provisioner-cluster-role-binding.yaml -- csi-default-storage.yaml generatorOptions: disableNameSuffixHash: true images: - name: amazon/aws-fsx-csi-driver newName: amazon/aws-fsx-csi-driver - newTag: latest -- name: quay.io/k8scsi/driver-registrar - newName: quay.io/k8scsi/driver-registrar - newTag: v0.4.2 -- name: quay.io/k8scsi/csi-provisioner - newName: quay.io/k8scsi/csi-provisioner - newTag: v0.4.2 -- name: quay.io/k8scsi/csi-attacher - newName: quay.io/k8scsi/csi-attacher - newTag: v0.4.2 + newTag: v0.3.0 \ No newline at end of file diff --git a/kfdef/kfctl_aws.v1.0.2.yaml b/kfdef/kfctl_aws.v1.0.2.yaml index 0e77f76137..dcedd99736 100644 --- a/kfdef/kfctl_aws.v1.0.2.yaml +++ b/kfdef/kfctl_aws.v1.0.2.yaml @@ -175,6 +175,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/kfdef/kfctl_aws.yaml b/kfdef/kfctl_aws.yaml index 61cb8020b8..502150f545 100644 --- a/kfdef/kfctl_aws.yaml +++ b/kfdef/kfctl_aws.yaml @@ -175,6 +175,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/kfdef/kfctl_aws_cognito.v1.0.2.yaml b/kfdef/kfctl_aws_cognito.v1.0.2.yaml index 7e90d001da..03b5b57ebc 100644 --- a/kfdef/kfctl_aws_cognito.v1.0.2.yaml +++ b/kfdef/kfctl_aws_cognito.v1.0.2.yaml @@ -170,6 +170,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/kfdef/kfctl_aws_cognito.yaml b/kfdef/kfctl_aws_cognito.yaml index b0e3cee306..7550d543aa 100644 --- a/kfdef/kfctl_aws_cognito.yaml +++ b/kfdef/kfctl_aws_cognito.yaml @@ -170,6 +170,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/kfdef/source/master/kfctl_aws.yaml b/kfdef/source/master/kfctl_aws.yaml index 6012ce8430..cc619595de 100644 --- a/kfdef/source/master/kfctl_aws.yaml +++ b/kfdef/source/master/kfctl_aws.yaml @@ -175,6 +175,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/kfdef/source/master/kfctl_aws_cognito.yaml b/kfdef/source/master/kfctl_aws_cognito.yaml index ea333256f6..3a1ba22d79 100644 --- a/kfdef/source/master/kfctl_aws_cognito.yaml +++ b/kfdef/source/master/kfctl_aws_cognito.yaml @@ -170,6 +170,48 @@ spec: name: manifests path: pytorch-job/pytorch-operator name: pytorch-operator + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-crds + name: knative-crds + - kustomizeConfig: + overlays: + - application + parameters: + - name: namespace + value: knative-serving + repoRef: + name: manifests + path: knative/knative-serving-install + name: knative-install + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-crds + name: kfserving-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: kfserving/kfserving-install + name: kfserving-install + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/kfserving-gateway + name: kfserving-gateway - kustomizeConfig: overlays: - application diff --git a/pipeline/pipelines-runner/base/cluster-role.yaml b/pipeline/pipelines-runner/base/cluster-role.yaml index edb248e553..ddc21aaa1b 100644 --- a/pipeline/pipelines-runner/base/cluster-role.yaml +++ b/pipeline/pipelines-runner/base/cluster-role.yaml @@ -20,11 +20,10 @@ rules: - apiGroups: - "" resources: + - persistentvolumes - persistentvolumeclaims verbs: - - create - - delete - - get + - '*' - apiGroups: - snapshot.storage.k8s.io resources: @@ -74,3 +73,15 @@ rules: - jobs verbs: - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' \ No newline at end of file diff --git a/tests/aws-aws-alb-ingress-controller-base_test.go b/tests/aws-aws-alb-ingress-controller-base_test.go index d1f8bbc955..17a36d265a 100644 --- a/tests/aws-aws-alb-ingress-controller-base_test.go +++ b/tests/aws-aws-alb-ingress-controller-base_test.go @@ -115,7 +115,8 @@ spec: # Repository location of the ALB Ingress Controller. image: docker.io/amazon/aws-alb-ingress-controller imagePullPolicy: Always - serviceAccountName: alb-ingress-controller`) + serviceAccountName: alb-ingress-controller +`) th.writeF("/manifests/aws/aws-alb-ingress-controller/base/service-account.yaml", ` apiVersion: v1 kind: ServiceAccount diff --git a/tests/aws-aws-alb-ingress-controller-overlays-application_test.go b/tests/aws-aws-alb-ingress-controller-overlays-application_test.go index 