From 1c43da3eeeb2883e4072bd0681c73fc9aeca2e75 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Thu, 11 Jun 2020 14:02:53 +0800 Subject: [PATCH 01/45] Add argo to stacks/generic --- stacks/generic/kustomization.yaml | 3 +- ...ourcedefinition_workflows.argoproj.io.yaml | 19 ++++++ .../app.k8s.io_v1beta1_application_argo.yaml | 39 +++++++++++ .../expected/apps_v1_deployment_argo-ui.yaml | 66 +++++++++++++++++++ ...pps_v1_deployment_workflow-controller.yaml | 61 +++++++++++++++++ ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 25 +++++++ ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 35 ++++++++++ ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 54 +++++++++++++++ ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 17 +++++ ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 17 +++++ ...nfigmap_workflow-controller-configmap.yaml | 32 +++++++++ ...figmap_workflow-controller-parameters.yaml | 22 +++++++ .../expected/~g_v1_service_argo-ui.yaml | 21 ++++++ .../~g_v1_serviceaccount_argo-ui.yaml | 9 +++ .../expected/~g_v1_serviceaccount_argo.yaml | 9 +++ ...ourcedefinition_workflows.argoproj.io.yaml | 19 ++++++ .../app.k8s.io_v1beta1_application_argo.yaml | 39 +++++++++++ .../expected/apps_v1_deployment_argo-ui.yaml | 66 +++++++++++++++++++ ...pps_v1_deployment_workflow-controller.yaml | 61 +++++++++++++++++ ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 25 +++++++ ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 35 ++++++++++ ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 54 +++++++++++++++ ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 17 +++++ ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 17 +++++ ...nfigmap_workflow-controller-configmap.yaml | 32 +++++++++ ...figmap_workflow-controller-parameters.yaml | 22 +++++++ .../expected/~g_v1_service_argo-ui.yaml | 21 ++++++ .../~g_v1_serviceaccount_argo-ui.yaml | 9 +++ .../expected/~g_v1_serviceaccount_argo.yaml | 9 +++ 29 files changed, 854 insertions(+), 1 deletion(-) create mode 100644 tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index dd54b95d70..58c4fa37b9 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -15,6 +15,7 @@ resources: - ../../pytorch-job/pytorch-operator/overlays/application - ../../tf-training/tf-job-crds/overlays/application - ../../tf-training/tf-job-operator/overlays/application + - ../../argo/base_v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base configMapGenerator: @@ -37,4 +38,4 @@ vars: objref: apiVersion: v1 kind: ConfigMap - name: kubeflow-config \ No newline at end of file + name: kubeflow-config diff --git a/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..a5ab61a1c2 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..9d9b1dcd68 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: docker, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..0f695c21ce --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: docker + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..a5ab61a1c2 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..9d9b1dcd68 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: docker, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..0f695c21ce --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: docker + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow From 9e9c72505233ff516657d7a52957741fa58c7c27 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Thu, 11 Jun 2020 14:20:50 +0800 Subject: [PATCH 02/45] Pull pipelines manifest from upstream --- hack/pull_kfp_upstream.sh | 9 + pipeline/upstream/Kptfile | 11 + pipeline/upstream/OWNERS | 8 + pipeline/upstream/README.md | 100 ++++++++ pipeline/upstream/STRUCTURE.md | 49 ++++ .../application-controller-deployment.yaml | 38 +++ .../application-controller-role.yaml | 21 ++ .../application-controller-rolebinding.yaml | 11 + .../application-controller-sa.yaml | 4 + .../application-controller-service.yaml | 13 + .../cluster-scoped/application-crd.yaml | 234 ++++++++++++++++++ .../cluster-scoped/kustomization.yaml | 4 + .../base/application/kustomization.yaml | 8 + .../argo/cluster-scoped/kustomization.yaml | 4 + .../argo/cluster-scoped/workflow-crd.yaml | 67 +++++ .../upstream/base/argo/kustomization.yaml | 9 + .../base/argo/minio-artifact-secret.yaml | 8 + .../argo/workflow-controller-configmap.yaml | 28 +++ .../argo/workflow-controller-deployment.yaml | 51 ++++ .../base/argo/workflow-controller-role.yaml | 48 ++++ .../argo/workflow-controller-rolebinding.yaml | 11 + .../base/argo/workflow-controller-sa.yaml | 4 + .../cache-deployer-deployment.yaml | 29 +++ .../cache-deployer/cache-deployer-role.yaml | 15 ++ .../cache-deployer-rolebinding.yaml | 11 + .../cache-deployer/cache-deployer-sa.yaml | 4 + .../cache-deployer-clusterrole.yaml | 24 ++ .../cache-deployer-clusterrolebinding.yaml | 12 + .../cluster-scoped/kustomization.yaml | 5 + .../base/cache-deployer/kustomization.yaml | 7 + .../upstream/base/cache/cache-deployment.yaml | 67 +++++ pipeline/upstream/base/cache/cache-role.yaml | 33 +++ .../base/cache/cache-rolebinding.yaml | 11 + pipeline/upstream/base/cache/cache-sa.yaml | 4 + .../upstream/base/cache/cache-service.yaml | 10 + .../upstream/base/cache/kustomization.yaml | 8 + pipeline/upstream/base/kustomization.yaml | 104 ++++++++ .../upstream/base/metadata/kustomization.yaml | 12 + .../base/metadata/metadata-configmap.yaml | 9 + .../metadata/metadata-envoy-deployment.yaml | 24 ++ .../base/metadata/metadata-envoy-service.yaml | 14 ++ .../metadata/metadata-grpc-deployment.yaml | 64 +++++ .../base/metadata/metadata-grpc-service.yaml | 14 ++ .../metadata/metadata-writer-deployment.yaml | 25 ++ .../base/metadata/metadata-writer-role.yaml | 33 +++ .../metadata/metadata-writer-rolebinding.yaml | 11 + .../base/metadata/metadata-writer-sa.yaml | 4 + .../upstream/base/mysql/kustomization.yaml | 4 + .../upstream/base/mysql/mysql-configmap.yaml | 10 + pipeline/upstream/base/params-db-secret.env | 2 + pipeline/upstream/base/params.env | 8 + pipeline/upstream/base/params.yaml | 24 ++ .../upstream/base/pipeline-application.yaml | 49 ++++ .../cluster-scoped/kustomization.yaml | 5 + .../scheduled-workflow-crd.yaml | 18 ++ .../pipeline/cluster-scoped/viewer-crd.yaml | 18 ++ .../base/pipeline/container-builder-sa.yaml | 4 + .../upstream/base/pipeline/kustomization.yaml | 32 +++ .../ml-pipeline-apiserver-deployment.yaml | 83 +++++++ .../pipeline/ml-pipeline-apiserver-role.yaml | 38 +++ .../ml-pipeline-apiserver-rolebinding.yaml | 13 + .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 + .../ml-pipeline-apiserver-service.yaml | 16 ++ ...-pipeline-persistenceagent-deployment.yaml | 25 ++ .../ml-pipeline-persistenceagent-role.yaml | 21 ++ ...pipeline-persistenceagent-rolebinding.yaml | 11 + .../ml-pipeline-persistenceagent-sa.yaml | 4 + ...pipeline-scheduledworkflow-deployment.yaml | 25 ++ .../ml-pipeline-scheduledworkflow-role.yaml | 38 +++ ...ipeline-scheduledworkflow-rolebinding.yaml | 11 + .../ml-pipeline-scheduledworkflow-sa.yaml | 4 + .../pipeline/ml-pipeline-ui-deployment.yaml | 53 ++++ .../base/pipeline/ml-pipeline-ui-role.yaml | 46 ++++ .../pipeline/ml-pipeline-ui-rolebinding.yaml | 13 + .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 + .../base/pipeline/ml-pipeline-ui-service.yaml | 12 + .../ml-pipeline-viewer-crd-deployment.yaml | 27 ++ .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 +++ .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 + .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 + .../ml-pipeline-visualization-deployment.yaml | 47 ++++ .../ml-pipeline-visualization-sa.yaml | 4 + .../ml-pipeline-visualization-service.yaml | 12 + .../base/pipeline/pipeline-runner-role.yaml | 80 ++++++ .../pipeline/pipeline-runner-rolebinding.yaml | 11 + .../base/pipeline/pipeline-runner-sa.yaml | 4 + .../kustomization.yaml | 23 ++ .../cluster-scoped-resources/namespace.yaml | 4 + .../cluster-scoped-resources/params.env | 1 + .../cluster-scoped-resources/params.yaml | 6 + pipeline/upstream/env/dev/kustomization.yaml | 13 + .../cloudsql-proxy-deployment.yaml | 38 +++ .../env/gcp/cloudsql-proxy/kustomization.yaml | 5 + .../env/gcp/cloudsql-proxy/mysql-service.yaml | 9 + .../env/gcp/gcp-configurations-patch.yaml | 25 ++ .../gcp-default-configmap.yaml | 8 + .../gcp/gcp-default-config/kustomization.yaml | 4 + .../env/gcp/inverse-proxy/kustomization.yaml | 11 + .../gcp/inverse-proxy/proxy-configmap.yaml | 4 + .../gcp/inverse-proxy/proxy-deployment.yaml | 21 ++ .../env/gcp/inverse-proxy/proxy-role.yaml | 13 + .../gcp/inverse-proxy/proxy-rolebinding.yaml | 13 + .../env/gcp/inverse-proxy/proxy-sa.yaml | 4 + pipeline/upstream/env/gcp/kustomization.yaml | 38 +++ .../gcp/minio-gcs-gateway/kustomization.yaml | 5 + .../minio-gcs-gateway-deployment.yaml | 31 +++ .../minio-gcs-gateway-service.yaml | 11 + pipeline/upstream/env/gcp/params.env | 6 + .../env/platform-agnostic/kustomization.yaml | 19 ++ .../minio/kustomization.yaml | 6 + .../minio/minio-deployment.yaml | 38 +++ .../platform-agnostic/minio/minio-pvc.yaml | 10 + .../minio/minio-service.yaml | 11 + .../mysql/kustomization.yaml | 6 + .../mysql/mysql-deployment.yaml | 33 +++ .../mysql/mysql-pv-claim.yaml | 10 + .../mysql/mysql-service.yaml | 9 + .../upstream/gcp-workload-identity-setup.sh | 131 ++++++++++ pipeline/upstream/hack/release.sh | 32 +++ pipeline/upstream/kustomize/Kptfile | 11 + pipeline/upstream/kustomize/OWNERS | 8 + pipeline/upstream/kustomize/README.md | 100 ++++++++ pipeline/upstream/kustomize/STRUCTURE.md | 49 ++++ .../application-controller-deployment.yaml | 38 +++ .../application-controller-role.yaml | 21 ++ .../application-controller-rolebinding.yaml | 11 + .../application-controller-sa.yaml | 4 + .../application-controller-service.yaml | 13 + .../cluster-scoped/application-crd.yaml | 234 ++++++++++++++++++ .../cluster-scoped/kustomization.yaml | 4 + .../base/application/kustomization.yaml | 8 + .../argo/cluster-scoped/kustomization.yaml | 4 + .../argo/cluster-scoped/workflow-crd.yaml | 67 +++++ .../kustomize/base/argo/kustomization.yaml | 9 + .../base/argo/minio-artifact-secret.yaml | 8 + .../argo/workflow-controller-configmap.yaml | 28 +++ .../argo/workflow-controller-deployment.yaml | 51 ++++ .../base/argo/workflow-controller-role.yaml | 48 ++++ .../argo/workflow-controller-rolebinding.yaml | 11 + .../base/argo/workflow-controller-sa.yaml | 4 + .../cache-deployer-deployment.yaml | 29 +++ .../cache-deployer/cache-deployer-role.yaml | 15 ++ .../cache-deployer-rolebinding.yaml | 11 + .../cache-deployer/cache-deployer-sa.yaml | 4 + .../cache-deployer-clusterrole.yaml | 24 ++ .../cache-deployer-clusterrolebinding.yaml | 12 + .../cluster-scoped/kustomization.yaml | 5 + .../base/cache-deployer/kustomization.yaml | 7 + .../base/cache/cache-deployment.yaml | 67 +++++ .../kustomize/base/cache/cache-role.yaml | 33 +++ .../base/cache/cache-rolebinding.yaml | 11 + .../kustomize/base/cache/cache-sa.yaml | 4 + .../kustomize/base/cache/cache-service.yaml | 10 + .../kustomize/base/cache/kustomization.yaml | 8 + .../kustomize/base/kustomization.yaml | 104 ++++++++ .../base/metadata/kustomization.yaml | 12 + .../base/metadata/metadata-configmap.yaml | 9 + .../metadata/metadata-envoy-deployment.yaml | 24 ++ .../base/metadata/metadata-envoy-service.yaml | 14 ++ .../metadata/metadata-grpc-deployment.yaml | 64 +++++ .../base/metadata/metadata-grpc-service.yaml | 14 ++ .../metadata/metadata-writer-deployment.yaml | 25 ++ .../base/metadata/metadata-writer-role.yaml | 33 +++ .../metadata/metadata-writer-rolebinding.yaml | 11 + .../base/metadata/metadata-writer-sa.yaml | 4 + .../kustomize/base/mysql/kustomization.yaml | 4 + .../kustomize/base/mysql/mysql-configmap.yaml | 10 + .../kustomize/base/params-db-secret.env | 2 + pipeline/upstream/kustomize/base/params.env | 8 + pipeline/upstream/kustomize/base/params.yaml | 24 ++ .../kustomize/base/pipeline-application.yaml | 49 ++++ .../cluster-scoped/kustomization.yaml | 5 + .../scheduled-workflow-crd.yaml | 18 ++ .../pipeline/cluster-scoped/viewer-crd.yaml | 18 ++ .../base/pipeline/container-builder-sa.yaml | 4 + .../base/pipeline/kustomization.yaml | 32 +++ .../ml-pipeline-apiserver-deployment.yaml | 83 +++++++ .../pipeline/ml-pipeline-apiserver-role.yaml | 38 +++ .../ml-pipeline-apiserver-rolebinding.yaml | 13 + .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 + .../ml-pipeline-apiserver-service.yaml | 16 ++ ...-pipeline-persistenceagent-deployment.yaml | 25 ++ .../ml-pipeline-persistenceagent-role.yaml | 21 ++ ...pipeline-persistenceagent-rolebinding.yaml | 11 + .../ml-pipeline-persistenceagent-sa.yaml | 4 + ...pipeline-scheduledworkflow-deployment.yaml | 25 ++ .../ml-pipeline-scheduledworkflow-role.yaml | 38 +++ ...ipeline-scheduledworkflow-rolebinding.yaml | 11 + .../ml-pipeline-scheduledworkflow-sa.yaml | 4 + .../pipeline/ml-pipeline-ui-deployment.yaml | 53 ++++ .../base/pipeline/ml-pipeline-ui-role.yaml | 46 ++++ .../pipeline/ml-pipeline-ui-rolebinding.yaml | 13 + .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 + .../base/pipeline/ml-pipeline-ui-service.yaml | 12 + .../ml-pipeline-viewer-crd-deployment.yaml | 27 ++ .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 +++ .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 + .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 + .../ml-pipeline-visualization-deployment.yaml | 47 ++++ .../ml-pipeline-visualization-sa.yaml | 4 + .../ml-pipeline-visualization-service.yaml | 12 + .../base/pipeline/pipeline-runner-role.yaml | 80 ++++++ .../pipeline/pipeline-runner-rolebinding.yaml | 11 + .../base/pipeline/pipeline-runner-sa.yaml | 4 + .../kustomization.yaml | 23 ++ .../cluster-scoped-resources/namespace.yaml | 4 + .../cluster-scoped-resources/params.env | 1 + .../cluster-scoped-resources/params.yaml | 6 + .../kustomize/env/dev/kustomization.yaml | 13 + .../cloudsql-proxy-deployment.yaml | 38 +++ .../env/gcp/cloudsql-proxy/kustomization.yaml | 5 + .../env/gcp/cloudsql-proxy/mysql-service.yaml | 9 + .../env/gcp/gcp-configurations-patch.yaml | 25 ++ .../gcp-default-configmap.yaml | 8 + .../gcp/gcp-default-config/kustomization.yaml | 4 + .../env/gcp/inverse-proxy/kustomization.yaml | 11 + .../gcp/inverse-proxy/proxy-configmap.yaml | 4 + .../gcp/inverse-proxy/proxy-deployment.yaml | 21 ++ .../env/gcp/inverse-proxy/proxy-role.yaml | 13 + .../gcp/inverse-proxy/proxy-rolebinding.yaml | 13 + .../env/gcp/inverse-proxy/proxy-sa.yaml | 4 + .../kustomize/env/gcp/kustomization.yaml | 38 +++ .../gcp/minio-gcs-gateway/kustomization.yaml | 5 + .../minio-gcs-gateway-deployment.yaml | 31 +++ .../minio-gcs-gateway-service.yaml | 11 + .../upstream/kustomize/env/gcp/params.env | 6 + .../env/platform-agnostic/kustomization.yaml | 19 ++ .../minio/kustomization.yaml | 6 + .../minio/minio-deployment.yaml | 38 +++ .../platform-agnostic/minio/minio-pvc.yaml | 10 + .../minio/minio-service.yaml | 11 + .../mysql/kustomization.yaml | 6 + .../mysql/mysql-deployment.yaml | 33 +++ .../mysql/mysql-pv-claim.yaml | 10 + .../mysql/mysql-service.yaml | 9 + .../kustomize/gcp-workload-identity-setup.sh | 131 ++++++++++ pipeline/upstream/kustomize/hack/release.sh | 32 +++ pipeline/upstream/kustomize/sample/README.md | 78 ++++++ .../kustomization.yaml | 10 + .../cluster-scoped-resources/params.env | 1 + .../kustomize/sample/kustomization.yaml | 28 +++ .../kustomize/sample/params-db-secret.env | 2 + pipeline/upstream/kustomize/sample/params.env | 4 + pipeline/upstream/kustomize/wi-utils.sh | 85 +++++++ pipeline/upstream/sample/README.md | 78 ++++++ .../kustomization.yaml | 10 + .../cluster-scoped-resources/params.env | 1 + pipeline/upstream/sample/kustomization.yaml | 28 +++ pipeline/upstream/sample/params-db-secret.env | 2 + pipeline/upstream/sample/params.env | 4 + pipeline/upstream/wi-utils.sh | 85 +++++++ 251 files changed, 5841 insertions(+) create mode 100755 hack/pull_kfp_upstream.sh create mode 100644 pipeline/upstream/Kptfile create mode 100644 pipeline/upstream/OWNERS create mode 100644 pipeline/upstream/README.md create mode 100644 pipeline/upstream/STRUCTURE.md create mode 100644 pipeline/upstream/base/application/application-controller-deployment.yaml create mode 100644 pipeline/upstream/base/application/application-controller-role.yaml create mode 100644 pipeline/upstream/base/application/application-controller-rolebinding.yaml create mode 100644 pipeline/upstream/base/application/application-controller-sa.yaml create mode 100644 pipeline/upstream/base/application/application-controller-service.yaml create mode 100644 pipeline/upstream/base/application/cluster-scoped/application-crd.yaml create mode 100644 pipeline/upstream/base/application/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/application/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml create mode 100644 pipeline/upstream/base/argo/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/minio-artifact-secret.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-configmap.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-deployment.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-role.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-sa.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/cache-deployer/kustomization.yaml create mode 100644 pipeline/upstream/base/cache/cache-deployment.yaml create mode 100644 pipeline/upstream/base/cache/cache-role.yaml create mode 100644 pipeline/upstream/base/cache/cache-rolebinding.yaml create mode 100644 pipeline/upstream/base/cache/cache-sa.yaml create mode 100644 pipeline/upstream/base/cache/cache-service.yaml create mode 100644 pipeline/upstream/base/cache/kustomization.yaml create mode 100644 pipeline/upstream/base/kustomization.yaml create mode 100644 pipeline/upstream/base/metadata/kustomization.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-configmap.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-envoy-service.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-grpc-service.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-writer-deployment.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-writer-role.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-writer-sa.yaml create mode 100644 pipeline/upstream/base/mysql/kustomization.yaml create mode 100644 pipeline/upstream/base/mysql/mysql-configmap.yaml create mode 100644 pipeline/upstream/base/params-db-secret.env create mode 100644 pipeline/upstream/base/params.env create mode 100644 pipeline/upstream/base/params.yaml create mode 100644 pipeline/upstream/base/pipeline-application.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml create mode 100644 pipeline/upstream/base/pipeline/container-builder-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/kustomization.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-role.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/namespace.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/params.env create mode 100644 pipeline/upstream/cluster-scoped-resources/params.yaml create mode 100644 pipeline/upstream/env/dev/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml create mode 100644 pipeline/upstream/env/gcp/gcp-configurations-patch.yaml create mode 100644 pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml create mode 100644 pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml create mode 100644 pipeline/upstream/env/gcp/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml create mode 100644 pipeline/upstream/env/gcp/params.env create mode 100644 pipeline/upstream/env/platform-agnostic/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml create mode 100755 pipeline/upstream/gcp-workload-identity-setup.sh create mode 100755 pipeline/upstream/hack/release.sh create mode 100644 pipeline/upstream/kustomize/Kptfile create mode 100644 pipeline/upstream/kustomize/OWNERS create mode 100644 pipeline/upstream/kustomize/README.md create mode 100644 pipeline/upstream/kustomize/STRUCTURE.md create mode 100644 pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/application/application-controller-role.yaml create mode 100644 pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/application/application-controller-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/application/application-controller-service.yaml create mode 100644 pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml create mode 100644 pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/application/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/cache-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/cache-role.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/cache-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/cache-service.yaml create mode 100644 pipeline/upstream/kustomize/base/cache/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/mysql/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml create mode 100644 pipeline/upstream/kustomize/base/params-db-secret.env create mode 100644 pipeline/upstream/kustomize/base/params.env create mode 100644 pipeline/upstream/kustomize/base/params.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline-application.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml create mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml create mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/params.env create mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml create mode 100644 pipeline/upstream/kustomize/env/dev/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml create mode 100644 pipeline/upstream/kustomize/env/gcp/params.env create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml create mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml create mode 100755 pipeline/upstream/kustomize/gcp-workload-identity-setup.sh create mode 100755 pipeline/upstream/kustomize/hack/release.sh create mode 100644 pipeline/upstream/kustomize/sample/README.md create mode 100644 pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env create mode 100644 pipeline/upstream/kustomize/sample/kustomization.yaml create mode 100644 pipeline/upstream/kustomize/sample/params-db-secret.env create mode 100644 pipeline/upstream/kustomize/sample/params.env create mode 100644 pipeline/upstream/kustomize/wi-utils.sh create mode 100644 pipeline/upstream/sample/README.md create mode 100644 pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/sample/cluster-scoped-resources/params.env create mode 100644 pipeline/upstream/sample/kustomization.yaml create mode 100644 pipeline/upstream/sample/params-db-secret.env create mode 100644 pipeline/upstream/sample/params.env create mode 100644 pipeline/upstream/wi-utils.sh diff --git a/hack/pull_kfp_upstream.sh b/hack/pull_kfp_upstream.sh new file mode 100755 index 0000000000..7e71c21c4e --- /dev/null +++ b/hack/pull_kfp_upstream.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +export PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git +export PIPELINES_VERSION=1.0.0-rc.1 +# Pulling for the first time +# kpt pkg get $PIPELINES_SRC_REPO/manifests/kustomize@$PIPELINES_VERSION pipeline/upstream + +# Updates +kpt pkg update pipeline/upstream/@$PIPELINES_VERSION --strategy force-delete-replace diff --git a/pipeline/upstream/Kptfile b/pipeline/upstream/Kptfile new file mode 100644 index 0000000000..5927c2d911 --- /dev/null +++ b/pipeline/upstream/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: upstream +upstream: + type: git + git: + commit: 2384d8f1c6083b4ec5c144a2fb6e247bcbe33b05 + repo: https://github.com/kubeflow/pipelines + directory: /manifests/kustomize + ref: 1.0.0-rc.1 diff --git a/pipeline/upstream/OWNERS b/pipeline/upstream/OWNERS new file mode 100644 index 0000000000..95ccd02456 --- /dev/null +++ b/pipeline/upstream/OWNERS @@ -0,0 +1,8 @@ +approvers: + - Bobgy + - IronPan + - rmgogogo +reviewers: + - Bobgy + - IronPan + - rmgogogo diff --git a/pipeline/upstream/README.md b/pipeline/upstream/README.md new file mode 100644 index 0000000000..c082edc8df --- /dev/null +++ b/pipeline/upstream/README.md @@ -0,0 +1,100 @@ +# Install Kubeflow Pipelines + +This folder contains Kubeflow Pipelines Kustomize manifests for a light weight +deployment. You can follow the instruction and deploy Kubeflow Pipelines in an +existing cluster. + +To install Kubeflow Pipelines, you have several options. +- Via [GCP AI Platform UI](http://console.cloud.google.com/ai-platform/pipelines). +- Via an upcoming commandline tool. +- Via Kubectl with Kustomize, it's detailed here. + - Community maintains a repo [here](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS. + +## Install via Kustomize + +Deploy latest version of Kubeflow Pipelines. + +It uses following default settings. +- image: latest released images +- namespace: kubeflow +- application name: pipeline + +### Option-1 Install it to any K8s cluster +It's based on in-cluster PersistentVolumeClaim storage. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s +kubectl apply -k env/platform-agnostic/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` +Now you can access it via localhost:8080 + +### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage +It's based on in-cluster PersistentVolumeClaim storage. +Additionally, it introduced a proxy in GCP to allow user easily access KFP safely. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k env/dev/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s + +# Or visit http://console.cloud.google.com/ai-platform/pipelines +kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com +``` + +### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage +Its storage is based on CloudSQL & GCS. It's better than others for production usage. + +Please following [sample](sample/README.md) for a customized installation. + +## Uninstall + +If the installation is based on CloudSQL/GCS, after the uninstall, the data is still there, +reinstall a newer version can reuse the data. + +``` +### 1. namespace scoped +# Depends on how you installed it: +kubectl kustomize env/platform-agnostic | kubectl delete -f - +# or +kubectl kustomize env/dev | kubectl delete -f - +# or +kubectl kustomize env/gcp | kubectl delete -f - +# or +kubectl delete applications/pipeline -n kubeflow + +### 2. cluster scoped +kubectl delete -k cluster-scoped-resources/ +``` + +## Troubleshooting + +### Permission error installing Kubeflow Pipelines to a cluster + +Run + +``` +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +### Samples requires "user-gcp-sa" secret + +If sample code requires a "user-gcp-sa" secret, you could create one by + +- First download the GCE VM service account token + [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) + +``` +gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com +``` + +- Run + +``` +kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json` +``` diff --git a/pipeline/upstream/STRUCTURE.md b/pipeline/upstream/STRUCTURE.md new file mode 100644 index 0000000000..86a7835b9c --- /dev/null +++ b/pipeline/upstream/STRUCTURE.md @@ -0,0 +1,49 @@ +# Kubeflow Pipelines Kustomize Manifest Folder Structure + +Folder structure: +``` +kustomize +├── cluster-scoped-resources +│ ├── README.md (explains this folder structure) +│ └── kustomization.yaml (lists all cluster-scoped folders in base/) +├── base +│ ├── cache-deployer +│ │ ├── cluster-scoped (not included in cache-deployer's kustomization.yaml) +│ │ │ ├── clusteroles +│ │ │ └── clusterrolebindings +| | └── ... (namespace scoped) +│ ├── argo +│ │ ├── cluster-scoped +│ │ │ └── workflow-crd.yaml +| | └── ... (namespace scoped) +│ ├── application +│ │ ├── cluster-scoped +│ │ │ ├── application-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ ├── pipeline +│ │ ├── cluster-scoped +│ │ │ ├── viewer-crd.yaml +│ │ │ ├── scheduledworkflow-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ └── ... +└── env + ├── platform-agnostic + │ └── kustomization.yaml (based on "base") + ├── dev + │ └── kustomization.yaml (based on "env/platform-agnostic") + └── gcp + └── kustomization.yaml (based on "base") +``` + +* User facing manifest entrypoint is `cluster-scoped-resources` package and `env/` package. + * `cluster-scoped-resources` should collect all cluster-scoped resources. + * `env/` should collect env specific namespace scoped resources. +* Universal components live in `base/` folders. + * If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base//kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder. +* Env specific overlays live in `env/` folders. + +Constraints we need to comply with (that drove above structure): +* CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD). +* [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace. diff --git a/pipeline/upstream/base/application/application-controller-deployment.yaml b/pipeline/upstream/base/application/application-controller-deployment.yaml new file mode 100644 index 0000000000..b4cc7042d9 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /root/manager + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application diff --git a/pipeline/upstream/base/application/application-controller-role.yaml b/pipeline/upstream/base/application/application-controller-role.yaml new file mode 100644 index 0000000000..a17dbaea09 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: application-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' diff --git a/pipeline/upstream/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/base/application/application-controller-rolebinding.yaml new file mode 100644 index 0000000000..71a3f42d24 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: application-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: application-manager-role +subjects: +- kind: ServiceAccount + name: application diff --git a/pipeline/upstream/base/application/application-controller-sa.yaml b/pipeline/upstream/base/application/application-controller-sa.yaml new file mode 100644 index 0000000000..bd13039151 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: application diff --git a/pipeline/upstream/base/application/application-controller-service.yaml b/pipeline/upstream/base/application/application-controller-service.yaml new file mode 100644 index 0000000000..f5f7d8bac6 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: controller-manager-service + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + ports: + - port: 443 diff --git a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml new file mode 100644 index 0000000000..0cbab2d480 --- /dev/null +++ b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml @@ -0,0 +1,234 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + kind: Application + plural: applications + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addOwnerRef: + type: boolean + assemblyPhase: + type: string + componentKinds: + items: + type: object + type: array + descriptor: + properties: + description: + type: string + icons: + items: + properties: + size: + type: string + src: + type: string + type: + type: string + required: + - src + type: object + type: array + keywords: + items: + type: string + type: array + links: + items: + properties: + description: + type: string + url: + type: string + type: object + type: array + maintainers: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + notes: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + type: + type: string + version: + type: string + type: object + info: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + ingressRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + host: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + secretKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + serviceRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + port: + format: int32 + type: integer + resourceVersion: + type: string + uid: + type: string + type: object + type: + type: string + type: object + type: object + type: array + selector: + type: object + type: object + status: + properties: + components: + items: + properties: + group: + type: string + kind: + type: string + link: + type: string + name: + type: string + status: + type: string + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + type: object + version: v1beta1 diff --git a/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..0fc4e0bb3f --- /dev/null +++ b/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-crd.yaml diff --git a/pipeline/upstream/base/application/kustomization.yaml b/pipeline/upstream/base/application/kustomization.yaml new file mode 100644 index 0000000000..8d65bf8915 --- /dev/null +++ b/pipeline/upstream/base/application/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-controller-deployment.yaml +- application-controller-role.yaml +- application-controller-rolebinding.yaml +- application-controller-sa.yaml +- application-controller-service.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..262cc50515 --- /dev/null +++ b/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- workflow-crd.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml new file mode 100644 index 0000000000..5a7b6a3aff --- /dev/null +++ b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + version: v1alpha1 + scope: Namespaced + names: + kind: Workflow + plural: workflows + shortNames: + - wf + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + plural: cronworkflows + shortNames: + - cronwf + - cwf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + plural: workflowtemplates + shortNames: + - wftmpl + scope: Namespaced + version: v1alpha1 diff --git a/pipeline/upstream/base/argo/kustomization.yaml b/pipeline/upstream/base/argo/kustomization.yaml new file mode 100644 index 0000000000..e8df6b5662 --- /dev/null +++ b/pipeline/upstream/base/argo/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-artifact-secret.yaml +- workflow-controller-configmap.yaml +- workflow-controller-deployment.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml +- workflow-controller-sa.yaml diff --git a/pipeline/upstream/base/argo/minio-artifact-secret.yaml b/pipeline/upstream/base/argo/minio-artifact-secret.yaml new file mode 100644 index 0000000000..3ae64f1160 --- /dev/null +++ b/pipeline/upstream/base/argo/minio-artifact-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + name: mlpipeline-minio-artifact +type: Opaque diff --git a/pipeline/upstream/base/argo/workflow-controller-configmap.yaml b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml new file mode 100644 index 0000000000..aafe839c79 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + { + namespace: $(NAMESPACE), + executorImage: gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance, + artifactRepository: + { + s3: { + bucket: $(BUCKET_NAME), + keyPrefix: artifacts, + endpoint: minio-service.$(NAMESPACE):9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + }, + archiveLogs: true + } + } diff --git a/pipeline/upstream/base/argo/workflow-controller-deployment.yaml b/pipeline/upstream/base/argo/workflow-controller-deployment.yaml new file mode 100644 index 0000000000..9395f80895 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/workflow-controller:v2.7.5-license-compliance + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/pipeline/upstream/base/argo/workflow-controller-role.yaml b/pipeline/upstream/base/argo/workflow-controller-role.yaml new file mode 100644 index 0000000000..d79208a99a --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-role.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + verbs: + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml new file mode 100644 index 0000000000..0484f455b8 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo diff --git a/pipeline/upstream/base/argo/workflow-controller-sa.yaml b/pipeline/upstream/base/argo/workflow-controller-sa.yaml new file mode 100644 index 0000000000..f3d5885df9 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml new file mode 100644 index 0000000000..d4c3ae3a86 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment + labels: + app: cache-deployer +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/cache-deployer:dummy + imagePullPolicy: Always + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-cache-deployer-sa + restartPolicy: Always diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml new file mode 100644 index 0000000000..6211517140 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..36ed4963a5 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml new file mode 100644 index 0000000000..affada3d10 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..7e2d2dcf8c --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: $(NAMESPACE) diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..cd31d9a4e2 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-clusterrole.yaml +- cache-deployer-clusterrolebinding.yaml diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml new file mode 100644 index 0000000000..f6c83059b9 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-role.yaml +- cache-deployer-rolebinding.yaml +- cache-deployer-sa.yaml +- cache-deployer-deployment.yaml diff --git a/pipeline/upstream/base/cache/cache-deployment.yaml b/pipeline/upstream/base/cache/cache-deployment.yaml new file mode 100644 index 0000000000..0f075706a5 --- /dev/null +++ b/pipeline/upstream/base/cache/cache-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server + labels: + app: cache-server +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - name: server + image: gcr.io/ml-pipeline/cache-server:dummy + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: cache_db + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /etc/webhook/certs + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + serviceAccountName: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-role.yaml b/pipeline/upstream/base/cache/cache-role.yaml new file mode 100644 index 0000000000..de613b427b --- /dev/null +++ b/pipeline/upstream/base/cache/cache-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/base/cache/cache-rolebinding.yaml b/pipeline/upstream/base/cache/cache-rolebinding.yaml new file mode 100644 index 0000000000..48541bfb8a --- /dev/null +++ b/pipeline/upstream/base/cache/cache-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-sa.yaml b/pipeline/upstream/base/cache/cache-sa.yaml new file mode 100644 index 0000000000..232ddd15cf --- /dev/null +++ b/pipeline/upstream/base/cache/cache-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-service.yaml b/pipeline/upstream/base/cache/cache-service.yaml new file mode 100644 index 0000000000..980619837b --- /dev/null +++ b/pipeline/upstream/base/cache/cache-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server +spec: + selector: + app: cache-server + ports: + - port: 443 + targetPort: webhook-api diff --git a/pipeline/upstream/base/cache/kustomization.yaml b/pipeline/upstream/base/cache/kustomization.yaml new file mode 100644 index 0000000000..a4bdc8c7ba --- /dev/null +++ b/pipeline/upstream/base/cache/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployment.yaml +- cache-service.yaml +- cache-role.yaml +- cache-rolebinding.yaml +- cache-sa.yaml diff --git a/pipeline/upstream/base/kustomization.yaml b/pipeline/upstream/base/kustomization.yaml new file mode 100644 index 0000000000..25d6486916 --- /dev/null +++ b/pipeline/upstream/base/kustomization.yaml @@ -0,0 +1,104 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- application +- argo +- pipeline +- metadata +- mysql +- cache +- cache-deployer +resources: +- pipeline-application.yaml +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/frontend + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/visualization-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.0.0-rc.1 +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env +secretGenerator: +- name: mysql-secret + env: params-db-secret.env +vars: +- name: NAMESPACE + objref: + kind: Deployment + apiVersion: apps/v1 + name: ml-pipeline + fieldref: + fieldpath: metadata.namespace +- name: APP_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appName +- name: APP_VERSION + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appVersion +- name: DBSERVICE_HOST + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.dbHost +- name: DBSERVICE_PORT + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.dbPort +- name: DBNAME_MLMD + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mlmdDb +- name: DBNAME_CACHE + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.cacheDb +- name: DBNAME_PIPELINE + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.pipelineDb +- name: BUCKET_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.bucketName +configurations: +- params.yaml diff --git a/pipeline/upstream/base/metadata/kustomization.yaml b/pipeline/upstream/base/metadata/kustomization.yaml new file mode 100644 index 0000000000..cf594beb70 --- /dev/null +++ b/pipeline/upstream/base/metadata/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- metadata-configmap.yaml +- metadata-grpc-deployment.yaml +- metadata-grpc-service.yaml +- metadata-envoy-deployment.yaml +- metadata-envoy-service.yaml +- metadata-writer-deployment.yaml +- metadata-writer-role.yaml +- metadata-writer-rolebinding.yaml +- metadata-writer-sa.yaml diff --git a/pipeline/upstream/base/metadata/metadata-configmap.yaml b/pipeline/upstream/base/metadata/metadata-configmap.yaml new file mode 100644 index 0000000000..08cc7e6927 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-grpc-configmap + labels: + component: metadata-grpc-server +data: + METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" + METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..1ccf7122f7 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-envoy-deployment + labels: + component: metadata-envoy +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-envoy + template: + metadata: + labels: + component: metadata-envoy + spec: + containers: + - name: container + image: gcr.io/ml-pipeline/envoy:metadata-grpc + ports: + - name: md-envoy + containerPort: 9090 + - name: envoy-admin + containerPort: 9901 diff --git a/pipeline/upstream/base/metadata/metadata-envoy-service.yaml b/pipeline/upstream/base/metadata/metadata-envoy-service.yaml new file mode 100644 index 0000000000..42166c85cc --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-envoy-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata-envoy + name: metadata-envoy-service +spec: + selector: + component: metadata-envoy + type: ClusterIP + ports: + - port: 9090 + protocol: TCP + name: md-envoy diff --git a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..02de4b3662 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-grpc-deployment + labels: + component: metadata-grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-grpc-server + template: + metadata: + labels: + component: metadata-grpc-server + spec: + containers: + - name: container + image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.21.1 + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: mlmd_db + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + command: ["/bin/metadata_store_server"] + args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)"] + ports: + - name: grpc-api + containerPort: 8080 + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/pipeline/upstream/base/metadata/metadata-grpc-service.yaml b/pipeline/upstream/base/metadata/metadata-grpc-service.yaml new file mode 100644 index 0000000000..7e7b73bf02 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-grpc-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata + name: metadata-grpc-service +spec: + selector: + component: metadata-grpc-server + type: ClusterIP + ports: + - port: 8080 + protocol: TCP + name: grpc-api diff --git a/pipeline/upstream/base/metadata/metadata-writer-deployment.yaml b/pipeline/upstream/base/metadata/metadata-writer-deployment.yaml new file mode 100644 index 0000000000..c51903d356 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-writer-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer + labels: + app: metadata-writer +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/metadata-writer:dummy + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/metadata/metadata-writer-role.yaml b/pipeline/upstream/base/metadata/metadata-writer-role.yaml new file mode 100644 index 0000000000..06317b0845 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-writer-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml b/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml new file mode 100644 index 0000000000..37263d4a8c --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/metadata/metadata-writer-sa.yaml b/pipeline/upstream/base/metadata/metadata-writer-sa.yaml new file mode 100644 index 0000000000..77812949a8 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-writer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/mysql/kustomization.yaml b/pipeline/upstream/base/mysql/kustomization.yaml new file mode 100644 index 0000000000..42c1dda888 --- /dev/null +++ b/pipeline/upstream/base/mysql/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mysql-configmap.yaml diff --git a/pipeline/upstream/base/mysql/mysql-configmap.yaml b/pipeline/upstream/base/mysql/mysql-configmap.yaml new file mode 100644 index 0000000000..537a44522a --- /dev/null +++ b/pipeline/upstream/base/mysql/mysql-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-configmap +data: + host: $(DBSERVICE_HOST) + port: "$(DBSERVICE_PORT)" + mlmd_db: $(DBNAME_MLMD) + cache_db: $(DBNAME_CACHE) + pipeline_db: $(DBNAME_PIPELINE) diff --git a/pipeline/upstream/base/params-db-secret.env b/pipeline/upstream/base/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/base/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/base/params.env b/pipeline/upstream/base/params.env new file mode 100644 index 0000000000..948d387540 --- /dev/null +++ b/pipeline/upstream/base/params.env @@ -0,0 +1,8 @@ +appName=pipeline +appVersion=1.0.0-rc.1 +dbHost=mysql +dbPort=3306 +mlmdDb=metadb +cacheDb=cachedb +pipelineDb=mlpipeline +bucketName=mlpipeline diff --git a/pipeline/upstream/base/params.yaml b/pipeline/upstream/base/params.yaml new file mode 100644 index 0000000000..ecd1794ad0 --- /dev/null +++ b/pipeline/upstream/base/params.yaml @@ -0,0 +1,24 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: data/bucket_name + kind: ConfigMap +- path: data/project_id + kind: ConfigMap +- path: data/host + kind: ConfigMap +- path: data/port + kind: ConfigMap +- path: data/mlmd_db + kind: ConfigMap +- path: data/cache_db + kind: ConfigMap +- path: data/pipeline_db + kind: ConfigMap +- path: metadata/name + kind: Application +- path: spec/descriptor/version + kind: Application +- path: spec/template/spec/containers/image + kind: Deployment diff --git a/pipeline/upstream/base/pipeline-application.yaml b/pipeline/upstream/base/pipeline-application.yaml new file mode 100644 index 0000000000..a5e3f4b91e --- /dev/null +++ b/pipeline/upstream/base/pipeline-application.