test(kfp): upgrade to KFP 1.7.0-rc.3

Linchin · Aug 6, 2021 · d08f3c7 · d08f3c7
1 parent 50c91a1
commit d08f3c7
Show file tree

Hide file tree

Showing 22 changed files with 139 additions and 125 deletions.
diff --git a/acm-repos/kfp-standalone-1/kfp-all.yaml b/acm-repos/kfp-standalone-1/kfp-all.yaml
@@ -1455,7 +1455,7 @@ apiVersion: v1
 data:
   ConMaxLifeTimeSec: "120"
   appName: kfp-standalone-1
-  appVersion: 1.7.0-rc.2
+  appVersion: 1.7.0-rc.3
   autoUpdatePipelineDefaultVersion: "true"
   bucketName: mlpipeline
   cacheDb: cachedb
@@ -1510,7 +1510,7 @@ data:
       secretKeySecret:
         name: mlpipeline-minio-artifact
         key: secretkey
-  containerRuntimeExecutor: emissary
+  containerRuntimeExecutor: docker
   executor: |
     imagePullPolicy: IfNotPresent
     resources:
@@ -1755,7 +1755,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-deployer:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/cache-deployer:1.7.0-rc.3
         imagePullPolicy: Always
         name: main
       restartPolicy: Always
@@ -1832,7 +1832,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/cache-server:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/cache-server:1.7.0-rc.3
         imagePullPolicy: Always
         name: server
         ports:
@@ -1917,7 +1917,7 @@ spec:
         component: metadata-envoy
     spec:
       containers:
-      - image: gcr.io/ml-pipeline/metadata-envoy:1.7.0-rc.2
+      - image: gcr.io/ml-pipeline/metadata-envoy:1.7.0-rc.3
         name: container
         ports:
         - containerPort: 9090
@@ -2027,7 +2027,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/metadata-writer:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/metadata-writer:1.7.0-rc.3
         name: main
       serviceAccountName: kubeflow-pipelines-metadata-writer
 ---
@@ -2115,7 +2115,7 @@ spec:
           value: "86400"
         - name: NUM_WORKERS
           value: "2"
-        image: gcr.io/ml-pipeline/persistenceagent:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/persistenceagent:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-persistenceagent
         resources:
@@ -2156,7 +2156,7 @@ spec:
             configMapKeyRef:
               key: cronScheduleTimezone
               name: pipeline-install-config
-        image: gcr.io/ml-pipeline/scheduledworkflow:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/scheduledworkflow:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         name: ml-pipeline-scheduledworkflow
       serviceAccountName: ml-pipeline-scheduledworkflow
@@ -2202,7 +2202,7 @@ spec:
               name: mlpipeline-minio-artifact
         - name: ALLOW_CUSTOM_VISUALIZATIONS
           value: "true"
-        image: gcr.io/ml-pipeline/frontend:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/frontend:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
@@ -2274,7 +2274,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: gcr.io/ml-pipeline/viewer-crd-controller:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/viewer-crd-controller:1.7.0-rc.3
         imagePullPolicy: Always
         name: ml-pipeline-viewer-crd
       serviceAccountName: ml-pipeline-viewer-crd-service-account
@@ -2301,7 +2301,7 @@ spec:
         application-crd-id: kubeflow-pipelines
     spec:
       containers:
-      - image: gcr.io/ml-pipeline/visualization-server:1.7.0-rc.2
+      - image: gcr.io/ml-pipeline/visualization-server:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
@@ -2416,7 +2416,7 @@ spec:
             secretKeyRef:
               key: secretkey
               name: mlpipeline-minio-artifact
-        image: gcr.io/ml-pipeline-test/9747bf7bd8b70ca1abbd3fcc5dbbe2d64b21857e/api-server:latest
+        image: gcr.io/ml-pipeline/api-server:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         livenessProbe:
           exec:
@@ -2524,7 +2524,7 @@ spec:
       - env:
         - name: PROXY_URL
           value: https://datalab-staging.cloud.google.com/tun/m/4592f092208ecc84946b8f8f8016274df1b36a14
-        image: gcr.io/ml-pipeline/inverse-proxy-agent:1.7.0-rc.2
+        image: gcr.io/ml-pipeline/inverse-proxy-agent:1.7.0-rc.3
         imagePullPolicy: IfNotPresent
         name: proxy-agent
       hostNetwork: true
@@ -2553,7 +2553,7 @@ spec:
         - --configmap
         - workflow-controller-configmap
         - --executor-image
-        - gcr.io/ml-pipeline/argoexec:v3.1.2-patch.2-license-compliance
+        - gcr.io/ml-pipeline/argoexec:v3.1.5-patch-license-compliance
         - --namespaced
         command:
         - workflow-controller
@@ -2563,7 +2563,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.name
-        image: gcr.io/ml-pipeline/workflow-controller:v3.1.2-patch.2-license-compliance
+        image: gcr.io/ml-pipeline/workflow-controller:v3.1.5-patch-license-compliance
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -2634,7 +2634,7 @@ spec:
       url: https://github.com/kubeflow/pipelines
     notes: Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters).
     type: Kubeflow Pipelines
-    version: 1.7.0-rc.2
+    version: 1.7.0-rc.3
   info:
   - name: Console
     value: https://console.cloud.google.com/ai-platform/pipelines/clusters

