Update the docker image used for auto deployment. (kubeflow#443)

* Update the docker image used for auto deployment. * We need to pick up the changes to auto-deploy.sh to take in argument kfctl_config * Update the v0-6 code to use the new RC for 0.6.2 config file. * Create a batch job for deploying from v0-6 Related to kubeflow/kubeflow#3905 * * Don't generate self-signed certificates for master because master is now using managed certificates. * Fix bug. * Fix lint.
Linchin · Aug 20, 2019 · 54db950 · 54db950
1 parent 8723ec6
commit 54db950
Show file tree

Hide file tree

Showing 6 changed files with 96 additions and 15 deletions.
diff --git a/py/kubeflow/testing/create_kf_instance.py b/py/kubeflow/testing/create_kf_instance.py
@@ -277,16 +277,31 @@ def main(): # pylint: disable=too-many-locals,too-many-statements
 
   # To work around lets-encrypt certificate uses create a self-signed
   # certificate
-  util.run(["kubectl", "config", "use-context", name])
-  tls_endpoint = "--host={0}.endpoints.{1}.cloud.goog".format(
-    name, args.project)
-
-  cert_dir = tempfile.mkdtemp()
-  util.run(["kube-rsa", tls_endpoint], cwd=cert_dir)
-  util.run(["kubectl", "-n", "kubeflow", "create", "secret", "tls",
-            "envoy-ingress-tls", "--cert=ca.pem", "--key=ca-key.pem"],
-            cwd=cert_dir)
-  shutil.rmtree(cert_dir)
+  kubeflow_branch = None
+  for repo in snapshot_info["repos"]:
+    if repo["repo"] == "kubeflow":
+      kubeflow_branch = repo["branch"]
+
+  logging.info("kubeflow branch %s", kubeflow_branch)
+
+  if kubeflow_branch == "v0.6-branch":
+    logging.info("Creating a self signed certificate")
+    util.run(["kubectl", "config", "use-context", name])
+    tls_endpoint = "--host={0}.endpoints.{1}.cloud.goog".format(
+      name, args.project)
+
+    cert_dir = tempfile.mkdtemp()
+    util.run(["kube-rsa", tls_endpoint], cwd=cert_dir)
+    util.run(["kubectl", "-n", "kubeflow", "create", "secret", "tls",
+              "envoy-ingress-tls", "--cert=ca.pem", "--key=ca-key.pem"],
+              cwd=cert_dir)
+    shutil.rmtree(cert_dir)
+  else:
+    # starting with 0.7 we are moving to managed GKE certificates.
+    # So we can't just generate a self-signed certificate
+    # TODO(jlewi): If we still hit lets-encrypt quota issues then
+    # we can fix this by generating new hostnames
+    logging.info("Not creating a self signed certificate")
 
 if __name__ == "__main__":
   main()
diff --git a/test-infra/auto-deploy/deploy-cron-master.yaml b/test-infra/auto-deploy/deploy-cron-master.yaml
@@ -14,7 +14,7 @@ spec:
         spec:
           containers:
           - name: deploy-worker
-            image: gcr.io/kubeflow-ci/deploy-worker:v20190404-cda5cee-e3b0c4
+            image: gcr.io/kubeflow-ci/deploy-worker:v20190819-8723ec6-e3b0c4
             env:
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /secret/gcp-credentials/key.json

diff --git a/test-infra/auto-deploy/deploy-cron-v0-6.yaml b/test-infra/auto-deploy/deploy-cron-v0-6.yaml
@@ -14,7 +14,7 @@ spec:
         spec:
           containers:
           - name: deploy-worker
-            image: gcr.io/kubeflow-ci/deploy-worker:v20190404-cda5cee-e3b0c4
+            image: gcr.io/kubeflow-ci/deploy-worker:v20190819-8723ec6-e3b0c4
             env:
             - name: GOOGLE_APPLICATION_CREDENTIALS
               value: /secret/gcp-credentials/key.json
@@ -28,7 +28,8 @@ spec:
             - --max_num_cluster=5
             - --zone=us-east1-b
             - --github_token_file=/secret/github-token/github_token
-            - --kfctl_config=https://raw.githubusercontent.com/kubeflow/kubeflow/v0.6-branch/bootstrap/config/kfctl_gcp_iap.yaml
+            # Switch to version on v0.6-branch once kubeflow/kubeflow#3919 is checked in
+            - --kfctl_config=https://raw.githubusercontent.com/kubeflow/kubeflow/2be95d873b5a1c46c07e3ebe2ae884fb71607f55/bootstrap/config/kfctl_gcp_iap.0.6.2rc.yaml
             volumeMounts:
             - name: gcp-credentials
               mountPath: /secret/gcp-credentials