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: $(APP_NAME) + annotations: + kubernetes-engine.cloud.google.com/icon: >- + data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", + "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' +spec: + addOwnerRef: true + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + descriptor: + version: $(APP_VERSION) + type: Kubeflow Pipelines + description: |- + Reusable end-to-end ML workflow + maintainers: + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + links: + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ + notes: |- + Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + info: + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..9a92c2ced6 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- scheduled-workflow-crd.yaml +- viewer-crd.yaml diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/base/pipeline/container-builder-sa.yaml b/pipeline/upstream/base/pipeline/container-builder-sa.yaml new file mode 100644 index 0000000000..aa65bd9bbf --- /dev/null +++ b/pipeline/upstream/base/pipeline/container-builder-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder diff --git a/pipeline/upstream/base/pipeline/kustomization.yaml b/pipeline/upstream/base/pipeline/kustomization.yaml new file mode 100644 index 0000000000..ec0ea9ddde --- /dev/null +++ b/pipeline/upstream/base/pipeline/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ml-pipeline-apiserver-deployment.yaml +- ml-pipeline-apiserver-role.yaml +- ml-pipeline-apiserver-rolebinding.yaml +- ml-pipeline-apiserver-sa.yaml +- ml-pipeline-apiserver-service.yaml +- ml-pipeline-persistenceagent-deployment.yaml +- ml-pipeline-persistenceagent-role.yaml +- ml-pipeline-persistenceagent-rolebinding.yaml +- ml-pipeline-persistenceagent-sa.yaml +- ml-pipeline-scheduledworkflow-deployment.yaml +- ml-pipeline-scheduledworkflow-role.yaml +- ml-pipeline-scheduledworkflow-rolebinding.yaml +- ml-pipeline-scheduledworkflow-sa.yaml +- ml-pipeline-ui-deployment.yaml +- ml-pipeline-ui-role.yaml +- ml-pipeline-ui-rolebinding.yaml +- ml-pipeline-ui-sa.yaml +- ml-pipeline-ui-service.yaml +- ml-pipeline-viewer-crd-role.yaml +- ml-pipeline-viewer-crd-rolebinding.yaml +- ml-pipeline-viewer-crd-deployment.yaml +- ml-pipeline-viewer-crd-sa.yaml +- ml-pipeline-visualization-deployment.yaml +- ml-pipeline-visualization-sa.yaml +- ml-pipeline-visualization-service.yaml +- pipeline-runner-role.yaml +- pipeline-runner-rolebinding.yaml +- pipeline-runner-sa.yaml +- container-builder-sa.yaml diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml new file mode 100644 index 0000000000..0392085a1d --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: $(BUCKET_NAME) + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: pipeline_db + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + image: gcr.io/ml-pipeline/api-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - name: http + containerPort: 8888 + - name: grpc + containerPort: 8887 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml new file mode 100644 index 0000000000..3fdfeaaa9f --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml new file mode 100644 index 0000000000..78cef70d51 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml new file mode 100644 index 0000000000..95ff3141e6 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml new file mode 100644 index 0000000000..49de02bafb --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml new file mode 100644 index 0000000000..968f13a6cf --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..72757fffd8 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml new file mode 100644 index 0000000000..a690f20cbf --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml new file mode 100644 index 0000000000..158591534c --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml new file mode 100644 index 0000000000..c0ff7e68df --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - image: gcr.io/ml-pipeline/scheduledworkflow:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..187272a976 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml new file mode 100644 index 0000000000..c2d10f6e63 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml new file mode 100644 index 0000000000..285c13742f --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml new file mode 100644 index 0000000000..8dffba3fe3 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - image: gcr.io/ml-pipeline/frontend:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml new file mode 100644 index 0000000000..4877d7a2ce --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml @@ -0,0 +1,46 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml new file mode 100644 index 0000000000..e829835420 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml new file mode 100644 index 0000000000..4c890a27bb --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml new file mode 100644 index 0000000000..8c8669d7b9 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml new file mode 100644 index 0000000000..0135a5c0ed --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml new file mode 100644 index 0000000000..73bf032fdd --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml new file mode 100644 index 0000000000..bd1f77a837 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml new file mode 100644 index 0000000000..5dd08f8843 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml new file mode 100644 index 0000000000..a755e51be7 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - name: http + containerPort: 8888 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml new file mode 100644 index 0000000000..e1bbc6ad27 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml new file mode 100644 index 0000000000..a4c7e42cb0 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml new file mode 100644 index 0000000000..e81fd91a53 --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml new file mode 100644 index 0000000000..9adae61887 --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml new file mode 100644 index 0000000000..8cb2c669fb --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner diff --git a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..ea7e24ae46 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../base/application/cluster-scoped +- ../base/argo/cluster-scoped +- ../base/pipeline/cluster-scoped +- ../base/cache-deployer/cluster-scoped +resources: +- namespace.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-cluster-scoped-install-config + env: params.env +vars: +- name: NAMESPACE + objref: + kind: ConfigMap + name: pipeline-cluster-scoped-install-config + apiVersion: v1 + fieldref: + fieldpath: data.namespace +configurations: +- params.yaml diff --git a/pipeline/upstream/cluster-scoped-resources/namespace.yaml b/pipeline/upstream/cluster-scoped-resources/namespace.yaml new file mode 100644 index 0000000000..ae346817e9 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: $(NAMESPACE) diff --git a/pipeline/upstream/cluster-scoped-resources/params.env b/pipeline/upstream/cluster-scoped-resources/params.env new file mode 100644 index 0000000000..78166431d4 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/params.env @@ -0,0 +1 @@ +namespace=kubeflow diff --git a/pipeline/upstream/cluster-scoped-resources/params.yaml b/pipeline/upstream/cluster-scoped-resources/params.yaml new file mode 100644 index 0000000000..3bfd0e5be5 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/params.yaml @@ -0,0 +1,6 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace +- path: subjects/namespace + kind: ClusterRoleBinding diff --git a/pipeline/upstream/env/dev/kustomization.yaml b/pipeline/upstream/env/dev/kustomization.yaml new file mode 100644 index 0000000000..96318d6f63 --- /dev/null +++ b/pipeline/upstream/env/dev/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../platform-agnostic +- ../gcp/inverse-proxy +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources +namespace: kubeflow diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml new file mode 100644 index 0000000000..55b2035365 --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudsqlproxy + labels: + app: cloudsqlproxy +spec: + selector: + matchLabels: + app: cloudsqlproxy + replicas: 1 + template: + metadata: + labels: + app: cloudsqlproxy + spec: + containers: + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql + volumes: + - name: cloudsql + emptyDir: diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml new file mode 100644 index 0000000000..87f162bcbd --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cloudsql-proxy-deployment.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml new file mode 100644 index 0000000000..d93921d040 --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: cloudsqlproxy diff --git a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml new file mode 100644 index 0000000000..d88e632c43 --- /dev/null +++ b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "has_default_bucket" + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "bucket_name" + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "project_id" diff --git a/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml b/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml new file mode 100644 index 0000000000..f705fefb8c --- /dev/null +++ b/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gcp-default-config +data: + bucket_name: "$(BUCKET_NAME)" + has_default_bucket: "true" + project_id: "$(GCP_PROJECT_ID)" diff --git a/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml b/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml new file mode 100644 index 0000000000..cc36121c46 --- /dev/null +++ b/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- gcp-default-configmap.yaml diff --git a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml new file mode 100644 index 0000000000..36ffb5c51f --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: gcr.io/ml-pipeline/inverse-proxy-agent + newTag: 1.0.0-rc.1 +resources: +- proxy-configmap.yaml +- proxy-deployment.yaml +- proxy-role.yaml +- proxy-rolebinding.yaml +- proxy-sa.yaml diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml new file mode 100644 index 0000000000..c469f7acb9 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: inverse-proxy-config diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml new file mode 100644 index 0000000000..faf3e47309 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-agent + name: proxy-agent +spec: + selector: + matchLabels: + app: proxy-agent + template: + metadata: + labels: + app: proxy-agent + spec: + hostNetwork: true + containers: + - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy + imagePullPolicy: IfNotPresent + name: proxy-agent + serviceAccountName: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml new file mode 100644 index 0000000000..b4fae7b750 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml new file mode 100644 index 0000000000..72f1fc0d6f --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxy-agent-runner +subjects: +- kind: ServiceAccount + name: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml new file mode 100644 index 0000000000..af8b0c3c2d --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/kustomization.yaml b/pipeline/upstream/env/gcp/kustomization.yaml new file mode 100644 index 0000000000..541616e4c9 --- /dev/null +++ b/pipeline/upstream/env/gcp/kustomization.yaml @@ -0,0 +1,38 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- inverse-proxy +- minio-gcs-gateway +- cloudsql-proxy +- gcp-default-config +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +patchesStrategicMerge: +- gcp-configurations-patch.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge +vars: +- name: GCP_PROJECT_ID + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsProjectId +- name: GCP_CLOUDSQL_INSTANCE_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsCloudSqlInstanceName diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml new file mode 100644 index 0000000000..f14e64f5d3 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-gcs-gateway-deployment.yaml +- minio-gcs-gateway-service.yaml diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml new file mode 100644 index 0000000000..ec560830a9 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - gcs + - $(GCP_PROJECT_ID) + env: + - name: MINIO_ACCESS_KEY + value: "minio" + - name: MINIO_SECRET_KEY + value: "minio123" + ports: + - containerPort: 9000 diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml new file mode 100644 index 0000000000..6f542967e7 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio diff --git a/pipeline/upstream/env/gcp/params.env b/pipeline/upstream/env/gcp/params.env new file mode 100644 index 0000000000..0c1d077bee --- /dev/null +++ b/pipeline/upstream/env/gcp/params.env @@ -0,0 +1,6 @@ +pipelineDb=pipelinedb +mlmdDb=metadb +cacheDb=cachedb +bucketName=yourGcsBucketName +gcsProjectId=yourGcsProjectId +gcsCloudSqlInstanceName=yourCloudSqlInstanceName diff --git a/pipeline/upstream/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/kustomization.yaml new file mode 100644 index 0000000000..c5773ad03f --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- minio +- mysql +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +images: +- name: mysql + newTag: "5.6" +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml new file mode 100644 index 0000000000..7a20d85a7c --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-deployment.yaml +- minio-pvc.yaml +- minio-service.yaml diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml new file mode 100644 index 0000000000..382dc4fd21 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml new file mode 100644 index 0000000000..ecfa32bbe8 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml new file mode 100644 index 0000000000..f49cf52859 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio diff --git a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml new file mode 100644 index 0000000000..93af2924b5 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mysql-deployment.yaml +- mysql-pv-claim.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml new file mode 100644 index 0000000000..ab9386e25c --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml new file mode 100644 index 0000000000..108dc24ef3 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml new file mode 100644 index 0000000000..db93f1017a --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: mysql diff --git a/pipeline/upstream/gcp-workload-identity-setup.sh b/pipeline/upstream/gcp-workload-identity-setup.sh new file mode 100755 index 0000000000..e749ccbc0d --- /dev/null +++ b/pipeline/upstream/gcp-workload-identity-setup.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Google service Account (GSA) +SYSTEM_GSA=${SYSTEM_GSA:-$CLUSTER_NAME-kfp-system} +USER_GSA=${USER_GSA:-$CLUSTER_NAME-kfp-user} + +# Kubernetes Service Account (KSA) +SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver) +USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder) + +cat < CLUSTER_NAME= NAMESPACE= ./gcp-workload-identity-setup.sh +``` + +PROJECT_ID: GCP project ID your cluster belongs to. +CLUSTER_NAME: your GKE cluster's name. +NAMESPACE: Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to (default is kubeflow). +EOF +} +if [ -z "$PROJECT_ID" ]; then + usage + echo + echo "Error: PROJECT_ID env variable is empty!" + exit 1 +fi +if [ -z "$CLUSTER_NAME" ]; then + usage + echo + echo "Error: CLUSTER_NAME env variable is empty!" + exit 1 +fi +echo "Env variables set:" +echo "* PROJECT_ID=$PROJECT_ID" +echo "* CLUSTER_NAME=$CLUSTER_NAME" +echo "* NAMESPACE=$NAMESPACE" +echo + +read -p "Continue? (Y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 0 +fi + +echo "Creating Google service accounts..." +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} +create_gsa_if_not_present $SYSTEM_GSA +create_gsa_if_not_present $USER_GSA + +# You can optionally choose to add iam policy bindings to grant project permissions to these GSAs. +# You can also set these up later. +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + + gcloud iam service-accounts add-iam-policy-binding $gsa@$PROJECT_ID.iam.gserviceaccount.com \ + --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $NAMESPACE \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa@$PROJECT_ID.iam.gserviceaccount.com + echo "* Bound KSA $ksa to GSA $gsa" +} + +echo "Binding each kfp system KSA to $SYSTEM_GSA" +for ksa in ${SYSTEM_KSA[@]}; do + bind_gsa_and_ksa $SYSTEM_GSA $ksa +done + +echo "Binding each kfp user KSA to $USER_GSA" +for ksa in ${USER_KSA[@]}; do + bind_gsa_and_ksa $USER_GSA $ksa +done diff --git a/pipeline/upstream/hack/release.sh b/pipeline/upstream/hack/release.sh new file mode 100755 index 0000000000..d233a83bf3 --- /dev/null +++ b/pipeline/upstream/hack/release.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +TAG_NAME=$1 +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" + +if [[ -z "$TAG_NAME" ]]; then + echo "Usage: release.sh " >&2 + exit 1 +fi + +echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +yq w -i "$DIR/../base/kustomization.yaml" images[*].newTag "$TAG_NAME" +yq w -i "$DIR/../env/gcp/inverse-proxy/kustomization.yaml" images[*].newTag "$TAG_NAME" + +# Note, this only works in linux. TODO: make it MacOS sed compatible. +sed -i.bak -e "s|appVersion=.\+|appVersion=$TAG_NAME|g" "$DIR/../base/params.env" diff --git a/pipeline/upstream/kustomize/Kptfile b/pipeline/upstream/kustomize/Kptfile new file mode 100644 index 0000000000..5927c2d911 --- /dev/null +++ b/pipeline/upstream/kustomize/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: upstream +upstream: + type: git + git: + commit: 2384d8f1c6083b4ec5c144a2fb6e247bcbe33b05 + repo: https://github.com/kubeflow/pipelines + directory: /manifests/kustomize + ref: 1.0.0-rc.1 diff --git a/pipeline/upstream/kustomize/OWNERS b/pipeline/upstream/kustomize/OWNERS new file mode 100644 index 0000000000..95ccd02456 --- /dev/null +++ b/pipeline/upstream/kustomize/OWNERS @@ -0,0 +1,8 @@ +approvers: + - Bobgy + - IronPan + - rmgogogo +reviewers: + - Bobgy + - IronPan + - rmgogogo diff --git a/pipeline/upstream/kustomize/README.md b/pipeline/upstream/kustomize/README.md new file mode 100644 index 0000000000..c082edc8df --- /dev/null +++ b/pipeline/upstream/kustomize/README.md @@ -0,0 +1,100 @@ +# Install Kubeflow Pipelines + +This folder contains Kubeflow Pipelines Kustomize manifests for a light weight +deployment. You can follow the instruction and deploy Kubeflow Pipelines in an +existing cluster. + +To install Kubeflow Pipelines, you have several options. +- Via [GCP AI Platform UI](http://console.cloud.google.com/ai-platform/pipelines). +- Via an upcoming commandline tool. +- Via Kubectl with Kustomize, it's detailed here. + - Community maintains a repo [here](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS. + +## Install via Kustomize + +Deploy latest version of Kubeflow Pipelines. + +It uses following default settings. +- image: latest released images +- namespace: kubeflow +- application name: pipeline + +### Option-1 Install it to any K8s cluster +It's based on in-cluster PersistentVolumeClaim storage. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s +kubectl apply -k env/platform-agnostic/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` +Now you can access it via localhost:8080 + +### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage +It's based on in-cluster PersistentVolumeClaim storage. +Additionally, it introduced a proxy in GCP to allow user easily access KFP safely. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k env/dev/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s + +# Or visit http://console.cloud.google.com/ai-platform/pipelines +kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com +``` + +### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage +Its storage is based on CloudSQL & GCS. It's better than others for production usage. + +Please following [sample](sample/README.md) for a customized installation. + +## Uninstall + +If the installation is based on CloudSQL/GCS, after the uninstall, the data is still there, +reinstall a newer version can reuse the data. + +``` +### 1. namespace scoped +# Depends on how you installed it: +kubectl kustomize env/platform-agnostic | kubectl delete -f - +# or +kubectl kustomize env/dev | kubectl delete -f - +# or +kubectl kustomize env/gcp | kubectl delete -f - +# or +kubectl delete applications/pipeline -n kubeflow + +### 2. cluster scoped +kubectl delete -k cluster-scoped-resources/ +``` + +## Troubleshooting + +### Permission error installing Kubeflow Pipelines to a cluster + +Run + +``` +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +### Samples requires "user-gcp-sa" secret + +If sample code requires a "user-gcp-sa" secret, you could create one by + +- First download the GCE VM service account token + [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) + +``` +gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com +``` + +- Run + +``` +kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json` +``` diff --git a/pipeline/upstream/kustomize/STRUCTURE.md b/pipeline/upstream/kustomize/STRUCTURE.md new file mode 100644 index 0000000000..86a7835b9c --- /dev/null +++ b/pipeline/upstream/kustomize/STRUCTURE.md @@ -0,0 +1,49 @@ +# Kubeflow Pipelines Kustomize Manifest Folder Structure + +Folder structure: +``` +kustomize +├── cluster-scoped-resources +│ ├── README.md (explains this folder structure) +│ └── kustomization.yaml (lists all cluster-scoped folders in base/) +├── base +│ ├── cache-deployer +│ │ ├── cluster-scoped (not included in cache-deployer's kustomization.yaml) +│ │ │ ├── clusteroles +│ │ │ └── clusterrolebindings +| | └── ... (namespace scoped) +│ ├── argo +│ │ ├── cluster-scoped +│ │ │ └── workflow-crd.yaml +| | └── ... (namespace scoped) +│ ├── application +│ │ ├── cluster-scoped +│ │ │ ├── application-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ ├── pipeline +│ │ ├── cluster-scoped +│ │ │ ├── viewer-crd.yaml +│ │ │ ├── scheduledworkflow-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ └── ... +└── env + ├── platform-agnostic + │ └── kustomization.yaml (based on "base") + ├── dev + │ └── kustomization.yaml (based on "env/platform-agnostic") + └── gcp + └── kustomization.yaml (based on "base") +``` + +* User facing manifest entrypoint is `cluster-scoped-resources` package and `env/` package. + * `cluster-scoped-resources` should collect all cluster-scoped resources. + * `env/` should collect env specific namespace scoped resources. +* Universal components live in `base/` folders. + * If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base//kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder. +* Env specific overlays live in `env/` folders. + +Constraints we need to comply with (that drove above structure): +* CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD). +* [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace. diff --git a/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml b/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml new file mode 100644 index 0000000000..b4cc7042d9 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /root/manager + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-role.yaml b/pipeline/upstream/kustomize/base/application/application-controller-role.yaml new file mode 100644 index 0000000000..a17dbaea09 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/application-controller-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: application-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' diff --git a/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml new file mode 100644 index 0000000000..71a3f42d24 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: application-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: application-manager-role +subjects: +- kind: ServiceAccount + name: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml b/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml new file mode 100644 index 0000000000..bd13039151 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-service.yaml b/pipeline/upstream/kustomize/base/application/application-controller-service.yaml new file mode 100644 index 0000000000..f5f7d8bac6 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/application-controller-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: controller-manager-service + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + ports: + - port: 443 diff --git a/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml new file mode 100644 index 0000000000..0cbab2d480 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml @@ -0,0 +1,234 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + kind: Application + plural: applications + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addOwnerRef: + type: boolean + assemblyPhase: + type: string + componentKinds: + items: + type: object + type: array + descriptor: + properties: + description: + type: string + icons: + items: + properties: + size: + type: string + src: + type: string + type: + type: string + required: + - src + type: object + type: array + keywords: + items: + type: string + type: array + links: + items: + properties: + description: + type: string + url: + type: string + type: object + type: array + maintainers: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + notes: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + type: + type: string + version: + type: string + type: object + info: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + ingressRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + host: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + secretKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + serviceRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + port: + format: int32 + type: integer + resourceVersion: + type: string + uid: + type: string + type: object + type: + type: string + type: object + type: object + type: array + selector: + type: object + type: object + status: + properties: + components: + items: + properties: + group: + type: string + kind: + type: string + link: + type: string + name: + type: string + status: + type: string + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + type: object + version: v1beta1 diff --git a/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..0fc4e0bb3f --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-crd.yaml diff --git a/pipeline/upstream/kustomize/base/application/kustomization.yaml b/pipeline/upstream/kustomize/base/application/kustomization.yaml new file mode 100644 index 0000000000..8d65bf8915 --- /dev/null +++ b/pipeline/upstream/kustomize/base/application/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-controller-deployment.yaml +- application-controller-role.yaml +- application-controller-rolebinding.yaml +- application-controller-sa.yaml +- application-controller-service.yaml diff --git a/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..262cc50515 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- workflow-crd.yaml diff --git a/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml new file mode 100644 index 0000000000..5a7b6a3aff --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + version: v1alpha1 + scope: Namespaced + names: + kind: Workflow + plural: workflows + shortNames: + - wf + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + plural: cronworkflows + shortNames: + - cronwf + - cwf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + plural: workflowtemplates + shortNames: + - wftmpl + scope: Namespaced + version: v1alpha1 diff --git a/pipeline/upstream/kustomize/base/argo/kustomization.yaml b/pipeline/upstream/kustomize/base/argo/kustomization.yaml new file mode 100644 index 0000000000..e8df6b5662 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-artifact-secret.yaml +- workflow-controller-configmap.yaml +- workflow-controller-deployment.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml +- workflow-controller-sa.yaml diff --git a/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml b/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml new file mode 100644 index 0000000000..3ae64f1160 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + name: mlpipeline-minio-artifact +type: Opaque diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml new file mode 100644 index 0000000000..aafe839c79 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + { + namespace: $(NAMESPACE), + executorImage: gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance, + artifactRepository: + { + s3: { + bucket: $(BUCKET_NAME), + keyPrefix: artifacts, + endpoint: minio-service.$(NAMESPACE):9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + }, + archiveLogs: true + } + } diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml new file mode 100644 index 0000000000..9395f80895 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/workflow-controller:v2.7.5-license-compliance + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml new file mode 100644 index 0000000000..d79208a99a --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + verbs: + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml new file mode 100644 index 0000000000..0484f455b8 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml new file mode 100644 index 0000000000..f3d5885df9 --- /dev/null +++ b/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml new file mode 100644 index 0000000000..d4c3ae3a86 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment + labels: + app: cache-deployer +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/cache-deployer:dummy + imagePullPolicy: Always + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-cache-deployer-sa + restartPolicy: Always diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml new file mode 100644 index 0000000000..6211517140 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..36ed4963a5 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml new file mode 100644 index 0000000000..affada3d10 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..7e2d2dcf8c --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: $(NAMESPACE) diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..cd31d9a4e2 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-clusterrole.yaml +- cache-deployer-clusterrolebinding.yaml diff --git a/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml b/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml new file mode 100644 index 0000000000..f6c83059b9 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-role.yaml +- cache-deployer-rolebinding.yaml +- cache-deployer-sa.yaml +- cache-deployer-deployment.yaml diff --git a/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml b/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml new file mode 100644 index 0000000000..0f075706a5 --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server + labels: + app: cache-server +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - name: server + image: gcr.io/ml-pipeline/cache-server:dummy + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: cache_db + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /etc/webhook/certs + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + serviceAccountName: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-role.yaml b/pipeline/upstream/kustomize/base/cache/cache-role.yaml new file mode 100644 index 0000000000..de613b427b --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/cache-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml b/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml new file mode 100644 index 0000000000..48541bfb8a --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-sa.yaml b/pipeline/upstream/kustomize/base/cache/cache-sa.yaml new file mode 100644 index 0000000000..232ddd15cf --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/cache-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-service.yaml b/pipeline/upstream/kustomize/base/cache/cache-service.yaml new file mode 100644 index 0000000000..980619837b --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/cache-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server +spec: + selector: + app: cache-server + ports: + - port: 443 + targetPort: webhook-api diff --git a/pipeline/upstream/kustomize/base/cache/kustomization.yaml b/pipeline/upstream/kustomize/base/cache/kustomization.yaml new file mode 100644 index 0000000000..a4bdc8c7ba --- /dev/null +++ b/pipeline/upstream/kustomize/base/cache/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployment.yaml +- cache-service.yaml +- cache-role.yaml +- cache-rolebinding.yaml +- cache-sa.yaml diff --git a/pipeline/upstream/kustomize/base/kustomization.yaml b/pipeline/upstream/kustomize/base/kustomization.yaml new file mode 100644 index 0000000000..25d6486916 --- /dev/null +++ b/pipeline/upstream/kustomize/base/kustomization.yaml @@ -0,0 +1,104 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- application +- argo +- pipeline +- metadata +- mysql +- cache +- cache-deployer +resources: +- pipeline-application.yaml +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/frontend + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/visualization-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.0.0-rc.1 +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env +secretGenerator: +- name: mysql-secret + env: params-db-secret.env +vars: +- name: NAMESPACE + objref: + kind: Deployment + apiVersion: apps/v1 + name: ml-pipeline + fieldref: + fieldpath: metadata.namespace +- name: APP_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appName +- name: APP_VERSION + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appVersion +- name: DBSERVICE_HOST + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.dbHost +- name: DBSERVICE_PORT + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.dbPort +- name: DBNAME_MLMD + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mlmdDb +- name: DBNAME_CACHE + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.cacheDb +- name: DBNAME_PIPELINE + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.pipelineDb +- name: BUCKET_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.bucketName +configurations: +- params.yaml diff --git a/pipeline/upstream/kustomize/base/metadata/kustomization.yaml b/pipeline/upstream/kustomize/base/metadata/kustomization.yaml new file mode 100644 index 0000000000..cf594beb70 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- metadata-configmap.yaml +- metadata-grpc-deployment.yaml +- metadata-grpc-service.yaml +- metadata-envoy-deployment.yaml +- metadata-envoy-service.yaml +- metadata-writer-deployment.yaml +- metadata-writer-role.yaml +- metadata-writer-rolebinding.yaml +- metadata-writer-sa.yaml diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml new file mode 100644 index 0000000000..08cc7e6927 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-grpc-configmap + labels: + component: metadata-grpc-server +data: + METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" + METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..1ccf7122f7 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-envoy-deployment + labels: + component: metadata-envoy +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-envoy + template: + metadata: + labels: + component: metadata-envoy + spec: + containers: + - name: container + image: gcr.io/ml-pipeline/envoy:metadata-grpc + ports: + - name: md-envoy + containerPort: 9090 + - name: envoy-admin + containerPort: 9901 diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml new file mode 100644 index 0000000000..42166c85cc --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata-envoy + name: metadata-envoy-service +spec: + selector: + component: metadata-envoy + type: ClusterIP + ports: + - port: 9090 + protocol: TCP + name: md-envoy diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..02de4b3662 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-grpc-deployment + labels: + component: metadata-grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-grpc-server + template: + metadata: + labels: + component: metadata-grpc-server + spec: + containers: + - name: container + image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.21.1 + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: mlmd_db + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + command: ["/bin/metadata_store_server"] + args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)"] + ports: + - name: grpc-api + containerPort: 8080 + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml new file mode 100644 index 0000000000..7e7b73bf02 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata + name: metadata-grpc-service +spec: + selector: + component: metadata-grpc-server + type: ClusterIP + ports: + - port: 8080 + protocol: TCP + name: grpc-api diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml new file mode 100644 index 0000000000..c51903d356 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer + labels: + app: metadata-writer +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/metadata-writer:dummy + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml new file mode 100644 index 0000000000..06317b0845 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml new file mode 100644 index 0000000000..37263d4a8c --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml new file mode 100644 index 0000000000..77812949a8 --- /dev/null +++ b/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/mysql/kustomization.yaml b/pipeline/upstream/kustomize/base/mysql/kustomization.yaml new file mode 100644 index 0000000000..42c1dda888 --- /dev/null +++ b/pipeline/upstream/kustomize/base/mysql/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mysql-configmap.yaml diff --git a/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml b/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml new file mode 100644 index 0000000000..537a44522a --- /dev/null +++ b/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-configmap +data: + host: $(DBSERVICE_HOST) + port: "$(DBSERVICE_PORT)" + mlmd_db: $(DBNAME_MLMD) + cache_db: $(DBNAME_CACHE) + pipeline_db: $(DBNAME_PIPELINE) diff --git a/pipeline/upstream/kustomize/base/params-db-secret.env b/pipeline/upstream/kustomize/base/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/kustomize/base/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/kustomize/base/params.env b/pipeline/upstream/kustomize/base/params.env new file mode 100644 index 0000000000..948d387540 --- /dev/null +++ b/pipeline/upstream/kustomize/base/params.env @@ -0,0 +1,8 @@ +appName=pipeline +appVersion=1.0.0-rc.1 +dbHost=mysql +dbPort=3306 +mlmdDb=metadb +cacheDb=cachedb +pipelineDb=mlpipeline +bucketName=mlpipeline diff --git a/pipeline/upstream/kustomize/base/params.yaml b/pipeline/upstream/kustomize/base/params.yaml new file mode 100644 index 0000000000..ecd1794ad0 --- /dev/null +++ b/pipeline/upstream/kustomize/base/params.yaml @@ -0,0 +1,24 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: data/bucket_name + kind: ConfigMap +- path: data/project_id + kind: ConfigMap +- path: data/host + kind: ConfigMap +- path: data/port + kind: ConfigMap +- path: data/mlmd_db + kind: ConfigMap +- path: data/cache_db + kind: ConfigMap +- path: data/pipeline_db + kind: ConfigMap +- path: metadata/name + kind: Application +- path: spec/descriptor/version + kind: Application +- path: spec/template/spec/containers/image + kind: Deployment diff --git a/pipeline/upstream/kustomize/base/pipeline-application.yaml b/pipeline/upstream/kustomize/base/pipeline-application.yaml new file mode 100644 index 0000000000..a5e3f4b91e --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline-application.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: $(APP_NAME) + annotations: + kubernetes-engine.cloud.google.com/icon: >- + data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", + "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' +spec: + addOwnerRef: true + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + descriptor: + version: $(APP_VERSION) + type: Kubeflow Pipelines + description: |- + Reusable end-to-end ML workflow + maintainers: + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + links: + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ + notes: |- + Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + info: + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..9a92c2ced6 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- scheduled-workflow-crd.yaml +- viewer-crd.yaml diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml new file mode 100644 index 0000000000..aa65bd9bbf --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder diff --git a/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml b/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml new file mode 100644 index 0000000000..ec0ea9ddde --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ml-pipeline-apiserver-deployment.yaml +- ml-pipeline-apiserver-role.yaml +- ml-pipeline-apiserver-rolebinding.yaml +- ml-pipeline-apiserver-sa.yaml +- ml-pipeline-apiserver-service.yaml +- ml-pipeline-persistenceagent-deployment.yaml +- ml-pipeline-persistenceagent-role.yaml +- ml-pipeline-persistenceagent-rolebinding.yaml +- ml-pipeline-persistenceagent-sa.yaml +- ml-pipeline-scheduledworkflow-deployment.yaml +- ml-pipeline-scheduledworkflow-role.yaml +- ml-pipeline-scheduledworkflow-rolebinding.yaml +- ml-pipeline-scheduledworkflow-sa.yaml +- ml-pipeline-ui-deployment.yaml +- ml-pipeline-ui-role.yaml +- ml-pipeline-ui-rolebinding.yaml +- ml-pipeline-ui-sa.yaml +- ml-pipeline-ui-service.yaml +- ml-pipeline-viewer-crd-role.yaml +- ml-pipeline-viewer-crd-rolebinding.yaml +- ml-pipeline-viewer-crd-deployment.yaml +- ml-pipeline-viewer-crd-sa.yaml +- ml-pipeline-visualization-deployment.yaml +- ml-pipeline-visualization-sa.yaml +- ml-pipeline-visualization-service.yaml +- pipeline-runner-role.yaml +- pipeline-runner-rolebinding.yaml +- pipeline-runner-sa.yaml +- container-builder-sa.yaml diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml new file mode 100644 index 0000000000..0392085a1d --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: $(BUCKET_NAME) + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: pipeline_db + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + image: gcr.io/ml-pipeline/api-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - name: http + containerPort: 8888 + - name: grpc + containerPort: 8887 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml new file mode 100644 index 0000000000..3fdfeaaa9f --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml new file mode 100644 index 0000000000..78cef70d51 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml new file mode 100644 index 0000000000..95ff3141e6 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml new file mode 100644 index 0000000000..49de02bafb --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml new file mode 100644 index 0000000000..968f13a6cf --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..72757fffd8 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml new file mode 100644 index 0000000000..a690f20cbf --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml new file mode 100644 index 0000000000..158591534c --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml new file mode 100644 index 0000000000..c0ff7e68df --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - image: gcr.io/ml-pipeline/scheduledworkflow:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..187272a976 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml new file mode 100644 index 0000000000..c2d10f6e63 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml new file mode 100644 index 0000000000..285c13742f --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml new file mode 100644 index 0000000000..8dffba3fe3 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - image: gcr.io/ml-pipeline/frontend:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml new file mode 100644 index 0000000000..4877d7a2ce --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml @@ -0,0 +1,46 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml new file mode 100644 index 0000000000..e829835420 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml new file mode 100644 index 0000000000..4c890a27bb --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml new file mode 100644 index 0000000000..8c8669d7b9 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml new file mode 100644 index 0000000000..0135a5c0ed --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml new file mode 100644 index 0000000000..73bf032fdd --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml new file mode 100644 index 0000000000..bd1f77a837 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml new file mode 100644 index 0000000000..5dd08f8843 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml new file mode 100644 index 0000000000..a755e51be7 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - name: http + containerPort: 8888 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml new file mode 100644 index 0000000000..e1bbc6ad27 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml new file mode 100644 index 0000000000..a4c7e42cb0 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml new file mode 100644 index 0000000000..e81fd91a53 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml new file mode 100644 index 0000000000..9adae61887 --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml new file mode 100644 index 0000000000..8cb2c669fb --- /dev/null +++ b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..ea7e24ae46 --- /dev/null +++ b/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../base/application/cluster-scoped +- ../base/argo/cluster-scoped +- ../base/pipeline/cluster-scoped +- ../base/cache-deployer/cluster-scoped +resources: +- namespace.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-cluster-scoped-install-config + env: params.env +vars: +- name: NAMESPACE + objref: + kind: ConfigMap + name: pipeline-cluster-scoped-install-config + apiVersion: v1 + fieldref: + fieldpath: data.namespace +configurations: +- params.yaml diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml new file mode 100644 index 0000000000..ae346817e9 --- /dev/null +++ b/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: $(NAMESPACE) diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/params.env b/pipeline/upstream/kustomize/cluster-scoped-resources/params.env new file mode 100644 index 0000000000..78166431d4 --- /dev/null +++ b/pipeline/upstream/kustomize/cluster-scoped-resources/params.env @@ -0,0 +1 @@ +namespace=kubeflow diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml new file mode 100644 index 0000000000..3bfd0e5be5 --- /dev/null +++ b/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml @@ -0,0 +1,6 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace +- path: subjects/namespace + kind: ClusterRoleBinding diff --git a/pipeline/upstream/kustomize/env/dev/kustomization.yaml b/pipeline/upstream/kustomize/env/dev/kustomization.yaml new file mode 100644 index 0000000000..96318d6f63 --- /dev/null +++ b/pipeline/upstream/kustomize/env/dev/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../platform-agnostic +- ../gcp/inverse-proxy +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources +namespace: kubeflow diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml new file mode 100644 index 0000000000..55b2035365 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudsqlproxy + labels: + app: cloudsqlproxy +spec: + selector: + matchLabels: + app: cloudsqlproxy + replicas: 1 + template: + metadata: + labels: + app: cloudsqlproxy + spec: + containers: + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql + volumes: + - name: cloudsql + emptyDir: diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml new file mode 100644 index 0000000000..87f162bcbd --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cloudsql-proxy-deployment.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml new file mode 100644 index 0000000000..d93921d040 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: cloudsqlproxy diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml new file mode 100644 index 0000000000..d88e632c43 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "has_default_bucket" + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "bucket_name" + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "project_id" diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml new file mode 100644 index 0000000000..f705fefb8c --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gcp-default-config +data: + bucket_name: "$(BUCKET_NAME)" + has_default_bucket: "true" + project_id: "$(GCP_PROJECT_ID)" diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml new file mode 100644 index 0000000000..cc36121c46 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- gcp-default-configmap.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml new file mode 100644 index 0000000000..36ffb5c51f --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: gcr.io/ml-pipeline/inverse-proxy-agent + newTag: 1.0.0-rc.1 +resources: +- proxy-configmap.yaml +- proxy-deployment.yaml +- proxy-role.yaml +- proxy-rolebinding.yaml +- proxy-sa.