diff --git a/test-infra/kfp/Makefile b/test-infra/kfp/Makefile
@@ -16,7 +16,7 @@ KFP_STANDALONE_1_DIR=$(ACM_REPOS)/kfp-standalone-1
 
 # Please edit the following version before running the script to pull new
 # pipelines version.
-PIPELINES_VERSION=1.7.0-rc.2
+PIPELINES_VERSION=1.7.0-rc.3
 PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git
 
 all: hydrate hydrate-kfp-manifests vet-kfp-manifests
@@ -51,6 +51,8 @@ connect: FORCE
 	gcloud container clusters get-credentials $(NAME) --region us-central1 --project $(PROJECT)
 	kubectl config rename-context $$(kubectl config current-context) $(NAME)
 
+kfp-update: get-kfp-manifests hydrate-kfp-manifests FORCE
+
 get-kfp-manifests: FORCE
 	rm -rf $(NAME)/kustomize/upstream
 	mkdir -p $(NAME)/kustomize

diff --git a/test-infra/kfp/README.md b/test-infra/kfp/README.md
@@ -1 +1,13 @@
-Folder for test infra for KFP (Kubeflow Pipelines)
+# Test infra for KFP (Kubeflow Pipelines)
+
+## Upgrade KFP
+
+1. Edit `PIPELINES_VERSION=<new-version>` in Makefile.
+
+1. Run:
+
+    ```bash
+    make kfp-update
+    ```
+
+1. Commit the changes and send a PR.
diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/instance/kustomization.yaml b/test-infra/kfp/kfp-standalone-1/kustomize/instance/kustomization.yaml
@@ -35,11 +35,7 @@ patchesStrategicMerge:
 # 3. kubectl apply -k ./
 ####
 
-images:
-# temporary override to verify https://github.com/kubeflow/pipelines/pull/6190
-- name: gcr.io/ml-pipeline/api-server
-  newName: gcr.io/ml-pipeline-test/9747bf7bd8b70ca1abbd3fcc5dbbe2d64b21857e/api-server
-  newTag: latest
+images: []
 
 # Example override:
 # - name: gcr.io/ml-pipeline/frontend

diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/upstream/Kptfile b/test-infra/kfp/kfp-standalone-1/kustomize/upstream/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: cc920c761c9823728e760ca2d1deef9899e3df0a
+    commit: 3c6d1285a0ec84ec55631990e08b102856de12a7
     repo: https://github.com/kubeflow/pipelines
     directory: /manifests/kustomize
-    ref: 1.7.0-rc.2
+    ref: 1.7.0-rc.3
diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/upstream/README.md b/test-infra/kfp/kfp-standalone-1/kustomize/upstream/README.md
@@ -1,70 +1,58 @@
-# Kubeflow Pipelines Kustomize Manifest Folder
+# Install Kubeflow Pipelines Standalone using Kustomize Manifests
 
-## Install Kubeflow Pipelines
+This folder contains [Kubeflow Pipelines Standalone](https://www.kubeflow.org/docs/components/pipelines/installation/standalone-deployment/) 
+Kustomize manifests.
 