diff --git a/test-infra/auto-deploy/deploy-master.yaml b/test-infra/auto-deploy/deploy-master.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
       - name: deploy-worker
-        image: gcr.io/kubeflow-ci/deploy-worker:v20190302-afc8ef8-dirty-201fe5
+        image: gcr.io/kubeflow-ci/deploy-worker:v20190819-8723ec6-e3b0c4
         env:
         - name: GOOGLE_APPLICATION_CREDENTIALS
           value: /secret/gcp-credentials/key.json

diff --git a/test-infra/auto-deploy/deploy-v0-6.yaml b/test-infra/auto-deploy/deploy-v0-6.yaml
@@ -0,0 +1,65 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  generateName: deploy-v0-6-
+  namespace: kubeflow-test-infra
+  labels:
+    job: deploy-v0-6
+    app: deploy-v0-6
+    version: v0-6
+spec:
+  backoffLimit: 1
+  template:
+    metadata:
+      labels:
+        job: deploy-v0-6
+        version: v0-6
+    spec:
+      containers:
+      - name: deploy-worker
+        image: gcr.io/kubeflow-ci/deploy-worker:v20190819-8723ec6-e3b0c4
+        env:
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: /secret/gcp-credentials/key.json
+        command:
+        - /usr/local/bin/auto_deploy.sh
+        - --repos=kubeflow/kubeflow@v0.6-branch;kubeflow/testing
+        - --project=kubeflow-ci-deployment
+        - --job_labels=/etc/pod-info/labels
+        - --data_dir=/mnt/test-data-volume/auto_deploy
+        - --base_name=kf-v0-6
+        - --max_num_cluster=5
+        - --zone=us-east1-b
+        - --github_token_file=/secret/github-token/github_token
+        # Switch to version on v0.6-branch once kubeflow/kubeflow#3919 is checked in
+        - --kfctl_config=https://raw.githubusercontent.com/kubeflow/kubeflow/2be95d873b5a1c46c07e3ebe2ae884fb71607f55/bootstrap/config/kfctl_gcp_iap.0.6.2rc.yaml
+        volumeMounts:
+        - name: gcp-credentials
+          mountPath: /secret/gcp-credentials
+          readOnly: true
+        - name: pod-info
+          mountPath: /etc/pod-info
+          readOnly: true
+        - name: github-token
+          mountPath: /secret/github-token
+          readOnly: true
+        - name: test-data-volume
+          mountPath: /mnt/test-data-volume
+          readOnly: false
+      restartPolicy: Never
+      volumes:
+      - name: gcp-credentials
+        secret:
+          secretName: gcp-credentials
+      - name: github-token
+        secret:
+          secretName: github-token
+      - name: test-data-volume
+        persistentVolumeClaim:
+          claimName: nfs-external
+      - name: pod-info
+        downwardAPI:
+          items:
+          - path: labels
+            fieldRef:
+              fieldPath: metadata.labels
diff --git a/test-infra/auto-deploy/set_images.sh b/test-infra/auto-deploy/set_images.sh
@@ -14,4 +14,4 @@ substitute() {
 #
 substitute ".spec.template.spec.containers[0].image=\"${IMAGE}\"" deploy-master.yaml
 substitute ".spec.jobTemplate.spec.template.spec.containers[0].image=\"${IMAGE}\"" deploy-cron-master.yaml
-substitute ".spec.jobTemplate.spec.template.spec.containers[0].image=\"${IMAGE}\"" deploy-cron-v0-4.yaml
+substitute ".spec.jobTemplate.spec.template.spec.containers[0].image=\"${IMAGE}\"" deploy-cron-v0-6.yaml