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml new file mode 100644 index 0000000000..c469f7acb9 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: inverse-proxy-config diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml new file mode 100644 index 0000000000..faf3e47309 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-agent + name: proxy-agent +spec: + selector: + matchLabels: + app: proxy-agent + template: + metadata: + labels: + app: proxy-agent + spec: + hostNetwork: true + containers: + - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy + imagePullPolicy: IfNotPresent + name: proxy-agent + serviceAccountName: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml new file mode 100644 index 0000000000..b4fae7b750 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml new file mode 100644 index 0000000000..72f1fc0d6f --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxy-agent-runner +subjects: +- kind: ServiceAccount + name: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml new file mode 100644 index 0000000000..af8b0c3c2d --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/kustomization.yaml new file mode 100644 index 0000000000..541616e4c9 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/kustomization.yaml @@ -0,0 +1,38 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- inverse-proxy +- minio-gcs-gateway +- cloudsql-proxy +- gcp-default-config +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +patchesStrategicMerge: +- gcp-configurations-patch.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge +vars: +- name: GCP_PROJECT_ID + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsProjectId +- name: GCP_CLOUDSQL_INSTANCE_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsCloudSqlInstanceName diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml new file mode 100644 index 0000000000..f14e64f5d3 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-gcs-gateway-deployment.yaml +- minio-gcs-gateway-service.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml new file mode 100644 index 0000000000..ec560830a9 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - gcs + - $(GCP_PROJECT_ID) + env: + - name: MINIO_ACCESS_KEY + value: "minio" + - name: MINIO_SECRET_KEY + value: "minio123" + ports: + - containerPort: 9000 diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml new file mode 100644 index 0000000000..6f542967e7 --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio diff --git a/pipeline/upstream/kustomize/env/gcp/params.env b/pipeline/upstream/kustomize/env/gcp/params.env new file mode 100644 index 0000000000..0c1d077bee --- /dev/null +++ b/pipeline/upstream/kustomize/env/gcp/params.env @@ -0,0 +1,6 @@ +pipelineDb=pipelinedb +mlmdDb=metadb +cacheDb=cachedb +bucketName=yourGcsBucketName +gcsProjectId=yourGcsProjectId +gcsCloudSqlInstanceName=yourCloudSqlInstanceName diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml new file mode 100644 index 0000000000..c5773ad03f --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- minio +- mysql +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +images: +- name: mysql + newTag: "5.6" +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml new file mode 100644 index 0000000000..7a20d85a7c --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-deployment.yaml +- minio-pvc.yaml +- minio-service.yaml diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml new file mode 100644 index 0000000000..382dc4fd21 --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml new file mode 100644 index 0000000000..ecfa32bbe8 --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml new file mode 100644 index 0000000000..f49cf52859 --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml new file mode 100644 index 0000000000..93af2924b5 --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mysql-deployment.yaml +- mysql-pv-claim.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml new file mode 100644 index 0000000000..ab9386e25c --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml new file mode 100644 index 0000000000..108dc24ef3 --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml new file mode 100644 index 0000000000..db93f1017a --- /dev/null +++ b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: mysql diff --git a/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh b/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh new file mode 100755 index 0000000000..e749ccbc0d --- /dev/null +++ b/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Google service Account (GSA) +SYSTEM_GSA=${SYSTEM_GSA:-$CLUSTER_NAME-kfp-system} +USER_GSA=${USER_GSA:-$CLUSTER_NAME-kfp-user} + +# Kubernetes Service Account (KSA) +SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver) +USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder) + +cat < CLUSTER_NAME= NAMESPACE= ./gcp-workload-identity-setup.sh +``` + +PROJECT_ID: GCP project ID your cluster belongs to. +CLUSTER_NAME: your GKE cluster's name. +NAMESPACE: Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to (default is kubeflow). +EOF +} +if [ -z "$PROJECT_ID" ]; then + usage + echo + echo "Error: PROJECT_ID env variable is empty!" + exit 1 +fi +if [ -z "$CLUSTER_NAME" ]; then + usage + echo + echo "Error: CLUSTER_NAME env variable is empty!" + exit 1 +fi +echo "Env variables set:" +echo "* PROJECT_ID=$PROJECT_ID" +echo "* CLUSTER_NAME=$CLUSTER_NAME" +echo "* NAMESPACE=$NAMESPACE" +echo + +read -p "Continue? (Y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 0 +fi + +echo "Creating Google service accounts..." +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} +create_gsa_if_not_present $SYSTEM_GSA +create_gsa_if_not_present $USER_GSA + +# You can optionally choose to add iam policy bindings to grant project permissions to these GSAs. +# You can also set these up later. +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + + gcloud iam service-accounts add-iam-policy-binding $gsa@$PROJECT_ID.iam.gserviceaccount.com \ + --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $NAMESPACE \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa@$PROJECT_ID.iam.gserviceaccount.com + echo "* Bound KSA $ksa to GSA $gsa" +} + +echo "Binding each kfp system KSA to $SYSTEM_GSA" +for ksa in ${SYSTEM_KSA[@]}; do + bind_gsa_and_ksa $SYSTEM_GSA $ksa +done + +echo "Binding each kfp user KSA to $USER_GSA" +for ksa in ${USER_KSA[@]}; do + bind_gsa_and_ksa $USER_GSA $ksa +done diff --git a/pipeline/upstream/kustomize/hack/release.sh b/pipeline/upstream/kustomize/hack/release.sh new file mode 100755 index 0000000000..d233a83bf3 --- /dev/null +++ b/pipeline/upstream/kustomize/hack/release.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +TAG_NAME=$1 +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" + +if [[ -z "$TAG_NAME" ]]; then + echo "Usage: release.sh " >&2 + exit 1 +fi + +echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +yq w -i "$DIR/../base/kustomization.yaml" images[*].newTag "$TAG_NAME" +yq w -i "$DIR/../env/gcp/inverse-proxy/kustomization.yaml" images[*].newTag "$TAG_NAME" + +# Note, this only works in linux. TODO: make it MacOS sed compatible. +sed -i.bak -e "s|appVersion=.\+|appVersion=$TAG_NAME|g" "$DIR/../base/params.env" diff --git a/pipeline/upstream/kustomize/sample/README.md b/pipeline/upstream/kustomize/sample/README.md new file mode 100644 index 0000000000..cb5c7e753d --- /dev/null +++ b/pipeline/upstream/kustomize/sample/README.md @@ -0,0 +1,78 @@ +# Sample installation + +1. Prepare a cluster and setup kubectl context +Do whatever you want to customize your cluster. You can use existing cluster +or create a new one. +- **ML Usage** GPU normally is required for deep learning task. +You may consider create **zero-sized GPU node-pool with autoscaling**. +Please reference [GPU Tutorial](/samples/tutorials/gpu/). +- **Security** You may consider use **Workload Identity** in GCP cluster. + +Here for simplicity we create a small cluster with **--scopes=cloud-platform** +to save credentail configure efforts. + +``` +gcloud container clusters create mycluster \ + --zone us-central1-a \ + --machine-type n1-standard-2 \ + --scopes cloud-platform \ + --enable-autoscaling \ + --min-nodes 1 \ + --max-nodes 5 \ + --num-nodes 3 +``` + +2. Prepare CloudSQL + +Create CloudSQL instance. [Console](https://console.cloud.google.com/sql/instances). + +Here is a sample for demo. + +``` +gcloud beta sql instances create mycloudsqlname \ + --database-version=MYSQL_5_7 \ + --tier=db-n1-standard-1 \ + --region=us-central1 \ + --root-password=password123 +``` + +You may use **Private IP** to well protect your CloudSQL. +If you use **Private IP**, please go to [VPC network peering](https://console.cloud.google.com/networking/peering/list) +to double check whether the "cloudsql-mysql-googleais-com" is created and the "Exchange custom routes" is enabled. You +are expected to see "Peer VPC network is connected". + +3. Prepare GCS Bucket + +Create Cloud Storage bucket. [Console](https://console.cloud.google.com/storage). + +``` +gsutil mb -p myProjectId gs://myBucketName/ +``` + +4. Customize your values +- Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env** +- Edit kustomization.yaml to set your namespace, e.x. "kubeflow" + +5. Install + +``` +kubectl apply -k sample/cluster-scoped-resources/ + +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k sample/ +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k sample/ + +kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout=1800s +``` + +Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines) + +6. Post-installation configures + +It depends on how you create the cluster, +- if the cluster is created with **--scopes=cloud-platform**, no actions required +- if the cluster is on Workload Identity, please run **gcp-workload-identity-setup.sh** + - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket + - if your workload calls other GCP APIs, make sure the GSA can access them diff --git a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..d339a65b04 --- /dev/null +++ b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 +- ../../cluster-scoped-resources +# Change the value in params.env to yours. +configMapGenerator: +- name: pipeline-cluster-scoped-install-config + env: params.env + behavior: merge diff --git a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env new file mode 100644 index 0000000000..78166431d4 --- /dev/null +++ b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env @@ -0,0 +1 @@ +namespace=kubeflow diff --git a/pipeline/upstream/kustomize/sample/kustomization.yaml b/pipeline/upstream/kustomize/sample/kustomization.yaml new file mode 100644 index 0000000000..19d8c76481 --- /dev/null +++ b/pipeline/upstream/kustomize/sample/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 +- ../env/gcp +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge +secretGenerator: +- name: mysql-secret + env: params-db-secret.env + behavior: merge +# !!! If you want to customize the namespace, +# please also update sample/params.env and sample/cluster-scoped-resources/params.env +namespace: kubeflow + +#### Customization ### +# 1. Change values in params.env file +# 2. Change values in params-db-secret.env file for CloudSQL username and password +# 3. kubectl apply -k ./ +#### diff --git a/pipeline/upstream/kustomize/sample/params-db-secret.env b/pipeline/upstream/kustomize/sample/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/kustomize/sample/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/kustomize/sample/params.env b/pipeline/upstream/kustomize/sample/params.env new file mode 100644 index 0000000000..6d6cca0d90 --- /dev/null +++ b/pipeline/upstream/kustomize/sample/params.env @@ -0,0 +1,4 @@ +appName=mypipeline +bucketName=mybucketname +gcsProjectId=myprojectid +gcsCloudSqlInstanceName=myprojectid:myregion:myinstance diff --git a/pipeline/upstream/kustomize/wi-utils.sh b/pipeline/upstream/kustomize/wi-utils.sh new file mode 100644 index 0000000000..f5a06db927 --- /dev/null +++ b/pipeline/upstream/kustomize/wi-utils.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + local project=${3:-$PROJECT_ID} + local gsa_full="$gsa@$project.iam.gserviceaccount.com" + local namespace=${4:-$NAMESPACE} + + gcloud iam service-accounts add-iam-policy-binding $gsa_full \ + --member="serviceAccount:$project.svc.id.goog[$namespace/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $namespace \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa_full + echo "* Bound KSA $ksa in namespace $namespace to GSA $gsa_full" +} + +# This can be used to programmatically verify workload identity binding grants corresponding GSA +# permissions successfully. +# Usage: verify_workload_identity_binding $KSA $NAMESPACE +# +# If you want to verify manually, use the following command instead: +# kubectl run test-$RANDOM --rm -it --restart=Never \ +# --image=google/cloud-sdk:slim \ +# --serviceaccount $ksa \ +# --namespace $namespace \ +# -- /bin/bash +# It connects you to a pod using specified KSA running an image with gcloud and gsutil CLI tools. +function verify_workload_identity_binding { + local ksa=${1} + local namespace=${2} + local max_attempts=10 + local workload_identity_is_ready=false + for i in $(seq 1 ${max_attempts}) + do + workload_identity_is_ready=true + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gcloud auth list || workload_identity_is_ready=false + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gsutil ls gs:// || workload_identity_is_ready=false + if [ "$workload_identity_is_ready" = true ]; then + break + fi + done + if [ ! "$workload_identity_is_ready" = true ]; then + echo "Workload identity bindings are not ready after $max_attempts attempts" + return 1 + fi +} diff --git a/pipeline/upstream/sample/README.md b/pipeline/upstream/sample/README.md new file mode 100644 index 0000000000..cb5c7e753d --- /dev/null +++ b/pipeline/upstream/sample/README.md @@ -0,0 +1,78 @@ +# Sample installation + +1. Prepare a cluster and setup kubectl context +Do whatever you want to customize your cluster. You can use existing cluster +or create a new one. +- **ML Usage** GPU normally is required for deep learning task. +You may consider create **zero-sized GPU node-pool with autoscaling**. +Please reference [GPU Tutorial](/samples/tutorials/gpu/). +- **Security** You may consider use **Workload Identity** in GCP cluster. + +Here for simplicity we create a small cluster with **--scopes=cloud-platform** +to save credentail configure efforts. + +``` +gcloud container clusters create mycluster \ + --zone us-central1-a \ + --machine-type n1-standard-2 \ + --scopes cloud-platform \ + --enable-autoscaling \ + --min-nodes 1 \ + --max-nodes 5 \ + --num-nodes 3 +``` + +2. Prepare CloudSQL + +Create CloudSQL instance. [Console](https://console.cloud.google.com/sql/instances). + +Here is a sample for demo. + +``` +gcloud beta sql instances create mycloudsqlname \ + --database-version=MYSQL_5_7 \ + --tier=db-n1-standard-1 \ + --region=us-central1 \ + --root-password=password123 +``` + +You may use **Private IP** to well protect your CloudSQL. +If you use **Private IP**, please go to [VPC network peering](https://console.cloud.google.com/networking/peering/list) +to double check whether the "cloudsql-mysql-googleais-com" is created and the "Exchange custom routes" is enabled. You +are expected to see "Peer VPC network is connected". + +3. Prepare GCS Bucket + +Create Cloud Storage bucket. [Console](https://console.cloud.google.com/storage). + +``` +gsutil mb -p myProjectId gs://myBucketName/ +``` + +4. Customize your values +- Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env** +- Edit kustomization.yaml to set your namespace, e.x. "kubeflow" + +5. Install + +``` +kubectl apply -k sample/cluster-scoped-resources/ + +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k sample/ +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k sample/ + +kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout=1800s +``` + +Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines) + +6. Post-installation configures + +It depends on how you create the cluster, +- if the cluster is created with **--scopes=cloud-platform**, no actions required +- if the cluster is on Workload Identity, please run **gcp-workload-identity-setup.sh** + - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket + - if your workload calls other GCP APIs, make sure the GSA can access them diff --git a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..d339a65b04 --- /dev/null +++ b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 +- ../../cluster-scoped-resources +# Change the value in params.env to yours. +configMapGenerator: +- name: pipeline-cluster-scoped-install-config + env: params.env + behavior: merge diff --git a/pipeline/upstream/sample/cluster-scoped-resources/params.env b/pipeline/upstream/sample/cluster-scoped-resources/params.env new file mode 100644 index 0000000000..78166431d4 --- /dev/null +++ b/pipeline/upstream/sample/cluster-scoped-resources/params.env @@ -0,0 +1 @@ +namespace=kubeflow diff --git a/pipeline/upstream/sample/kustomization.yaml b/pipeline/upstream/sample/kustomization.yaml new file mode 100644 index 0000000000..19d8c76481 --- /dev/null +++ b/pipeline/upstream/sample/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 +- ../env/gcp +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env + behavior: merge +secretGenerator: +- name: mysql-secret + env: params-db-secret.env + behavior: merge +# !!! If you want to customize the namespace, +# please also update sample/params.env and sample/cluster-scoped-resources/params.env +namespace: kubeflow + +#### Customization ### +# 1. Change values in params.env file +# 2. Change values in params-db-secret.env file for CloudSQL username and password +# 3. kubectl apply -k ./ +#### diff --git a/pipeline/upstream/sample/params-db-secret.env b/pipeline/upstream/sample/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/sample/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/sample/params.env b/pipeline/upstream/sample/params.env new file mode 100644 index 0000000000..6d6cca0d90 --- /dev/null +++ b/pipeline/upstream/sample/params.env @@ -0,0 +1,4 @@ +appName=mypipeline +bucketName=mybucketname +gcsProjectId=myprojectid +gcsCloudSqlInstanceName=myprojectid:myregion:myinstance diff --git a/pipeline/upstream/wi-utils.sh b/pipeline/upstream/wi-utils.sh new file mode 100644 index 0000000000..f5a06db927 --- /dev/null +++ b/pipeline/upstream/wi-utils.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + local project=${3:-$PROJECT_ID} + local gsa_full="$gsa@$project.iam.gserviceaccount.com" + local namespace=${4:-$NAMESPACE} + + gcloud iam service-accounts add-iam-policy-binding $gsa_full \ + --member="serviceAccount:$project.svc.id.goog[$namespace/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $namespace \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa_full + echo "* Bound KSA $ksa in namespace $namespace to GSA $gsa_full" +} + +# This can be used to programmatically verify workload identity binding grants corresponding GSA +# permissions successfully. +# Usage: verify_workload_identity_binding $KSA $NAMESPACE +# +# If you want to verify manually, use the following command instead: +# kubectl run test-$RANDOM --rm -it --restart=Never \ +# --image=google/cloud-sdk:slim \ +# --serviceaccount $ksa \ +# --namespace $namespace \ +# -- /bin/bash +# It connects you to a pod using specified KSA running an image with gcloud and gsutil CLI tools. +function verify_workload_identity_binding { + local ksa=${1} + local namespace=${2} + local max_attempts=10 + local workload_identity_is_ready=false + for i in $(seq 1 ${max_attempts}) + do + workload_identity_is_ready=true + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gcloud auth list || workload_identity_is_ready=false + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gsutil ls gs:// || workload_identity_is_ready=false + if [ "$workload_identity_is_ready" = true ]; then + break + fi + done + if [ ! "$workload_identity_is_ready" = true ]; then + echo "Workload identity bindings are not ready after $max_attempts attempts" + return 1 + fi +} From 3fa9d2194ed715d2c9c53014207bf47622315ce6 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Thu, 11 Jun 2020 14:26:18 +0800 Subject: [PATCH 03/45] Updated kfp --- .../application-controller-deployment.yaml | 38 +-- .../application-controller-role.yaml | 32 +-- .../application-controller-rolebinding.yaml | 4 +- .../application-controller-service.yaml | 2 +- .../cluster-scoped/application-crd.yaml | 6 +- .../base/application/kustomization.yaml | 11 +- .../argo/cluster-scoped/workflow-crd.yaml | 2 +- .../upstream/base/argo/kustomization.yaml | 1 + .../base/argo/workflow-controller-role.yaml | 2 +- .../argo/workflow-controller-rolebinding.yaml | 2 +- .../cache-deployer-rolebinding.yaml | 2 +- .../cache-deployer/cache-deployer-sa.yaml | 2 +- .../cluster-scoped/kustomization.yaml | 6 +- .../base/cache-deployer/kustomization.yaml | 10 +- .../upstream/base/cache/cache-deployment.yaml | 73 +++--- .../base/cache/cache-rolebinding.yaml | 2 +- .../upstream/base/cache/cache-service.yaml | 4 +- .../upstream/base/cache/kustomization.yaml | 11 +- .../upstream/base/metadata/kustomization.yaml | 19 +- .../metadata/metadata-grpc-deployment.yaml | 10 +- .../metadata/metadata-writer-rolebinding.yaml | 2 +- .../upstream/base/mysql/kustomization.yaml | 3 +- .../upstream/base/pipeline-application.yaml | 52 ++-- .../scheduled-workflow-crd.yaml | 2 +- .../upstream/base/pipeline/kustomization.yaml | 1 + .../ml-pipeline-apiserver-deployment.yaml | 24 +- .../pipeline/ml-pipeline-apiserver-role.yaml | 2 +- .../ml-pipeline-apiserver-rolebinding.yaml | 2 +- .../ml-pipeline-apiserver-service.yaml | 2 +- ...-pipeline-persistenceagent-deployment.yaml | 8 +- .../ml-pipeline-persistenceagent-role.yaml | 2 +- .../ml-pipeline-persistenceagent-sa.yaml | 2 +- ...pipeline-scheduledworkflow-deployment.yaml | 8 +- ...ipeline-scheduledworkflow-rolebinding.yaml | 2 +- .../pipeline/ml-pipeline-ui-deployment.yaml | 36 +-- .../base/pipeline/ml-pipeline-ui-sa.yaml | 2 +- .../base/pipeline/ml-pipeline-ui-service.yaml | 2 +- .../ml-pipeline-visualization-deployment.yaml | 24 +- .../ml-pipeline-visualization-service.yaml | 2 +- .../kustomization.yaml | 27 +- pipeline/upstream/env/dev/kustomization.yaml | 7 +- .../cloudsql-proxy-deployment.yaml | 42 ++-- .../env/gcp/cloudsql-proxy/kustomization.yaml | 3 +- .../env/gcp/cloudsql-proxy/mysql-service.yaml | 2 +- .../env/gcp/gcp-configurations-patch.yaml | 34 +-- .../gcp/gcp-default-config/kustomization.yaml | 3 +- .../env/gcp/inverse-proxy/proxy-role.yaml | 2 +- pipeline/upstream/env/gcp/kustomization.yaml | 52 ++-- .../gcp/minio-gcs-gateway/kustomization.yaml | 3 +- .../minio-gcs-gateway-deployment.yaml | 26 +- .../minio-gcs-gateway-service.yaml | 8 +- .../env/platform-agnostic/kustomization.yaml | 18 +- .../minio/kustomization.yaml | 1 + .../minio/minio-deployment.yaml | 2 +- .../minio/minio-service.yaml | 2 +- .../mysql/kustomization.yaml | 3 +- .../mysql/mysql-deployment.yaml | 2 +- .../mysql/mysql-service.yaml | 2 +- pipeline/upstream/kustomize/Kptfile | 11 - pipeline/upstream/kustomize/OWNERS | 8 - pipeline/upstream/kustomize/README.md | 100 -------- pipeline/upstream/kustomize/STRUCTURE.md | 49 ---- .../application-controller-deployment.yaml | 38 --- .../application-controller-role.yaml | 21 -- .../application-controller-rolebinding.yaml | 11 - .../application-controller-sa.yaml | 4 - .../application-controller-service.yaml | 13 - .../cluster-scoped/application-crd.yaml | 234 ------------------ .../cluster-scoped/kustomization.yaml | 4 - .../base/application/kustomization.yaml | 8 - .../argo/cluster-scoped/kustomization.yaml | 4 - .../argo/cluster-scoped/workflow-crd.yaml | 67 ----- .../kustomize/base/argo/kustomization.yaml | 9 - .../base/argo/minio-artifact-secret.yaml | 8 - .../argo/workflow-controller-configmap.yaml | 28 --- .../argo/workflow-controller-deployment.yaml | 51 ---- .../base/argo/workflow-controller-role.yaml | 48 ---- .../argo/workflow-controller-rolebinding.yaml | 11 - .../base/argo/workflow-controller-sa.yaml | 4 - .../cache-deployer-deployment.yaml | 29 --- .../cache-deployer/cache-deployer-role.yaml | 15 -- .../cache-deployer-rolebinding.yaml | 11 - .../cache-deployer/cache-deployer-sa.yaml | 4 - .../cache-deployer-clusterrole.yaml | 24 -- .../cache-deployer-clusterrolebinding.yaml | 12 - .../cluster-scoped/kustomization.yaml | 5 - .../base/cache-deployer/kustomization.yaml | 7 - .../base/cache/cache-deployment.yaml | 67 ----- .../kustomize/base/cache/cache-role.yaml | 33 --- .../base/cache/cache-rolebinding.yaml | 11 - .../kustomize/base/cache/cache-sa.yaml | 4 - .../kustomize/base/cache/cache-service.yaml | 10 - .../kustomize/base/cache/kustomization.yaml | 8 - .../kustomize/base/kustomization.yaml | 104 -------- .../base/metadata/kustomization.yaml | 12 - .../base/metadata/metadata-configmap.yaml | 9 - .../metadata/metadata-envoy-deployment.yaml | 24 -- .../base/metadata/metadata-envoy-service.yaml | 14 -- .../metadata/metadata-grpc-deployment.yaml | 64 ----- .../base/metadata/metadata-grpc-service.yaml | 14 -- .../metadata/metadata-writer-deployment.yaml | 25 -- .../base/metadata/metadata-writer-role.yaml | 33 --- .../metadata/metadata-writer-rolebinding.yaml | 11 - .../base/metadata/metadata-writer-sa.yaml | 4 - .../kustomize/base/mysql/kustomization.yaml | 4 - .../kustomize/base/mysql/mysql-configmap.yaml | 10 - .../kustomize/base/params-db-secret.env | 2 - pipeline/upstream/kustomize/base/params.env | 8 - pipeline/upstream/kustomize/base/params.yaml | 24 -- .../kustomize/base/pipeline-application.yaml | 49 ---- .../cluster-scoped/kustomization.yaml | 5 - .../scheduled-workflow-crd.yaml | 18 -- .../pipeline/cluster-scoped/viewer-crd.yaml | 18 -- .../base/pipeline/container-builder-sa.yaml | 4 - .../base/pipeline/kustomization.yaml | 32 --- .../ml-pipeline-apiserver-deployment.yaml | 83 ------- .../pipeline/ml-pipeline-apiserver-role.yaml | 38 --- .../ml-pipeline-apiserver-rolebinding.yaml | 13 - .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 - .../ml-pipeline-apiserver-service.yaml | 16 -- ...-pipeline-persistenceagent-deployment.yaml | 25 -- .../ml-pipeline-persistenceagent-role.yaml | 21 -- ...pipeline-persistenceagent-rolebinding.yaml | 11 - .../ml-pipeline-persistenceagent-sa.yaml | 4 - ...pipeline-scheduledworkflow-deployment.yaml | 25 -- .../ml-pipeline-scheduledworkflow-role.yaml | 38 --- ...ipeline-scheduledworkflow-rolebinding.yaml | 11 - .../ml-pipeline-scheduledworkflow-sa.yaml | 4 - .../pipeline/ml-pipeline-ui-deployment.yaml | 53 ---- .../base/pipeline/ml-pipeline-ui-role.yaml | 46 ---- .../pipeline/ml-pipeline-ui-rolebinding.yaml | 13 - .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 - .../base/pipeline/ml-pipeline-ui-service.yaml | 12 - .../ml-pipeline-viewer-crd-deployment.yaml | 27 -- .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 --- .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 - .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 - .../ml-pipeline-visualization-deployment.yaml | 47 ---- .../ml-pipeline-visualization-sa.yaml | 4 - .../ml-pipeline-visualization-service.yaml | 12 - .../base/pipeline/pipeline-runner-role.yaml | 80 ------ .../pipeline/pipeline-runner-rolebinding.yaml | 11 - .../base/pipeline/pipeline-runner-sa.yaml | 4 - .../kustomization.yaml | 23 -- .../cluster-scoped-resources/namespace.yaml | 4 - .../cluster-scoped-resources/params.env | 1 - .../cluster-scoped-resources/params.yaml | 6 - .../kustomize/env/dev/kustomization.yaml | 13 - .../cloudsql-proxy-deployment.yaml | 38 --- .../env/gcp/cloudsql-proxy/kustomization.yaml | 5 - .../env/gcp/cloudsql-proxy/mysql-service.yaml | 9 - .../env/gcp/gcp-configurations-patch.yaml | 25 -- .../gcp-default-configmap.yaml | 8 - .../gcp/gcp-default-config/kustomization.yaml | 4 - .../env/gcp/inverse-proxy/kustomization.yaml | 11 - .../gcp/inverse-proxy/proxy-configmap.yaml | 4 - .../gcp/inverse-proxy/proxy-deployment.yaml | 21 -- .../env/gcp/inverse-proxy/proxy-role.yaml | 13 - .../gcp/inverse-proxy/proxy-rolebinding.yaml | 13 - .../env/gcp/inverse-proxy/proxy-sa.yaml | 4 - .../kustomize/env/gcp/kustomization.yaml | 38 --- .../gcp/minio-gcs-gateway/kustomization.yaml | 5 - .../minio-gcs-gateway-deployment.yaml | 31 --- .../minio-gcs-gateway-service.yaml | 11 - .../upstream/kustomize/env/gcp/params.env | 6 - .../env/platform-agnostic/kustomization.yaml | 19 -- .../minio/kustomization.yaml | 6 - .../minio/minio-deployment.yaml | 38 --- .../platform-agnostic/minio/minio-pvc.yaml | 10 - .../minio/minio-service.yaml | 11 - .../mysql/kustomization.yaml | 6 - .../mysql/mysql-deployment.yaml | 33 --- .../mysql/mysql-pv-claim.yaml | 10 - .../mysql/mysql-service.yaml | 9 - .../kustomize/gcp-workload-identity-setup.sh | 131 ---------- pipeline/upstream/kustomize/hack/release.sh | 32 --- pipeline/upstream/kustomize/sample/README.md | 78 ------ .../kustomization.yaml | 10 - .../cluster-scoped-resources/params.env | 1 - .../kustomize/sample/kustomization.yaml | 28 --- .../kustomize/sample/params-db-secret.env | 2 - pipeline/upstream/kustomize/sample/params.env | 4 - pipeline/upstream/kustomize/wi-utils.sh | 85 ------- .../kustomization.yaml | 12 +- pipeline/upstream/sample/kustomization.yaml | 21 +- 185 files changed, 370 insertions(+), 3235 deletions(-) delete mode 100644 pipeline/upstream/kustomize/Kptfile delete mode 100644 pipeline/upstream/kustomize/OWNERS delete mode 100644 pipeline/upstream/kustomize/README.md delete mode 100644 pipeline/upstream/kustomize/STRUCTURE.md delete mode 100644 pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/application-controller-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/application-controller-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/application-controller-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/application/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/cache-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/cache-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/cache-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/cache-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/cache/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/mysql/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml delete mode 100644 pipeline/upstream/kustomize/base/params-db-secret.env delete mode 100644 pipeline/upstream/kustomize/base/params.env delete mode 100644 pipeline/upstream/kustomize/base/params.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline-application.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml delete mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml delete mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/params.env delete mode 100644 pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml delete mode 100644 pipeline/upstream/kustomize/env/dev/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml delete mode 100644 pipeline/upstream/kustomize/env/gcp/params.env delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml delete mode 100644 pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml delete mode 100755 pipeline/upstream/kustomize/gcp-workload-identity-setup.sh delete mode 100755 pipeline/upstream/kustomize/hack/release.sh delete mode 100644 pipeline/upstream/kustomize/sample/README.md delete mode 100644 pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env delete mode 100644 pipeline/upstream/kustomize/sample/kustomization.yaml delete mode 100644 pipeline/upstream/kustomize/sample/params-db-secret.env delete mode 100644 pipeline/upstream/kustomize/sample/params.env delete mode 100644 pipeline/upstream/kustomize/wi-utils.sh diff --git a/pipeline/upstream/base/application/application-controller-deployment.yaml b/pipeline/upstream/base/application/application-controller-deployment.yaml index b4cc7042d9..0278b03500 100644 --- a/pipeline/upstream/base/application/application-controller-deployment.yaml +++ b/pipeline/upstream/base/application/application-controller-deployment.yaml @@ -17,22 +17,22 @@ spec: controller-tools.k8s.io: "1.0" spec: containers: - - command: - - /root/manager - # A customized image with https://github.com/kubernetes-sigs/application/pull/127 - image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role - imagePullPolicy: IfNotPresent - name: manager - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - serviceAccountName: application + - command: + - /root/manager + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application \ No newline at end of file diff --git a/pipeline/upstream/base/application/application-controller-role.yaml b/pipeline/upstream/base/application/application-controller-role.yaml index a17dbaea09..ac06135087 100644 --- a/pipeline/upstream/base/application/application-controller-role.yaml +++ b/pipeline/upstream/base/application/application-controller-role.yaml @@ -3,19 +3,19 @@ kind: Role metadata: name: application-manager-role rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - app.k8s.io - resources: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch + - apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/pipeline/upstream/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/base/application/application-controller-rolebinding.yaml index 71a3f42d24..24b383a180 100644 --- a/pipeline/upstream/base/application/application-controller-rolebinding.yaml +++ b/pipeline/upstream/base/application/application-controller-rolebinding.yaml @@ -7,5 +7,5 @@ roleRef: kind: Role name: application-manager-role subjects: -- kind: ServiceAccount - name: application + - kind: ServiceAccount + name: application diff --git a/pipeline/upstream/base/application/application-controller-service.yaml b/pipeline/upstream/base/application/application-controller-service.yaml index f5f7d8bac6..e4b6086bad 100644 --- a/pipeline/upstream/base/application/application-controller-service.yaml +++ b/pipeline/upstream/base/application/application-controller-service.yaml @@ -10,4 +10,4 @@ spec: control-plane: controller-manager controller-tools.k8s.io: "1.0" ports: - - port: 443 + - port: 443 \ No newline at end of file diff --git a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml index 0cbab2d480..e17455d521 100644 --- a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml +++ b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml @@ -43,7 +43,7 @@ spec: type: type: string required: - - src + - src type: object type: array keywords: @@ -223,8 +223,8 @@ spec: type: type: string required: - - type - - status + - type + - status type: object type: array observedGeneration: diff --git a/pipeline/upstream/base/application/kustomization.yaml b/pipeline/upstream/base/application/kustomization.yaml index 8d65bf8915..c35e3eebcb 100644 --- a/pipeline/upstream/base/application/kustomization.yaml +++ b/pipeline/upstream/base/application/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- application-controller-deployment.yaml -- application-controller-role.yaml -- application-controller-rolebinding.yaml -- application-controller-sa.yaml -- application-controller-service.yaml + - application-controller-deployment.yaml + - application-controller-role.yaml + - application-controller-rolebinding.yaml + - application-controller-sa.yaml + - application-controller-service.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml index 5a7b6a3aff..2fe424583c 100644 --- a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml +++ b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml @@ -64,4 +64,4 @@ spec: shortNames: - wftmpl scope: Namespaced - version: v1alpha1 + version: v1alpha1 \ No newline at end of file diff --git a/pipeline/upstream/base/argo/kustomization.yaml b/pipeline/upstream/base/argo/kustomization.yaml index e8df6b5662..1a00e57770 100644 --- a/pipeline/upstream/base/argo/kustomization.yaml +++ b/pipeline/upstream/base/argo/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - minio-artifact-secret.yaml - workflow-controller-configmap.yaml diff --git a/pipeline/upstream/base/argo/workflow-controller-role.yaml b/pipeline/upstream/base/argo/workflow-controller-role.yaml index d79208a99a..03f12ce9d6 100644 --- a/pipeline/upstream/base/argo/workflow-controller-role.yaml +++ b/pipeline/upstream/base/argo/workflow-controller-role.yaml @@ -45,4 +45,4 @@ rules: - watch - update - patch - - delete + - delete \ No newline at end of file diff --git a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml index 0484f455b8..05a7b3a46e 100644 --- a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml +++ b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: argo-role subjects: - kind: ServiceAccount - name: argo + name: argo \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml index 36ed4963a5..824a95726e 100644 --- a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-cache-deployer-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-cache-deployer-sa + name: kubeflow-pipelines-cache-deployer-sa \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml index affada3d10..9cd266d737 100644 --- a/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: kubeflow-pipelines-cache-deployer-sa + name: kubeflow-pipelines-cache-deployer-sa \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml index cd31d9a4e2..6e741ab8cb 100644 --- a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- cache-deployer-clusterrole.yaml -- cache-deployer-clusterrolebinding.yaml + - cache-deployer-clusterrole.yaml + - cache-deployer-clusterrolebinding.yaml + \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml index f6c83059b9..89959036c5 100644 --- a/pipeline/upstream/base/cache-deployer/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- cache-deployer-role.yaml -- cache-deployer-rolebinding.yaml -- cache-deployer-sa.yaml -- cache-deployer-deployment.yaml + - cache-deployer-role.yaml + - cache-deployer-rolebinding.yaml + - cache-deployer-sa.yaml + - cache-deployer-deployment.yaml + \ No newline at end of file diff --git a/pipeline/upstream/base/cache/cache-deployment.yaml b/pipeline/upstream/base/cache/cache-deployment.yaml index 0f075706a5..a0ac2ec84a 100644 --- a/pipeline/upstream/base/cache/cache-deployment.yaml +++ b/pipeline/upstream/base/cache/cache-deployment.yaml @@ -18,40 +18,45 @@ spec: - name: server image: gcr.io/ml-pipeline/cache-server:dummy env: - - name: DBCONFIG_DRIVER - value: mysql - - name: DBCONFIG_DB_NAME - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: cache_db - - name: DBCONFIG_HOST_NAME - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: host - - name: DBCONFIG_PORT - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: port - - name: DBCONFIG_USER - valueFrom: - secretKeyRef: - name: mysql-secret - key: username - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: password - - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", - "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", - "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: cache_db + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: host + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: mysql-configmap + key: port + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", + "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", + "--db_name=$(DBCONFIG_DB_NAME)", + "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", + "--namespace_to_watch=$(NAMESPACE_TO_WATCH)", + ] imagePullPolicy: Always ports: - containerPort: 8443 diff --git a/pipeline/upstream/base/cache/cache-rolebinding.yaml b/pipeline/upstream/base/cache/cache-rolebinding.yaml index 48541bfb8a..9c8924918f 100644 --- a/pipeline/upstream/base/cache/cache-rolebinding.yaml +++ b/pipeline/upstream/base/cache/cache-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-cache-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-cache + name: kubeflow-pipelines-cache \ No newline at end of file diff --git a/pipeline/upstream/base/cache/cache-service.yaml b/pipeline/upstream/base/cache/cache-service.yaml index 980619837b..5916d541ec 100644 --- a/pipeline/upstream/base/cache/cache-service.yaml +++ b/pipeline/upstream/base/cache/cache-service.yaml @@ -6,5 +6,5 @@ spec: selector: app: cache-server ports: - - port: 443 - targetPort: webhook-api + - port: 443 + targetPort: webhook-api \ No newline at end of file diff --git a/pipeline/upstream/base/cache/kustomization.yaml b/pipeline/upstream/base/cache/kustomization.yaml index a4bdc8c7ba..82d7cb1f20 100644 --- a/pipeline/upstream/base/cache/kustomization.yaml +++ b/pipeline/upstream/base/cache/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- cache-deployment.yaml -- cache-service.yaml -- cache-role.yaml -- cache-rolebinding.yaml -- cache-sa.yaml + - cache-deployment.yaml + - cache-service.yaml + - cache-role.yaml + - cache-rolebinding.yaml + - cache-sa.yaml diff --git a/pipeline/upstream/base/metadata/kustomization.yaml b/pipeline/upstream/base/metadata/kustomization.yaml index cf594beb70..a44ba147fb 100644 --- a/pipeline/upstream/base/metadata/kustomization.yaml +++ b/pipeline/upstream/base/metadata/kustomization.yaml @@ -1,12 +1,13 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- metadata-configmap.yaml -- metadata-grpc-deployment.yaml -- metadata-grpc-service.yaml -- metadata-envoy-deployment.yaml -- metadata-envoy-service.yaml -- metadata-writer-deployment.yaml -- metadata-writer-role.yaml -- metadata-writer-rolebinding.yaml -- metadata-writer-sa.yaml + - metadata-configmap.yaml + - metadata-grpc-deployment.yaml + - metadata-grpc-service.yaml + - metadata-envoy-deployment.yaml + - metadata-envoy-service.yaml + - metadata-writer-deployment.yaml + - metadata-writer-role.yaml + - metadata-writer-rolebinding.yaml + - metadata-writer-sa.yaml diff --git a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml index 02de4b3662..45712f102d 100644 --- a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml +++ b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml @@ -44,9 +44,13 @@ spec: name: mysql-configmap key: port command: ["/bin/metadata_store_server"] - args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", - "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", - "--mysql_config_password=$(DBCONFIG_PASSWORD)"] + args: ["--grpc_port=8080", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)" + ] ports: - name: grpc-api containerPort: 8080 diff --git a/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml b/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml index 37263d4a8c..5a6c1fef24 100644 --- a/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml +++ b/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-metadata-writer-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer + name: kubeflow-pipelines-metadata-writer \ No newline at end of file diff --git a/pipeline/upstream/base/mysql/kustomization.yaml b/pipeline/upstream/base/mysql/kustomization.yaml index 42c1dda888..4765ac8a10 100644 --- a/pipeline/upstream/base/mysql/kustomization.yaml +++ b/pipeline/upstream/base/mysql/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- mysql-configmap.yaml + - mysql-configmap.yaml diff --git a/pipeline/upstream/base/pipeline-application.yaml b/pipeline/upstream/base/pipeline-application.yaml index a5e3f4b91e..f53f3778f3 100644 --- a/pipeline/upstream/base/pipeline-application.yaml +++ b/pipeline/upstream/base/pipeline-application.yaml @@ -5,8 +5,7 @@ metadata: annotations: kubernetes-engine.cloud.google.com/icon: >- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== - marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", - "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' spec: addOwnerRef: true selector: @@ -18,32 +17,33 @@ spec: description: |- Reusable end-to-end ML workflow maintainers: - - name: Google Cloud AI Platform - url: https://cloud.google.com/ai-platform/ - - name: Kubeflow Pipelines - url: https://github.com/kubeflow/pipelines + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines links: - - description: 'Kubeflow Pipelines Documentation' - url: https://www.kubeflow.org/docs/pipelines/ + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ notes: |- Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + info: - - name: Console - value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' componentKinds: - - group: v1 - kind: ServiceAccount - - group: rbac.authorization.k8s.io/v1 - kind: Role - - group: rbac.authorization.k8s.io/v1 - kind: RoleBinding - - group: v1 - kind: Service - - group: v1 - kind: PersistentVolumeClaim - - group: v1 - kind: ConfigMap - - group: v1 - kind: Secret - - group: apps/v1 - kind: Deployment + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml index 22dc3c8a00..623e183494 100644 --- a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml +++ b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -15,4 +15,4 @@ spec: versions: - name: v1beta1 served: true - storage: true + storage: true \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/kustomization.yaml b/pipeline/upstream/base/pipeline/kustomization.yaml index ec0ea9ddde..b0bb3cf70c 100644 --- a/pipeline/upstream/base/pipeline/kustomization.yaml +++ b/pipeline/upstream/base/pipeline/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - ml-pipeline-apiserver-deployment.yaml - ml-pipeline-apiserver-role.yaml diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 0392085a1d..1cd3ade198 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -59,24 +59,24 @@ spec: readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml index 3fdfeaaa9f..fe8146b3d8 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -35,4 +35,4 @@ rules: - list - update - patch - - delete + - delete \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml index 78cef70d51..c4ef4f5ffe 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -10,4 +10,4 @@ roleRef: name: ml-pipeline subjects: - kind: ServiceAccount - name: ml-pipeline + name: ml-pipeline \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml index 49de02bafb..4ac2ba4ac9 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -13,4 +13,4 @@ spec: protocol: TCP targetPort: 8887 selector: - app: ml-pipeline + app: ml-pipeline \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml index 968f13a6cf..0591088b12 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -15,10 +15,10 @@ spec: spec: containers: - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:dummy imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml index 72757fffd8..830ee8b14e 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -18,4 +18,4 @@ rules: verbs: - get - list - - watch + - watch \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml index 158591534c..4725287b37 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml index c0ff7e68df..d0cbe3f9a0 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -18,8 +18,8 @@ spec: imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml index c2d10f6e63..e9429f3662 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: ml-pipeline-scheduledworkflow-role subjects: - kind: ServiceAccount - name: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml index 8dffba3fe3..212369dbfa 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -20,33 +20,33 @@ spec: ports: - containerPort: 3000 env: - - name: MINIO_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ALLOW_CUSTOM_VISUALIZATIONS - value: "true" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml index 4c890a27bb..06bc445384 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: ml-pipeline-ui + name: ml-pipeline-ui \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml index 8c8669d7b9..53d3f391d2 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml @@ -9,4 +9,4 @@ spec: - port: 80 targetPort: 3000 selector: - app: ml-pipeline-ui + app: ml-pipeline-ui \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml index a755e51be7..89ed745ed3 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -23,24 +23,24 @@ spec: readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml index a4c7e42cb0..83c7dd6750 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml @@ -9,4 +9,4 @@ spec: protocol: TCP targetPort: 8888 selector: - app: ml-pipeline-visualizationserver + app: ml-pipeline-visualizationserver \ No newline at end of file diff --git a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml index ea7e24ae46..bbde837191 100644 --- a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml @@ -1,23 +1,28 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: - ../base/application/cluster-scoped - ../base/argo/cluster-scoped - ../base/pipeline/cluster-scoped - ../base/cache-deployer/cluster-scoped + resources: -- namespace.yaml + - namespace.yaml + # Used by Kustomize configMapGenerator: -- name: pipeline-cluster-scoped-install-config - env: params.env + - name: pipeline-cluster-scoped-install-config + env: params.env + vars: -- name: NAMESPACE - objref: - kind: ConfigMap - name: pipeline-cluster-scoped-install-config - apiVersion: v1 - fieldref: - fieldpath: data.namespace + - name: NAMESPACE + objref: + kind: ConfigMap + name: pipeline-cluster-scoped-install-config + apiVersion: v1 + fieldref: + fieldpath: data.namespace + configurations: -- params.yaml + - params.yaml diff --git a/pipeline/upstream/env/dev/kustomization.yaml b/pipeline/upstream/env/dev/kustomization.yaml index 96318d6f63..7510e9641d 100644 --- a/pipeline/upstream/env/dev/kustomization.yaml +++ b/pipeline/upstream/env/dev/kustomization.yaml @@ -1,13 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../platform-agnostic -- ../gcp/inverse-proxy + - ../platform-agnostic + - ../gcp/inverse-proxy + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources namespace: kubeflow diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml index 55b2035365..eb7157c0a6 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -15,24 +15,26 @@ spec: app: cloudsqlproxy spec: containers: - - image: gcr.io/cloudsql-docker/gce-proxy:1.14 - name: cloudsqlproxy - command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", - "term_timeout=10s"] - # set term_timeout if require graceful handling of shutdown - # NOTE: proxy will stop accepting new connections; only wait on existing connections - lifecycle: - preStop: - exec: - # (optional) add a preStop hook so that termination is delayed - # this is required if your server still require new connections (e.g., connection pools) - command: ['sleep', '10'] - ports: - - name: mysql - containerPort: 3306 - volumeMounts: - - mountPath: /cloudsql - name: cloudsql + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + command: ["/cloud_sql_proxy", + "-dir=/cloudsql", + "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql volumes: - - name: cloudsql - emptyDir: + - name: cloudsql + emptyDir: \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml index 87f162bcbd..704e59c336 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - cloudsql-proxy-deployment.yaml -- mysql-service.yaml +- mysql-service.yaml \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml index d93921d040..f97dbc3a20 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -4,6 +4,6 @@ metadata: name: mysql spec: ports: - - port: 3306 + - port: 3306 selector: app: cloudsqlproxy diff --git a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml index d88e632c43..683a3627da 100644 --- a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml +++ b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml @@ -6,20 +6,20 @@ spec: template: spec: containers: - - name: ml-pipeline-api-server - env: - - name: HAS_DEFAULT_BUCKET - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "has_default_bucket" - - name: BUCKET_NAME - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "bucket_name" - - name: PROJECT_ID - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "project_id" + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "has_default_bucket" + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "bucket_name" + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: gcp-default-config + key: "project_id" diff --git a/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml b/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml index cc36121c46..55e85a87ce 100644 --- a/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml +++ b/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- gcp-default-configmap.yaml +- gcp-default-configmap.yaml \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml index b4fae7b750..d6c03d5d04 100644 --- a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml @@ -10,4 +10,4 @@ rules: resources: - configmaps verbs: - - '*' + - '*' \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/kustomization.yaml b/pipeline/upstream/env/gcp/kustomization.yaml index 541616e4c9..9fd4e86c54 100644 --- a/pipeline/upstream/env/gcp/kustomization.yaml +++ b/pipeline/upstream/env/gcp/kustomization.yaml @@ -1,38 +1,44 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../../base -- inverse-proxy -- minio-gcs-gateway -- cloudsql-proxy -- gcp-default-config + - ../../base + - inverse-proxy + - minio-gcs-gateway + - cloudsql-proxy + - gcp-default-config + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml namespace: kubeflow + patchesStrategicMerge: -- gcp-configurations-patch.yaml + - gcp-configurations-patch.yaml + # Used by Kustomize configMapGenerator: -- name: pipeline-install-config - env: params.env - behavior: merge + - name: pipeline-install-config + env: params.env + behavior: merge + vars: -- name: GCP_PROJECT_ID - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsProjectId -- name: GCP_CLOUDSQL_INSTANCE_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsCloudSqlInstanceName + - name: GCP_PROJECT_ID + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsProjectId + - name: GCP_CLOUDSQL_INSTANCE_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.gcsCloudSqlInstanceName diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml index f14e64f5d3..db573c477d 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - minio-gcs-gateway-deployment.yaml -- minio-gcs-gateway-service.yaml +- minio-gcs-gateway-service.yaml \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml index ec560830a9..6828a74eca 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -16,16 +16,16 @@ spec: app: minio spec: containers: - - name: minio - image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance - args: - - gateway - - gcs - - $(GCP_PROJECT_ID) - env: - - name: MINIO_ACCESS_KEY - value: "minio" - - name: MINIO_SECRET_KEY - value: "minio123" - ports: - - containerPort: 9000 + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - gcs + - $(GCP_PROJECT_ID) + env: + - name: MINIO_ACCESS_KEY + value: "minio" + - name: MINIO_SECRET_KEY + value: "minio123" + ports: + - containerPort: 9000 \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml index 6f542967e7..7dd1817496 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -4,8 +4,8 @@ metadata: name: minio-service spec: ports: - - port: 9000 - targetPort: 9000 - protocol: TCP + - port: 9000 + targetPort: 9000 + protocol: TCP selector: - app: minio + app: minio \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/kustomization.yaml index c5773ad03f..20db7f9b8b 100644 --- a/pipeline/upstream/env/platform-agnostic/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/kustomization.yaml @@ -1,19 +1,23 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../../base -- minio -- mysql + - ../../base + - minio + - mysql + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml namespace: kubeflow + images: -- name: mysql - newTag: "5.6" -- name: minio/minio - newTag: RELEASE.2018-02-09T22-40-05Z + - name: mysql + newTag: "5.6" + - name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml index 7a20d85a7c..8ed66b3034 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - minio-deployment.yaml - minio-pvc.yaml diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml index 382dc4fd21..6d944a73f7 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml @@ -35,4 +35,4 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: minio-pvc + claimName: minio-pvc \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml index f49cf52859..bdecf182a0 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml @@ -8,4 +8,4 @@ spec: protocol: TCP targetPort: 9000 selector: - app: minio + app: minio \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml index 93af2924b5..97e3a55646 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - mysql-deployment.yaml - mysql-pv-claim.yaml -- mysql-service.yaml +- mysql-service.yaml \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml index ab9386e25c..91c9910768 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml @@ -30,4 +30,4 @@ spec: volumes: - name: mysql-persistent-storage persistentVolumeClaim: - claimName: mysql-pv-claim + claimName: mysql-pv-claim \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml index db93f1017a..78e201bf7f 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml @@ -6,4 +6,4 @@ spec: ports: - port: 3306 selector: - app: mysql + app: mysql \ No newline at end of file diff --git a/pipeline/upstream/kustomize/Kptfile b/pipeline/upstream/kustomize/Kptfile deleted file mode 100644 index 5927c2d911..0000000000 --- a/pipeline/upstream/kustomize/Kptfile +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kpt.dev/v1alpha1 -kind: Kptfile -metadata: - name: upstream -upstream: - type: git - git: - commit: 2384d8f1c6083b4ec5c144a2fb6e247bcbe33b05 - repo: https://github.com/kubeflow/pipelines - directory: /manifests/kustomize - ref: 1.0.0-rc.1 diff --git a/pipeline/upstream/kustomize/OWNERS b/pipeline/upstream/kustomize/OWNERS deleted file mode 100644 index 95ccd02456..0000000000 --- a/pipeline/upstream/kustomize/OWNERS +++ /dev/null @@ -1,8 +0,0 @@ -approvers: - - Bobgy - - IronPan - - rmgogogo -reviewers: - - Bobgy - - IronPan - - rmgogogo diff --git a/pipeline/upstream/kustomize/README.md b/pipeline/upstream/kustomize/README.md deleted file mode 100644 index c082edc8df..0000000000 --- a/pipeline/upstream/kustomize/README.md +++ /dev/null @@ -1,100 +0,0 @@ -# Install Kubeflow Pipelines - -This folder contains Kubeflow Pipelines Kustomize manifests for a light weight -deployment. You can follow the instruction and deploy Kubeflow Pipelines in an -existing cluster. - -To install Kubeflow Pipelines, you have several options. -- Via [GCP AI Platform UI](http://console.cloud.google.com/ai-platform/pipelines). -- Via an upcoming commandline tool. -- Via Kubectl with Kustomize, it's detailed here. - - Community maintains a repo [here](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS. - -## Install via Kustomize - -Deploy latest version of Kubeflow Pipelines. - -It uses following default settings. -- image: latest released images -- namespace: kubeflow -- application name: pipeline - -### Option-1 Install it to any K8s cluster -It's based on in-cluster PersistentVolumeClaim storage. - -``` -kubectl apply -k cluster-scoped-resources/ -kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s -kubectl apply -k env/platform-agnostic/ -kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s -kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 -``` -Now you can access it via localhost:8080 - -### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage -It's based on in-cluster PersistentVolumeClaim storage. -Additionally, it introduced a proxy in GCP to allow user easily access KFP safely. - -``` -kubectl apply -k cluster-scoped-resources/ -kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s - -kubectl apply -k env/dev/ -kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s - -# Or visit http://console.cloud.google.com/ai-platform/pipelines -kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com -``` - -### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage -Its storage is based on CloudSQL & GCS. It's better than others for production usage. - -Please following [sample](sample/README.md) for a customized installation. - -## Uninstall - -If the installation is based on CloudSQL/GCS, after the uninstall, the data is still there, -reinstall a newer version can reuse the data. - -``` -### 1. namespace scoped -# Depends on how you installed it: -kubectl kustomize env/platform-agnostic | kubectl delete -f - -# or -kubectl kustomize env/dev | kubectl delete -f - -# or -kubectl kustomize env/gcp | kubectl delete -f - -# or -kubectl delete applications/pipeline -n kubeflow - -### 2. cluster scoped -kubectl delete -k cluster-scoped-resources/ -``` - -## Troubleshooting - -### Permission error installing Kubeflow Pipelines to a cluster - -Run - -``` -kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] -``` - -### Samples requires "user-gcp-sa" secret - -If sample code requires a "user-gcp-sa" secret, you could create one by - -- First download the GCE VM service account token - [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) - -``` -gcloud iam service-accounts keys create application_default_credentials.json \ - --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com -``` - -- Run - -``` -kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json` -``` diff --git a/pipeline/upstream/kustomize/STRUCTURE.md b/pipeline/upstream/kustomize/STRUCTURE.md deleted file mode 100644 index 86a7835b9c..0000000000 --- a/pipeline/upstream/kustomize/STRUCTURE.md +++ /dev/null @@ -1,49 +0,0 @@ -# Kubeflow Pipelines Kustomize Manifest Folder Structure - -Folder structure: -``` -kustomize -├── cluster-scoped-resources -│ ├── README.md (explains this folder structure) -│ └── kustomization.yaml (lists all cluster-scoped folders in base/) -├── base -│ ├── cache-deployer -│ │ ├── cluster-scoped (not included in cache-deployer's kustomization.yaml) -│ │ │ ├── clusteroles -│ │ │ └── clusterrolebindings -| | └── ... (namespace scoped) -│ ├── argo -│ │ ├── cluster-scoped -│ │ │ └── workflow-crd.yaml -| | └── ... (namespace scoped) -│ ├── application -│ │ ├── cluster-scoped -│ │ │ ├── application-crd.yaml -│ │ │ └── ... -| | └── ... (namespace scoped) -│ ├── pipeline -│ │ ├── cluster-scoped -│ │ │ ├── viewer-crd.yaml -│ │ │ ├── scheduledworkflow-crd.yaml -│ │ │ └── ... -| | └── ... (namespace scoped) -│ └── ... -└── env - ├── platform-agnostic - │ └── kustomization.yaml (based on "base") - ├── dev - │ └── kustomization.yaml (based on "env/platform-agnostic") - └── gcp - └── kustomization.yaml (based on "base") -``` - -* User facing manifest entrypoint is `cluster-scoped-resources` package and `env/` package. - * `cluster-scoped-resources` should collect all cluster-scoped resources. - * `env/` should collect env specific namespace scoped resources. -* Universal components live in `base/` folders. - * If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base//kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder. -* Env specific overlays live in `env/` folders. - -Constraints we need to comply with (that drove above structure): -* CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD). -* [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace. diff --git a/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml b/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml deleted file mode 100644 index b4cc7042d9..0000000000 --- a/pipeline/upstream/kustomize/base/application/application-controller-deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - labels: - control-plane: controller-manager - controller-tools.k8s.io: "1.0" -spec: - selector: - matchLabels: - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - template: - metadata: - labels: - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - spec: - containers: - - command: - - /root/manager - # A customized image with https://github.com/kubernetes-sigs/application/pull/127 - image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role - imagePullPolicy: IfNotPresent - name: manager - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - serviceAccountName: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-role.yaml b/pipeline/upstream/kustomize/base/application/application-controller-role.yaml deleted file mode 100644 index a17dbaea09..0000000000 --- a/pipeline/upstream/kustomize/base/application/application-controller-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: application-manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - app.k8s.io - resources: - - '*' - verbs: - - '*' diff --git a/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml deleted file mode 100644 index 71a3f42d24..0000000000 --- a/pipeline/upstream/kustomize/base/application/application-controller-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: application-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: application-manager-role -subjects: -- kind: ServiceAccount - name: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml b/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml deleted file mode 100644 index bd13039151..0000000000 --- a/pipeline/upstream/kustomize/base/application/application-controller-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: application diff --git a/pipeline/upstream/kustomize/base/application/application-controller-service.yaml b/pipeline/upstream/kustomize/base/application/application-controller-service.yaml deleted file mode 100644 index f5f7d8bac6..0000000000 --- a/pipeline/upstream/kustomize/base/application/application-controller-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: controller-manager-service - labels: - control-plane: controller-manager - controller-tools.k8s.io: "1.0" -spec: - selector: - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - ports: - - port: 443 diff --git a/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml deleted file mode 100644 index 0cbab2d480..0000000000 --- a/pipeline/upstream/kustomize/base/application/cluster-scoped/application-crd.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - controller-tools.k8s.io: "1.0" - name: applications.app.k8s.io -spec: - group: app.k8s.io - names: - kind: Application - plural: applications - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - addOwnerRef: - type: boolean - assemblyPhase: - type: string - componentKinds: - items: - type: object - type: array - descriptor: - properties: - description: - type: string - icons: - items: - properties: - size: - type: string - src: - type: string - type: - type: string - required: - - src - type: object - type: array - keywords: - items: - type: string - type: array - links: - items: - properties: - description: - type: string - url: - type: string - type: object - type: array - maintainers: - items: - properties: - email: - type: string - name: - type: string - url: - type: string - type: object - type: array - notes: - type: string - owners: - items: - properties: - email: - type: string - name: - type: string - url: - type: string - type: object - type: array - type: - type: string - version: - type: string - type: object - info: - items: - properties: - name: - type: string - type: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - ingressRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - host: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - path: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - secretKeyRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - key: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - type: string - type: object - serviceRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - path: - type: string - port: - format: int32 - type: integer - resourceVersion: - type: string - uid: - type: string - type: object - type: - type: string - type: object - type: object - type: array - selector: - type: object - type: object - status: - properties: - components: - items: - properties: - group: - type: string - kind: - type: string - link: - type: string - name: - type: string - status: - type: string - type: object - type: array - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - observedGeneration: - format: int64 - type: integer - type: object - version: v1beta1 diff --git a/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml deleted file mode 100644 index 0fc4e0bb3f..0000000000 --- a/pipeline/upstream/kustomize/base/application/cluster-scoped/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- application-crd.yaml diff --git a/pipeline/upstream/kustomize/base/application/kustomization.yaml b/pipeline/upstream/kustomize/base/application/kustomization.yaml deleted file mode 100644 index 8d65bf8915..0000000000 --- a/pipeline/upstream/kustomize/base/application/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- application-controller-deployment.yaml -- application-controller-role.yaml -- application-controller-rolebinding.yaml -- application-controller-sa.yaml -- application-controller-service.yaml diff --git a/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml deleted file mode 100644 index 262cc50515..0000000000 --- a/pipeline/upstream/kustomize/base/argo/cluster-scoped/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- workflow-crd.yaml diff --git a/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml deleted file mode 100644 index 5a7b6a3aff..0000000000 --- a/pipeline/upstream/kustomize/base/argo/cluster-scoped/workflow-crd.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io -spec: - group: argoproj.io - version: v1alpha1 - scope: Namespaced - names: - kind: Workflow - plural: workflows - shortNames: - - wf - additionalPrinterColumns: - - JSONPath: .status.phase - description: Status of the workflow - name: Status - type: string - - JSONPath: .status.startedAt - description: When the workflow was started - format: date-time - name: Age - type: date ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterworkflowtemplates.argoproj.io -spec: - group: argoproj.io - names: - kind: ClusterWorkflowTemplate - plural: clusterworkflowtemplates - shortNames: - - clusterwftmpl - - cwft - scope: Cluster - version: v1alpha1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: cronworkflows.argoproj.io -spec: - group: argoproj.io - names: - kind: CronWorkflow - plural: cronworkflows - shortNames: - - cronwf - - cwf - scope: Namespaced - version: v1alpha1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflowtemplates.argoproj.io -spec: - group: argoproj.io - names: - kind: WorkflowTemplate - plural: workflowtemplates - shortNames: - - wftmpl - scope: Namespaced - version: v1alpha1 diff --git a/pipeline/upstream/kustomize/base/argo/kustomization.yaml b/pipeline/upstream/kustomize/base/argo/kustomization.yaml deleted file mode 100644 index e8df6b5662..0000000000 --- a/pipeline/upstream/kustomize/base/argo/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- minio-artifact-secret.yaml -- workflow-controller-configmap.yaml -- workflow-controller-deployment.yaml -- workflow-controller-role.yaml -- workflow-controller-rolebinding.yaml -- workflow-controller-sa.yaml diff --git a/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml b/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml deleted file mode 100644 index 3ae64f1160..0000000000 --- a/pipeline/upstream/kustomize/base/argo/minio-artifact-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - accesskey: bWluaW8= - secretkey: bWluaW8xMjM= -kind: Secret -metadata: - name: mlpipeline-minio-artifact -type: Opaque diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml deleted file mode 100644 index aafe839c79..0000000000 --- a/pipeline/upstream/kustomize/base/argo/workflow-controller-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: workflow-controller-configmap -data: - config: | - { - namespace: $(NAMESPACE), - executorImage: gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance, - artifactRepository: - { - s3: { - bucket: $(BUCKET_NAME), - keyPrefix: artifacts, - endpoint: minio-service.$(NAMESPACE):9000, - insecure: true, - accessKeySecret: { - name: mlpipeline-minio-artifact, - key: accesskey - }, - secretKeySecret: { - name: mlpipeline-minio-artifact, - key: secretkey - } - }, - archiveLogs: true - } - } diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml deleted file mode 100644 index 9395f80895..0000000000 --- a/pipeline/upstream/kustomize/base/argo/workflow-controller-deployment.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: workflow-controller - name: workflow-controller -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: workflow-controller - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: workflow-controller - spec: - containers: - - args: - - --configmap - - workflow-controller-configmap - - --executor-image - - gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance - command: - - workflow-controller - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/workflow-controller:v2.7.5-license-compliance - imagePullPolicy: IfNotPresent - name: workflow-controller - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: argo - serviceAccountName: argo - terminationGracePeriodSeconds: 30 diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml deleted file mode 100644 index d79208a99a..0000000000 --- a/pipeline/upstream/kustomize/base/argo/workflow-controller-role.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - - workflowtemplates - - workflowtemplates/finalizers - - cronworkflows - verbs: - - get - - list - - watch - - update - - patch - - delete diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml deleted file mode 100644 index 0484f455b8..0000000000 --- a/pipeline/upstream/kustomize/base/argo/workflow-controller-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: -- kind: ServiceAccount - name: argo diff --git a/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml b/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml deleted file mode 100644 index f3d5885df9..0000000000 --- a/pipeline/upstream/kustomize/base/argo/workflow-controller-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml deleted file mode 100644 index d4c3ae3a86..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-deployment.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cache-deployer-deployment - labels: - app: cache-deployer -spec: - replicas: 1 - selector: - matchLabels: - app: cache-deployer - strategy: - type: Recreate - template: - metadata: - labels: - app: cache-deployer - spec: - containers: - - name: main - image: gcr.io/ml-pipeline/cache-deployer:dummy - imagePullPolicy: Always - env: - - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: kubeflow-pipelines-cache-deployer-sa - restartPolicy: Always diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml deleted file mode 100644 index 6211517140..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-role.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: kubeflow-pipelines-cache-deployer-role - name: kubeflow-pipelines-cache-deployer-role -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - patch diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml deleted file mode 100644 index 36ed4963a5..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubeflow-pipelines-cache-deployer-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubeflow-pipelines-cache-deployer-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml deleted file mode 100644 index affada3d10..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cache-deployer-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml deleted file mode 100644 index e2d6e75f45..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: kubeflow-pipelines-cache-deployer-clusterrole - name: kubeflow-pipelines-cache-deployer-clusterrole -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - - certificatesigningrequests/approval - verbs: - - create - - delete - - get - - update -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - create - - get diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml deleted file mode 100644 index 7e2d2dcf8c..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-cache-deployer-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-cache-deployer-clusterrole -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache-deployer-sa - namespace: $(NAMESPACE) diff --git a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml deleted file mode 100644 index cd31d9a4e2..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/cluster-scoped/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cache-deployer-clusterrole.yaml -- cache-deployer-clusterrolebinding.yaml diff --git a/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml b/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml deleted file mode 100644 index f6c83059b9..0000000000 --- a/pipeline/upstream/kustomize/base/cache-deployer/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cache-deployer-role.yaml -- cache-deployer-rolebinding.yaml -- cache-deployer-sa.yaml -- cache-deployer-deployment.yaml diff --git a/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml b/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml deleted file mode 100644 index 0f075706a5..0000000000 --- a/pipeline/upstream/kustomize/base/cache/cache-deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cache-server - labels: - app: cache-server -spec: - replicas: 1 - selector: - matchLabels: - app: cache-server - template: - metadata: - labels: - app: cache-server - spec: - containers: - - name: server - image: gcr.io/ml-pipeline/cache-server:dummy - env: - - name: DBCONFIG_DRIVER - value: mysql - - name: DBCONFIG_DB_NAME - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: cache_db - - name: DBCONFIG_HOST_NAME - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: host - - name: DBCONFIG_PORT - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: port - - name: DBCONFIG_USER - valueFrom: - secretKeyRef: - name: mysql-secret - key: username - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: password - - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", - "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", - "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] - imagePullPolicy: Always - ports: - - containerPort: 8443 - name: webhook-api - volumeMounts: - - name: webhook-tls-certs - mountPath: /etc/webhook/certs - readOnly: true - volumes: - - name: webhook-tls-certs - secret: - secretName: webhook-server-tls - serviceAccountName: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-role.yaml b/pipeline/upstream/kustomize/base/cache/cache-role.yaml deleted file mode 100644 index de613b427b..0000000000 --- a/pipeline/upstream/kustomize/base/cache/cache-role.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: kubeflow-pipelines-cache-role - name: kubeflow-pipelines-cache-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml b/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml deleted file mode 100644 index 48541bfb8a..0000000000 --- a/pipeline/upstream/kustomize/base/cache/cache-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubeflow-pipelines-cache-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubeflow-pipelines-cache-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-sa.yaml b/pipeline/upstream/kustomize/base/cache/cache-sa.yaml deleted file mode 100644 index 232ddd15cf..0000000000 --- a/pipeline/upstream/kustomize/base/cache/cache-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/kustomize/base/cache/cache-service.yaml b/pipeline/upstream/kustomize/base/cache/cache-service.yaml deleted file mode 100644 index 980619837b..0000000000 --- a/pipeline/upstream/kustomize/base/cache/cache-service.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: cache-server -spec: - selector: - app: cache-server - ports: - - port: 443 - targetPort: webhook-api diff --git a/pipeline/upstream/kustomize/base/cache/kustomization.yaml b/pipeline/upstream/kustomize/base/cache/kustomization.yaml deleted file mode 100644 index a4bdc8c7ba..0000000000 --- a/pipeline/upstream/kustomize/base/cache/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cache-deployment.yaml -- cache-service.yaml -- cache-role.yaml -- cache-rolebinding.yaml -- cache-sa.yaml diff --git a/pipeline/upstream/kustomize/base/kustomization.yaml b/pipeline/upstream/kustomize/base/kustomization.yaml deleted file mode 100644 index 25d6486916..0000000000 --- a/pipeline/upstream/kustomize/base/kustomization.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- application -- argo -- pipeline -- metadata -- mysql -- cache -- cache-deployer -resources: -- pipeline-application.yaml -images: -- name: gcr.io/ml-pipeline/api-server - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/frontend - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/visualization-server - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/cache-server - newTag: 1.0.0-rc.1 -- name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.0.0-rc.1 -# Used by Kustomize -configMapGenerator: -- name: pipeline-install-config - env: params.env -secretGenerator: -- name: mysql-secret - env: params-db-secret.env -vars: -- name: NAMESPACE - objref: - kind: Deployment - apiVersion: apps/v1 - name: ml-pipeline - fieldref: - fieldpath: metadata.namespace -- name: APP_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.appName -- name: APP_VERSION - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.appVersion -- name: DBSERVICE_HOST - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.dbHost -- name: DBSERVICE_PORT - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.dbPort -- name: DBNAME_MLMD - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.mlmdDb -- name: DBNAME_CACHE - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.cacheDb -- name: DBNAME_PIPELINE - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.pipelineDb -- name: BUCKET_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.bucketName -configurations: -- params.yaml diff --git a/pipeline/upstream/kustomize/base/metadata/kustomization.yaml b/pipeline/upstream/kustomize/base/metadata/kustomization.yaml deleted file mode 100644 index cf594beb70..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- metadata-configmap.yaml -- metadata-grpc-deployment.yaml -- metadata-grpc-service.yaml -- metadata-envoy-deployment.yaml -- metadata-envoy-service.yaml -- metadata-writer-deployment.yaml -- metadata-writer-role.yaml -- metadata-writer-rolebinding.yaml -- metadata-writer-sa.yaml diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml deleted file mode 100644 index 08cc7e6927..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: metadata-grpc-configmap - labels: - component: metadata-grpc-server -data: - METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" - METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml deleted file mode 100644 index 1ccf7122f7..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-deployment.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: metadata-envoy-deployment - labels: - component: metadata-envoy -spec: - replicas: 1 - selector: - matchLabels: - component: metadata-envoy - template: - metadata: - labels: - component: metadata-envoy - spec: - containers: - - name: container - image: gcr.io/ml-pipeline/envoy:metadata-grpc - ports: - - name: md-envoy - containerPort: 9090 - - name: envoy-admin - containerPort: 9901 diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml deleted file mode 100644 index 42166c85cc..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-envoy-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - labels: - app: metadata-envoy - name: metadata-envoy-service -spec: - selector: - component: metadata-envoy - type: ClusterIP - ports: - - port: 9090 - protocol: TCP - name: md-envoy diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml deleted file mode 100644 index 02de4b3662..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-deployment.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: metadata-grpc-deployment - labels: - component: metadata-grpc-server -spec: - replicas: 1 - selector: - matchLabels: - component: metadata-grpc-server - template: - metadata: - labels: - component: metadata-grpc-server - spec: - containers: - - name: container - image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.21.1 - env: - - name: DBCONFIG_USER - valueFrom: - secretKeyRef: - name: mysql-secret - key: username - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: password - - name: MYSQL_DATABASE - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: mlmd_db - - name: MYSQL_HOST - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: host - - name: MYSQL_PORT - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: port - command: ["/bin/metadata_store_server"] - args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", - "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", - "--mysql_config_password=$(DBCONFIG_PASSWORD)"] - ports: - - name: grpc-api - containerPort: 8080 - livenessProbe: - tcpSocket: - port: grpc-api - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - readinessProbe: - tcpSocket: - port: grpc-api - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml deleted file mode 100644 index 7e7b73bf02..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-grpc-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - labels: - app: metadata - name: metadata-grpc-service -spec: - selector: - component: metadata-grpc-server - type: ClusterIP - ports: - - port: 8080 - protocol: TCP - name: grpc-api diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml deleted file mode 100644 index c51903d356..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-writer-deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: metadata-writer - labels: - app: metadata-writer -spec: - replicas: 1 - selector: - matchLabels: - app: metadata-writer - template: - metadata: - labels: - app: metadata-writer - spec: - containers: - - name: main - image: gcr.io/ml-pipeline/metadata-writer:dummy - env: - - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml deleted file mode 100644 index 06317b0845..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-writer-role.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: kubeflow-pipelines-metadata-writer-role - name: kubeflow-pipelines-metadata-writer-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml deleted file mode 100644 index 37263d4a8c..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-writer-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubeflow-pipelines-metadata-writer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubeflow-pipelines-metadata-writer-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml b/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml deleted file mode 100644 index 77812949a8..0000000000 --- a/pipeline/upstream/kustomize/base/metadata/metadata-writer-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/kustomize/base/mysql/kustomization.yaml b/pipeline/upstream/kustomize/base/mysql/kustomization.yaml deleted file mode 100644 index 42c1dda888..0000000000 --- a/pipeline/upstream/kustomize/base/mysql/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- mysql-configmap.yaml diff --git a/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml b/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml deleted file mode 100644 index 537a44522a..0000000000 --- a/pipeline/upstream/kustomize/base/mysql/mysql-configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: mysql-configmap -data: - host: $(DBSERVICE_HOST) - port: "$(DBSERVICE_PORT)" - mlmd_db: $(DBNAME_MLMD) - cache_db: $(DBNAME_CACHE) - pipeline_db: $(DBNAME_PIPELINE) diff --git a/pipeline/upstream/kustomize/base/params-db-secret.env b/pipeline/upstream/kustomize/base/params-db-secret.env deleted file mode 100644 index c15cb2e337..0000000000 --- a/pipeline/upstream/kustomize/base/params-db-secret.env +++ /dev/null @@ -1,2 +0,0 @@ -username=root -password= diff --git a/pipeline/upstream/kustomize/base/params.env b/pipeline/upstream/kustomize/base/params.env deleted file mode 100644 index 948d387540..0000000000 --- a/pipeline/upstream/kustomize/base/params.env +++ /dev/null @@ -1,8 +0,0 @@ -appName=pipeline -appVersion=1.0.0-rc.1 -dbHost=mysql -dbPort=3306 -mlmdDb=metadb -cacheDb=cachedb -pipelineDb=mlpipeline -bucketName=mlpipeline diff --git a/pipeline/upstream/kustomize/base/params.yaml b/pipeline/upstream/kustomize/base/params.yaml deleted file mode 100644 index ecd1794ad0..0000000000 --- a/pipeline/upstream/kustomize/base/params.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Allow Kustomize var to replace following fields. -varReference: -- path: data/config - kind: ConfigMap -- path: data/bucket_name - kind: ConfigMap -- path: data/project_id - kind: ConfigMap -- path: data/host - kind: ConfigMap -- path: data/port - kind: ConfigMap -- path: data/mlmd_db - kind: ConfigMap -- path: data/cache_db - kind: ConfigMap -- path: data/pipeline_db - kind: ConfigMap -- path: metadata/name - kind: Application -- path: spec/descriptor/version - kind: Application -- path: spec/template/spec/containers/image - kind: Deployment diff --git a/pipeline/upstream/kustomize/base/pipeline-application.yaml b/pipeline/upstream/kustomize/base/pipeline-application.yaml deleted file mode 100644 index a5e3f4b91e..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline-application.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: app.k8s.io/v1beta1 -kind: Application -metadata: - name: $(APP_NAME) - annotations: - kubernetes-engine.cloud.google.com/icon: >- - data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== - marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", - "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' -spec: - addOwnerRef: true - selector: - matchLabels: - application-crd-id: kubeflow-pipelines - descriptor: - version: $(APP_VERSION) - type: Kubeflow Pipelines - description: |- - Reusable end-to-end ML workflow - maintainers: - - name: Google Cloud AI Platform - url: https://cloud.google.com/ai-platform/ - - name: Kubeflow Pipelines - url: https://github.com/kubeflow/pipelines - links: - - description: 'Kubeflow Pipelines Documentation' - url: https://www.kubeflow.org/docs/pipelines/ - notes: |- - Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). - info: - - name: Console - value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' - componentKinds: - - group: v1 - kind: ServiceAccount - - group: rbac.authorization.k8s.io/v1 - kind: Role - - group: rbac.authorization.k8s.io/v1 - kind: RoleBinding - - group: v1 - kind: Service - - group: v1 - kind: PersistentVolumeClaim - - group: v1 - kind: ConfigMap - - group: v1 - kind: Secret - - group: apps/v1 - kind: Deployment diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml deleted file mode 100644 index 9a92c2ced6..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- scheduled-workflow-crd.yaml -- viewer-crd.yaml diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml deleted file mode 100644 index 22dc3c8a00..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: scheduledworkflows.kubeflow.org -spec: - group: kubeflow.org - names: - kind: ScheduledWorkflow - listKind: ScheduledWorkflowList - plural: scheduledworkflows - shortNames: - - swf - singular: scheduledworkflow - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true diff --git a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml b/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml deleted file mode 100644 index dcb5db0f88..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/cluster-scoped/viewer-crd.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: viewers.kubeflow.org -spec: - group: kubeflow.org - names: - kind: Viewer - listKind: ViewerList - plural: viewers - shortNames: - - vi - singular: viewer - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true diff --git a/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml deleted file mode 100644 index aa65bd9bbf..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/container-builder-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubeflow-pipelines-container-builder diff --git a/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml b/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml deleted file mode 100644 index ec0ea9ddde..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/kustomization.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ml-pipeline-apiserver-deployment.yaml -- ml-pipeline-apiserver-role.yaml -- ml-pipeline-apiserver-rolebinding.yaml -- ml-pipeline-apiserver-sa.yaml -- ml-pipeline-apiserver-service.yaml -- ml-pipeline-persistenceagent-deployment.yaml -- ml-pipeline-persistenceagent-role.yaml -- ml-pipeline-persistenceagent-rolebinding.yaml -- ml-pipeline-persistenceagent-sa.yaml -- ml-pipeline-scheduledworkflow-deployment.yaml -- ml-pipeline-scheduledworkflow-role.yaml -- ml-pipeline-scheduledworkflow-rolebinding.yaml -- ml-pipeline-scheduledworkflow-sa.yaml -- ml-pipeline-ui-deployment.yaml -- ml-pipeline-ui-role.yaml -- ml-pipeline-ui-rolebinding.yaml -- ml-pipeline-ui-sa.yaml -- ml-pipeline-ui-service.yaml -- ml-pipeline-viewer-crd-role.yaml -- ml-pipeline-viewer-crd-rolebinding.yaml -- ml-pipeline-viewer-crd-deployment.yaml -- ml-pipeline-viewer-crd-sa.yaml -- ml-pipeline-visualization-deployment.yaml -- ml-pipeline-visualization-sa.yaml -- ml-pipeline-visualization-service.yaml -- pipeline-runner-role.yaml -- pipeline-runner-rolebinding.yaml -- pipeline-runner-sa.yaml -- container-builder-sa.yaml diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml deleted file mode 100644 index 0392085a1d..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline - name: ml-pipeline -spec: - selector: - matchLabels: - app: ml-pipeline - template: - metadata: - labels: - app: ml-pipeline - spec: - containers: - - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OBJECTSTORECONFIG_SECURE - value: "false" - - name: OBJECTSTORECONFIG_BUCKETNAME - value: $(BUCKET_NAME) - - name: DBCONFIG_USER - valueFrom: - secretKeyRef: - name: mysql-secret - key: username - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: password - - name: DBCONFIG_DBNAME - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: pipeline_db - - name: DBCONFIG_HOST - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: host - - name: DBCONFIG_PORT - valueFrom: - configMapKeyRef: - name: mysql-configmap - key: port - image: gcr.io/ml-pipeline/api-server:dummy - imagePullPolicy: IfNotPresent - name: ml-pipeline-api-server - ports: - - name: http - containerPort: 8888 - - name: grpc - containerPort: 8887 - readinessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - livenessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - serviceAccountName: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml deleted file mode 100644 index 3fdfeaaa9f..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline - name: ml-pipeline -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - update - - patch - - delete diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml deleted file mode 100644 index 78cef70d51..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: ml-pipeline - name: ml-pipeline -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline -subjects: -- kind: ServiceAccount - name: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml deleted file mode 100644 index 95ff3141e6..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml deleted file mode 100644 index 49de02bafb..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-apiserver-service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ml-pipeline -spec: - ports: - - name: http - port: 8888 - protocol: TCP - targetPort: 8888 - - name: grpc - port: 8887 - protocol: TCP - targetPort: 8887 - selector: - app: ml-pipeline diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml deleted file mode 100644 index 968f13a6cf..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline-persistenceagent - name: ml-pipeline-persistenceagent -spec: - selector: - matchLabels: - app: ml-pipeline-persistenceagent - template: - metadata: - labels: - app: ml-pipeline-persistenceagent - spec: - containers: - - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:dummy - imagePullPolicy: IfNotPresent - name: ml-pipeline-persistenceagent - serviceAccountName: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml deleted file mode 100644 index 72757fffd8..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ml-pipeline-persistenceagent-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - get - - list - - watch diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml deleted file mode 100644 index a690f20cbf..