-This folder contains Kubeflow Pipelines Kustomize manifests for a light weight
-deployment. You can follow the instruction and deploy Kubeflow Pipelines in an
-existing cluster.
+Kubeflow Pipelines Standalone is one option to install Kubeflow Pipelines. You can review all other options in
+[Installation Options for Kubeflow Pipelines](https://www.kubeflow.org/docs/components/pipelines/installation/overview/).
 
-To install Kubeflow Pipelines, you have several options.
+## Install options for different envs
 
-- Via [GCP AI Platform UI](http://console.cloud.google.com/ai-platform/pipelines).
-- Via an upcoming commandline tool.
-- Via Kubectl with Kustomize, it's detailed here.
+To install Kubeflow Pipelines Standalone, follow [Kubeflow Pipelines Standalone Deployment documentation](https://www.kubeflow.org/docs/components/pipelines/installation/standalone-deployment/).
 
-### Install via Kustomize
+There are environment specific installation instructions not covered in the official deployment documentation, they are listed below.
 
-Deploy latest version of Kubeflow Pipelines.
+### (env/platform-agnostic) install on any Kubernetes cluster
 
-It uses following default settings.
-
-- image: latest released images
-- namespace: kubeflow
-- application name: pipeline
-
-#### Option-1 Install it to any K8s cluster
-
-It's based on in-cluster PersistentVolumeClaim storage.
+Install:
 
 ```bash
+KFP_ENV=platform-agnostic
 kubectl apply -k cluster-scoped-resources/
 kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s
-kubectl apply -k env/platform-agnostic/
+kubectl apply -k "env/${KFP_ENV}/"
 kubectl wait pods -l application-crd-id=kubeflow-pipelines -n kubeflow --for condition=Ready --timeout=1800s
 kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80
 ```
 
-Now you can access it via localhost:8080
+Now you can access Kubeflow Pipelines UI in your browser by <http://localhost:8080>.
 
-#### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage
+Customize:
 
-It's based on in-cluster PersistentVolumeClaim storage.
-Additionally, it introduced a proxy in GCP to allow user easily access KFP safely.
+There are two variations for platform-agnostic that uses different [argo workflow executors](https://argoproj.github.io/argo-workflows/workflow-executors/):
 
-```bash
-kubectl apply -k cluster-scoped-resources/
-kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s
+* env/platform-agnostic-emissary
+* env/platform-agnostic-pns
 
-kubectl apply -k env/dev/
-kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s
+You can install them by changing `KFP_ENV` in above instructions to the variation you want.
 
-# Or visit http://console.cloud.google.com/ai-platform/pipelines
-kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com
-```
+Data:
+
+Application data are persisted in in-cluster PersistentVolumeClaim storage.
 
-#### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage
+### (env/gcp) install on Google Cloud with Cloud Storage and Cloud SQL
 
-Its storage is based on CloudSQL & GCS. It's better than others for production usage.
+Cloud Storage and Cloud SQL are better for operating a production cluster.
 
-Please following [sample](sample/README.md) for a customized installation.
+Refer to [Google Cloud Instructions](sample/README.md) for installation.
 
-#### Option-4 Install it to AWS with S3 and RDS MySQL
+### (env/aws) install on AWS with S3 and RDS MySQL
 
-Its storage is based on S3 & AWS RDS. It's more natural for AWS users to use this option.
+S3 and RDS MySQL are better for operating a production cluster.
 
-Please following [AWS Instructions](env/aws/README.md) for installation.
+Refer to [AWS Instructions](env/aws/README.md) for installation.
 
-Note: Community maintains a repo [e2fyi/kubeflow-aws](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS.
+Note: Community maintains a different opinionated installation manifests for AWS, refer to [e2fyi/kubeflow-aws](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines).
 