93d51b4a6c..f92c03408e 100644 --- a/tests/aws-aws-alb-ingress-controller-overlays-application_test.go +++ b/tests/aws-aws-alb-ingress-controller-overlays-application_test.go @@ -167,7 +167,8 @@ spec: # Repository location of the ALB Ingress Controller. image: docker.io/amazon/aws-alb-ingress-controller imagePullPolicy: Always - serviceAccountName: alb-ingress-controller`) + serviceAccountName: alb-ingress-controller +`) th.writeF("/manifests/aws/aws-alb-ingress-controller/base/service-account.yaml", ` apiVersion: v1 kind: ServiceAccount diff --git a/tests/aws-aws-alb-ingress-controller-overlays-vpc_test.go b/tests/aws-aws-alb-ingress-controller-overlays-vpc_test.go index dbdec14f42..28b8e406be 100644 --- a/tests/aws-aws-alb-ingress-controller-overlays-vpc_test.go +++ b/tests/aws-aws-alb-ingress-controller-overlays-vpc_test.go @@ -173,7 +173,8 @@ spec: # Repository location of the ALB Ingress Controller. image: docker.io/amazon/aws-alb-ingress-controller imagePullPolicy: Always - serviceAccountName: alb-ingress-controller`) + serviceAccountName: alb-ingress-controller +`) th.writeF("/manifests/aws/aws-alb-ingress-controller/base/service-account.yaml", ` apiVersion: v1 kind: ServiceAccount diff --git a/tests/aws-aws-efs-csi-driver-base_test.go b/tests/aws-aws-efs-csi-driver-base_test.go index fbad297b0c..a9c779c6fe 100644 --- a/tests/aws-aws-efs-csi-driver-base_test.go +++ b/tests/aws-aws-efs-csi-driver-base_test.go @@ -14,135 +14,18 @@ import ( ) func writeAwsEfsCsiDriverBase(th *KustTestHarness) { - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-controller-stateful-set.yaml", ` -kind: StatefulSet -apiVersion: apps/v1 + th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-driver.yaml", ` +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver metadata: - name: efs-csi-controller + name: efs.csi.aws.com spec: - serviceName: efs-csi-controller - replicas: 1 - selector: - matchLabels: - app: efs-csi-controller - template: - metadata: - labels: - app: efs-csi-controller - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccount: efs-csi-controller-sa - #priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - containers: - - name: efs-plugin - image: amazon/aws-efs-csi-driver:latest - imagePullPolicy: Always - args : - - --endpoint=$(CSI_ENDPOINT) - - --logtostderr - - --v=5 - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.4.2 - imagePullPolicy: Always - args: - - --csi-address=$(ADDRESS) - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - volumes: - - name: socket-dir - emptyDir: {} -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role.yaml", ` -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-external-attacher-clusterrole -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] + attachRequired: false `) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-attacher-cluster-role-binding.yaml", ` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-external-attacher-clusterrole-binding -subjects: - - kind: ServiceAccount - name: efs-csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: efs-csi-external-attacher-clusterrole - apiGroup: rbac.authorization.k8s.io -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-controller-sa.yaml", ` -apiVersion: v1 -kind: ServiceAccount -metadata: - name: efs-csi-controller-sa -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-node-cluster-role.yaml", ` -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-node-clusterrole -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch", "update"] -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-node-cluster-role-binding.yaml", ` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: efs-csi-node-clusterole-binding -subjects: - - kind: ServiceAccount - name: efs-csi-node-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: efs-csi-node-clusterrole - apiGroup: rbac.authorization.k8s.io -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-node-daemon-set.yaml", ` + th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-node-daemonset.yaml", ` +--- +# Node Service kind: DaemonSet apiVersion: apps/v1 metadata: @@ -156,14 +39,16 @@ spec: labels: app: efs-csi-node spec: - serviceAccount: efs-csi-node-sa + nodeSelector: + beta.kubernetes.io/os: linux hostNetwork: true + tolerations: + - operator: Exists containers: - name: efs-plugin securityContext: privileged: true image: amazon/aws-efs-csi-driver:latest - imagePullPolicy: Always args: - --endpoint=$(CSI_ENDPOINT) - --logtostderr @@ -177,16 +62,24 @@ spec: mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /csi - - name: device-dir - mountPath: /dev + - name: efs-state-dir + mountPath: /var/run/efs + ports: + - containerPort: 9809 + name: healthz + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + failureThreshold: 5 - name: csi-driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.4.2 - imagePullPolicy: Always + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 args: - --csi-address=$(ADDRESS) - - --mode=node-register - - --driver-requires-attachment=true - - --pod-info-mount-version="v1" - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=5 env: @@ -203,63 +96,47 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + - name: liveness-probe + imagePullPolicy: Always + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --health-port=9809 + volumeMounts: + - mountPath: /csi + name: plugin-dir volumes: - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/efs.csi.aws.com/ type: DirectoryOrCreate - - name: registration-dir + - name: efs-state-dir hostPath: - path: /var/lib/kubelet/plugins/ - type: Directory - - name: device-dir - hostPath: - path: /dev - type: Directory -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-node-sa.yaml", ` -apiVersion: v1 -kind: ServiceAccount -metadata: - name: efs-csi-node-sa -`) - th.writeF("/manifests/aws/aws-efs-csi-driver/base/csi-default-storage.yaml", ` -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: efs-default -provisioner: efs.csi.aws.com + path: /var/run/efs + type: DirectoryOrCreate + `) th.writeK("/manifests/aws/aws-efs-csi-driver/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- csi-controller-stateful-set.yaml -- csi-attacher-cluster-role.yaml -- csi-attacher-cluster-role-binding.yaml -- csi-controller-sa.yaml -- csi-node-cluster-role.yaml -- csi-node-cluster-role-binding.yaml -- csi-node-daemon-set.yaml -- csi-node-sa.yaml -- csi-default-storage.yaml +- csi-driver.yaml +- csi-node-daemonset.yaml generatorOptions: disableNameSuffixHash: true images: -- name: quay.io/k8scsi/driver-registrar - newName: quay.io/k8scsi/driver-registrar - newTag: v0.4.2 - name: amazon/aws-efs-csi-driver newName: amazon/aws-efs-csi-driver - newTag: latest -- name: quay.io/k8scsi/csi-attacher - newName: quay.io/k8scsi/csi-attacher - newTag: v0.4.2 + newTag: v0.3.0 `) } diff --git a/tests/aws-aws-fsx-csi-driver-base_test.go b/tests/aws-aws-fsx-csi-driver-base_test.go index 4f6f4c7a0d..59c896e979 100644 --- a/tests/aws-aws-fsx-csi-driver-base_test.go +++ b/tests/aws-aws-fsx-csi-driver-base_test.go @@ -14,14 +14,23 @@ import ( ) func writeAwsFsxCsiDriverBase(th *KustTestHarness) { - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-controller-stateful-set.yaml", ` -kind: StatefulSet + th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-driver.yaml", ` +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: fsx.csi.aws.com +spec: + attachRequired: false +`) + th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-controller.yaml", ` +--- +kind: Deployment apiVersion: apps/v1 metadata: name: fsx-csi-controller spec: - serviceName: fsx-csi-controller - replicas: 1 + replicas: 2 selector: matchLabels: app: fsx-csi-controller @@ -29,11 +38,11 @@ spec: metadata: labels: app: fsx-csi-controller - annotations: - sidecar.istio.io/inject: "false" spec: + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 serviceAccount: fsx-csi-controller-sa -# priorityClassName: system-cluster-critical tolerations: - key: CriticalAddonsOnly operator: Exists @@ -47,27 +56,29 @@ spec: env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: AWS_ACCESS_KEY_ID + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: AWS_SECRET_ACCESS_KEY + optional: true volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v0.4.2 - args: - - --provisioner=fsx.csi.aws.com - - --csi-address=$(ADDRESS) - - --connection-timeout=5m - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.4.2 + image: quay.io/k8scsi/csi-provisioner:v1.3.0 args: + - --timeout=5m - --csi-address=$(ADDRESS) - --v=5 + - --enable-leader-election + - --leader-election-type=leases env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -77,120 +88,23 @@ spec: volumes: - name: socket-dir emptyDir: {} -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role.yaml", ` -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-external-attacher-clusterrole -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-attacher-cluster-role-binding.yaml", ` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-external-attacher-clusterrole-binding -subjects: - - kind: ServiceAccount - name: fsx-csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: fsx-csi-external-attacher-clusterrole - apiGroup: rbac.authorization.k8s.io -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role.yaml", ` -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-controller-cluster-role-binding.yaml", ` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: external-provisioner-role - apiGroup: rbac.authorization.k8s.io `) th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-controller-sa.yaml", ` apiVersion: v1 kind: ServiceAccount metadata: name: fsx-csi-controller-sa -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-node-cluster-role.yaml", ` -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-node-clusterrole -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch", "update"] -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-node-cluster-role-binding.yaml", ` -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fsx-csi-node-clusterrole-binding -subjects: - - kind: ServiceAccount - name: fsx-csi-node-sa - namespace: kubeflow -roleRef: - kind: ClusterRole - name: fsx-csi-node-clusterrole - apiGroup: rbac.authorization.k8s.io + namespace: kubeflow + #Enable if EKS IAM for SA is used + #annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/fsx-csi-role `) th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-node-daemonset.yaml", ` +--- kind: DaemonSet apiVersion: apps/v1 metadata: - name: fsx-csi-node-ds + name: fsx-csi-node spec: selector: matchLabels: @@ -200,7 +114,9 @@ spec: labels: app: fsx-csi-node spec: - serviceAccount: fsx-csi-node-sa + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 hostNetwork: true containers: - name: fsx-plugin @@ -220,15 +136,22 @@ spec: mountPropagation: "Bidirectional" - name: plugin-dir mountPath: /csi - - name: device-dir - mountPath: /dev + ports: + - containerPort: 9810 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 - name: csi-driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.4.2 + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 args: - --csi-address=$(ADDRESS) - - --mode=node-register - - --driver-requires-attachment=true - - --pod-info-mount-version="v1" - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=5 env: @@ -245,35 +168,34 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + - name: liveness-probe + imagePullPolicy: Always + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + - --health-port=9810 + volumeMounts: + - mountPath: /csi + name: plugin-dir volumes: - name: kubelet-dir hostPath: path: /var/lib/kubelet type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/fsx.csi.aws.com/ - type: DirectoryOrCreate - name: registration-dir hostPath: - path: /var/lib/kubelet/plugins/ + path: /var/lib/kubelet/plugins_registry/ type: Directory - - name: device-dir + - name: plugin-dir hostPath: - path: /dev - type: Directory -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-node-sa.yaml", ` -apiVersion: v1 -kind: ServiceAccount -metadata: - name: fsx-csi-node-sa + path: /var/lib/kubelet/plugins/fsx.csi.aws.com/ + type: DirectoryOrCreate `) th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role.yaml", ` kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: fsx-external-provisioner-clusterrole + name: fsx-csi-external-provisioner-role rules: - apiGroups: [""] resources: ["persistentvolumes"] @@ -286,62 +208,48 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] `) th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-provisioner-cluster-role-binding.yaml", ` kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: fsx-csi-provisioner-clusterrole-binding + name: fsx-csi-external-provisioner-binding subjects: - kind: ServiceAccount name: fsx-csi-controller-sa namespace: kubeflow roleRef: kind: ClusterRole - name: fsx-external-provisioner-clusterrole + name: fsx-csi-external-provisioner-role apiGroup: rbac.authorization.k8s.io -`) - th.writeF("/manifests/aws/aws-fsx-csi-driver/base/csi-default-storage.yaml", ` -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: fsx-default -provisioner: fsx.csi.aws.com `) th.writeK("/manifests/aws/aws-fsx-csi-driver/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- csi-controller-stateful-set.yaml -- csi-attacher-cluster-role.yaml -- csi-attacher-cluster-role-binding.yaml -- csi-controller-cluster-role.yaml -- csi-controller-cluster-role-binding.yaml +- csi-driver.yaml +- csi-controller.yaml - csi-controller-sa.yaml -- csi-node-cluster-role.yaml -- csi-node-cluster-role-binding.yaml - csi-node-daemonset.yaml -- csi-node-sa.yaml - csi-provisioner-cluster-role.yaml - csi-provisioner-cluster-role-binding.yaml -- csi-default-storage.yaml generatorOptions: disableNameSuffixHash: true images: - name: amazon/aws-fsx-csi-driver newName: amazon/aws-fsx-csi-driver - newTag: latest -- name: quay.io/k8scsi/driver-registrar - newName: quay.io/k8scsi/driver-registrar - newTag: v0.4.2 -- name: quay.io/k8scsi/csi-provisioner - newName: quay.io/k8scsi/csi-provisioner - newTag: v0.4.2 -- name: quay.io/k8scsi/csi-attacher - newName: quay.io/k8scsi/csi-attacher - newTag: v0.4.2 + newTag: v0.3.0 `) } diff --git a/tests/pipeline-pipelines-runner-base_test.go b/tests/pipeline-pipelines-runner-base_test.go index c9cf87a67c..175593faab 100644 --- a/tests/pipeline-pipelines-runner-base_test.go +++ b/tests/pipeline-pipelines-runner-base_test.go @@ -50,11 +50,10 @@ rules: - apiGroups: - "" resources: + - persistentvolumes - persistentvolumeclaims verbs: - - create - - delete - - get + - '*' - apiGroups: - snapshot.storage.k8s.io resources: @@ -104,6 +103,18 @@ rules: - jobs verbs: - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' `) th.writeF("/manifests/pipeline/pipelines-runner/base/service-account.yaml", ` apiVersion: v1 diff --git a/tests/pipeline-pipelines-runner-overlays-application_test.go b/tests/pipeline-pipelines-runner-overlays-application_test.go index 8e3e76f6af..1fa22d6ce1 100644 --- a/tests/pipeline-pipelines-runner-overlays-application_test.go +++ b/tests/pipeline-pipelines-runner-overlays-application_test.go @@ -98,11 +98,10 @@ rules: - apiGroups: - "" resources: + - persistentvolumes - persistentvolumeclaims verbs: - - create - - delete - - get + - '*' - apiGroups: - snapshot.storage.k8s.io resources: @@ -152,6 +151,18 @@ rules: - jobs verbs: - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' `) th.writeF("/manifests/pipeline/pipelines-runner/base/service-account.yaml", ` apiVersion: v1 diff --git a/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go b/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go index 085452eb4e..d85b386211 100644 --- a/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go +++ b/tests/pipeline-pipelines-runner-overlays-use-kf-user_test.go @@ -69,11 +69,10 @@ rules: - apiGroups: - "" resources: + - persistentvolumes - persistentvolumeclaims verbs: - - create - - delete - - get + - '*' - apiGroups: - snapshot.storage.k8s.io resources: @@ -123,6 +122,18 @@ rules: - jobs verbs: - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' `) th.writeF("/manifests/pipeline/pipelines-runner/base/service-account.yaml", ` apiVersion: v1