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-persistenceagent-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-persistenceagent-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml deleted file mode 100644 index 158591534c..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-persistenceagent-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml deleted file mode 100644 index c0ff7e68df..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline-scheduledworkflow - name: ml-pipeline-scheduledworkflow -spec: - selector: - matchLabels: - app: ml-pipeline-scheduledworkflow - template: - metadata: - labels: - app: ml-pipeline-scheduledworkflow - spec: - containers: - - image: gcr.io/ml-pipeline/scheduledworkflow:dummy - imagePullPolicy: IfNotPresent - name: ml-pipeline-scheduledworkflow - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml deleted file mode 100644 index 187272a976..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline-scheduledworkflow-role - name: ml-pipeline-scheduledworkflow-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - '' - resources: - - events - verbs: - - create - - patch diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml deleted file mode 100644 index c2d10f6e63..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-scheduledworkflow-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-scheduledworkflow-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml deleted file mode 100644 index 285c13742f..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml deleted file mode 100644 index 8dffba3fe3..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -spec: - selector: - matchLabels: - app: ml-pipeline-ui - template: - metadata: - labels: - app: ml-pipeline-ui - spec: - containers: - - image: gcr.io/ml-pipeline/frontend:dummy - imagePullPolicy: IfNotPresent - name: ml-pipeline-ui - ports: - - containerPort: 3000 - env: - - name: MINIO_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ALLOW_CUSTOM_VISUALIZATIONS - value: "true" - readinessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - livenessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - serviceAccountName: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml deleted file mode 100644 index 4877d7a2ce..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-role.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -rules: -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - create - - get - - list -- apiGroups: - - "" - resources: - - events - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - "kubeflow.org" - resources: - - viewers - verbs: - - create - - get - - list - - watch - - delete -- apiGroups: - - "argoproj.io" - resources: - - workflows - verbs: - - get - - list diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml deleted file mode 100644 index e829835420..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-ui -subjects: -- kind: ServiceAccount - name: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml deleted file mode 100644 index 4c890a27bb..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml deleted file mode 100644 index 8c8669d7b9..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-ui-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -spec: - ports: - - port: 80 - targetPort: 3000 - selector: - app: ml-pipeline-ui diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml deleted file mode 100644 index 0135a5c0ed..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline-viewer-crd - name: ml-pipeline-viewer-crd -spec: - selector: - matchLabels: - app: ml-pipeline-viewer-crd - template: - metadata: - labels: - app: ml-pipeline-viewer-crd - spec: - containers: - - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy - imagePullPolicy: Always - name: ml-pipeline-viewer-crd - env: - - name: MAX_NUM_VIEWERS - value: "50" - - name: MINIO_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml deleted file mode 100644 index 73bf032fdd..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-role.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ml-pipeline-viewer-controller-role -rules: -- apiGroups: - - '*' - resources: - - deployments - - services - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml deleted file mode 100644 index bd1f77a837..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-viewer-crd-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-viewer-controller-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml deleted file mode 100644 index 5dd08f8843..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-viewer-crd-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml deleted file mode 100644 index a755e51be7..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: ml-pipeline-visualizationserver - name: ml-pipeline-visualizationserver -spec: - selector: - matchLabels: - app: ml-pipeline-visualizationserver - template: - metadata: - labels: - app: ml-pipeline-visualizationserver - spec: - containers: - - image: gcr.io/ml-pipeline/visualization-server:dummy - imagePullPolicy: IfNotPresent - name: ml-pipeline-visualizationserver - ports: - - name: http - containerPort: 8888 - readinessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - livenessProbe: - exec: - command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ - initialDelaySeconds: 3 - periodSeconds: 5 - timeoutSeconds: 2 - serviceAccountName: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml deleted file mode 100644 index e1bbc6ad27..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml deleted file mode 100644 index a4c7e42cb0..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/ml-pipeline-visualization-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ml-pipeline-visualizationserver -spec: - ports: - - name: http - port: 8888 - protocol: TCP - targetPort: 8888 - selector: - app: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml deleted file mode 100644 index e81fd91a53..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-role.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: pipeline-runner -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - verbs: - - '*' -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - - services - verbs: - - '*' -- apiGroups: - - "" - - apps - - extensions - resources: - - deployments - - replicasets - verbs: - - '*' -- apiGroups: - - kubeflow.org - resources: - - '*' - verbs: - - '*' -- apiGroups: - - batch - resources: - - jobs - verbs: - - '*' -- apiGroups: - - machinelearning.seldon.io - resources: - - seldondeployments - verbs: - - '*' diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml deleted file mode 100644 index 9adae61887..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: pipeline-runner-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pipeline-runner -subjects: -- kind: ServiceAccount - name: pipeline-runner diff --git a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml b/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml deleted file mode 100644 index 8cb2c669fb..0000000000 --- a/pipeline/upstream/kustomize/base/pipeline/pipeline-runner-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pipeline-runner diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml deleted file mode 100644 index ea7e24ae46..0000000000 --- a/pipeline/upstream/kustomize/cluster-scoped-resources/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../base/application/cluster-scoped -- ../base/argo/cluster-scoped -- ../base/pipeline/cluster-scoped -- ../base/cache-deployer/cluster-scoped -resources: -- namespace.yaml -# Used by Kustomize -configMapGenerator: -- name: pipeline-cluster-scoped-install-config - env: params.env -vars: -- name: NAMESPACE - objref: - kind: ConfigMap - name: pipeline-cluster-scoped-install-config - apiVersion: v1 - fieldref: - fieldpath: data.namespace -configurations: -- params.yaml diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml deleted file mode 100644 index ae346817e9..0000000000 --- a/pipeline/upstream/kustomize/cluster-scoped-resources/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: $(NAMESPACE) diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/params.env b/pipeline/upstream/kustomize/cluster-scoped-resources/params.env deleted file mode 100644 index 78166431d4..0000000000 --- a/pipeline/upstream/kustomize/cluster-scoped-resources/params.env +++ /dev/null @@ -1 +0,0 @@ -namespace=kubeflow diff --git a/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml b/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml deleted file mode 100644 index 3bfd0e5be5..0000000000 --- a/pipeline/upstream/kustomize/cluster-scoped-resources/params.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Allow Kustomize var to replace following fields. -varReference: -- path: metadata/name - kind: Namespace -- path: subjects/namespace - kind: ClusterRoleBinding diff --git a/pipeline/upstream/kustomize/env/dev/kustomization.yaml b/pipeline/upstream/kustomize/env/dev/kustomization.yaml deleted file mode 100644 index 96318d6f63..0000000000 --- a/pipeline/upstream/kustomize/env/dev/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../platform-agnostic -- ../gcp/inverse-proxy -# Identifier for application manager to apply ownerReference. -# The ownerReference ensures the resources get garbage collected -# when application is deleted. -commonLabels: - application-crd-id: kubeflow-pipelines -# !!! If you want to customize the namespace, -# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources -namespace: kubeflow diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml deleted file mode 100644 index 55b2035365..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cloudsqlproxy - labels: - app: cloudsqlproxy -spec: - selector: - matchLabels: - app: cloudsqlproxy - replicas: 1 - template: - metadata: - labels: - app: cloudsqlproxy - spec: - containers: - - image: gcr.io/cloudsql-docker/gce-proxy:1.14 - name: cloudsqlproxy - command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", - "term_timeout=10s"] - # set term_timeout if require graceful handling of shutdown - # NOTE: proxy will stop accepting new connections; only wait on existing connections - lifecycle: - preStop: - exec: - # (optional) add a preStop hook so that termination is delayed - # this is required if your server still require new connections (e.g., connection pools) - command: ['sleep', '10'] - ports: - - name: mysql - containerPort: 3306 - volumeMounts: - - mountPath: /cloudsql - name: cloudsql - volumes: - - name: cloudsql - emptyDir: diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml deleted file mode 100644 index 87f162bcbd..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- cloudsql-proxy-deployment.yaml -- mysql-service.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml deleted file mode 100644 index d93921d040..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/cloudsql-proxy/mysql-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mysql -spec: - ports: - - port: 3306 - selector: - app: cloudsqlproxy diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml deleted file mode 100644 index d88e632c43..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/gcp-configurations-patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ml-pipeline -spec: - template: - spec: - containers: - - name: ml-pipeline-api-server - env: - - name: HAS_DEFAULT_BUCKET - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "has_default_bucket" - - name: BUCKET_NAME - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "bucket_name" - - name: PROJECT_ID - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "project_id" diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml deleted file mode 100644 index f705fefb8c..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/gcp-default-configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gcp-default-config -data: - bucket_name: "$(BUCKET_NAME)" - has_default_bucket: "true" - project_id: "$(GCP_PROJECT_ID)" diff --git a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml deleted file mode 100644 index cc36121c46..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/gcp-default-config/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gcp-default-configmap.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml deleted file mode 100644 index 36ffb5c51f..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 1.0.0-rc.1 -resources: -- proxy-configmap.yaml -- proxy-deployment.yaml -- proxy-role.yaml -- proxy-rolebinding.yaml -- proxy-sa.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml deleted file mode 100644 index c469f7acb9..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-configmap.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: inverse-proxy-config diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml deleted file mode 100644 index faf3e47309..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-deployment.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: proxy-agent - name: proxy-agent -spec: - selector: - matchLabels: - app: proxy-agent - template: - metadata: - labels: - app: proxy-agent - spec: - hostNetwork: true - containers: - - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy - imagePullPolicy: IfNotPresent - name: proxy-agent - serviceAccountName: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml deleted file mode 100644 index b4fae7b750..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: proxy-agent-runner - name: proxy-agent-runner -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml deleted file mode 100644 index 72f1fc0d6f..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-rolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: proxy-agent-runner - name: proxy-agent-runner -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: proxy-agent-runner -subjects: -- kind: ServiceAccount - name: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml b/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml deleted file mode 100644 index af8b0c3c2d..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/inverse-proxy/proxy-sa.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: proxy-agent-runner diff --git a/pipeline/upstream/kustomize/env/gcp/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/kustomization.yaml deleted file mode 100644 index 541616e4c9..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/kustomization.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -- inverse-proxy -- minio-gcs-gateway -- cloudsql-proxy -- gcp-default-config -# Identifier for application manager to apply ownerReference. -# The ownerReference ensures the resources get garbage collected -# when application is deleted. -commonLabels: - application-crd-id: kubeflow-pipelines -# !!! If you want to customize the namespace, -# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml -namespace: kubeflow -patchesStrategicMerge: -- gcp-configurations-patch.yaml -# Used by Kustomize -configMapGenerator: -- name: pipeline-install-config - env: params.env - behavior: merge -vars: -- name: GCP_PROJECT_ID - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsProjectId -- name: GCP_CLOUDSQL_INSTANCE_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsCloudSqlInstanceName diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml deleted file mode 100644 index f14e64f5d3..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- minio-gcs-gateway-deployment.yaml -- minio-gcs-gateway-service.yaml diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml deleted file mode 100644 index ec560830a9..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio - labels: - app: minio -spec: - selector: - matchLabels: - app: minio - strategy: - type: Recreate - template: - metadata: - labels: - app: minio - spec: - containers: - - name: minio - image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance - args: - - gateway - - gcs - - $(GCP_PROJECT_ID) - env: - - name: MINIO_ACCESS_KEY - value: "minio" - - name: MINIO_SECRET_KEY - value: "minio123" - ports: - - containerPort: 9000 diff --git a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml deleted file mode 100644 index 6f542967e7..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: minio-service -spec: - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - selector: - app: minio diff --git a/pipeline/upstream/kustomize/env/gcp/params.env b/pipeline/upstream/kustomize/env/gcp/params.env deleted file mode 100644 index 0c1d077bee..0000000000 --- a/pipeline/upstream/kustomize/env/gcp/params.env +++ /dev/null @@ -1,6 +0,0 @@ -pipelineDb=pipelinedb -mlmdDb=metadb -cacheDb=cachedb -bucketName=yourGcsBucketName -gcsProjectId=yourGcsProjectId -gcsCloudSqlInstanceName=yourCloudSqlInstanceName diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml deleted file mode 100644 index c5773ad03f..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/kustomization.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -- ../../base -- minio -- mysql -# Identifier for application manager to apply ownerReference. -# The ownerReference ensures the resources get garbage collected -# when application is deleted. -commonLabels: - application-crd-id: kubeflow-pipelines -# !!! If you want to customize the namespace, -# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml -namespace: kubeflow -images: -- name: mysql - newTag: "5.6" -- name: minio/minio - newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml deleted file mode 100644 index 7a20d85a7c..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/minio/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- minio-deployment.yaml -- minio-pvc.yaml -- minio-service.yaml diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml deleted file mode 100644 index 382dc4fd21..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-deployment.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio - labels: - app: minio -spec: - selector: - matchLabels: - app: minio - strategy: - type: Recreate - template: - metadata: - labels: - app: minio - spec: - containers: - - args: - - server - - /data - env: - - name: MINIO_ACCESS_KEY - value: minio - - name: MINIO_SECRET_KEY - value: minio123 - image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance - name: minio - ports: - - containerPort: 9000 - volumeMounts: - - mountPath: /data - name: data - subPath: minio - volumes: - - name: data - persistentVolumeClaim: - claimName: minio-pvc diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml deleted file mode 100644 index ecfa32bbe8..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-pvc.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minio-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml deleted file mode 100644 index f49cf52859..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/minio/minio-service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: minio-service -spec: - ports: - - port: 9000 - protocol: TCP - targetPort: 9000 - selector: - app: minio diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml deleted file mode 100644 index 93af2924b5..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- mysql-deployment.yaml -- mysql-pv-claim.yaml -- mysql-service.yaml diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml deleted file mode 100644 index ab9386e25c..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-deployment.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mysql - labels: - app: mysql -spec: - selector: - matchLabels: - app: mysql - strategy: - type: Recreate - template: - metadata: - labels: - app: mysql - spec: - containers: - - env: - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: "true" - image: gcr.io/ml-pipeline/mysql:5.6 - name: mysql - ports: - - containerPort: 3306 - name: mysql - volumeMounts: - - mountPath: /var/lib/mysql - name: mysql-persistent-storage - volumes: - - name: mysql-persistent-storage - persistentVolumeClaim: - claimName: mysql-pv-claim diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml deleted file mode 100644 index 108dc24ef3..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-pv-claim.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mysql-pv-claim -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi diff --git a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml deleted file mode 100644 index db93f1017a..0000000000 --- a/pipeline/upstream/kustomize/env/platform-agnostic/mysql/mysql-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mysql -spec: - ports: - - port: 3306 - selector: - app: mysql diff --git a/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh b/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh deleted file mode 100755 index e749ccbc0d..0000000000 --- a/pipeline/upstream/kustomize/gcp-workload-identity-setup.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -# Google service Account (GSA) -SYSTEM_GSA=${SYSTEM_GSA:-$CLUSTER_NAME-kfp-system} -USER_GSA=${USER_GSA:-$CLUSTER_NAME-kfp-user} - -# Kubernetes Service Account (KSA) -SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver) -USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder) - -cat < CLUSTER_NAME= NAMESPACE= ./gcp-workload-identity-setup.sh -``` - -PROJECT_ID: GCP project ID your cluster belongs to. -CLUSTER_NAME: your GKE cluster's name. -NAMESPACE: Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to (default is kubeflow). -EOF -} -if [ -z "$PROJECT_ID" ]; then - usage - echo - echo "Error: PROJECT_ID env variable is empty!" - exit 1 -fi -if [ -z "$CLUSTER_NAME" ]; then - usage - echo - echo "Error: CLUSTER_NAME env variable is empty!" - exit 1 -fi -echo "Env variables set:" -echo "* PROJECT_ID=$PROJECT_ID" -echo "* CLUSTER_NAME=$CLUSTER_NAME" -echo "* NAMESPACE=$NAMESPACE" -echo - -read -p "Continue? (Y/n) " -n 1 -r -echo -if [[ ! $REPLY =~ ^[Yy]$ ]]; then - exit 0 -fi - -echo "Creating Google service accounts..." -function create_gsa_if_not_present { - local name=${1} - local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') - if [ -n "$already_present" ]; then - echo "Service account $name already exists" - else - gcloud iam service-accounts create $name - fi -} -create_gsa_if_not_present $SYSTEM_GSA -create_gsa_if_not_present $USER_GSA - -# You can optionally choose to add iam policy bindings to grant project permissions to these GSAs. -# You can also set these up later. -# gcloud projects add-iam-policy-binding $PROJECT_ID \ -# --member="serviceAccount:$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ -# --role="roles/editor" -# gcloud projects add-iam-policy-binding $PROJECT_ID \ -# --member="serviceAccount:$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ -# --role="roles/editor" - -# Bind KSA to GSA through workload identity. -# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity -function bind_gsa_and_ksa { - local gsa=${1} - local ksa=${2} - - gcloud iam service-accounts add-iam-policy-binding $gsa@$PROJECT_ID.iam.gserviceaccount.com \ - --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \ - --role="roles/iam.workloadIdentityUser" \ - > /dev/null # hide verbose output - kubectl annotate serviceaccount \ - --namespace $NAMESPACE \ - --overwrite \ - $ksa \ - iam.gke.io/gcp-service-account=$gsa@$PROJECT_ID.iam.gserviceaccount.com - echo "* Bound KSA $ksa to GSA $gsa" -} - -echo "Binding each kfp system KSA to $SYSTEM_GSA" -for ksa in ${SYSTEM_KSA[@]}; do - bind_gsa_and_ksa $SYSTEM_GSA $ksa -done - -echo "Binding each kfp user KSA to $USER_GSA" -for ksa in ${USER_KSA[@]}; do - bind_gsa_and_ksa $USER_GSA $ksa -done diff --git a/pipeline/upstream/kustomize/hack/release.sh b/pipeline/upstream/kustomize/hack/release.sh deleted file mode 100755 index d233a83bf3..0000000000 --- a/pipeline/upstream/kustomize/hack/release.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -ex - -TAG_NAME=$1 -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" - -if [[ -z "$TAG_NAME" ]]; then - echo "Usage: release.sh " >&2 - exit 1 -fi - -echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" -yq w -i "$DIR/../base/kustomization.yaml" images[*].newTag "$TAG_NAME" -yq w -i "$DIR/../env/gcp/inverse-proxy/kustomization.yaml" images[*].newTag "$TAG_NAME" - -# Note, this only works in linux. TODO: make it MacOS sed compatible. -sed -i.bak -e "s|appVersion=.\+|appVersion=$TAG_NAME|g" "$DIR/../base/params.env" diff --git a/pipeline/upstream/kustomize/sample/README.md b/pipeline/upstream/kustomize/sample/README.md deleted file mode 100644 index cb5c7e753d..0000000000 --- a/pipeline/upstream/kustomize/sample/README.md +++ /dev/null @@ -1,78 +0,0 @@ -# Sample installation - -1. Prepare a cluster and setup kubectl context -Do whatever you want to customize your cluster. You can use existing cluster -or create a new one. -- **ML Usage** GPU normally is required for deep learning task. -You may consider create **zero-sized GPU node-pool with autoscaling**. -Please reference [GPU Tutorial](/samples/tutorials/gpu/). -- **Security** You may consider use **Workload Identity** in GCP cluster. - -Here for simplicity we create a small cluster with **--scopes=cloud-platform** -to save credentail configure efforts. - -``` -gcloud container clusters create mycluster \ - --zone us-central1-a \ - --machine-type n1-standard-2 \ - --scopes cloud-platform \ - --enable-autoscaling \ - --min-nodes 1 \ - --max-nodes 5 \ - --num-nodes 3 -``` - -2. Prepare CloudSQL - -Create CloudSQL instance. [Console](https://console.cloud.google.com/sql/instances). - -Here is a sample for demo. - -``` -gcloud beta sql instances create mycloudsqlname \ - --database-version=MYSQL_5_7 \ - --tier=db-n1-standard-1 \ - --region=us-central1 \ - --root-password=password123 -``` - -You may use **Private IP** to well protect your CloudSQL. -If you use **Private IP**, please go to [VPC network peering](https://console.cloud.google.com/networking/peering/list) -to double check whether the "cloudsql-mysql-googleais-com" is created and the "Exchange custom routes" is enabled. You -are expected to see "Peer VPC network is connected". - -3. Prepare GCS Bucket - -Create Cloud Storage bucket. [Console](https://console.cloud.google.com/storage). - -``` -gsutil mb -p myProjectId gs://myBucketName/ -``` - -4. Customize your values -- Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env** -- Edit kustomization.yaml to set your namespace, e.x. "kubeflow" - -5. Install - -``` -kubectl apply -k sample/cluster-scoped-resources/ - -kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s - -kubectl apply -k sample/ -# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again -# kubectl delete -k sample/ - -kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout=1800s -``` - -Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines) - -6. Post-installation configures - -It depends on how you create the cluster, -- if the cluster is created with **--scopes=cloud-platform**, no actions required -- if the cluster is on Workload Identity, please run **gcp-workload-identity-setup.sh** - - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket - - if your workload calls other GCP APIs, make sure the GSA can access them diff --git a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml deleted file mode 100644 index d339a65b04..0000000000 --- a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 -- ../../cluster-scoped-resources -# Change the value in params.env to yours. -configMapGenerator: -- name: pipeline-cluster-scoped-install-config - env: params.env - behavior: merge diff --git a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env b/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env deleted file mode 100644 index 78166431d4..0000000000 --- a/pipeline/upstream/kustomize/sample/cluster-scoped-resources/params.env +++ /dev/null @@ -1 +0,0 @@ -namespace=kubeflow diff --git a/pipeline/upstream/kustomize/sample/kustomization.yaml b/pipeline/upstream/kustomize/sample/kustomization.yaml deleted file mode 100644 index 19d8c76481..0000000000 --- a/pipeline/upstream/kustomize/sample/kustomization.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 -- ../env/gcp -# Identifier for application manager to apply ownerReference. -# The ownerReference ensures the resources get garbage collected -# when application is deleted. -commonLabels: - application-crd-id: kubeflow-pipelines -# Used by Kustomize -configMapGenerator: -- name: pipeline-install-config - env: params.env - behavior: merge -secretGenerator: -- name: mysql-secret - env: params-db-secret.env - behavior: merge -# !!! If you want to customize the namespace, -# please also update sample/params.env and sample/cluster-scoped-resources/params.env -namespace: kubeflow - -#### Customization ### -# 1. Change values in params.env file -# 2. Change values in params-db-secret.env file for CloudSQL username and password -# 3. kubectl apply -k ./ -#### diff --git a/pipeline/upstream/kustomize/sample/params-db-secret.env b/pipeline/upstream/kustomize/sample/params-db-secret.env deleted file mode 100644 index c15cb2e337..0000000000 --- a/pipeline/upstream/kustomize/sample/params-db-secret.env +++ /dev/null @@ -1,2 +0,0 @@ -username=root -password= diff --git a/pipeline/upstream/kustomize/sample/params.env b/pipeline/upstream/kustomize/sample/params.env deleted file mode 100644 index 6d6cca0d90..0000000000 --- a/pipeline/upstream/kustomize/sample/params.env +++ /dev/null @@ -1,4 +0,0 @@ -appName=mypipeline -bucketName=mybucketname -gcsProjectId=myprojectid -gcsCloudSqlInstanceName=myprojectid:myregion:myinstance diff --git a/pipeline/upstream/kustomize/wi-utils.sh b/pipeline/upstream/kustomize/wi-utils.sh deleted file mode 100644 index f5a06db927..0000000000 --- a/pipeline/upstream/kustomize/wi-utils.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash -# -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -function create_gsa_if_not_present { - local name=${1} - local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') - if [ -n "$already_present" ]; then - echo "Service account $name already exists" - else - gcloud iam service-accounts create $name - fi -} - -# Bind KSA to GSA through workload identity. -# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity -function bind_gsa_and_ksa { - local gsa=${1} - local ksa=${2} - local project=${3:-$PROJECT_ID} - local gsa_full="$gsa@$project.iam.gserviceaccount.com" - local namespace=${4:-$NAMESPACE} - - gcloud iam service-accounts add-iam-policy-binding $gsa_full \ - --member="serviceAccount:$project.svc.id.goog[$namespace/$ksa]" \ - --role="roles/iam.workloadIdentityUser" \ - > /dev/null # hide verbose output - kubectl annotate serviceaccount \ - --namespace $namespace \ - --overwrite \ - $ksa \ - iam.gke.io/gcp-service-account=$gsa_full - echo "* Bound KSA $ksa in namespace $namespace to GSA $gsa_full" -} - -# This can be used to programmatically verify workload identity binding grants corresponding GSA -# permissions successfully. -# Usage: verify_workload_identity_binding $KSA $NAMESPACE -# -# If you want to verify manually, use the following command instead: -# kubectl run test-$RANDOM --rm -it --restart=Never \ -# --image=google/cloud-sdk:slim \ -# --serviceaccount $ksa \ -# --namespace $namespace \ -# -- /bin/bash -# It connects you to a pod using specified KSA running an image with gcloud and gsutil CLI tools. -function verify_workload_identity_binding { - local ksa=${1} - local namespace=${2} - local max_attempts=10 - local workload_identity_is_ready=false - for i in $(seq 1 ${max_attempts}) - do - workload_identity_is_ready=true - kubectl run test-$RANDOM --rm -i --restart=Never \ - --image=google/cloud-sdk:slim \ - --serviceaccount $ksa \ - --namespace $namespace \ - -- gcloud auth list || workload_identity_is_ready=false - kubectl run test-$RANDOM --rm -i --restart=Never \ - --image=google/cloud-sdk:slim \ - --serviceaccount $ksa \ - --namespace $namespace \ - -- gsutil ls gs:// || workload_identity_is_ready=false - if [ "$workload_identity_is_ready" = true ]; then - break - fi - done - if [ ! "$workload_identity_is_ready" = true ]; then - echo "Workload identity bindings are not ready after $max_attempts attempts" - return 1 - fi -} diff --git a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml index d339a65b04..9a2276e104 100644 --- a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -1,10 +1,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 -- ../../cluster-scoped-resources + # Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 + - ../../cluster-scoped-resources + # Change the value in params.env to yours. configMapGenerator: -- name: pipeline-cluster-scoped-install-config - env: params.env - behavior: merge + - name: pipeline-cluster-scoped-install-config + env: params.env + behavior: merge diff --git a/pipeline/upstream/sample/kustomization.yaml b/pipeline/upstream/sample/kustomization.yaml index 19d8c76481..db2b428bc1 100644 --- a/pipeline/upstream/sample/kustomization.yaml +++ b/pipeline/upstream/sample/kustomization.yaml @@ -1,22 +1,27 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 -- ../env/gcp + # Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 + - ../env/gcp + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # Used by Kustomize configMapGenerator: -- name: pipeline-install-config - env: params.env - behavior: merge + - name: pipeline-install-config + env: params.env + behavior: merge + secretGenerator: -- name: mysql-secret - env: params-db-secret.env - behavior: merge + - name: mysql-secret + env: params-db-secret.env + behavior: merge + # !!! If you want to customize the namespace, # please also update sample/params.env and sample/cluster-scoped-resources/params.env namespace: kubeflow From 50f2ff5107ac7b9ff975be5653d9f924c9231218 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Thu, 11 Jun 2020 16:24:47 +0800 Subject: [PATCH 04/45] Minio v3 manifests --- .../minio/installs/gcp-pd/kustomization.yaml | 32 +++++++++++++++++++ pipeline/minio/installs/gcp-pd/params.env | 2 ++ pipeline/minio/installs/gcp-pd/params.yaml | 7 ++++ .../gcp-pd/persistent-volume-claim.yaml | 7 ++++ .../installs/gcp-pd/persistent-volume.yaml | 12 +++++++ .../overlays/application/application.yaml | 4 --- 6 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 pipeline/minio/installs/gcp-pd/kustomization.yaml create mode 100644 pipeline/minio/installs/gcp-pd/params.env create mode 100644 pipeline/minio/installs/gcp-pd/params.yaml create mode 100644 pipeline/minio/installs/gcp-pd/persistent-volume-claim.yaml create mode 100644 pipeline/minio/installs/gcp-pd/persistent-volume.yaml diff --git a/pipeline/minio/installs/gcp-pd/kustomization.yaml b/pipeline/minio/installs/gcp-pd/kustomization.yaml new file mode 100644 index 0000000000..a398da6a20 --- /dev/null +++ b/pipeline/minio/installs/gcp-pd/kustomization.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../../../upstream/env/platform-agnostic/minio/ +- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder +- persistent-volume.yaml +- ../../overlays/application/application.yaml +patchesStrategicMerge: +- persistent-volume-claim.yaml +configMapGenerator: +- name: pipeline-minio-parameters + env: params.env +vars: +- name: kfpMinioPd + objref: + kind: ConfigMap + name: pipeline-minio-parameters + apiVersion: v1 + fieldref: + fieldpath: data.minioPd +- name: kfpMinioPvName + objref: + kind: ConfigMap + name: pipeline-minio-parameters + apiVersion: v1 + fieldref: + fieldpath: data.minioPvName +configurations: +- params.yaml diff --git a/pipeline/minio/installs/gcp-pd/params.env b/pipeline/minio/installs/gcp-pd/params.env new file mode 100644 index 0000000000..01ef555902 --- /dev/null +++ b/pipeline/minio/installs/gcp-pd/params.env @@ -0,0 +1,2 @@ +minioPd=dls-kf-storage-artifact-store +minioPvName=minio-pv diff --git a/pipeline/minio/installs/gcp-pd/params.yaml b/pipeline/minio/installs/gcp-pd/params.yaml new file mode 100644 index 0000000000..1ab95dad13 --- /dev/null +++ b/pipeline/minio/installs/gcp-pd/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/gcePersistentDisk/pdName + kind: PersistentVolume +- path: metadata/name + kind: PersistentVolume +- path: spec/volumeName + kind: PersistentVolumeClaim diff --git a/pipeline/minio/installs/gcp-pd/persistent-volume-claim.yaml b/pipeline/minio/installs/gcp-pd/persistent-volume-claim.yaml new file mode 100644 index 0000000000..9199ac3b7c --- /dev/null +++ b/pipeline/minio/installs/gcp-pd/persistent-volume-claim.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + volumeName: $(kfpMinioPvName) + storageClassName: "" diff --git a/pipeline/minio/installs/gcp-pd/persistent-volume.yaml b/pipeline/minio/installs/gcp-pd/persistent-volume.yaml new file mode 100644 index 0000000000..6d03736090 --- /dev/null +++ b/pipeline/minio/installs/gcp-pd/persistent-volume.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: $(kfpMinioPvName) +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + gcePersistentDisk: + pdName: $(kfpMinioPd) + fsType: ext4 diff --git a/pipeline/minio/overlays/application/application.yaml b/pipeline/minio/overlays/application/application.yaml index 8940b33771..1ed386fc7e 100644 --- a/pipeline/minio/overlays/application/application.yaml +++ b/pipeline/minio/overlays/application/application.yaml @@ -24,8 +24,4 @@ spec: selector: matchLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 From b2cc166e318df3949111882ed448ebb7f596e227 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Thu, 11 Jun 2020 16:52:48 +0800 Subject: [PATCH 05/45] Rename minio configmap --- pipeline/minio/installs/gcp-pd/kustomization.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pipeline/minio/installs/gcp-pd/kustomization.yaml b/pipeline/minio/installs/gcp-pd/kustomization.yaml index a398da6a20..b8f0dbe47c 100644 --- a/pipeline/minio/installs/gcp-pd/kustomization.yaml +++ b/pipeline/minio/installs/gcp-pd/kustomization.yaml @@ -11,20 +11,20 @@ resources: patchesStrategicMerge: - persistent-volume-claim.yaml configMapGenerator: -- name: pipeline-minio-parameters +- name: pipeline-minio-install-config env: params.env vars: - name: kfpMinioPd objref: kind: ConfigMap - name: pipeline-minio-parameters + name: pipeline-minio-install-config apiVersion: v1 fieldref: fieldpath: data.minioPd - name: kfpMinioPvName objref: kind: ConfigMap - name: pipeline-minio-parameters + name: pipeline-minio-install-config apiVersion: v1 fieldref: fieldpath: data.minioPvName From f33ea93f07e3f7a2924dac75347d9d98dffbb11c Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 10:11:43 +0800 Subject: [PATCH 06/45] Add generic minio install --- pipeline/minio/installs/generic/kustomization.yaml | 9 +++++++++ stacks/generic/kustomization.yaml | 1 + 2 files changed, 10 insertions(+) create mode 100644 pipeline/minio/installs/generic/kustomization.yaml diff --git a/pipeline/minio/installs/generic/kustomization.yaml b/pipeline/minio/installs/generic/kustomization.yaml new file mode 100644 index 0000000000..4d35016acf --- /dev/null +++ b/pipeline/minio/installs/generic/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../../../upstream/env/platform-agnostic/minio/ +- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder +- ../../overlays/application/application.yaml diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index 58c4fa37b9..0591c16fc7 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -16,6 +16,7 @@ resources: - ../../tf-training/tf-job-crds/overlays/application - ../../tf-training/tf-job-operator/overlays/application - ../../argo/base_v3 + - ../../pipeline/minio/installs/generic # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base configMapGenerator: From 6151fe9f4a0c48a8a256227232b3a31be7cca831 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 10:12:21 +0800 Subject: [PATCH 07/45] Generate new test data --- .../app.k8s.io_v1beta1_application_minio.yaml | 31 +++++++++++++ .../expected/apps_v1_deployment_minio.yaml | 45 +++++++++++++++++++ ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 14 ++++++ ...g_v1_secret_mlpipeline-minio-artifact.yaml | 12 +++++ .../expected/~g_v1_service_minio-service.yaml | 17 +++++++ .../app.k8s.io_v1beta1_application_minio.yaml | 31 +++++++++++++ .../expected/apps_v1_deployment_minio.yaml | 45 +++++++++++++++++++ ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 14 ++++++ ...g_v1_secret_mlpipeline-minio-artifact.yaml | 12 +++++ .../expected/~g_v1_service_minio-service.yaml | 17 +++++++ 10 files changed, 238 insertions(+) create mode 100644 tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..9f643baeba --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..0dd8344034 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..626f8bf50b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..9f643baeba --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..0dd8344034 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..626f8bf50b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio From d396143d18016a5b0c0db5cd941524663f3eaf8a Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 11:15:51 +0800 Subject: [PATCH 08/45] Mysql kustomize v3 manifest - generic install --- pipeline/mysql/installs/generic/kustomization.yaml | 13 +++++++++++++ .../mysql/overlays/application/application.yaml | 4 ---- stacks/generic/kustomization.yaml | 1 + 3 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 pipeline/mysql/installs/generic/kustomization.yaml diff --git a/pipeline/mysql/installs/generic/kustomization.yaml b/pipeline/mysql/installs/generic/kustomization.yaml new file mode 100644 index 0000000000..e596802c55 --- /dev/null +++ b/pipeline/mysql/installs/generic/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../../../upstream/env/platform-agnostic/mysql +- ../../overlays/application/application.yaml +images: +- name: gcr.io/ml-pipeline/mysql + newTag: '5.6' + newName: gcr.io/ml-pipeline/mysql diff --git a/pipeline/mysql/overlays/application/application.yaml b/pipeline/mysql/overlays/application/application.yaml index fc2f482aa4..a3b76126f1 100644 --- a/pipeline/mysql/overlays/application/application.yaml +++ b/pipeline/mysql/overlays/application/application.yaml @@ -24,8 +24,4 @@ spec: selector: matchLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index 0591c16fc7..c97b9d03f1 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -17,6 +17,7 @@ resources: - ../../tf-training/tf-job-operator/overlays/application - ../../argo/base_v3 - ../../pipeline/minio/installs/generic + - ../../pipeline/mysql/installs/generic # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base configMapGenerator: From 2544716e74fd18a27bb41b272f65546497c5fbf9 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 12:02:40 +0800 Subject: [PATCH 09/45] Add mysql gcp pd install --- .../mysql/installs/gcp-pd/kustomization.yaml | 37 +++++++++++++++++++ pipeline/mysql/installs/gcp-pd/params.env | 2 + pipeline/mysql/installs/gcp-pd/params.yaml | 7 ++++ .../gcp-pd/persistent-volume-claim.yaml | 7 ++++ .../installs/gcp-pd/persistent-volume.yaml | 12 ++++++ 5 files changed, 65 insertions(+) create mode 100644 pipeline/mysql/installs/gcp-pd/kustomization.yaml create mode 100644 pipeline/mysql/installs/gcp-pd/params.env create mode 100644 pipeline/mysql/installs/gcp-pd/params.yaml create mode 100644 pipeline/mysql/installs/gcp-pd/persistent-volume-claim.yaml create mode 100644 pipeline/mysql/installs/gcp-pd/persistent-volume.yaml diff --git a/pipeline/mysql/installs/gcp-pd/kustomization.yaml b/pipeline/mysql/installs/gcp-pd/kustomization.yaml new file mode 100644 index 0000000000..9ef5548410 --- /dev/null +++ b/pipeline/mysql/installs/gcp-pd/kustomization.yaml @@ -0,0 +1,37 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../../../upstream/env/platform-agnostic/mysql +- ../../overlays/application/application.yaml +- persistent-volume.yaml +patchesStrategicMerge: +- persistent-volume-claim.yaml +images: +- name: gcr.io/ml-pipeline/mysql + newTag: '5.6' + newName: gcr.io/ml-pipeline/mysql +configMapGenerator: +- name: pipeline-mysql-install-config + env: params.env +vars: +- name: kfpMysqlPd + objref: + kind: ConfigMap + name: pipeline-mysql-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPd +- name: kfpMysqlPvName + objref: + kind: ConfigMap + name: pipeline-mysql-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPvName +configurations: +- params.yaml + diff --git a/pipeline/mysql/installs/gcp-pd/params.env b/pipeline/mysql/installs/gcp-pd/params.env new file mode 100644 index 0000000000..eb050bdc5f --- /dev/null +++ b/pipeline/mysql/installs/gcp-pd/params.env @@ -0,0 +1,2 @@ +mysqlPd=dls-kf-storage-metadata-store +mysqlPvName=mysql-pv diff --git a/pipeline/mysql/installs/gcp-pd/params.yaml b/pipeline/mysql/installs/gcp-pd/params.yaml new file mode 100644 index 0000000000..1ab95dad13 --- /dev/null +++ b/pipeline/mysql/installs/gcp-pd/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/gcePersistentDisk/pdName + kind: PersistentVolume +- path: metadata/name + kind: PersistentVolume +- path: spec/volumeName + kind: PersistentVolumeClaim diff --git a/pipeline/mysql/installs/gcp-pd/persistent-volume-claim.yaml b/pipeline/mysql/installs/gcp-pd/persistent-volume-claim.yaml new file mode 100644 index 0000000000..edbd96974e --- /dev/null +++ b/pipeline/mysql/installs/gcp-pd/persistent-volume-claim.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + storageClassName: "" + volumeName: $(kfpMysqlPvName) diff --git a/pipeline/mysql/installs/gcp-pd/persistent-volume.yaml b/pipeline/mysql/installs/gcp-pd/persistent-volume.yaml new file mode 100644 index 0000000000..fc40606d21 --- /dev/null +++ b/pipeline/mysql/installs/gcp-pd/persistent-volume.