 ## Uninstall
 
@@ -86,46 +74,18 @@ kubectl delete applications/pipeline -n kubeflow
 kubectl delete -k cluster-scoped-resources/
 ```
 
-## Troubleshooting
-
-### Permission error installing Kubeflow Pipelines to a cluster
-
-Run
-
-```bash
-kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name]
-```
-
-### Samples requires "user-gcp-sa" secret
-
-If sample code requires a "user-gcp-sa" secret, you could create one by
-
-- First download the GCE VM service account token
-    [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys)
-
-  ```bash
-  gcloud iam service-accounts keys create application_default_credentials.json \
-    --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com
-  ```
-
-- Run
-
-  ```bash
-  kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json`
-  ```
-
 ## Folder Structure
 
 ### Overview
 
-- User facing manifest entrypoints are `cluster-scoped-resources` package and `env/<env-name>` package.
-  - `cluster-scoped-resources` should collect all cluster-scoped resources.
-  - `env/<env-name>` should collect env specific namespace-scoped resources.
-  - Note, for multi-user envs, they already included cluster-scoped resources.
-- KFP core components live in `base/<component-name>` folders.
-  - If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base/<component-name>/kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder.
-- KFP core installations are in `base/installs/<install-type>`, they only include the core KFP components, not third party ones.
-- Third party components live in `third-party/<component-name>` folders.
+* User facing manifest entrypoints are `cluster-scoped-resources` package and `env/<env-name>` package.
+  * `cluster-scoped-resources` should collect all cluster-scoped resources.
+  * `env/<env-name>` should collect env specific namespace-scoped resources.
+  * Note, for multi-user envs, they already included cluster-scoped resources.
+* KFP core components live in `base/<component-name>` folders.
+  * If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base/<component-name>/kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder.
+* KFP core installations are in `base/installs/<install-type>`, they only include the core KFP components, not third party ones.
+* Third party components live in `third-party/<component-name>` folders.
 
 ### For direct deployments
 
@@ -139,5 +99,5 @@ Please compose `base/installs/<install-type>` and third party dependencies based
 
 Constraints for namespaced installation we need to comply with (that drove above structure):
 
-- CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD).
-- [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace.
+* CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD).
+* [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace.
diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/cache-deployer/kustomization.yaml b/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/cache-deployer/kustomization.yaml
@@ -8,4 +8,4 @@ commonLabels:
   app: cache-deployer
 images:
   - name: gcr.io/ml-pipeline/cache-deployer
-    newTag: 1.7.0-rc.2
+    newTag: 1.7.0-rc.3
diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/cache/kustomization.yaml b/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/cache/kustomization.yaml
@@ -10,4 +10,4 @@ commonLabels:
   app: cache-server
 images:
   - name: gcr.io/ml-pipeline/cache-server
-    newTag: 1.7.0-rc.2
+    newTag: 1.7.0-rc.3
diff --git a/...fp/kfp-standalone-1/kustomize/upstream/base/installs/generic/pipeline-install-config.yaml b/...fp/kfp-standalone-1/kustomize/upstream/base/installs/generic/pipeline-install-config.yaml
@@ -11,7 +11,7 @@ data:
     until the changes take effect. A quick way to restart all deployments in a
     namespace: `kubectl rollout restart deployment -n <your-namespace>`.
   appName: pipeline
-  appVersion: 1.7.0-rc.2
+  appVersion: 1.7.0-rc.3
   dbHost: mysql
   dbPort: "3306"
   mlmdDb: metadb

diff --git a/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/metadata/base/kustomization.yaml b/test-infra/kfp/kfp-standalone-1/kustomize/upstream/base/metadata/base/kustomization.yaml
@@ -9,4 +9,4 @@ resources:
   - metadata-grpc-sa.yaml
 images:
   - name: gcr.io/ml-pipeline/metadata-envoy
-    newTag: 1.7.0-rc.2
+    newTag: 1.7.0-rc.3