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: $(kfpMysqlPvName) +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + gcePersistentDisk: + pdName: $(kfpMysqlPd) + fsType: ext4 From 0a259a17727bc13b5a073cb7e54a4ca1ac133149 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 12:06:37 +0800 Subject: [PATCH 10/45] Generate test data --- .../app.k8s.io_v1beta1_application_mysql.yaml | 32 +++++++++++++++ .../expected/apps_v1_deployment_mysql.yaml | 40 +++++++++++++++++++ ..._persistentvolumeclaim_mysql-pv-claim.yaml | 15 +++++++ .../expected/~g_v1_service_mysql.yaml | 16 ++++++++ .../app.k8s.io_v1beta1_application_mysql.yaml | 32 +++++++++++++++ .../expected/apps_v1_deployment_mysql.yaml | 40 +++++++++++++++++++ ..._persistentvolumeclaim_mysql-pv-claim.yaml | 15 +++++++ .../expected/~g_v1_service_mysql.yaml | 16 ++++++++ 8 files changed, 206 insertions(+) create mode 100644 tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..bf0c560da5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..8b23a44b1e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..bf0c560da5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..8b23a44b1e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql From b364e0697fb3b6adddbd89e62a486758bebb9085 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 15:00:36 +0800 Subject: [PATCH 11/45] Pipelines kustomize v3 manifests --- pipeline/installs/generic/kustomization.yaml | 48 +++++++++++++++++++ .../installs/generic/params-db-secret.env | 2 + pipeline/installs/generic/params.env | 1 + .../mysql/installs/gcp-pd/kustomization.yaml | 1 + .../mysql/installs/generic/configmap.yaml | 10 ++++ .../mysql/installs/generic/kustomization.yaml | 1 + stacks/generic/kustomization.yaml | 1 + 7 files changed, 64 insertions(+) create mode 100644 pipeline/installs/generic/kustomization.yaml create mode 100644 pipeline/installs/generic/params-db-secret.env create mode 100644 pipeline/installs/generic/params.env create mode 100644 pipeline/mysql/installs/generic/configmap.yaml diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml new file mode 100644 index 0000000000..6cef59e599 --- /dev/null +++ b/pipeline/installs/generic/kustomization.yaml @@ -0,0 +1,48 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../upstream/base/pipeline/cluster-scoped +- ../../upstream/base/pipeline +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/frontend + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/visualization-server + newTag: 1.0.0-rc.1 +# TODO: include metadata writer +# - name: gcr.io/ml-pipeline/metadata-writer +# newTag: 1.0.0-rc.1 +# TODO: include cache server +# - name: gcr.io/ml-pipeline/cache-server +# newTag: 1.0.0-rc.1 +# - name: gcr.io/ml-pipeline/cache-deployer +# newTag: 1.0.0-rc.1 +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + env: params.env +secretGenerator: +- name: mysql-secret + env: params-db-secret.env +vars: +- name: NAMESPACE + objref: + kind: Deployment + apiVersion: apps/v1 + name: ml-pipeline + fieldref: + fieldpath: metadata.namespace +- name: BUCKET_NAME + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.bucketName diff --git a/pipeline/installs/generic/params-db-secret.env b/pipeline/installs/generic/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/installs/generic/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/installs/generic/params.env b/pipeline/installs/generic/params.env new file mode 100644 index 0000000000..4db50518bc --- /dev/null +++ b/pipeline/installs/generic/params.env @@ -0,0 +1 @@ +bucketName=mlpipeline diff --git a/pipeline/mysql/installs/gcp-pd/kustomization.yaml b/pipeline/mysql/installs/gcp-pd/kustomization.yaml index 9ef5548410..bb74d22600 100644 --- a/pipeline/mysql/installs/gcp-pd/kustomization.yaml +++ b/pipeline/mysql/installs/gcp-pd/kustomization.yaml @@ -8,6 +8,7 @@ resources: - ../../../upstream/env/platform-agnostic/mysql - ../../overlays/application/application.yaml - persistent-volume.yaml +- ../generic/configmap.yaml patchesStrategicMerge: - persistent-volume-claim.yaml images: diff --git a/pipeline/mysql/installs/generic/configmap.yaml b/pipeline/mysql/installs/generic/configmap.yaml new file mode 100644 index 0000000000..2fd3f6e9b1 --- /dev/null +++ b/pipeline/mysql/installs/generic/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mysql-configmap +data: + host: mysql + port: "3306" + mlmd_db: metadb + cache_db: cachedb + pipeline_db: mlpipeline diff --git a/pipeline/mysql/installs/generic/kustomization.yaml b/pipeline/mysql/installs/generic/kustomization.yaml index e596802c55..01608511b4 100644 --- a/pipeline/mysql/installs/generic/kustomization.yaml +++ b/pipeline/mysql/installs/generic/kustomization.yaml @@ -7,6 +7,7 @@ commonLabels: resources: - ../../../upstream/env/platform-agnostic/mysql - ../../overlays/application/application.yaml +- ./configmap.yaml images: - name: gcr.io/ml-pipeline/mysql newTag: '5.6' diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index c97b9d03f1..70c72c5cba 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -18,6 +18,7 @@ resources: - ../../argo/base_v3 - ../../pipeline/minio/installs/generic - ../../pipeline/mysql/installs/generic + - ../../pipeline/installs/generic # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base configMapGenerator: From 2f59319fe1d6e2b0434b3063cb34ce06a5089a65 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 15:22:32 +0800 Subject: [PATCH 12/45] Add kfp ui virtual service --- pipeline/installs/generic/kustomization.yaml | 32 +++++++++++++++---- pipeline/installs/generic/params.env | 1 + pipeline/installs/generic/params.yaml | 3 ++ .../installs/generic/virtual-service.yaml | 21 ++++++++++++ 4 files changed, 50 insertions(+), 7 deletions(-) create mode 100644 pipeline/installs/generic/params.yaml create mode 100644 pipeline/installs/generic/virtual-service.yaml diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index 6cef59e599..b51121f74f 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - ../../upstream/base/pipeline/cluster-scoped - ../../upstream/base/pipeline +- virtual-service.yaml images: - name: gcr.io/ml-pipeline/api-server newTag: 1.0.0-rc.1 @@ -32,13 +33,7 @@ secretGenerator: - name: mysql-secret env: params-db-secret.env vars: -- name: NAMESPACE - objref: - kind: Deployment - apiVersion: apps/v1 - name: ml-pipeline - fieldref: - fieldpath: metadata.namespace +# TODO: replace BUCKET_NAME with a configmap value reference - name: BUCKET_NAME objref: kind: ConfigMap @@ -46,3 +41,26 @@ vars: apiVersion: v1 fieldref: fieldpath: data.bucketName +- name: KFP_UI_CLUSTER_DOMAIN + objref: + kind: ConfigMap + name: pipeline-install-config + version: v1 + fieldref: + fieldpath: data.uiClusterDomain +- name: KFP_UI_NAMESPACE + objref: + kind: Service + name: ml-pipeline-ui + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace +- name: KFP_UI_SERVICE + objref: + kind: Service + name: ml-pipeline-ui + apiVersion: v1 + fieldref: + fieldpath: metadata.name +configurations: +- params.yaml diff --git a/pipeline/installs/generic/params.env b/pipeline/installs/generic/params.env index 4db50518bc..d4ab350f5f 100644 --- a/pipeline/installs/generic/params.env +++ b/pipeline/installs/generic/params.env @@ -1 +1,2 @@ bucketName=mlpipeline +uiClusterDomain=cluster.local diff --git a/pipeline/installs/generic/params.yaml b/pipeline/installs/generic/params.yaml new file mode 100644 index 0000000000..eea869e0d4 --- /dev/null +++ b/pipeline/installs/generic/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/pipeline/installs/generic/virtual-service.yaml b/pipeline/installs/generic/virtual-service.yaml new file mode 100644 index 0000000000..cb0a495d55 --- /dev/null +++ b/pipeline/installs/generic/virtual-service.yaml @@ -0,0 +1,21 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: $(KFP_UI_SERVICE).$(KFP_UI_NAMESPACE).svc.$(KFP_UI_CLUSTER_DOMAIN) + port: + number: 80 + timeout: 300s From 569c6401b81e41382229e7eca3638be39a01c3b0 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 15:41:36 +0800 Subject: [PATCH 13/45] Add metadata deployment to stacks/generic --- stacks/generic/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index 70c72c5cba..b3bf34b887 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -19,6 +19,7 @@ resources: - ../../pipeline/minio/installs/generic - ../../pipeline/mysql/installs/generic - ../../pipeline/installs/generic + - ../../metadata/v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base configMapGenerator: From a3e5c3a552bf1b79b7963c43db75edf28c245c06 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 15:54:46 +0800 Subject: [PATCH 14/45] Use common cluster domain --- pipeline/installs/generic/kustomization.yaml | 7 ------- pipeline/installs/generic/params.env | 1 - pipeline/installs/generic/virtual-service.yaml | 2 +- 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index b51121f74f..b6d9224df0 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -41,13 +41,6 @@ vars: apiVersion: v1 fieldref: fieldpath: data.bucketName -- name: KFP_UI_CLUSTER_DOMAIN - objref: - kind: ConfigMap - name: pipeline-install-config - version: v1 - fieldref: - fieldpath: data.uiClusterDomain - name: KFP_UI_NAMESPACE objref: kind: Service diff --git a/pipeline/installs/generic/params.env b/pipeline/installs/generic/params.env index d4ab350f5f..4db50518bc 100644 --- a/pipeline/installs/generic/params.env +++ b/pipeline/installs/generic/params.env @@ -1,2 +1 @@ bucketName=mlpipeline -uiClusterDomain=cluster.local diff --git a/pipeline/installs/generic/virtual-service.yaml b/pipeline/installs/generic/virtual-service.yaml index cb0a495d55..6d0b707fe5 100644 --- a/pipeline/installs/generic/virtual-service.yaml +++ b/pipeline/installs/generic/virtual-service.yaml @@ -15,7 +15,7 @@ spec: uri: /pipeline route: - destination: - host: $(KFP_UI_SERVICE).$(KFP_UI_NAMESPACE).svc.$(KFP_UI_CLUSTER_DOMAIN) + host: $(KFP_UI_SERVICE).$(KFP_UI_NAMESPACE).svc.$(clusterDomain) port: number: 80 timeout: 300s From cfda2d95449eb7b95a8c983a0d09c83c5c69c683 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 15:58:39 +0800 Subject: [PATCH 15/45] Deploy metadata writer --- pipeline/installs/generic/kustomization.yaml | 6 +++--- pipeline/metadata-writer/base_v3/kustomization.yaml | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 pipeline/metadata-writer/base_v3/kustomization.yaml diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index b6d9224df0..c5d69b9987 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -4,6 +4,7 @@ resources: - ../../upstream/base/pipeline/cluster-scoped - ../../upstream/base/pipeline - virtual-service.yaml +- ../../metadata-writer/base_v3 images: - name: gcr.io/ml-pipeline/api-server newTag: 1.0.0-rc.1 @@ -17,9 +18,8 @@ images: newTag: 1.0.0-rc.1 - name: gcr.io/ml-pipeline/visualization-server newTag: 1.0.0-rc.1 -# TODO: include metadata writer -# - name: gcr.io/ml-pipeline/metadata-writer -# newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.0.0-rc.1 # TODO: include cache server # - name: gcr.io/ml-pipeline/cache-server # newTag: 1.0.0-rc.1 diff --git a/pipeline/metadata-writer/base_v3/kustomization.yaml b/pipeline/metadata-writer/base_v3/kustomization.yaml new file mode 100644 index 0000000000..75bcc9e395 --- /dev/null +++ b/pipeline/metadata-writer/base_v3/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../upstream/base/metadata/metadata-writer-deployment.yaml + - ../../upstream/base/metadata/metadata-writer-role.yaml + - ../../upstream/base/metadata/metadata-writer-rolebinding.yaml + - ../../upstream/base/metadata/metadata-writer-sa.yaml From 0a4770bb7c79a3a54388b6247c6718101db2694e Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 16:35:14 +0800 Subject: [PATCH 16/45] Add kfp cache server --- pipeline/cache/base_v3/cluster-role-binding.yaml | 11 +++++++++++ pipeline/cache/base_v3/kustomization.yaml | 8 ++++++++ pipeline/installs/generic/kustomization.yaml | 10 +++++----- 3 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 pipeline/cache/base_v3/cluster-role-binding.yaml create mode 100644 pipeline/cache/base_v3/kustomization.yaml diff --git a/pipeline/cache/base_v3/cluster-role-binding.yaml b/pipeline/cache/base_v3/cluster-role-binding.yaml new file mode 100644 index 0000000000..8391746377 --- /dev/null +++ b/pipeline/cache/base_v3/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/cache/base_v3/kustomization.yaml b/pipeline/cache/base_v3/kustomization.yaml new file mode 100644 index 0000000000..1b2efb9437 --- /dev/null +++ b/pipeline/cache/base_v3/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml +- cluster-role-binding.yaml +- ../../upstream/base/cache-deployer +- ../../upstream/base/cache diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index c5d69b9987..12247de6c6 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ../../upstream/base/pipeline - virtual-service.yaml - ../../metadata-writer/base_v3 +- ../../cache/base_v3 images: - name: gcr.io/ml-pipeline/api-server newTag: 1.0.0-rc.1 @@ -20,11 +21,10 @@ images: newTag: 1.0.0-rc.1 - name: gcr.io/ml-pipeline/metadata-writer newTag: 1.0.0-rc.1 -# TODO: include cache server -# - name: gcr.io/ml-pipeline/cache-server -# newTag: 1.0.0-rc.1 -# - name: gcr.io/ml-pipeline/cache-deployer -# newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-server + newTag: 1.0.0-rc.1 +- name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.0.0-rc.1 # Used by Kustomize configMapGenerator: - name: pipeline-install-config From 7907d068766b405e4f3c25d6d44a2acd7332fb52 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 12 Jun 2020 17:04:27 +0800 Subject: [PATCH 17/45] Update test data --- ...ition_scheduledworkflows.kubeflow.org.yaml | 18 ++++ ...sourcedefinition_viewers.kubeflow.org.yaml | 18 ++++ ..._deployment_cache-deployer-deployment.yaml | 30 +++++++ .../apps_v1_deployment_cache-server.yaml | 73 ++++++++++++++++ .../apps_v1_deployment_metadata-db.yaml | 53 ++++++++++++ ...pps_v1_deployment_metadata-deployment.yaml | 61 ++++++++++++++ ..._deployment_metadata-envoy-deployment.yaml | 30 +++++++ ...1_deployment_metadata-grpc-deployment.yaml | 44 ++++++++++ .../apps_v1_deployment_metadata-ui.yaml | 29 +++++++ .../apps_v1_deployment_metadata-writer.yaml | 26 ++++++ ...ployment_ml-pipeline-persistenceagent.yaml | 26 ++++++ ...loyment_ml-pipeline-scheduledworkflow.yaml | 26 ++++++ .../apps_v1_deployment_ml-pipeline-ui.yaml | 54 ++++++++++++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 28 +++++++ ...yment_ml-pipeline-visualizationserver.yaml | 48 +++++++++++ .../apps_v1_deployment_ml-pipeline.yaml | 84 +++++++++++++++++++ ...v1alpha3_virtualservice_metadata-grpc.yaml | 22 +++++ ...o_v1alpha3_virtualservice_metadata-ui.yaml | 22 +++++ ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 22 +++++ ...-pipelines-cache-deployer-clusterrole.yaml | 24 ++++++ ...nes-cache-deployer-clusterrolebinding.yaml | 12 +++ ...ubeflow-pipelines-cache-deployer-role.yaml | 16 ++++ ...v1_role_kubeflow-pipelines-cache-role.yaml | 34 ++++++++ ...beflow-pipelines-metadata-writer-role.yaml | 34 ++++++++ ...ole_ml-pipeline-persistenceagent-role.yaml | 22 +++++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 39 +++++++++ ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 47 +++++++++++ ...le_ml-pipeline-viewer-controller-role.yaml | 31 +++++++ ...horization.k8s.io_v1_role_ml-pipeline.yaml | 39 +++++++++ ...zation.k8s.io_v1_role_pipeline-runner.yaml | 81 ++++++++++++++++++ ...ding_kubeflow-pipelines-cache-binding.yaml | 13 +++ ...-pipelines-cache-deployer-rolebinding.yaml | 13 +++ ...low-pipelines-metadata-writer-binding.yaml | 13 +++ ..._ml-pipeline-persistenceagent-binding.yaml | 13 +++ ...ml-pipeline-scheduledworkflow-binding.yaml | 13 +++ ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 15 ++++ ...inding_ml-pipeline-viewer-crd-binding.yaml | 13 +++ ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 15 ++++ ...1_rolebinding_pipeline-runner-binding.yaml | 13 +++ ...ation.k8s.io_v1beta1_role_metadata-ui.yaml | 28 +++++++ ...8s.io_v1beta1_rolebinding_metadata-ui.yaml | 16 ++++ ...g_v1_configmap_metadata-db-parameters.yaml | 11 +++ ..._v1_configmap_metadata-grpc-configmap.yaml | 10 +++ ...g_v1_configmap_metadata-ui-parameters.yaml | 9 ++ .../~g_v1_configmap_mysql-configmap.yaml | 15 ++++ ...ap_pipeline-install-config-c5fcmd5mmk.yaml | 7 ++ ..._persistentvolumeclaim_metadata-mysql.yaml | 13 +++ .../~g_v1_secret_metadata-db-secrets.yaml | 11 +++ .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 9 ++ .../expected/~g_v1_service_cache-server.yaml | 11 +++ .../expected/~g_v1_service_metadata-db.yaml | 17 ++++ .../~g_v1_service_metadata-envoy-service.yaml | 17 ++++ .../~g_v1_service_metadata-grpc-service.yaml | 17 ++++ .../~g_v1_service_metadata-service.yaml | 17 ++++ .../expected/~g_v1_service_metadata-ui.yaml | 15 ++++ .../~g_v1_service_ml-pipeline-ui.yaml | 13 +++ ...rvice_ml-pipeline-visualizationserver.yaml | 13 +++ .../expected/~g_v1_service_ml-pipeline.yaml | 17 ++++ ..._kubeflow-pipelines-cache-deployer-sa.yaml | 5 ++ ...rviceaccount_kubeflow-pipelines-cache.yaml | 5 ++ ..._kubeflow-pipelines-container-builder.yaml | 5 ++ ...nt_kubeflow-pipelines-metadata-writer.yaml | 5 ++ .../~g_v1_serviceaccount_metadata-ui.yaml | 7 ++ ...eaccount_ml-pipeline-persistenceagent.yaml | 5 ++ ...account_ml-pipeline-scheduledworkflow.yaml | 5 ++ .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 5 ++ ...l-pipeline-viewer-crd-service-account.yaml | 5 ++ ...count_ml-pipeline-visualizationserver.yaml | 5 ++ .../~g_v1_serviceaccount_ml-pipeline.yaml | 5 ++ .../~g_v1_serviceaccount_pipeline-runner.yaml | 5 ++ ...ition_scheduledworkflows.kubeflow.org.yaml | 18 ++++ ...sourcedefinition_viewers.kubeflow.org.yaml | 18 ++++ ..._deployment_cache-deployer-deployment.yaml | 30 +++++++ .../apps_v1_deployment_cache-server.yaml | 73 ++++++++++++++++ .../apps_v1_deployment_metadata-db.yaml | 53 ++++++++++++ ...pps_v1_deployment_metadata-deployment.yaml | 61 ++++++++++++++ ..._deployment_metadata-envoy-deployment.yaml | 30 +++++++ ...1_deployment_metadata-grpc-deployment.yaml | 44 ++++++++++ .../apps_v1_deployment_metadata-ui.yaml | 29 +++++++ .../apps_v1_deployment_metadata-writer.yaml | 26 ++++++ ...ployment_ml-pipeline-persistenceagent.yaml | 26 ++++++ ...loyment_ml-pipeline-scheduledworkflow.yaml | 26 ++++++ .../apps_v1_deployment_ml-pipeline-ui.yaml | 54 ++++++++++++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 28 +++++++ ...yment_ml-pipeline-visualizationserver.yaml | 48 +++++++++++ .../apps_v1_deployment_ml-pipeline.yaml | 84 +++++++++++++++++++ ...v1alpha3_virtualservice_metadata-grpc.yaml | 22 +++++ ...o_v1alpha3_virtualservice_metadata-ui.yaml | 22 +++++ ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 22 +++++ ...-pipelines-cache-deployer-clusterrole.yaml | 24 ++++++ ...nes-cache-deployer-clusterrolebinding.yaml | 12 +++ ...ubeflow-pipelines-cache-deployer-role.yaml | 16 ++++ ...v1_role_kubeflow-pipelines-cache-role.yaml | 34 ++++++++ ...beflow-pipelines-metadata-writer-role.yaml | 34 ++++++++ ...ole_ml-pipeline-persistenceagent-role.yaml | 22 +++++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 39 +++++++++ ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 47 +++++++++++ ...le_ml-pipeline-viewer-controller-role.yaml | 31 +++++++ ...horization.k8s.io_v1_role_ml-pipeline.yaml | 39 +++++++++ ...zation.k8s.io_v1_role_pipeline-runner.yaml | 81 ++++++++++++++++++ ...ding_kubeflow-pipelines-cache-binding.yaml | 13 +++ ...-pipelines-cache-deployer-rolebinding.yaml | 13 +++ ...low-pipelines-metadata-writer-binding.yaml | 13 +++ ..._ml-pipeline-persistenceagent-binding.yaml | 13 +++ ...ml-pipeline-scheduledworkflow-binding.yaml | 13 +++ ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 15 ++++ ...inding_ml-pipeline-viewer-crd-binding.yaml | 13 +++ ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 15 ++++ ...1_rolebinding_pipeline-runner-binding.yaml | 13 +++ ...ation.k8s.io_v1beta1_role_metadata-ui.yaml | 28 +++++++ ...8s.io_v1beta1_rolebinding_metadata-ui.yaml | 16 ++++ ...g_v1_configmap_metadata-db-parameters.yaml | 11 +++ ..._v1_configmap_metadata-grpc-configmap.yaml | 10 +++ ...g_v1_configmap_metadata-ui-parameters.yaml | 9 ++ .../~g_v1_configmap_mysql-configmap.yaml | 15 ++++ ...ap_pipeline-install-config-c5fcmd5mmk.yaml | 7 ++ ..._persistentvolumeclaim_metadata-mysql.yaml | 13 +++ .../~g_v1_secret_metadata-db-secrets.yaml | 11 +++ .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 9 ++ .../expected/~g_v1_service_cache-server.yaml | 11 +++ .../expected/~g_v1_service_metadata-db.yaml | 17 ++++ .../~g_v1_service_metadata-envoy-service.yaml | 17 ++++ .../~g_v1_service_metadata-grpc-service.yaml | 17 ++++ .../~g_v1_service_metadata-service.yaml | 17 ++++ .../expected/~g_v1_service_metadata-ui.yaml | 15 ++++ .../~g_v1_service_ml-pipeline-ui.yaml | 13 +++ ...rvice_ml-pipeline-visualizationserver.yaml | 13 +++ .../expected/~g_v1_service_ml-pipeline.yaml | 17 ++++ ..._kubeflow-pipelines-cache-deployer-sa.yaml | 5 ++ ...rviceaccount_kubeflow-pipelines-cache.yaml | 5 ++ ..._kubeflow-pipelines-container-builder.yaml | 5 ++ ...nt_kubeflow-pipelines-metadata-writer.yaml | 5 ++ .../~g_v1_serviceaccount_metadata-ui.yaml | 7 ++ ...eaccount_ml-pipeline-persistenceagent.yaml | 5 ++ ...account_ml-pipeline-scheduledworkflow.yaml | 5 ++ .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 5 ++ ...l-pipeline-viewer-crd-service-account.yaml | 5 ++ ...count_ml-pipeline-visualizationserver.yaml | 5 ++ .../~g_v1_serviceaccount_ml-pipeline.yaml | 5 ++ .../~g_v1_serviceaccount_pipeline-runner.yaml | 5 ++ 140 files changed, 3084 insertions(+) create mode 100644 tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..0a9b12ddbe --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.1 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..cfdfd8eb06 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cache_db + name: mysql-configmap + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: host + name: mysql-configmap + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: port + name: mysql-configmap + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.1 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..44ad98e9d8 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 0000000000..462f937f60 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 0000000000..f6f5c19dc9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..5d92f5dedc --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.1 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..41aae9bf0c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..54f4a15d1b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..ef94d68e80 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..e6db0a7f71 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.1 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..411aa8f07b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..ffc8bd782d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: mlpipeline + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipeline_db + name: mysql-configmap + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: host + name: mysql-configmap + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: port + name: mysql-configmap + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 0000000000..e888e4eafa --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..a4d16ceb65 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..d6fcfce7a0 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..70f3d41e36 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..160cf9ea6a --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..980ce39aee --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..d64ed61477 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..123822f5f3 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..c32d742aa9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..9770a49a31 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..e666a9e18d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..70dd95e964 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..ed98cee5d5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..aba290eebe --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..5eb0fe2494 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..84a4a4fbe5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..cf0a50fda8 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4378687932 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..a57eea89f4 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..0c17f98ca1 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..e75d2ecf13 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 0000000000..adbb844006 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 0000000000..1431841c38 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml new file mode 100644 index 0000000000..33e699f41c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + cache_db: cachedb + host: mysql + mlmd_db: metadb + pipeline_db: mlpipeline + port: "3306" +kind: ConfigMap +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-configmap + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml new file mode 100644 index 0000000000..a6f0bfbd10 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bucketName: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-c5fcmd5mmk + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..a3765c43ea --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..577a5067a0 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 0000000000..a16c797088 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 0000000000..72fa14f488 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + kustomize.component: metadata diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..5a8dc08dd9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..e5335f0516 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..408d80dc5a --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..0795171aed --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f19e4b2100 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..35bd75a84e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..4c30a4d63b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 0000000000..4b277b0557 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..47dbc68b67 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..41eb27ec1d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..0d70c90e4d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..f48dc88670 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..f0f541f8ad --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..3cc4d2a987 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..a9854a58ba --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..0a9b12ddbe --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.1 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..cfdfd8eb06 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cache_db + name: mysql-configmap + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: host + name: mysql-configmap + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: port + name: mysql-configmap + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.1 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..44ad98e9d8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 0000000000..462f937f60 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 0000000000..f6f5c19dc9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..5d92f5dedc --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.1 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..41aae9bf0c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..54f4a15d1b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..ef94d68e80 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..e6db0a7f71 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.1 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..411aa8f07b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..ffc8bd782d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: mlpipeline + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipeline_db + name: mysql-configmap + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: host + name: mysql-configmap + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: port + name: mysql-configmap + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 0000000000..e888e4eafa --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..a4d16ceb65 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..d6fcfce7a0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..70f3d41e36 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..160cf9ea6a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..980ce39aee --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..d64ed61477 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..123822f5f3 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..c32d742aa9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,47 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..9770a49a31 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..e666a9e18d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..70dd95e964 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..ed98cee5d5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..aba290eebe --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..5eb0fe2494 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..84a4a4fbe5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..cf0a50fda8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4378687932 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..a57eea89f4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..0c17f98ca1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..e75d2ecf13 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 0000000000..adbb844006 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 0000000000..1431841c38 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml new file mode 100644 index 0000000000..33e699f41c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + cache_db: cachedb + host: mysql + mlmd_db: metadb + pipeline_db: mlpipeline + port: "3306" +kind: ConfigMap +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml new file mode 100644 index 0000000000..a6f0bfbd10 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bucketName: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-c5fcmd5mmk + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..a3765c43ea --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..577a5067a0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 0000000000..a16c797088 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 0000000000..72fa14f488 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + kustomize.component: metadata diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..5a8dc08dd9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..e5335f0516 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..408d80dc5a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..0795171aed --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f19e4b2100 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..35bd75a84e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..4c30a4d63b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 0000000000..4b277b0557 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..47dbc68b67 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..41eb27ec1d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..0d70c90e4d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..f48dc88670 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..f0f541f8ad --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..3cc4d2a987 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..a9854a58ba --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow From d4b33b6a49b9394149be2e30dfde34a73b2ba2fc Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Mon, 15 Jun 2020 18:20:52 +0800 Subject: [PATCH 18/45] Enable KFP multi user mode without istio security --- .../api-service/cluster-role-binding.yaml | 11 + .../multi-user/api-service/cluster-role.yaml | 34 +++ .../api-service/deployment-patch.yaml | 12 + .../multi-user/api-service/kustomization.yaml | 8 + .../multi-user/api-service/params.env | 4 + .../installs/multi-user/kustomization.yaml | 14 + .../composite-controller.yaml | 43 +++ .../deployment.yaml | 24 ++ .../kustomization.yaml | 14 + .../pipelines-profile-controller/service.yaml | 10 + .../pipelines-profile-controller/sync.py | 258 ++++++++++++++++++ .../pipelines-ui/cluster-role-binding.yaml | 11 + .../multi-user/pipelines-ui/cluster-role.yaml | 41 +++ .../multi-user/pipelines-ui/configmap.yaml | 13 + .../pipelines-ui/deployment-patch.yaml | 30 ++ .../pipelines-ui/kustomization.yaml | 9 + .../cluster-role-binding.yaml | 11 + .../scheduled-workflow/cluster-role.yaml | 36 +++ .../scheduled-workflow/deployment-patch.yaml | 12 + .../scheduled-workflow/kustomization.yaml | 6 + .../viewer-crd-deployment-patch.yaml | 12 + stacks/generic/kustomization.yaml | 2 +- 22 files changed, 614 insertions(+), 1 deletion(-) create mode 100644 pipeline/installs/multi-user/api-service/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/api-service/cluster-role.yaml create mode 100644 pipeline/installs/multi-user/api-service/deployment-patch.yaml create mode 100644 pipeline/installs/multi-user/api-service/kustomization.yaml create mode 100644 pipeline/installs/multi-user/api-service/params.env create mode 100644 pipeline/installs/multi-user/kustomization.yaml create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/composite-controller.yaml create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/service.yaml create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/sync.py create mode 100644 pipeline/installs/multi-user/pipelines-ui/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml create mode 100644 pipeline/installs/multi-user/pipelines-ui/configmap.yaml create mode 100644 pipeline/installs/multi-user/pipelines-ui/deployment-patch.yaml create mode 100644 pipeline/installs/multi-user/pipelines-ui/kustomization.yaml create mode 100644 pipeline/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/scheduled-workflow/cluster-role.yaml create mode 100644 pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml create mode 100644 pipeline/installs/multi-user/scheduled-workflow/kustomization.yaml create mode 100644 pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/api-service/cluster-role-binding.yaml b/pipeline/installs/multi-user/api-service/cluster-role-binding.yaml new file mode 100644 index 0000000000..9927d3e100 --- /dev/null +++ b/pipeline/installs/multi-user/api-service/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline diff --git a/pipeline/installs/multi-user/api-service/cluster-role.yaml b/pipeline/installs/multi-user/api-service/cluster-role.yaml new file mode 100644 index 0000000000..a88f27ff9e --- /dev/null +++ b/pipeline/installs/multi-user/api-service/cluster-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete diff --git a/pipeline/installs/multi-user/api-service/deployment-patch.yaml b/pipeline/installs/multi-user/api-service/deployment-patch.yaml new file mode 100644 index 0000000000..25a4e686a6 --- /dev/null +++ b/pipeline/installs/multi-user/api-service/deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + envFrom: + - configMapRef: + name: pipeline-api-server-config diff --git a/pipeline/installs/multi-user/api-service/kustomization.yaml b/pipeline/installs/multi-user/api-service/kustomization.yaml new file mode 100644 index 0000000000..ce24f2ab36 --- /dev/null +++ b/pipeline/installs/multi-user/api-service/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role-binding.yaml +- cluster-role.yaml +configMapGenerator: +- name: pipeline-api-server-config + env: params.env diff --git a/pipeline/installs/multi-user/api-service/params.env b/pipeline/installs/multi-user/api-service/params.env new file mode 100644 index 0000000000..5bb1e0a3e9 --- /dev/null +++ b/pipeline/installs/multi-user/api-service/params.env @@ -0,0 +1,4 @@ +MULTIUSER=true +DEFAULTPIPELINERUNNERSERVICEACCOUNT=default-editor +VISUALIZATIONSERVICE_NAME=ml-pipeline-visualizationserver +VISUALIZATIONSERVICE_PORT=8888 diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml new file mode 100644 index 0000000000..c1c888e062 --- /dev/null +++ b/pipeline/installs/multi-user/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../generic +- api-service +- pipelines-ui +- pipelines-profile-controller +- scheduled-workflow +patchesStrategicMerge: +- api-service/deployment-patch.yaml +- pipelines-ui/deployment-patch.yaml +- viewer-crd-deployment-patch.yaml +- scheduled-workflow/deployment-patch.yaml diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/composite-controller.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/composite-controller.yaml new file mode 100644 index 0000000000..901d0787ac --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/composite-controller.yaml @@ -0,0 +1,43 @@ +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: profile-controller +spec: + generateSelector: true + resyncPeriodSeconds: 10 + parentResource: + apiVersion: v1 + resource: namespaces + childResources: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: serviceroles + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: servicerolebindings + updateStrategy: + method: InPlace + hooks: + sync: + webhook: + url: http://kubeflow-pipelines-profile-controller/sync diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml new file mode 100644 index 0000000000..50c62ca9d2 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: profile-controller +spec: + replicas: 1 + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - name: profile-controller + image: python:2.7 + command: ["python", "/hooks/sync.py"] + volumeMounts: + - name: hooks + mountPath: /hooks + ports: + - containerPort: 80 + volumes: + - name: hooks + configMap: + name: profile-controller diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml new file mode 100644 index 0000000000..0e1814f7b4 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +nameprefix: kubeflow-pipelines- +commonLabels: + app: kubeflow-pipelines-profile-controller +resources: +- service.yaml +- deployment.yaml +- composite-controller.yaml +configMapGenerator: +- name: profile-controller + files: + - sync.py diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/service.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/service.yaml new file mode 100644 index 0000000000..d4df4dc216 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: profile-controller +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/sync.py b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py new file mode 100644 index 0000000000..8cce485107 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py @@ -0,0 +1,258 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer +import json + + +class Controller(BaseHTTPRequestHandler): + def sync(self, parent, children): + # HACK: Currently using serving.kubeflow.org/inferenceservice to identify + # kubeflow user namespaces. + # TODO: let Kubeflow profile controller add a pipeline specific label to + # user namespaces and use that label instead. + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("serving.kubeflow.org/inferenceservice") + + if not pipeline_enabled: + return {"status": {}, "children": []} + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": \ + len(children["Secret.v1"]) == 1 and \ + len(children["ConfigMap.v1"]) == 1 and \ + len(children["Deployment.apps/v1"]) == 2 and \ + len(children["Service.v1"]) == 2 and \ + len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ + len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ + len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ + "True" or "False" + } + + # Generate the desired child object(s). + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + desired_resources = [ + { + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": "bWluaW8=", # base64 for minio + "secretkey": "bWluaW8xMjM=", # base64 for minio123 + }, + }, + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + "metadata-grpc-service.kubeflow", + "METADATA_GRPC_SERVICE_PORT": "8080", + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "spec": { + "containers": [{ + "image": + "gcr.io/ml-pipeline/visualization-server:0.5.1", + "imagePullPolicy": "IfNotPresent", + "name": "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRole", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "rules": [{ + "services": ["ml-pipeline-visualizationserver.*"] + }] + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRoleBinding", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "subjects": [{ + "properties": { + "source.principal": + "cluster.local/ns/kubeflow/sa/ml-pipeline" + } + }], + "roleRef": { + "kind": "ServiceRole", + "name": "ml-pipeline-visualizationserver" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + }, + "spec": { + "containers": [{ + "name": "ml-pipeline-ui-artifact", + "image": "gcr.io/ml-pipeline/frontend:0.5.1", + "imagePullPolicy": "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }] + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request', parent, desired_resources) + + return {"status": desired_status, "children": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.getheader("content-length")))) + desired = self.sync(observed["parent"], observed["children"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(json.dumps(desired)) + + +HTTPServer(("", 80), Controller).serve_forever() diff --git a/pipeline/installs/multi-user/pipelines-ui/cluster-role-binding.yaml b/pipeline/installs/multi-user/pipelines-ui/cluster-role-binding.yaml new file mode 100644 index 0000000000..3539ff107e --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-ui/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml b/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml new file mode 100644 index 0000000000..31fe809f3f --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml @@ -0,0 +1,41 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list diff --git a/pipeline/installs/multi-user/pipelines-ui/configmap.yaml b/pipeline/installs/multi-user/pipelines-ui/configmap.yaml new file mode 100644 index 0000000000..11f1f551bd --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-ui/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ml-pipeline-ui-configmap +data: + # Temporary workarounds: + # 1. Using default-editor because default-viewer isn't bound to workload identity + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "default-editor" + } + } diff --git a/pipeline/installs/multi-user/pipelines-ui/deployment-patch.yaml b/pipeline/installs/multi-user/pipelines-ui/deployment-patch.yaml new file mode 100644 index 0000000000..3ff5950b75 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-ui/deployment-patch.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-ui +spec: + template: + spec: + volumes: + - name: config-volume + configMap: + name: ml-pipeline-ui-configmap + containers: + - name: ml-pipeline-ui + env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: '80' + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: 'true' + - name: ENABLE_AUTHZ + value: 'true' + volumeMounts: + - name: config-volume + mountPath: /etc/config + readOnly: true diff --git a/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml b/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml new file mode 100644 index 0000000000..33ad4fc768 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-ui/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app: ml-pipeline-ui +resources: +- cluster-role.yaml +- cluster-role-binding.yaml +- configmap.yaml diff --git a/pipeline/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml b/pipeline/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml new file mode 100644 index 0000000000..0495d0017a --- /dev/null +++ b/pipeline/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/installs/multi-user/scheduled-workflow/cluster-role.yaml b/pipeline/installs/multi-user/scheduled-workflow/cluster-role.yaml new file mode 100644 index 0000000000..d08722c21e --- /dev/null +++ b/pipeline/installs/multi-user/scheduled-workflow/cluster-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml b/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml new file mode 100644 index 0000000000..5787312c4b --- /dev/null +++ b/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-scheduledworkflow +spec: + template: + spec: + containers: + - name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + value: '' # Empty namespace let viewer controller watch all namespaces diff --git a/pipeline/installs/multi-user/scheduled-workflow/kustomization.yaml b/pipeline/installs/multi-user/scheduled-workflow/kustomization.yaml new file mode 100644 index 0000000000..ad2710f336 --- /dev/null +++ b/pipeline/installs/multi-user/scheduled-workflow/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml b/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml new file mode 100644 index 0000000000..3fc7248703 --- /dev/null +++ b/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-viewer-crd +spec: + template: + spec: + containers: + - name: ml-pipeline-viewer-crd + env: + - name: NAMESPACE + value: '' # Empty namespace let viewer controller watch all namespaces diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index b3bf34b887..2a186f4a5b 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -18,7 +18,7 @@ resources: - ../../argo/base_v3 - ../../pipeline/minio/installs/generic - ../../pipeline/mysql/installs/generic - - ../../pipeline/installs/generic + - ../../pipeline/installs/multi-user - ../../metadata/v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base From 5530b2a78d62ff566f179931b1e903277bd3fb63 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Mon, 15 Jun 2020 20:05:10 +0800 Subject: [PATCH 19/45] Fix persistence agent watch namespace --- pipeline/installs/multi-user/kustomization.yaml | 3 ++- .../persistence-agent-deployment-patch.yaml | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml index c1c888e062..5af6dbf23b 100644 --- a/pipeline/installs/multi-user/kustomization.yaml +++ b/pipeline/installs/multi-user/kustomization.yaml @@ -10,5 +10,6 @@ resources: patchesStrategicMerge: - api-service/deployment-patch.yaml - pipelines-ui/deployment-patch.yaml -- viewer-crd-deployment-patch.yaml - scheduled-workflow/deployment-patch.yaml +- viewer-crd-deployment-patch.yaml +- persistence-agent-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml b/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml new file mode 100644 index 0000000000..bd8303f441 --- /dev/null +++ b/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline-persistenceagent +spec: + template: + spec: + containers: + - name: ml-pipeline-persistenceagent + env: + - name: NAMESPACE + value: '' From 97424f14a0ca39843afc52615bbb6aba18d6e517 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 16 Jun 2020 13:40:47 +0800 Subject: [PATCH 20/45] Fix namespace env for some deployments --- .../installs/multi-user/cache-deployment-patch.yaml | 13 +++++++++++++ pipeline/installs/multi-user/kustomization.yaml | 2 ++ .../metadata-writer-deployment-patch.yaml | 13 +++++++++++++ .../persistence-agent-deployment-patch.yaml | 1 + .../scheduled-workflow/deployment-patch.yaml | 1 + .../multi-user/viewer-crd-deployment-patch.yaml | 1 + 6 files changed, 31 insertions(+) create mode 100644 pipeline/installs/multi-user/cache-deployment-patch.yaml create mode 100644 pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/cache-deployment-patch.yaml b/pipeline/installs/multi-user/cache-deployment-patch.yaml new file mode 100644 index 0000000000..5f98ee136f --- /dev/null +++ b/pipeline/installs/multi-user/cache-deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server +spec: + template: + spec: + containers: + - name: server + env: + - name: NAMESPACE_TO_WATCH + value: '' + valueFrom: null diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml index 5af6dbf23b..af34f59b3b 100644 --- a/pipeline/installs/multi-user/kustomization.yaml +++ b/pipeline/installs/multi-user/kustomization.yaml @@ -13,3 +13,5 @@ patchesStrategicMerge: - scheduled-workflow/deployment-patch.yaml - viewer-crd-deployment-patch.yaml - persistence-agent-deployment-patch.yaml +- metadata-writer-deployment-patch.yaml +- cache-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml b/pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml new file mode 100644 index 0000000000..2babe9f43f --- /dev/null +++ b/pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer +spec: + template: + spec: + containers: + - name: main + env: + - name: NAMESPACE_TO_WATCH + value: '' + valueFrom: null diff --git a/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml b/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml index bd8303f441..1e165def42 100644 --- a/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml +++ b/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml @@ -10,3 +10,4 @@ spec: env: - name: NAMESPACE value: '' + valueFrom: null diff --git a/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml b/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml index 5787312c4b..ea35690d81 100644 --- a/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml +++ b/pipeline/installs/multi-user/scheduled-workflow/deployment-patch.yaml @@ -10,3 +10,4 @@ spec: env: - name: NAMESPACE value: '' # Empty namespace let viewer controller watch all namespaces + valueFrom: null # HACK: https://github.com/kubernetes-sigs/kustomize/issues/2606 diff --git a/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml b/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml index 3fc7248703..73e5d10506 100644 --- a/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml +++ b/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml @@ -10,3 +10,4 @@ spec: env: - name: NAMESPACE value: '' # Empty namespace let viewer controller watch all namespaces + valueFrom: null From 805d6da9237a4ca6acd3773792fc2ebe2181bcf5 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 16 Jun 2020 15:12:54 +0800 Subject: [PATCH 21/45] Fix cluster roles and bindings --- .../cache/cluster-role-binding.yaml | 11 +++++++ .../multi-user/cache/cluster-role.yaml | 31 +++++++++++++++++++ .../deployment-patch.yaml} | 0 .../multi-user/cache/kustomization.yaml | 5 +++ .../installs/multi-user/kustomization.yaml | 11 ++++--- .../metadata-writer/cluster-role-binding.yaml | 11 +++++++ .../metadata-writer/cluster-role.yaml | 31 +++++++++++++++++++ .../deployment-patch.yaml} | 0 .../metadata-writer/kustomization.yaml | 5 +++ .../cluster-role-binding.yaml | 11 +++++++ .../persistence-agent/cluster-role.yaml | 21 +++++++++++++ .../persistence-agent/kustomization.yaml | 5 +++ .../persistence-agent-deployment-patch.yaml | 0 .../cluster-role-binding.yaml | 11 +++++++ .../viewer-controller/cluster-role.yaml | 30 ++++++++++++++++++ .../deployment-patch.yaml} | 0 .../viewer-controller/kustomization.yaml | 5 +++ 17 files changed, 184 insertions(+), 4 deletions(-) create mode 100644 pipeline/installs/multi-user/cache/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/cache/cluster-role.yaml rename pipeline/installs/multi-user/{cache-deployment-patch.yaml => cache/deployment-patch.yaml} (100%) create mode 100644 pipeline/installs/multi-user/cache/kustomization.yaml create mode 100644 pipeline/installs/multi-user/metadata-writer/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/metadata-writer/cluster-role.yaml rename pipeline/installs/multi-user/{metadata-writer-deployment-patch.yaml => metadata-writer/deployment-patch.yaml} (100%) create mode 100644 pipeline/installs/multi-user/metadata-writer/kustomization.yaml create mode 100644 pipeline/installs/multi-user/persistence-agent/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/persistence-agent/cluster-role.yaml create mode 100644 pipeline/installs/multi-user/persistence-agent/kustomization.yaml rename pipeline/installs/multi-user/{ => persistence-agent}/persistence-agent-deployment-patch.yaml (100%) create mode 100644 pipeline/installs/multi-user/viewer-controller/cluster-role-binding.yaml create mode 100644 pipeline/installs/multi-user/viewer-controller/cluster-role.yaml rename pipeline/installs/multi-user/{viewer-crd-deployment-patch.yaml => viewer-controller/deployment-patch.yaml} (100%) create mode 100644 pipeline/installs/multi-user/viewer-controller/kustomization.yaml diff --git a/pipeline/installs/multi-user/cache/cluster-role-binding.yaml b/pipeline/installs/multi-user/cache/cluster-role-binding.yaml new file mode 100644 index 0000000000..4e80257c20 --- /dev/null +++ b/pipeline/installs/multi-user/cache/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache diff --git a/pipeline/installs/multi-user/cache/cluster-role.yaml b/pipeline/installs/multi-user/cache/cluster-role.yaml new file mode 100644 index 0000000000..e604367357 --- /dev/null +++ b/pipeline/installs/multi-user/cache/cluster-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/installs/multi-user/cache-deployment-patch.yaml b/pipeline/installs/multi-user/cache/deployment-patch.yaml similarity index 100% rename from pipeline/installs/multi-user/cache-deployment-patch.yaml rename to pipeline/installs/multi-user/cache/deployment-patch.yaml diff --git a/pipeline/installs/multi-user/cache/kustomization.yaml b/pipeline/installs/multi-user/cache/kustomization.yaml new file mode 100644 index 0000000000..b1f65469e1 --- /dev/null +++ b/pipeline/installs/multi-user/cache/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml index af34f59b3b..e3a4d06ca7 100644 --- a/pipeline/installs/multi-user/kustomization.yaml +++ b/pipeline/installs/multi-user/kustomization.yaml @@ -7,11 +7,14 @@ resources: - pipelines-ui - pipelines-profile-controller - scheduled-workflow +- persistence-agent +- cache +- metadata-writer patchesStrategicMerge: - api-service/deployment-patch.yaml - pipelines-ui/deployment-patch.yaml - scheduled-workflow/deployment-patch.yaml -- viewer-crd-deployment-patch.yaml -- persistence-agent-deployment-patch.yaml -- metadata-writer-deployment-patch.yaml -- cache-deployment-patch.yaml +- viewer-controller/deployment-patch.yaml +- persistence-agent/deployment-patch.yaml +- metadata-writer/deployment-patch.yaml +- cache/deployment-patch.yaml diff --git a/pipeline/installs/multi-user/metadata-writer/cluster-role-binding.yaml b/pipeline/installs/multi-user/metadata-writer/cluster-role-binding.yaml new file mode 100644 index 0000000000..605f1ff0df --- /dev/null +++ b/pipeline/installs/multi-user/metadata-writer/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/installs/multi-user/metadata-writer/cluster-role.yaml b/pipeline/installs/multi-user/metadata-writer/cluster-role.yaml new file mode 100644 index 0000000000..a6ec986725 --- /dev/null +++ b/pipeline/installs/multi-user/metadata-writer/cluster-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml b/pipeline/installs/multi-user/metadata-writer/deployment-patch.yaml similarity index 100% rename from pipeline/installs/multi-user/metadata-writer-deployment-patch.yaml rename to pipeline/installs/multi-user/metadata-writer/deployment-patch.yaml diff --git a/pipeline/installs/multi-user/metadata-writer/kustomization.yaml b/pipeline/installs/multi-user/metadata-writer/kustomization.yaml new file mode 100644 index 0000000000..b1f65469e1 --- /dev/null +++ b/pipeline/installs/multi-user/metadata-writer/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/pipeline/installs/multi-user/persistence-agent/cluster-role-binding.yaml b/pipeline/installs/multi-user/persistence-agent/cluster-role-binding.yaml new file mode 100644 index 0000000000..e030bd8a01 --- /dev/null +++ b/pipeline/installs/multi-user/persistence-agent/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/pipeline/installs/multi-user/persistence-agent/cluster-role.yaml b/pipeline/installs/multi-user/persistence-agent/cluster-role.yaml new file mode 100644 index 0000000000..b3053317b5 --- /dev/null +++ b/pipeline/installs/multi-user/persistence-agent/cluster-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/pipeline/installs/multi-user/persistence-agent/kustomization.yaml b/pipeline/installs/multi-user/persistence-agent/kustomization.yaml new file mode 100644 index 0000000000..b1f65469e1 --- /dev/null +++ b/pipeline/installs/multi-user/persistence-agent/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml diff --git a/pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml b/pipeline/installs/multi-user/persistence-agent/persistence-agent-deployment-patch.yaml similarity index 100% rename from pipeline/installs/multi-user/persistence-agent-deployment-patch.yaml rename to pipeline/installs/multi-user/persistence-agent/persistence-agent-deployment-patch.yaml diff --git a/pipeline/installs/multi-user/viewer-controller/cluster-role-binding.yaml b/pipeline/installs/multi-user/viewer-controller/cluster-role-binding.yaml new file mode 100644 index 0000000000..5e325bfc68 --- /dev/null +++ b/pipeline/installs/multi-user/viewer-controller/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/installs/multi-user/viewer-controller/cluster-role.yaml b/pipeline/installs/multi-user/viewer-controller/cluster-role.yaml new file mode 100644 index 0000000000..e2bca79710 --- /dev/null +++ b/pipeline/installs/multi-user/viewer-controller/cluster-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml b/pipeline/installs/multi-user/viewer-controller/deployment-patch.yaml similarity index 100% rename from pipeline/installs/multi-user/viewer-crd-deployment-patch.yaml rename to pipeline/installs/multi-user/viewer-controller/deployment-patch.yaml diff --git a/pipeline/installs/multi-user/viewer-controller/kustomization.yaml b/pipeline/installs/multi-user/viewer-controller/kustomization.yaml new file mode 100644 index 0000000000..b1f65469e1 --- /dev/null +++ b/pipeline/installs/multi-user/viewer-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role.yaml +- cluster-role-binding.yaml From 7c32e6fb99cfe8efced47374170c70c9d64446c6 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 16 Jun 2020 15:13:30 +0800 Subject: [PATCH 22/45] fix rename --- ...sistence-agent-deployment-patch.yaml => deployment-patch.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename pipeline/installs/multi-user/persistence-agent/{persistence-agent-deployment-patch.yaml => deployment-patch.yaml} (100%) diff --git a/pipeline/installs/multi-user/persistence-agent/persistence-agent-deployment-patch.yaml b/pipeline/installs/multi-user/persistence-agent/deployment-patch.yaml similarity index 100% rename from pipeline/installs/multi-user/persistence-agent/persistence-agent-deployment-patch.yaml rename to pipeline/installs/multi-user/persistence-agent/deployment-patch.yaml From 7bddf40fc99db6e2039ca6b7f7c08be3b944bb1d Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 16 Jun 2020 15:25:06 +0800 Subject: [PATCH 23/45] Fix pipelines ui role --- pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml b/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml index 31fe809f3f..dc352c941f 100644 --- a/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml +++ b/pipeline/installs/multi-user/pipelines-ui/cluster-role.yaml @@ -6,6 +6,7 @@ rules: - apiGroups: - "" resources: + - pods - pods/log verbs: - get From 88cc01b22965de1102f30ed216d2a79f6861f68a Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Wed, 17 Jun 2020 13:32:03 +0800 Subject: [PATCH 24/45] Updated kfp to rc2 --- hack/pull_kfp_upstream.sh | 2 +- pipeline/upstream/Kptfile | 4 +- .../argo/workflow-controller-configmap.yaml | 6 +- .../cache-deployer-clusterrolebinding.yaml | 2 +- .../cache-deployer-sa.yaml | 2 +- .../cluster-scoped/kustomization.yaml | 4 ++ .../base/cache-deployer/kustomization.yaml | 2 - .../upstream/base/cache/cache-deployment.yaml | 12 ++-- pipeline/upstream/base/kustomization.yaml | 63 +++++-------------- .../metadata/metadata-grpc-deployment.yaml | 12 ++-- .../upstream/base/mysql/kustomization.yaml | 5 -- .../upstream/base/mysql/mysql-configmap.yaml | 10 --- pipeline/upstream/base/params.env | 2 +- pipeline/upstream/base/params.yaml | 16 ----- .../upstream/base/pipeline-application.yaml | 4 +- .../ml-pipeline-apiserver-deployment.yaml | 17 ++--- .../base/pipeline/ml-pipeline-ui-role.yaml | 2 - .../base/pipeline/ml-pipeline-ui-service.yaml | 6 +- .../kustomization.yaml | 35 +++++------ .../cluster-scoped-resources/namespace.yaml | 2 +- .../cluster-scoped-resources/params.env | 1 - .../cluster-scoped-resources/params.yaml | 2 - .../cloudsql-proxy-deployment.yaml | 8 ++- .../env/gcp/gcp-configurations-patch.yaml | 13 ++-- .../gcp-default-configmap.yaml | 8 --- .../gcp/gcp-default-config/kustomization.yaml | 5 -- .../env/gcp/inverse-proxy/kustomization.yaml | 2 +- pipeline/upstream/env/gcp/kustomization.yaml | 17 ----- .../minio-gcs-gateway-deployment.yaml | 7 ++- .../minio/minio-service.yaml | 5 +- .../mysql/mysql-service.yaml | 7 ++- .../kustomization.yaml | 10 ++- .../cluster-scoped-resources/params.env | 1 - pipeline/upstream/sample/kustomization.yaml | 2 +- 34 files changed, 105 insertions(+), 191 deletions(-) rename pipeline/upstream/base/cache-deployer/{ => cluster-scoped}/cache-deployer-sa.yaml (50%) delete mode 100644 pipeline/upstream/base/mysql/kustomization.yaml delete mode 100644 pipeline/upstream/base/mysql/mysql-configmap.yaml delete mode 100644 pipeline/upstream/cluster-scoped-resources/params.env delete mode 100644 pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml delete mode 100644 pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml delete mode 100644 pipeline/upstream/sample/cluster-scoped-resources/params.env diff --git a/hack/pull_kfp_upstream.sh b/hack/pull_kfp_upstream.sh index 7e71c21c4e..3bd8f116e2 100755 --- a/hack/pull_kfp_upstream.sh +++ b/hack/pull_kfp_upstream.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash export PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git -export PIPELINES_VERSION=1.0.0-rc.1 +export PIPELINES_VERSION=1.0.0-rc.2 # Pulling for the first time # kpt pkg get $PIPELINES_SRC_REPO/manifests/kustomize@$PIPELINES_VERSION pipeline/upstream diff --git a/pipeline/upstream/Kptfile b/pipeline/upstream/Kptfile index 5927c2d911..4421139c2b 100644 --- a/pipeline/upstream/Kptfile +++ b/pipeline/upstream/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: 2384d8f1c6083b4ec5c144a2fb6e247bcbe33b05 + commit: 079634019eb2cf92a0536f344bde8aebe340bf21 repo: https://github.com/kubeflow/pipelines directory: /manifests/kustomize - ref: 1.0.0-rc.1 + ref: 1.0.0-rc.2 diff --git a/pipeline/upstream/base/argo/workflow-controller-configmap.yaml b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml index aafe839c79..ffb01c5fbd 100644 --- a/pipeline/upstream/base/argo/workflow-controller-configmap.yaml +++ b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml @@ -5,14 +5,14 @@ metadata: data: config: | { - namespace: $(NAMESPACE), + namespace: $(kfp-namespace), executorImage: gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance, artifactRepository: { s3: { - bucket: $(BUCKET_NAME), + bucket: $(kfp-artifact-bucket-name), keyPrefix: artifacts, - endpoint: minio-service.$(NAMESPACE):9000, + endpoint: minio-service.$(kfp-namespace):9000, insecure: true, accessKeySecret: { name: mlpipeline-minio-artifact, diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml index 7e2d2dcf8c..c0f19d7575 100644 --- a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: kubeflow-pipelines-cache-deployer-sa - namespace: $(NAMESPACE) +# namespace will be added by kustomize automatically according to the namespace field in kustomization.yaml diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml similarity index 50% rename from pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml rename to pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml index 9cd266d737..affada3d10 100644 --- a/pipeline/upstream/base/cache-deployer/cache-deployer-sa.yaml +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: kubeflow-pipelines-cache-deployer-sa \ No newline at end of file + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml index 6e741ab8cb..2b941ae3f2 100644 --- a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -4,4 +4,8 @@ kind: Kustomization resources: - cache-deployer-clusterrole.yaml - cache-deployer-clusterrolebinding.yaml + # HACK: although a service account(SA) is not a cluster-scoped resource. + # Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add + # namespace for the clusterrolebinding's SA ref. + - cache-deployer-sa.yaml \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml index 89959036c5..4b77a4ddb2 100644 --- a/pipeline/upstream/base/cache-deployer/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -4,6 +4,4 @@ kind: Kustomization resources: - cache-deployer-role.yaml - cache-deployer-rolebinding.yaml - - cache-deployer-sa.yaml - cache-deployer-deployment.yaml - \ No newline at end of file diff --git a/pipeline/upstream/base/cache/cache-deployment.yaml b/pipeline/upstream/base/cache/cache-deployment.yaml index a0ac2ec84a..e1ba167978 100644 --- a/pipeline/upstream/base/cache/cache-deployment.yaml +++ b/pipeline/upstream/base/cache/cache-deployment.yaml @@ -23,18 +23,18 @@ spec: - name: DBCONFIG_DB_NAME valueFrom: configMapKeyRef: - name: mysql-configmap - key: cache_db + name: pipeline-install-config + key: cacheDb - name: DBCONFIG_HOST_NAME valueFrom: configMapKeyRef: - name: mysql-configmap - key: host + name: pipeline-install-config + key: dbHost - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - name: mysql-configmap - key: port + name: pipeline-install-config + key: dbPort - name: DBCONFIG_USER valueFrom: secretKeyRef: diff --git a/pipeline/upstream/base/kustomization.yaml b/pipeline/upstream/base/kustomization.yaml index 25d6486916..89ff207916 100644 --- a/pipeline/upstream/base/kustomization.yaml +++ b/pipeline/upstream/base/kustomization.yaml @@ -1,34 +1,34 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow bases: - application - argo - pipeline - metadata -- mysql - cache - cache-deployer resources: - pipeline-application.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/frontend - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/visualization-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/cache-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 # Used by Kustomize configMapGenerator: - name: pipeline-install-config @@ -37,63 +37,28 @@ secretGenerator: - name: mysql-secret env: params-db-secret.env vars: -- name: NAMESPACE +- name: kfp-namespace objref: kind: Deployment apiVersion: apps/v1 name: ml-pipeline fieldref: fieldpath: metadata.namespace -- name: APP_NAME +- name: kfp-app-name objref: kind: ConfigMap name: pipeline-install-config apiVersion: v1 fieldref: fieldpath: data.appName -- name: APP_VERSION +- name: kfp-app-version objref: kind: ConfigMap name: pipeline-install-config apiVersion: v1 fieldref: fieldpath: data.appVersion -- name: DBSERVICE_HOST - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.dbHost -- name: DBSERVICE_PORT - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.dbPort -- name: DBNAME_MLMD - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.mlmdDb -- name: DBNAME_CACHE - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.cacheDb -- name: DBNAME_PIPELINE - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.pipelineDb -- name: BUCKET_NAME +- name: kfp-artifact-bucket-name objref: kind: ConfigMap name: pipeline-install-config diff --git a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml index 45712f102d..7e383d5ca2 100644 --- a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml +++ b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml @@ -31,18 +31,18 @@ spec: - name: MYSQL_DATABASE valueFrom: configMapKeyRef: - name: mysql-configmap - key: mlmd_db + name: pipeline-install-config + key: mlmdDb - name: MYSQL_HOST valueFrom: configMapKeyRef: - name: mysql-configmap - key: host + name: pipeline-install-config + key: dbHost - name: MYSQL_PORT valueFrom: configMapKeyRef: - name: mysql-configmap - key: port + name: pipeline-install-config + key: dbPort command: ["/bin/metadata_store_server"] args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", diff --git a/pipeline/upstream/base/mysql/kustomization.yaml b/pipeline/upstream/base/mysql/kustomization.yaml deleted file mode 100644 index 4765ac8a10..0000000000 --- a/pipeline/upstream/base/mysql/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - mysql-configmap.yaml diff --git a/pipeline/upstream/base/mysql/mysql-configmap.yaml b/pipeline/upstream/base/mysql/mysql-configmap.yaml deleted file mode 100644 index 537a44522a..0000000000 --- a/pipeline/upstream/base/mysql/mysql-configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: mysql-configmap -data: - host: $(DBSERVICE_HOST) - port: "$(DBSERVICE_PORT)" - mlmd_db: $(DBNAME_MLMD) - cache_db: $(DBNAME_CACHE) - pipeline_db: $(DBNAME_PIPELINE) diff --git a/pipeline/upstream/base/params.env b/pipeline/upstream/base/params.env index 948d387540..4e681e38e4 100644 --- a/pipeline/upstream/base/params.env +++ b/pipeline/upstream/base/params.env @@ -1,5 +1,5 @@ appName=pipeline -appVersion=1.0.0-rc.1 +appVersion=1.0.0-rc.2 dbHost=mysql dbPort=3306 mlmdDb=metadb diff --git a/pipeline/upstream/base/params.yaml b/pipeline/upstream/base/params.yaml index ecd1794ad0..1f99ef2c53 100644 --- a/pipeline/upstream/base/params.yaml +++ b/pipeline/upstream/base/params.yaml @@ -2,23 +2,7 @@ varReference: - path: data/config kind: ConfigMap -- path: data/bucket_name - kind: ConfigMap -- path: data/project_id - kind: ConfigMap -- path: data/host - kind: ConfigMap -- path: data/port - kind: ConfigMap -- path: data/mlmd_db - kind: ConfigMap -- path: data/cache_db - kind: ConfigMap -- path: data/pipeline_db - kind: ConfigMap - path: metadata/name kind: Application - path: spec/descriptor/version kind: Application -- path: spec/template/spec/containers/image - kind: Deployment diff --git a/pipeline/upstream/base/pipeline-application.yaml b/pipeline/upstream/base/pipeline-application.yaml index f53f3778f3..6d8cdf3232 100644 --- a/pipeline/upstream/base/pipeline-application.yaml +++ b/pipeline/upstream/base/pipeline-application.yaml @@ -1,7 +1,7 @@ apiVersion: app.k8s.io/v1beta1 kind: Application metadata: - name: $(APP_NAME) + name: $(kfp-app-name) annotations: kubernetes-engine.cloud.google.com/icon: >- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== @@ -12,7 +12,7 @@ spec: matchLabels: application-crd-id: kubeflow-pipelines descriptor: - version: $(APP_VERSION) + version: $(kfp-app-version) type: Kubeflow Pipelines description: |- Reusable end-to-end ML workflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 1cd3ade198..34231f52fd 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -22,7 +22,10 @@ spec: - name: OBJECTSTORECONFIG_SECURE value: "false" - name: OBJECTSTORECONFIG_BUCKETNAME - value: $(BUCKET_NAME) + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName - name: DBCONFIG_USER valueFrom: secretKeyRef: @@ -36,18 +39,18 @@ spec: - name: DBCONFIG_DBNAME valueFrom: configMapKeyRef: - name: mysql-configmap - key: pipeline_db + name: pipeline-install-config + key: pipelineDb - name: DBCONFIG_HOST valueFrom: configMapKeyRef: - name: mysql-configmap - key: host + name: pipeline-install-config + key: dbHost - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - name: mysql-configmap - key: port + name: pipeline-install-config + key: dbPort image: gcr.io/ml-pipeline/api-server:dummy imagePullPolicy: IfNotPresent name: ml-pipeline-api-server diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml index 4877d7a2ce..0fc42c94fe 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml @@ -11,9 +11,7 @@ rules: - pods - pods/log verbs: - - create - get - - list - apiGroups: - "" resources: diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml index 53d3f391d2..093ad8ca2c 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml @@ -6,7 +6,9 @@ metadata: name: ml-pipeline-ui spec: ports: - - port: 80 + - name: http + protocol: TCP + port: 80 targetPort: 3000 selector: - app: ml-pipeline-ui \ No newline at end of file + app: ml-pipeline-ui diff --git a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml index bbde837191..911c595cf0 100644 --- a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml @@ -1,28 +1,27 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow + +resources: +- namespace.yaml bases: - ../base/application/cluster-scoped - ../base/argo/cluster-scoped - ../base/pipeline/cluster-scoped - ../base/cache-deployer/cluster-scoped - -resources: - - namespace.yaml - -# Used by Kustomize -configMapGenerator: - - name: pipeline-cluster-scoped-install-config - env: params.env - vars: - - name: NAMESPACE - objref: - kind: ConfigMap - name: pipeline-cluster-scoped-install-config - apiVersion: v1 - fieldref: - fieldpath: data.namespace - +# NOTE: var name must be unique globally to allow composition of multiple kustomize +# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from +# others. +- name: kfp-cluster-scoped-namespace + objref: + # cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml + # so that we only need to change kustomization.yaml's namespace field for namespace customization. + kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace configurations: - - params.yaml +- params.yaml diff --git a/pipeline/upstream/cluster-scoped-resources/namespace.yaml b/pipeline/upstream/cluster-scoped-resources/namespace.yaml index ae346817e9..3c65856e7b 100644 --- a/pipeline/upstream/cluster-scoped-resources/namespace.yaml +++ b/pipeline/upstream/cluster-scoped-resources/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: $(NAMESPACE) + name: '$(kfp-cluster-scoped-namespace)' diff --git a/pipeline/upstream/cluster-scoped-resources/params.env b/pipeline/upstream/cluster-scoped-resources/params.env deleted file mode 100644 index 78166431d4..0000000000 --- a/pipeline/upstream/cluster-scoped-resources/params.env +++ /dev/null @@ -1 +0,0 @@ -namespace=kubeflow diff --git a/pipeline/upstream/cluster-scoped-resources/params.yaml b/pipeline/upstream/cluster-scoped-resources/params.yaml index 3bfd0e5be5..cc253fe266 100644 --- a/pipeline/upstream/cluster-scoped-resources/params.yaml +++ b/pipeline/upstream/cluster-scoped-resources/params.yaml @@ -2,5 +2,3 @@ varReference: - path: metadata/name kind: Namespace -- path: subjects/namespace - kind: ClusterRoleBinding diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml index eb7157c0a6..434afd2ee8 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -17,6 +17,12 @@ spec: containers: - image: gcr.io/cloudsql-docker/gce-proxy:1.14 name: cloudsqlproxy + env: + - name: GCP_CLOUDSQL_INSTANCE_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsCloudSqlInstanceName command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", @@ -37,4 +43,4 @@ spec: name: cloudsql volumes: - name: cloudsql - emptyDir: \ No newline at end of file + emptyDir: diff --git a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml index 683a3627da..5e725b536d 100644 --- a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml +++ b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml @@ -9,17 +9,14 @@ spec: - name: ml-pipeline-api-server env: - name: HAS_DEFAULT_BUCKET - valueFrom: - configMapKeyRef: - name: gcp-default-config - key: "has_default_bucket" + value: 'true' - name: BUCKET_NAME valueFrom: configMapKeyRef: - name: gcp-default-config - key: "bucket_name" + name: pipeline-install-config + key: bucketName - name: PROJECT_ID valueFrom: configMapKeyRef: - name: gcp-default-config - key: "project_id" + name: pipeline-install-config + key: gcsProjectId diff --git a/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml b/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml deleted file mode 100644 index f705fefb8c..0000000000 --- a/pipeline/upstream/env/gcp/gcp-default-config/gcp-default-configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: gcp-default-config -data: - bucket_name: "$(BUCKET_NAME)" - has_default_bucket: "true" - project_id: "$(GCP_PROJECT_ID)" diff --git a/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml b/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml deleted file mode 100644 index 55e85a87ce..0000000000 --- a/pipeline/upstream/env/gcp/gcp-default-config/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- gcp-default-configmap.yaml \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml index 36ffb5c51f..16e8988cb4 100644 --- a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml +++ b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 resources: - proxy-configmap.yaml - proxy-deployment.yaml diff --git a/pipeline/upstream/env/gcp/kustomization.yaml b/pipeline/upstream/env/gcp/kustomization.yaml index 9fd4e86c54..9a8bcdd927 100644 --- a/pipeline/upstream/env/gcp/kustomization.yaml +++ b/pipeline/upstream/env/gcp/kustomization.yaml @@ -6,7 +6,6 @@ bases: - inverse-proxy - minio-gcs-gateway - cloudsql-proxy - - gcp-default-config # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected @@ -26,19 +25,3 @@ configMapGenerator: - name: pipeline-install-config env: params.env behavior: merge - -vars: - - name: GCP_PROJECT_ID - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsProjectId - - name: GCP_CLOUDSQL_INSTANCE_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.gcsCloudSqlInstanceName diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml index 6828a74eca..79e9c1338b 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -23,9 +23,14 @@ spec: - gcs - $(GCP_PROJECT_ID) env: + - name: GCP_PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId - name: MINIO_ACCESS_KEY value: "minio" - name: MINIO_SECRET_KEY value: "minio123" ports: - - containerPort: 9000 \ No newline at end of file + - containerPort: 9000 diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml index bdecf182a0..3ab4204301 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml @@ -4,8 +4,9 @@ metadata: name: minio-service spec: ports: - - port: 9000 + - name: http + port: 9000 protocol: TCP targetPort: 9000 selector: - app: minio \ No newline at end of file + app: minio diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml index 78e201bf7f..d52482770e 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml @@ -4,6 +4,9 @@ metadata: name: mysql spec: ports: - - port: 3306 + - # We cannot have name: mysql here, because some requests through istio fail with it. + port: 3306 + protocol: TCP + targetPort: 3306 selector: - app: mysql \ No newline at end of file + app: mysql diff --git a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml index 9a2276e104..83c54aa99c 100644 --- a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -1,12 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +# !!! If you want to customize the namespace, +# please also update sample/kustomization.yaml's namespace field to the same value +namespace: kubeflow + bases: # Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 - ../../cluster-scoped-resources - -# Change the value in params.env to yours. -configMapGenerator: - - name: pipeline-cluster-scoped-install-config - env: params.env - behavior: merge diff --git a/pipeline/upstream/sample/cluster-scoped-resources/params.env b/pipeline/upstream/sample/cluster-scoped-resources/params.env deleted file mode 100644 index 78166431d4..0000000000 --- a/pipeline/upstream/sample/cluster-scoped-resources/params.env +++ /dev/null @@ -1 +0,0 @@ -namespace=kubeflow diff --git a/pipeline/upstream/sample/kustomization.yaml b/pipeline/upstream/sample/kustomization.yaml index db2b428bc1..74a1e49e14 100644 --- a/pipeline/upstream/sample/kustomization.yaml +++ b/pipeline/upstream/sample/kustomization.yaml @@ -23,7 +23,7 @@ secretGenerator: behavior: merge # !!! If you want to customize the namespace, -# please also update sample/params.env and sample/cluster-scoped-resources/params.env +# please also update sample/cluster-scoped-resources/kustomization.yaml's namespace field to the same value namespace: kubeflow #### Customization ### From 5f92c943cb3b3a192641704bef8a8346e5631acc Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Wed, 17 Jun 2020 14:21:46 +0800 Subject: [PATCH 25/45] simplify pipeline v3 manifest using updated kfp rc2 manifest --- .../cache/base_v3/cluster-role-binding.yaml | 11 ------ pipeline/cache/base_v3/kustomization.yaml | 5 ++- pipeline/installs/generic/kustomization.yaml | 36 ++++++------------- .../installs/generic/virtual-service.yaml | 2 +- 4 files changed, 14 insertions(+), 40 deletions(-) delete mode 100644 pipeline/cache/base_v3/cluster-role-binding.yaml diff --git a/pipeline/cache/base_v3/cluster-role-binding.yaml b/pipeline/cache/base_v3/cluster-role-binding.yaml deleted file mode 100644 index 8391746377..0000000000 --- a/pipeline/cache/base_v3/cluster-role-binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-cache-deployer-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-cache-deployer-clusterrole -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/cache/base_v3/kustomization.yaml b/pipeline/cache/base_v3/kustomization.yaml index 1b2efb9437..6b9b456e5c 100644 --- a/pipeline/cache/base_v3/kustomization.yaml +++ b/pipeline/cache/base_v3/kustomization.yaml @@ -1,8 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - +namespace: kubeflow resources: -- ../../upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml -- cluster-role-binding.yaml +- ../../upstream/base/cache-deployer/cluster-scoped - ../../upstream/base/cache-deployer - ../../upstream/base/cache diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index 12247de6c6..737984fc66 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow resources: - ../../upstream/base/pipeline/cluster-scoped - ../../upstream/base/pipeline @@ -8,23 +9,23 @@ resources: - ../../cache/base_v3 images: - name: gcr.io/ml-pipeline/api-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/frontend - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/visualization-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/cache-server - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 - name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.0.0-rc.1 + newTag: 1.0.0-rc.2 # Used by Kustomize configMapGenerator: - name: pipeline-install-config @@ -33,27 +34,12 @@ secretGenerator: - name: mysql-secret env: params-db-secret.env vars: -# TODO: replace BUCKET_NAME with a configmap value reference -- name: BUCKET_NAME - objref: - kind: ConfigMap - name: pipeline-install-config - apiVersion: v1 - fieldref: - fieldpath: data.bucketName -- name: KFP_UI_NAMESPACE +- name: kfp-ui-namespace objref: kind: Service name: ml-pipeline-ui apiVersion: v1 fieldref: fieldpath: metadata.namespace -- name: KFP_UI_SERVICE - objref: - kind: Service - name: ml-pipeline-ui - apiVersion: v1 - fieldref: - fieldpath: metadata.name configurations: - params.yaml diff --git a/pipeline/installs/generic/virtual-service.yaml b/pipeline/installs/generic/virtual-service.yaml index 6d0b707fe5..b3b74aed0e 100644 --- a/pipeline/installs/generic/virtual-service.yaml +++ b/pipeline/installs/generic/virtual-service.yaml @@ -15,7 +15,7 @@ spec: uri: /pipeline route: - destination: - host: $(KFP_UI_SERVICE).$(KFP_UI_NAMESPACE).svc.$(clusterDomain) + host: ml-pipeline-ui.$(kfp-ui-namespace).svc.$(clusterDomain) port: number: 80 timeout: 300s From 59b8ff95def661a945f6833894314cd1b5019a13 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Wed, 17 Jun 2020 15:28:18 +0800 Subject: [PATCH 26/45] Fix pipeline-install-config --- pipeline/installs/generic/params.env | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pipeline/installs/generic/params.env b/pipeline/installs/generic/params.env index 4db50518bc..54c72ffebc 100644 --- a/pipeline/installs/generic/params.env +++ b/pipeline/installs/generic/params.env @@ -1 +1,6 @@ bucketName=mlpipeline +dbHost=mysql +dbPort=3306 +mlmdDb=metadb +cacheDb=cachedb +pipelineDb=mlpipeline From 72e598db3b06988a62fcc31d1b80ee4c66dfa5f2 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Wed, 17 Jun 2020 15:29:08 +0800 Subject: [PATCH 27/45] remove redundant configmap --- pipeline/mysql/installs/generic/configmap.yaml | 10 ---------- pipeline/mysql/installs/generic/kustomization.yaml | 1 - 2 files changed, 11 deletions(-) delete mode 100644 pipeline/mysql/installs/generic/configmap.yaml diff --git a/pipeline/mysql/installs/generic/configmap.yaml b/pipeline/mysql/installs/generic/configmap.yaml deleted file mode 100644 index 2fd3f6e9b1..0000000000 --- a/pipeline/mysql/installs/generic/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: mysql-configmap -data: - host: mysql - port: "3306" - mlmd_db: metadb - cache_db: cachedb - pipeline_db: mlpipeline diff --git a/pipeline/mysql/installs/generic/kustomization.yaml b/pipeline/mysql/installs/generic/kustomization.yaml index 01608511b4..e596802c55 100644 --- a/pipeline/mysql/installs/generic/kustomization.yaml +++ b/pipeline/mysql/installs/generic/kustomization.yaml @@ -7,7 +7,6 @@ commonLabels: resources: - ../../../upstream/env/platform-agnostic/mysql - ../../overlays/application/application.yaml -- ./configmap.yaml images: - name: gcr.io/ml-pipeline/mysql newTag: '5.6' From 66658b9141760eb61fcb663d9527738247795e7a Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Wed, 17 Jun 2020 15:45:46 +0800 Subject: [PATCH 28/45] update tests --- ..._deployment_cache-deployer-deployment.yaml | 2 +- .../apps_v1_deployment_cache-server.yaml | 14 +++++++------- .../apps_v1_deployment_metadata-writer.yaml | 2 +- ...ployment_ml-pipeline-persistenceagent.yaml | 2 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 2 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 2 +- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 2 +- ...yment_ml-pipeline-visualizationserver.yaml | 2 +- .../apps_v1_deployment_ml-pipeline.yaml | 19 +++++++++++-------- ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 2 -- .../~g_v1_configmap_mysql-configmap.yaml | 15 --------------- ...ap_pipeline-install-config-2829cc67f8.yaml | 12 ++++++++++++ ...ap_pipeline-install-config-c5fcmd5mmk.yaml | 7 ------- .../expected/~g_v1_service_minio-service.yaml | 3 ++- .../~g_v1_service_ml-pipeline-ui.yaml | 4 +++- .../expected/~g_v1_service_mysql.yaml | 2 ++ ..._deployment_cache-deployer-deployment.yaml | 2 +- .../apps_v1_deployment_cache-server.yaml | 14 +++++++------- .../apps_v1_deployment_metadata-writer.yaml | 2 +- ...ployment_ml-pipeline-persistenceagent.yaml | 2 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 2 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 2 +- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 2 +- ...yment_ml-pipeline-visualizationserver.yaml | 2 +- .../apps_v1_deployment_ml-pipeline.yaml | 19 +++++++++++-------- ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 2 -- .../~g_v1_configmap_mysql-configmap.yaml | 15 --------------- ...ap_pipeline-install-config-2829cc67f8.yaml | 12 ++++++++++++ ...ap_pipeline-install-config-c5fcmd5mmk.yaml | 7 ------- .../expected/~g_v1_service_minio-service.yaml | 3 ++- .../~g_v1_service_ml-pipeline-ui.yaml | 4 +++- .../expected/~g_v1_service_mysql.yaml | 2 ++ 32 files changed, 88 insertions(+), 96 deletions(-) delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml index 0a9b12ddbe..cfbf664638 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -23,7 +23,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.1 + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.2 imagePullPolicy: Always name: main restartPolicy: Always diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index cfdfd8eb06..9123645982 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -30,18 +30,18 @@ spec: - name: DBCONFIG_DB_NAME valueFrom: configMapKeyRef: - key: cache_db - name: mysql-configmap + key: cacheDb + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_HOST_NAME valueFrom: configMapKeyRef: - key: host - name: mysql-configmap + key: dbHost + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - key: port - name: mysql-configmap + key: dbPort + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_USER valueFrom: secretKeyRef: @@ -56,7 +56,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.1 + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.2 imagePullPolicy: Always name: server ports: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 5d92f5dedc..60ba6b6e05 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -21,6 +21,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.1 + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.2 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index 41aae9bf0c..691d146fdd 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.1 + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.2 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 54f4a15d1b..0acc50d391 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.1 + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.2 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index ef94d68e80..3151a125c0 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -22,7 +22,7 @@ spec: fieldPath: metadata.namespace - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" - image: gcr.io/ml-pipeline/frontend:1.0.0-rc.1 + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index e6db0a7f71..0788d6659c 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -22,7 +22,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.1 + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.2 imagePullPolicy: Always name: ml-pipeline-viewer-crd serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml index 411aa8f07b..3425c9c468 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -15,7 +15,7 @@ spec: app: ml-pipeline-visualizationserver spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.1 + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index ffc8bd782d..710fc1f72a 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -23,7 +23,10 @@ spec: - name: OBJECTSTORECONFIG_SECURE value: "false" - name: OBJECTSTORECONFIG_BUCKETNAME - value: mlpipeline + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_USER valueFrom: secretKeyRef: @@ -37,19 +40,19 @@ spec: - name: DBCONFIG_DBNAME valueFrom: configMapKeyRef: - key: pipeline_db - name: mysql-configmap + key: pipelineDb + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_HOST valueFrom: configMapKeyRef: - key: host - name: mysql-configmap + key: dbHost + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - key: port - name: mysql-configmap - image: gcr.io/ml-pipeline/api-server:1.0.0-rc.1 + key: dbPort + name: pipeline-install-config-2829cc67f8 + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml index c32d742aa9..d144ee4569 100644 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -12,9 +12,7 @@ rules: - pods - pods/log verbs: - - create - get - - list - apiGroups: - "" resources: diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml deleted file mode 100644 index 33e699f41c..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_mysql-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - cache_db: cachedb - host: mysql - mlmd_db: metadb - pipeline_db: mlpipeline - port: "3306" -kind: ConfigMap -metadata: - labels: - app: mysql - app.kubernetes.io/component: mysql - app.kubernetes.io/name: mysql - name: mysql-configmap - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..7d1bd6d4dd --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml deleted file mode 100644 index a6f0bfbd10..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bucketName: mlpipeline -kind: ConfigMap -metadata: - name: pipeline-install-config-c5fcmd5mmk - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml index 626f8bf50b..c7f0acee21 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml @@ -8,7 +8,8 @@ metadata: namespace: kubeflow spec: ports: - - port: 9000 + - name: http + port: 9000 protocol: TCP targetPort: 9000 selector: diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml index 5a8dc08dd9..1b80f6bf6e 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -7,7 +7,9 @@ metadata: namespace: kubeflow spec: ports: - - port: 80 + - name: http + port: 80 + protocol: TCP targetPort: 3000 selector: app: ml-pipeline-ui diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml index 8b23a44b1e..da8f8cb93a 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml @@ -10,6 +10,8 @@ metadata: spec: ports: - port: 3306 + protocol: TCP + targetPort: 3306 selector: app: mysql app.kubernetes.io/component: mysql diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml index 0a9b12ddbe..cfbf664638 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -23,7 +23,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.1 + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.2 imagePullPolicy: Always name: main restartPolicy: Always diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml index cfdfd8eb06..9123645982 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -30,18 +30,18 @@ spec: - name: DBCONFIG_DB_NAME valueFrom: configMapKeyRef: - key: cache_db - name: mysql-configmap + key: cacheDb + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_HOST_NAME valueFrom: configMapKeyRef: - key: host - name: mysql-configmap + key: dbHost + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - key: port - name: mysql-configmap + key: dbPort + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_USER valueFrom: secretKeyRef: @@ -56,7 +56,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.1 + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.2 imagePullPolicy: Always name: server ports: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 5d92f5dedc..60ba6b6e05 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -21,6 +21,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.1 + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.2 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index 41aae9bf0c..691d146fdd 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.1 + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.2 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 54f4a15d1b..0acc50d391 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.1 + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.2 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index ef94d68e80..3151a125c0 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -22,7 +22,7 @@ spec: fieldPath: metadata.namespace - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" - image: gcr.io/ml-pipeline/frontend:1.0.0-rc.1 + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index e6db0a7f71..0788d6659c 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -22,7 +22,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.1 + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.2 imagePullPolicy: Always name: ml-pipeline-viewer-crd serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml index 411aa8f07b..3425c9c468 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -15,7 +15,7 @@ spec: app: ml-pipeline-visualizationserver spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.1 + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index ffc8bd782d..710fc1f72a 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -23,7 +23,10 @@ spec: - name: OBJECTSTORECONFIG_SECURE value: "false" - name: OBJECTSTORECONFIG_BUCKETNAME - value: mlpipeline + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_USER valueFrom: secretKeyRef: @@ -37,19 +40,19 @@ spec: - name: DBCONFIG_DBNAME valueFrom: configMapKeyRef: - key: pipeline_db - name: mysql-configmap + key: pipelineDb + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_HOST valueFrom: configMapKeyRef: - key: host - name: mysql-configmap + key: dbHost + name: pipeline-install-config-2829cc67f8 - name: DBCONFIG_PORT valueFrom: configMapKeyRef: - key: port - name: mysql-configmap - image: gcr.io/ml-pipeline/api-server:1.0.0-rc.1 + key: dbPort + name: pipeline-install-config-2829cc67f8 + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.2 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml index c32d742aa9..d144ee4569 100644 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -12,9 +12,7 @@ rules: - pods - pods/log verbs: - - create - get - - list - apiGroups: - "" resources: diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml deleted file mode 100644 index 33e699f41c..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_mysql-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -data: - cache_db: cachedb - host: mysql - mlmd_db: metadb - pipeline_db: mlpipeline - port: "3306" -kind: ConfigMap -metadata: - labels: - app: mysql - app.kubernetes.io/component: mysql - app.kubernetes.io/name: mysql - name: mysql-configmap - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..7d1bd6d4dd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml deleted file mode 100644 index a6f0bfbd10..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-c5fcmd5mmk.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bucketName: mlpipeline -kind: ConfigMap -metadata: - name: pipeline-install-config-c5fcmd5mmk - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml index 626f8bf50b..c7f0acee21 100644 --- a/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml @@ -8,7 +8,8 @@ metadata: namespace: kubeflow spec: ports: - - port: 9000 + - name: http + port: 9000 protocol: TCP targetPort: 9000 selector: diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml index 5a8dc08dd9..1b80f6bf6e 100644 --- a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -7,7 +7,9 @@ metadata: namespace: kubeflow spec: ports: - - port: 80 + - name: http + port: 80 + protocol: TCP targetPort: 3000 selector: app: ml-pipeline-ui diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml index 8b23a44b1e..da8f8cb93a 100644 --- a/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml @@ -10,6 +10,8 @@ metadata: spec: ports: - port: 3306 + protocol: TCP + targetPort: 3306 selector: app: mysql app.kubernetes.io/component: mysql From 1eb4d563c72900e6c1ee281133f5b1395c3c77e9 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 13:13:05 +0800 Subject: [PATCH 29/45] updated to kfp 1.0.0-rc.3 --- hack/pull_kfp_upstream.sh | 2 +- pipeline/upstream/Kptfile | 4 +- .../upstream/base/argo/kustomization.yaml | 1 - .../base/argo/minio-artifact-secret.yaml | 8 ---- .../base/cache-deployer/kustomization.yaml | 10 +++-- .../upstream/base/cache/kustomization.yaml | 14 ++++--- pipeline/upstream/base/kustomization.yaml | 19 --------- .../upstream/base/metadata/kustomization.yaml | 18 ++++----- .../metadata/metadata-envoy-deployment.yaml | 2 +- ...gmap.yaml => metadata-grpc-configmap.yaml} | 0 pipeline/upstream/base/params.env | 2 +- .../upstream/base/pipeline/kustomization.yaml | 16 +++++++- .../metadata-writer/kustomization.yaml | 10 +++++ .../metadata-writer-deployment.yaml | 0 .../metadata-writer-role.yaml | 0 .../metadata-writer-rolebinding.yaml | 0 .../metadata-writer}/metadata-writer-sa.yaml | 0 .../ml-pipeline-apiserver-deployment.yaml | 10 +++++ .../pipeline/ml-pipeline-ui-deployment.yaml | 10 +++++ .../env/gcp/inverse-proxy/kustomization.yaml | 2 +- .../gcp/minio-gcs-gateway/kustomization.yaml | 7 ++++ .../minio-artifact-secret.env | 2 + .../minio-gcs-gateway-deployment.yaml | 10 ++++- .../minio/kustomization.yaml | 7 ++++ .../minio/minio-artifact-secret.env | 2 + .../minio/minio-deployment.yaml | 12 ++++-- pipeline/upstream/hack/format.sh | 39 +++++++++++++++++++ pipeline/upstream/hack/release.sh | 14 ++++++- 28 files changed, 159 insertions(+), 62 deletions(-) delete mode 100644 pipeline/upstream/base/argo/minio-artifact-secret.yaml rename pipeline/upstream/base/metadata/{metadata-configmap.yaml => metadata-grpc-configmap.yaml} (100%) create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml rename pipeline/upstream/base/{metadata => pipeline/metadata-writer}/metadata-writer-deployment.yaml (100%) rename pipeline/upstream/base/{metadata => pipeline/metadata-writer}/metadata-writer-role.yaml (100%) rename pipeline/upstream/base/{metadata => pipeline/metadata-writer}/metadata-writer-rolebinding.yaml (100%) rename pipeline/upstream/base/{metadata => pipeline/metadata-writer}/metadata-writer-sa.yaml (100%) create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env create mode 100755 pipeline/upstream/hack/format.sh diff --git a/hack/pull_kfp_upstream.sh b/hack/pull_kfp_upstream.sh index 4dd950d26b..d584325ee6 100755 --- a/hack/pull_kfp_upstream.sh +++ b/hack/pull_kfp_upstream.sh @@ -8,7 +8,7 @@ set -ex # Please edit the following version before running the script to pull new # pipelines version. -export PIPELINES_VERSION=1.0.0-rc.2 +export PIPELINES_VERSION=1.0.0-rc.3 export PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git # Pulling for the first time # kpt pkg get $PIPELINES_SRC_REPO/manifests/kustomize@$PIPELINES_VERSION pipeline/upstream diff --git a/pipeline/upstream/Kptfile b/pipeline/upstream/Kptfile index 4421139c2b..350c65c2b9 100644 --- a/pipeline/upstream/Kptfile +++ b/pipeline/upstream/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: 079634019eb2cf92a0536f344bde8aebe340bf21 + commit: 7a0df42fa5555110f2ada71a2728efc32d5a8110 repo: https://github.com/kubeflow/pipelines directory: /manifests/kustomize - ref: 1.0.0-rc.2 + ref: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/argo/kustomization.yaml b/pipeline/upstream/base/argo/kustomization.yaml index 1a00e57770..890cb4cb39 100644 --- a/pipeline/upstream/base/argo/kustomization.yaml +++ b/pipeline/upstream/base/argo/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- minio-artifact-secret.yaml - workflow-controller-configmap.yaml - workflow-controller-deployment.yaml - workflow-controller-role.yaml diff --git a/pipeline/upstream/base/argo/minio-artifact-secret.yaml b/pipeline/upstream/base/argo/minio-artifact-secret.yaml deleted file mode 100644 index 3ae64f1160..0000000000 --- a/pipeline/upstream/base/argo/minio-artifact-secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - accesskey: bWluaW8= - secretkey: bWluaW8xMjM= -kind: Secret -metadata: - name: mlpipeline-minio-artifact -type: Opaque diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml index 4b77a4ddb2..9a95905720 100644 --- a/pipeline/upstream/base/cache-deployer/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - - cache-deployer-role.yaml - - cache-deployer-rolebinding.yaml - - cache-deployer-deployment.yaml +- cache-deployer-role.yaml +- cache-deployer-rolebinding.yaml +- cache-deployer-deployment.yaml +images: +- name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/cache/kustomization.yaml b/pipeline/upstream/base/cache/kustomization.yaml index 82d7cb1f20..f7479e89b1 100644 --- a/pipeline/upstream/base/cache/kustomization.yaml +++ b/pipeline/upstream/base/cache/kustomization.yaml @@ -1,9 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - - cache-deployment.yaml - - cache-service.yaml - - cache-role.yaml - - cache-rolebinding.yaml - - cache-sa.yaml +- cache-deployment.yaml +- cache-service.yaml +- cache-role.yaml +- cache-rolebinding.yaml +- cache-sa.yaml +images: +- name: gcr.io/ml-pipeline/cache-server + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/kustomization.yaml b/pipeline/upstream/base/kustomization.yaml index c5338ba217..5ce1fb13e7 100644 --- a/pipeline/upstream/base/kustomization.yaml +++ b/pipeline/upstream/base/kustomization.yaml @@ -10,25 +10,6 @@ bases: - cache-deployer resources: - pipeline-application.yaml -images: -- name: gcr.io/ml-pipeline/api-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/frontend - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/visualization-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/cache-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.0.0-rc.2 # Used by Kustomize configMapGenerator: - name: pipeline-install-config diff --git a/pipeline/upstream/base/metadata/kustomization.yaml b/pipeline/upstream/base/metadata/kustomization.yaml index a44ba147fb..517d6eb23a 100644 --- a/pipeline/upstream/base/metadata/kustomization.yaml +++ b/pipeline/upstream/base/metadata/kustomization.yaml @@ -1,13 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - - metadata-configmap.yaml - - metadata-grpc-deployment.yaml - - metadata-grpc-service.yaml - - metadata-envoy-deployment.yaml - - metadata-envoy-service.yaml - - metadata-writer-deployment.yaml - - metadata-writer-role.yaml - - metadata-writer-rolebinding.yaml - - metadata-writer-sa.yaml +- metadata-grpc-configmap.yaml +- metadata-grpc-deployment.yaml +- metadata-grpc-service.yaml +- metadata-envoy-deployment.yaml +- metadata-envoy-service.yaml +images: +- name: gcr.io/ml-pipeline/metadata-envoy + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml index 1ccf7122f7..3de11bea0c 100644 --- a/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml +++ b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml @@ -16,7 +16,7 @@ spec: spec: containers: - name: container - image: gcr.io/ml-pipeline/envoy:metadata-grpc + image: gcr.io/ml-pipeline/metadata-envoy:dummy ports: - name: md-envoy containerPort: 9090 diff --git a/pipeline/upstream/base/metadata/metadata-configmap.yaml b/pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml similarity index 100% rename from pipeline/upstream/base/metadata/metadata-configmap.yaml rename to pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml diff --git a/pipeline/upstream/base/params.env b/pipeline/upstream/base/params.env index 4e681e38e4..2a95710eda 100644 --- a/pipeline/upstream/base/params.env +++ b/pipeline/upstream/base/params.env @@ -1,5 +1,5 @@ appName=pipeline -appVersion=1.0.0-rc.2 +appVersion=1.0.0-rc.3 dbHost=mysql dbPort=3306 mlmdDb=metadb diff --git a/pipeline/upstream/base/pipeline/kustomization.yaml b/pipeline/upstream/base/pipeline/kustomization.yaml index b0bb3cf70c..a8c518780e 100644 --- a/pipeline/upstream/base/pipeline/kustomization.yaml +++ b/pipeline/upstream/base/pipeline/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - +bases: +- metadata-writer resources: - ml-pipeline-apiserver-deployment.yaml - ml-pipeline-apiserver-role.yaml @@ -31,3 +32,16 @@ resources: - pipeline-runner-rolebinding.yaml - pipeline-runner-sa.yaml - container-builder-sa.yaml +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/frontend + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/visualization-server + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml new file mode 100644 index 0000000000..51503e59d1 --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- metadata-writer-deployment.yaml +- metadata-writer-role.yaml +- metadata-writer-rolebinding.yaml +- metadata-writer-sa.yaml +images: +- name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/metadata/metadata-writer-deployment.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml similarity index 100% rename from pipeline/upstream/base/metadata/metadata-writer-deployment.yaml rename to pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml diff --git a/pipeline/upstream/base/metadata/metadata-writer-role.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml similarity index 100% rename from pipeline/upstream/base/metadata/metadata-writer-role.yaml rename to pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml diff --git a/pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml similarity index 100% rename from pipeline/upstream/base/metadata/metadata-writer-rolebinding.yaml rename to pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml diff --git a/pipeline/upstream/base/metadata/metadata-writer-sa.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml similarity index 100% rename from pipeline/upstream/base/metadata/metadata-writer-sa.yaml rename to pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 34231f52fd..f9e23fbe79 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -51,6 +51,16 @@ spec: configMapKeyRef: name: pipeline-install-config key: dbPort + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey image: gcr.io/ml-pipeline/api-server:dummy imagePullPolicy: IfNotPresent name: ml-pipeline-api-server diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml index 212369dbfa..70664377c7 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -24,6 +24,16 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" readinessProbe: diff --git a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml index 16e8988cb4..f91249a5e2 100644 --- a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml +++ b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 1.0.0-rc.2 + newTag: 1.0.0-rc.3 resources: - proxy-configmap.yaml - proxy-deployment.yaml diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml index 727ab62f61..08876d3990 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -4,3 +4,10 @@ kind: Kustomization resources: - minio-gcs-gateway-deployment.yaml - minio-gcs-gateway-service.yaml + +secretGenerator: +- name: mlpipeline-minio-artifact + envs: ["minio-artifact-secret.env"] +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env new file mode 100644 index 0000000000..bc8613ce2a --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=minio +secretkey=minio123 diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml index 79e9c1338b..e8dd6e2509 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -29,8 +29,14 @@ spec: name: pipeline-install-config key: gcsProjectId - name: MINIO_ACCESS_KEY - value: "minio" + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey - name: MINIO_SECRET_KEY - value: "minio123" + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey ports: - containerPort: 9000 diff --git a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml index 8ed66b3034..daae052f4d 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml @@ -5,3 +5,10 @@ resources: - minio-deployment.yaml - minio-pvc.yaml - minio-service.yaml + +secretGenerator: +- name: mlpipeline-minio-artifact + envs: ["minio-artifact-secret.env"] +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env b/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env new file mode 100644 index 0000000000..bc8613ce2a --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=minio +secretkey=minio123 diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml index 6d944a73f7..9613615b20 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml @@ -21,9 +21,15 @@ spec: - /data env: - name: MINIO_ACCESS_KEY - value: minio + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey - name: MINIO_SECRET_KEY - value: minio123 + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance name: minio ports: @@ -35,4 +41,4 @@ spec: volumes: - name: data persistentVolumeClaim: - claimName: minio-pvc \ No newline at end of file + claimName: minio-pvc diff --git a/pipeline/upstream/hack/format.sh b/pipeline/upstream/hack/format.sh new file mode 100755 index 0000000000..9eece41fbb --- /dev/null +++ b/pipeline/upstream/hack/format.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" + +function format_yaml { + local path=$1 + local tmp=$(mktemp) + yq r "$path" > "$tmp" + cp "$tmp" "$path" +} +echo "This formatting script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + format_yaml "$DIR/../$path" +done diff --git a/pipeline/upstream/hack/release.sh b/pipeline/upstream/hack/release.sh index d233a83bf3..4094183f95 100755 --- a/pipeline/upstream/hack/release.sh +++ b/pipeline/upstream/hack/release.sh @@ -25,8 +25,18 @@ if [[ -z "$TAG_NAME" ]]; then fi echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" -yq w -i "$DIR/../base/kustomization.yaml" images[*].newTag "$TAG_NAME" -yq w -i "$DIR/../env/gcp/inverse-proxy/kustomization.yaml" images[*].newTag "$TAG_NAME" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + yq w -i "$DIR/../$path" images[*].newTag "$TAG_NAME" +done # Note, this only works in linux. TODO: make it MacOS sed compatible. sed -i.bak -e "s|appVersion=.\+|appVersion=$TAG_NAME|g" "$DIR/../base/params.env" From 9bc841bfe3a8d507314c5d068beee293de41271a Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 13:17:12 +0800 Subject: [PATCH 30/45] Adapt to kfp 1.0rc3 refactoring --- pipeline/installs/generic/kustomization.yaml | 21 ------------------- .../base_v3/kustomization.yaml | 8 ------- .../minio/installs/gcp-pd/kustomization.yaml | 1 - .../minio/installs/generic/kustomization.yaml | 1 - .../minio/installs/ibm/kustomization.yaml | 1 - 5 files changed, 32 deletions(-) delete mode 100644 pipeline/metadata-writer/base_v3/kustomization.yaml diff --git a/pipeline/installs/generic/kustomization.yaml b/pipeline/installs/generic/kustomization.yaml index 88eaff28b1..c53936f581 100644 --- a/pipeline/installs/generic/kustomization.yaml +++ b/pipeline/installs/generic/kustomization.yaml @@ -5,28 +5,7 @@ resources: - ../../upstream/base/pipeline/cluster-scoped - ../../upstream/base/pipeline - virtual-service.yaml -- ../../metadata-writer/base_v3 - ../../cache/base_v3 -images: -- name: gcr.io/ml-pipeline/api-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/frontend - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/visualization-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/cache-server - newTag: 1.0.0-rc.2 -- name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.0.0-rc.2 -# Used by Kustomize configMapGenerator: - name: pipeline-install-config envs: diff --git a/pipeline/metadata-writer/base_v3/kustomization.yaml b/pipeline/metadata-writer/base_v3/kustomization.yaml deleted file mode 100644 index 75bcc9e395..0000000000 --- a/pipeline/metadata-writer/base_v3/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - ../../upstream/base/metadata/metadata-writer-deployment.yaml - - ../../upstream/base/metadata/metadata-writer-role.yaml - - ../../upstream/base/metadata/metadata-writer-rolebinding.yaml - - ../../upstream/base/metadata/metadata-writer-sa.yaml diff --git a/pipeline/minio/installs/gcp-pd/kustomization.yaml b/pipeline/minio/installs/gcp-pd/kustomization.yaml index ada35847ac..4765214158 100644 --- a/pipeline/minio/installs/gcp-pd/kustomization.yaml +++ b/pipeline/minio/installs/gcp-pd/kustomization.yaml @@ -5,7 +5,6 @@ commonLabels: app.kubernetes.io/name: minio resources: - ../../../upstream/env/platform-agnostic/minio/ -- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder - persistent-volume.yaml - ../../overlays/application/application.yaml patchesStrategicMerge: diff --git a/pipeline/minio/installs/generic/kustomization.yaml b/pipeline/minio/installs/generic/kustomization.yaml index 4d35016acf..40e33f1574 100644 --- a/pipeline/minio/installs/generic/kustomization.yaml +++ b/pipeline/minio/installs/generic/kustomization.yaml @@ -5,5 +5,4 @@ commonLabels: app.kubernetes.io/name: minio resources: - ../../../upstream/env/platform-agnostic/minio/ -- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder - ../../overlays/application/application.yaml diff --git a/pipeline/minio/installs/ibm/kustomization.yaml b/pipeline/minio/installs/ibm/kustomization.yaml index 98adc10d78..1dc9c6fff0 100644 --- a/pipeline/minio/installs/ibm/kustomization.yaml +++ b/pipeline/minio/installs/ibm/kustomization.yaml @@ -5,7 +5,6 @@ commonLabels: app.kubernetes.io/name: minio resources: - ../../../upstream/env/platform-agnostic/minio/ -- ../../../upstream/base/argo/minio-artifact-secret.yaml # TODO: move it to minio/ folder - ../../overlays/application/application.yaml - persistent-volume-claim.yaml patchesStrategicMerge: From e73382b551548456cab0d3ac77a688754e3aacac Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 13:20:27 +0800 Subject: [PATCH 31/45] update test snapshots --- ...apps_v1_deployment_cache-deployer-deployment.yaml | 2 +- .../expected/apps_v1_deployment_cache-server.yaml | 2 +- .../expected/apps_v1_deployment_metadata-writer.yaml | 2 +- .../test_data/expected/apps_v1_deployment_minio.yaml | 10 ++++++++-- ...s_v1_deployment_ml-pipeline-persistenceagent.yaml | 2 +- ..._v1_deployment_ml-pipeline-scheduledworkflow.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline-ui.yaml | 12 +++++++++++- .../apps_v1_deployment_ml-pipeline-viewer-crd.yaml | 2 +- ...1_deployment_ml-pipeline-visualizationserver.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline.yaml | 12 +++++++++++- ...apps_v1_deployment_cache-deployer-deployment.yaml | 2 +- .../expected/apps_v1_deployment_cache-server.yaml | 2 +- .../expected/apps_v1_deployment_metadata-writer.yaml | 2 +- .../test_data/expected/apps_v1_deployment_minio.yaml | 10 ++++++++-- ...s_v1_deployment_ml-pipeline-persistenceagent.yaml | 2 +- ..._v1_deployment_ml-pipeline-scheduledworkflow.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline-ui.yaml | 12 +++++++++++- .../apps_v1_deployment_ml-pipeline-viewer-crd.yaml | 2 +- ...1_deployment_ml-pipeline-visualizationserver.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline.yaml | 12 +++++++++++- ...apps_v1_deployment_cache-deployer-deployment.yaml | 2 +- .../expected/apps_v1_deployment_cache-server.yaml | 2 +- .../expected/apps_v1_deployment_metadata-writer.yaml | 2 +- .../test_data/expected/apps_v1_deployment_minio.yaml | 10 ++++++++-- ...s_v1_deployment_ml-pipeline-persistenceagent.yaml | 2 +- ..._v1_deployment_ml-pipeline-scheduledworkflow.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline-ui.yaml | 12 +++++++++++- .../apps_v1_deployment_ml-pipeline-viewer-crd.yaml | 2 +- ...1_deployment_ml-pipeline-visualizationserver.yaml | 2 +- .../expected/apps_v1_deployment_ml-pipeline.yaml | 12 +++++++++++- .../test_data/expected/apps_v1_deployment_minio.yaml | 10 ++++++++-- 31 files changed, 119 insertions(+), 35 deletions(-) diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml index cfbf664638..77b5349e6c 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -23,7 +23,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3 imagePullPolicy: Always name: main restartPolicy: Always diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index 9123645982..6c588c6913 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -56,7 +56,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server ports: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 60ba6b6e05..4b0a0d0c91 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -21,6 +21,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml index 9f643baeba..996689be19 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml @@ -28,9 +28,15 @@ spec: - /data env: - name: MINIO_ACCESS_KEY - value: minio + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact - name: MINIO_SECRET_KEY - value: minio123 + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance name: minio ports: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index 691d146fdd..a4f9177a0b 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.2 + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 0acc50d391..f38eb6fabe 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.2 + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 3151a125c0..0430d4b7bd 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -20,9 +20,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" - image: gcr.io/ml-pipeline/frontend:1.0.0-rc.2 + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 0788d6659c..f6e9b9c7dc 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -22,7 +22,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.2 + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3 imagePullPolicy: Always name: ml-pipeline-viewer-crd serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml index 3425c9c468..4204e13687 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -15,7 +15,7 @@ spec: app: ml-pipeline-visualizationserver spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.2 + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 710fc1f72a..79adf2aab0 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -52,7 +52,17 @@ spec: configMapKeyRef: key: dbPort name: pipeline-install-config-2829cc67f8 - image: gcr.io/ml-pipeline/api-server:1.0.0-rc.2 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml index cfbf664638..77b5349e6c 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -23,7 +23,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3 imagePullPolicy: Always name: main restartPolicy: Always diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml index 9123645982..6c588c6913 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -56,7 +56,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server ports: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 60ba6b6e05..4b0a0d0c91 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -21,6 +21,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml index 9f643baeba..996689be19 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml @@ -28,9 +28,15 @@ spec: - /data env: - name: MINIO_ACCESS_KEY - value: minio + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact - name: MINIO_SECRET_KEY - value: minio123 + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance name: minio ports: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index 691d146fdd..a4f9177a0b 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.2 + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 0acc50d391..f38eb6fabe 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.2 + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 3151a125c0..0430d4b7bd 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -20,9 +20,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" - image: gcr.io/ml-pipeline/frontend:1.0.0-rc.2 + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 0788d6659c..f6e9b9c7dc 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -22,7 +22,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.2 + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3 imagePullPolicy: Always name: ml-pipeline-viewer-crd serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml index 3425c9c468..4204e13687 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -15,7 +15,7 @@ spec: app: ml-pipeline-visualizationserver spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.2 + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 710fc1f72a..79adf2aab0 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -52,7 +52,17 @@ spec: configMapKeyRef: key: dbPort name: pipeline-install-config-2829cc67f8 - image: gcr.io/ml-pipeline/api-server:1.0.0-rc.2 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml index cfbf664638..77b5349e6c 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -23,7 +23,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3 imagePullPolicy: Always name: main restartPolicy: Always diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml index 9123645982..6c588c6913 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -56,7 +56,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.2 + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server ports: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 60ba6b6e05..4b0a0d0c91 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -21,6 +21,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.2 + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml index 9f643baeba..996689be19 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml @@ -28,9 +28,15 @@ spec: - /data env: - name: MINIO_ACCESS_KEY - value: minio + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact - name: MINIO_SECRET_KEY - value: minio123 + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance name: minio ports: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index 691d146fdd..a4f9177a0b 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.2 + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 0acc50d391..f38eb6fabe 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -20,7 +20,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.2 + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 3151a125c0..0430d4b7bd 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -20,9 +20,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact - name: ALLOW_CUSTOM_VISUALIZATIONS value: "true" - image: gcr.io/ml-pipeline/frontend:1.0.0-rc.2 + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 0788d6659c..f6e9b9c7dc 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -22,7 +22,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.2 + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3 imagePullPolicy: Always name: ml-pipeline-viewer-crd serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml index 3425c9c468..4204e13687 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -15,7 +15,7 @@ spec: app: ml-pipeline-visualizationserver spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.2 + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 710fc1f72a..79adf2aab0 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -52,7 +52,17 @@ spec: configMapKeyRef: key: dbPort name: pipeline-install-config-2829cc67f8 - image: gcr.io/ml-pipeline/api-server:1.0.0-rc.2 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml index 5a08f8f366..d22f72415c 100644 --- a/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml +++ b/tests/stacks/ibm/test_data/expected/apps_v1_deployment_minio.yaml @@ -28,9 +28,15 @@ spec: - /data env: - name: MINIO_ACCESS_KEY - value: minio + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact - name: MINIO_SECRET_KEY - value: minio123 + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance name: minio ports: From 03a63d8b27f1b94053f87d3d59f2db9dfd869f46 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:11:29 +0800 Subject: [PATCH 32/45] fix pull kfp script to detect empty dir --- hack/pull_kfp_upstream.sh | 12 +- pipeline/upstream/Kptfile | 11 + pipeline/upstream/OWNERS | 8 + pipeline/upstream/README.md | 100 ++++++++ pipeline/upstream/STRUCTURE.md | 49 ++++ .../application-controller-deployment.yaml | 38 +++ .../application-controller-role.yaml | 21 ++ .../application-controller-rolebinding.yaml | 11 + .../application-controller-sa.yaml | 4 + .../application-controller-service.yaml | 13 + .../cluster-scoped/application-crd.yaml | 234 ++++++++++++++++++ .../cluster-scoped/kustomization.yaml | 4 + .../base/application/kustomization.yaml | 8 + .../argo/cluster-scoped/kustomization.yaml | 4 + .../argo/cluster-scoped/workflow-crd.yaml | 67 +++++ .../upstream/base/argo/kustomization.yaml | 8 + .../argo/workflow-controller-configmap.yaml | 28 +++ .../argo/workflow-controller-deployment.yaml | 51 ++++ .../base/argo/workflow-controller-role.yaml | 48 ++++ .../argo/workflow-controller-rolebinding.yaml | 11 + .../base/argo/workflow-controller-sa.yaml | 4 + .../cache-deployer-deployment.yaml | 29 +++ .../cache-deployer/cache-deployer-role.yaml | 15 ++ .../cache-deployer-rolebinding.yaml | 11 + .../cache-deployer-clusterrole.yaml | 24 ++ .../cache-deployer-clusterrolebinding.yaml | 12 + .../cluster-scoped/cache-deployer-sa.yaml | 4 + .../cluster-scoped/kustomization.yaml | 9 + .../base/cache-deployer/kustomization.yaml | 9 + .../upstream/base/cache/cache-deployment.yaml | 67 +++++ pipeline/upstream/base/cache/cache-role.yaml | 33 +++ .../base/cache/cache-rolebinding.yaml | 11 + pipeline/upstream/base/cache/cache-sa.yaml | 4 + .../upstream/base/cache/cache-service.yaml | 10 + .../upstream/base/cache/kustomization.yaml | 11 + pipeline/upstream/base/kustomization.yaml | 50 ++++ .../upstream/base/metadata/kustomization.yaml | 11 + .../metadata/metadata-envoy-deployment.yaml | 24 ++ .../base/metadata/metadata-envoy-service.yaml | 14 ++ .../metadata/metadata-grpc-configmap.yaml | 9 + .../metadata/metadata-grpc-deployment.yaml | 64 +++++ .../base/metadata/metadata-grpc-service.yaml | 14 ++ pipeline/upstream/base/params-db-secret.env | 2 + pipeline/upstream/base/params.env | 8 + pipeline/upstream/base/params.yaml | 8 + .../upstream/base/pipeline-application.yaml | 49 ++++ .../cluster-scoped/kustomization.yaml | 5 + .../scheduled-workflow-crd.yaml | 18 ++ .../pipeline/cluster-scoped/viewer-crd.yaml | 18 ++ .../base/pipeline/container-builder-sa.yaml | 4 + .../upstream/base/pipeline/kustomization.yaml | 47 ++++ .../metadata-writer/kustomization.yaml | 10 + .../metadata-writer-deployment.yaml | 25 ++ .../metadata-writer/metadata-writer-role.yaml | 33 +++ .../metadata-writer-rolebinding.yaml | 11 + .../metadata-writer/metadata-writer-sa.yaml | 4 + .../ml-pipeline-apiserver-deployment.yaml | 96 +++++++ .../pipeline/ml-pipeline-apiserver-role.yaml | 38 +++ .../ml-pipeline-apiserver-rolebinding.yaml | 13 + .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 + .../ml-pipeline-apiserver-service.yaml | 16 ++ ...-pipeline-persistenceagent-deployment.yaml | 25 ++ .../ml-pipeline-persistenceagent-role.yaml | 21 ++ ...pipeline-persistenceagent-rolebinding.yaml | 11 + .../ml-pipeline-persistenceagent-sa.yaml | 4 + ...pipeline-scheduledworkflow-deployment.yaml | 25 ++ .../ml-pipeline-scheduledworkflow-role.yaml | 38 +++ ...ipeline-scheduledworkflow-rolebinding.yaml | 11 + .../ml-pipeline-scheduledworkflow-sa.yaml | 4 + .../pipeline/ml-pipeline-ui-deployment.yaml | 63 +++++ .../base/pipeline/ml-pipeline-ui-role.yaml | 44 ++++ .../pipeline/ml-pipeline-ui-rolebinding.yaml | 13 + .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 + .../base/pipeline/ml-pipeline-ui-service.yaml | 14 ++ .../ml-pipeline-viewer-crd-deployment.yaml | 27 ++ .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 +++ .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 + .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 + .../ml-pipeline-visualization-deployment.yaml | 47 ++++ .../ml-pipeline-visualization-sa.yaml | 4 + .../ml-pipeline-visualization-service.yaml | 12 + .../base/pipeline/pipeline-runner-role.yaml | 80 ++++++ .../pipeline/pipeline-runner-rolebinding.yaml | 11 + .../base/pipeline/pipeline-runner-sa.yaml | 4 + .../kustomization.yaml | 25 ++ .../cluster-scoped-resources/namespace.yaml | 4 + .../cluster-scoped-resources/params.yaml | 4 + pipeline/upstream/env/dev/kustomization.yaml | 13 + .../cloudsql-proxy-deployment.yaml | 44 ++++ .../env/gcp/cloudsql-proxy/kustomization.yaml | 5 + .../env/gcp/cloudsql-proxy/mysql-service.yaml | 9 + .../env/gcp/gcp-configurations-patch.yaml | 22 ++ .../env/gcp/inverse-proxy/kustomization.yaml | 11 + .../gcp/inverse-proxy/proxy-configmap.yaml | 4 + .../gcp/inverse-proxy/proxy-deployment.yaml | 21 ++ .../env/gcp/inverse-proxy/proxy-role.yaml | 13 + .../gcp/inverse-proxy/proxy-rolebinding.yaml | 13 + .../env/gcp/inverse-proxy/proxy-sa.yaml | 4 + pipeline/upstream/env/gcp/kustomization.yaml | 22 ++ .../gcp/minio-gcs-gateway/kustomization.yaml | 11 + .../minio-artifact-secret.env | 2 + .../minio-gcs-gateway-deployment.yaml | 42 ++++ .../minio-gcs-gateway-service.yaml | 11 + pipeline/upstream/env/gcp/params.env | 6 + .../env/platform-agnostic/kustomization.yaml | 19 ++ .../minio/kustomization.yaml | 12 + .../minio/minio-artifact-secret.env | 2 + .../minio/minio-deployment.yaml | 44 ++++ .../platform-agnostic/minio/minio-pvc.yaml | 10 + .../minio/minio-service.yaml | 12 + .../mysql/kustomization.yaml | 6 + .../mysql/mysql-deployment.yaml | 33 +++ .../mysql/mysql-pv-claim.yaml | 10 + .../mysql/mysql-service.yaml | 11 + .../upstream/gcp-workload-identity-setup.sh | 131 ++++++++++ pipeline/upstream/hack/format.sh | 39 +++ pipeline/upstream/hack/release.sh | 42 ++++ pipeline/upstream/sample/README.md | 78 ++++++ .../kustomization.yaml | 8 + pipeline/upstream/sample/kustomization.yaml | 28 +++ pipeline/upstream/sample/params-db-secret.env | 2 + pipeline/upstream/sample/params.env | 4 + pipeline/upstream/wi-utils.sh | 85 +++++++ 123 files changed, 2943 insertions(+), 4 deletions(-) create mode 100644 pipeline/upstream/Kptfile create mode 100644 pipeline/upstream/OWNERS create mode 100644 pipeline/upstream/README.md create mode 100644 pipeline/upstream/STRUCTURE.md create mode 100644 pipeline/upstream/base/application/application-controller-deployment.yaml create mode 100644 pipeline/upstream/base/application/application-controller-role.yaml create mode 100644 pipeline/upstream/base/application/application-controller-rolebinding.yaml create mode 100644 pipeline/upstream/base/application/application-controller-sa.yaml create mode 100644 pipeline/upstream/base/application/application-controller-service.yaml create mode 100644 pipeline/upstream/base/application/cluster-scoped/application-crd.yaml create mode 100644 pipeline/upstream/base/application/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/application/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml create mode 100644 pipeline/upstream/base/argo/kustomization.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-configmap.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-deployment.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-role.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml create mode 100644 pipeline/upstream/base/argo/workflow-controller-sa.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml create mode 100644 pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/cache-deployer/kustomization.yaml create mode 100644 pipeline/upstream/base/cache/cache-deployment.yaml create mode 100644 pipeline/upstream/base/cache/cache-role.yaml create mode 100644 pipeline/upstream/base/cache/cache-rolebinding.yaml create mode 100644 pipeline/upstream/base/cache/cache-sa.yaml create mode 100644 pipeline/upstream/base/cache/cache-service.yaml create mode 100644 pipeline/upstream/base/cache/kustomization.yaml create mode 100644 pipeline/upstream/base/kustomization.yaml create mode 100644 pipeline/upstream/base/metadata/kustomization.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-envoy-service.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml create mode 100644 pipeline/upstream/base/metadata/metadata-grpc-service.yaml create mode 100644 pipeline/upstream/base/params-db-secret.env create mode 100644 pipeline/upstream/base/params.env create mode 100644 pipeline/upstream/base/params.yaml create mode 100644 pipeline/upstream/base/pipeline-application.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml create mode 100644 pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml create mode 100644 pipeline/upstream/base/pipeline/container-builder-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/kustomization.yaml create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml create mode 100644 pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-role.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml create mode 100644 pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/namespace.yaml create mode 100644 pipeline/upstream/cluster-scoped-resources/params.yaml create mode 100644 pipeline/upstream/env/dev/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml create mode 100644 pipeline/upstream/env/gcp/gcp-configurations-patch.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml create mode 100644 pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml create mode 100644 pipeline/upstream/env/gcp/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml create mode 100644 pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml create mode 100644 pipeline/upstream/env/gcp/params.env create mode 100644 pipeline/upstream/env/platform-agnostic/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml create mode 100644 pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml create mode 100755 pipeline/upstream/gcp-workload-identity-setup.sh create mode 100755 pipeline/upstream/hack/format.sh create mode 100755 pipeline/upstream/hack/release.sh create mode 100644 pipeline/upstream/sample/README.md create mode 100644 pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml create mode 100644 pipeline/upstream/sample/kustomization.yaml create mode 100644 pipeline/upstream/sample/params-db-secret.env create mode 100644 pipeline/upstream/sample/params.env create mode 100644 pipeline/upstream/wi-utils.sh diff --git a/hack/pull_kfp_upstream.sh b/hack/pull_kfp_upstream.sh index d584325ee6..0d986871df 100755 --- a/hack/pull_kfp_upstream.sh +++ b/hack/pull_kfp_upstream.sh @@ -10,11 +10,15 @@ set -ex # pipelines version. export PIPELINES_VERSION=1.0.0-rc.3 export PIPELINES_SRC_REPO=https://github.com/kubeflow/pipelines.git -# Pulling for the first time -# kpt pkg get $PIPELINES_SRC_REPO/manifests/kustomize@$PIPELINES_VERSION pipeline/upstream -# Updates -kpt pkg update pipeline/upstream/@$PIPELINES_VERSION --strategy force-delete-replace +if [ -d pipeline/upstream ]; then + # Updates + kpt pkg update pipeline/upstream/@$PIPELINES_VERSION --strategy force-delete-replace +else + # Pulling for the first time + kpt pkg get $PIPELINES_SRC_REPO/manifests/kustomize@$PIPELINES_VERSION pipeline/upstream +fi + # Before kubeflow/pipelines/manifests/kustomize supports kustomize v3.5+, we # have to convert kustomization.yaml env to envs syntax, so that it is compatible # with latest kustomize used in kubeflow/manifests. diff --git a/pipeline/upstream/Kptfile b/pipeline/upstream/Kptfile new file mode 100644 index 0000000000..350c65c2b9 --- /dev/null +++ b/pipeline/upstream/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1alpha1 +kind: Kptfile +metadata: + name: upstream +upstream: + type: git + git: + commit: 7a0df42fa5555110f2ada71a2728efc32d5a8110 + repo: https://github.com/kubeflow/pipelines + directory: /manifests/kustomize + ref: 1.0.0-rc.3 diff --git a/pipeline/upstream/OWNERS b/pipeline/upstream/OWNERS new file mode 100644 index 0000000000..95ccd02456 --- /dev/null +++ b/pipeline/upstream/OWNERS @@ -0,0 +1,8 @@ +approvers: + - Bobgy + - IronPan + - rmgogogo +reviewers: + - Bobgy + - IronPan + - rmgogogo diff --git a/pipeline/upstream/README.md b/pipeline/upstream/README.md new file mode 100644 index 0000000000..c082edc8df --- /dev/null +++ b/pipeline/upstream/README.md @@ -0,0 +1,100 @@ +# Install Kubeflow Pipelines + +This folder contains Kubeflow Pipelines Kustomize manifests for a light weight +deployment. You can follow the instruction and deploy Kubeflow Pipelines in an +existing cluster. + +To install Kubeflow Pipelines, you have several options. +- Via [GCP AI Platform UI](http://console.cloud.google.com/ai-platform/pipelines). +- Via an upcoming commandline tool. +- Via Kubectl with Kustomize, it's detailed here. + - Community maintains a repo [here](https://github.com/e2fyi/kubeflow-aws/tree/master/pipelines) for AWS. + +## Install via Kustomize + +Deploy latest version of Kubeflow Pipelines. + +It uses following default settings. +- image: latest released images +- namespace: kubeflow +- application name: pipeline + +### Option-1 Install it to any K8s cluster +It's based on in-cluster PersistentVolumeClaim storage. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s +kubectl apply -k env/platform-agnostic/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s +kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 +``` +Now you can access it via localhost:8080 + +### Option-2 Install it to GCP with in-cluster PersistentVolumeClaim storage +It's based on in-cluster PersistentVolumeClaim storage. +Additionally, it introduced a proxy in GCP to allow user easily access KFP safely. + +``` +kubectl apply -k cluster-scoped-resources/ +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k env/dev/ +kubectl wait applications/pipeline -n kubeflow --for condition=Ready --timeout=1800s + +# Or visit http://console.cloud.google.com/ai-platform/pipelines +kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com +``` + +### Option-3 Install it to GCP with CloudSQL & GCS-Minio managed storage +Its storage is based on CloudSQL & GCS. It's better than others for production usage. + +Please following [sample](sample/README.md) for a customized installation. + +## Uninstall + +If the installation is based on CloudSQL/GCS, after the uninstall, the data is still there, +reinstall a newer version can reuse the data. + +``` +### 1. namespace scoped +# Depends on how you installed it: +kubectl kustomize env/platform-agnostic | kubectl delete -f - +# or +kubectl kustomize env/dev | kubectl delete -f - +# or +kubectl kustomize env/gcp | kubectl delete -f - +# or +kubectl delete applications/pipeline -n kubeflow + +### 2. cluster scoped +kubectl delete -k cluster-scoped-resources/ +``` + +## Troubleshooting + +### Permission error installing Kubeflow Pipelines to a cluster + +Run + +``` +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +### Samples requires "user-gcp-sa" secret + +If sample code requires a "user-gcp-sa" secret, you could create one by + +- First download the GCE VM service account token + [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) + +``` +gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com +``` + +- Run + +``` +kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json` +``` diff --git a/pipeline/upstream/STRUCTURE.md b/pipeline/upstream/STRUCTURE.md new file mode 100644 index 0000000000..86a7835b9c --- /dev/null +++ b/pipeline/upstream/STRUCTURE.md @@ -0,0 +1,49 @@ +# Kubeflow Pipelines Kustomize Manifest Folder Structure + +Folder structure: +``` +kustomize +├── cluster-scoped-resources +│ ├── README.md (explains this folder structure) +│ └── kustomization.yaml (lists all cluster-scoped folders in base/) +├── base +│ ├── cache-deployer +│ │ ├── cluster-scoped (not included in cache-deployer's kustomization.yaml) +│ │ │ ├── clusteroles +│ │ │ └── clusterrolebindings +| | └── ... (namespace scoped) +│ ├── argo +│ │ ├── cluster-scoped +│ │ │ └── workflow-crd.yaml +| | └── ... (namespace scoped) +│ ├── application +│ │ ├── cluster-scoped +│ │ │ ├── application-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ ├── pipeline +│ │ ├── cluster-scoped +│ │ │ ├── viewer-crd.yaml +│ │ │ ├── scheduledworkflow-crd.yaml +│ │ │ └── ... +| | └── ... (namespace scoped) +│ └── ... +└── env + ├── platform-agnostic + │ └── kustomization.yaml (based on "base") + ├── dev + │ └── kustomization.yaml (based on "env/platform-agnostic") + └── gcp + └── kustomization.yaml (based on "base") +``` + +* User facing manifest entrypoint is `cluster-scoped-resources` package and `env/` package. + * `cluster-scoped-resources` should collect all cluster-scoped resources. + * `env/` should collect env specific namespace scoped resources. +* Universal components live in `base/` folders. + * If a component requires cluster-scoped resources, it should have a folder inside named `cluster-scoped` with related resources, but note that `base//kustomization.yaml` shouldn't include the `cluster-scoped` folder. `cluster-scoped` folders should be collected by top level `cluster-scoped-resources` folder. +* Env specific overlays live in `env/` folders. + +Constraints we need to comply with (that drove above structure): +* CRDs must be applied separately, because if we apply CRs in the same `kubectl apply` command, the CRD may not have been accepted by k8s api server (e.g. Application CRD). +* [A Kubeflow 1.0 constraint](https://github.com/kubeflow/pipelines/issues/2884#issuecomment-577158715) is that we should separate cluster scoped resources from namespace scoped resources, because sometimes different roles are required to deploy them. Cluster scoped resources usually need a cluster admin role, while namespaced resources can be deployed by individual teams managing a namespace. diff --git a/pipeline/upstream/base/application/application-controller-deployment.yaml b/pipeline/upstream/base/application/application-controller-deployment.yaml new file mode 100644 index 0000000000..b4cc7042d9 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-deployment.yaml @@ -0,0 +1,38 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + matchLabels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /root/manager + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application diff --git a/pipeline/upstream/base/application/application-controller-role.yaml b/pipeline/upstream/base/application/application-controller-role.yaml new file mode 100644 index 0000000000..a17dbaea09 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: application-manager-role +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' diff --git a/pipeline/upstream/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/base/application/application-controller-rolebinding.yaml new file mode 100644 index 0000000000..71a3f42d24 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: application-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: application-manager-role +subjects: +- kind: ServiceAccount + name: application diff --git a/pipeline/upstream/base/application/application-controller-sa.yaml b/pipeline/upstream/base/application/application-controller-sa.yaml new file mode 100644 index 0000000000..bd13039151 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: application diff --git a/pipeline/upstream/base/application/application-controller-service.yaml b/pipeline/upstream/base/application/application-controller-service.yaml new file mode 100644 index 0000000000..f5f7d8bac6 --- /dev/null +++ b/pipeline/upstream/base/application/application-controller-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: controller-manager-service + labels: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +spec: + selector: + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + ports: + - port: 443 diff --git a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml new file mode 100644 index 0000000000..0cbab2d480 --- /dev/null +++ b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml @@ -0,0 +1,234 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + kind: Application + plural: applications + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addOwnerRef: + type: boolean + assemblyPhase: + type: string + componentKinds: + items: + type: object + type: array + descriptor: + properties: + description: + type: string + icons: + items: + properties: + size: + type: string + src: + type: string + type: + type: string + required: + - src + type: object + type: array + keywords: + items: + type: string + type: array + links: + items: + properties: + description: + type: string + url: + type: string + type: object + type: array + maintainers: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + notes: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + type: + type: string + version: + type: string + type: object + info: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + ingressRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + host: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + secretKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + serviceRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + port: + format: int32 + type: integer + resourceVersion: + type: string + uid: + type: string + type: object + type: + type: string + type: object + type: object + type: array + selector: + type: object + type: object + status: + properties: + components: + items: + properties: + group: + type: string + kind: + type: string + link: + type: string + name: + type: string + status: + type: string + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + type: object + version: v1beta1 diff --git a/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..0fc4e0bb3f --- /dev/null +++ b/pipeline/upstream/base/application/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-crd.yaml diff --git a/pipeline/upstream/base/application/kustomization.yaml b/pipeline/upstream/base/application/kustomization.yaml new file mode 100644 index 0000000000..8d65bf8915 --- /dev/null +++ b/pipeline/upstream/base/application/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- application-controller-deployment.yaml +- application-controller-role.yaml +- application-controller-rolebinding.yaml +- application-controller-sa.yaml +- application-controller-service.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..262cc50515 --- /dev/null +++ b/pipeline/upstream/base/argo/cluster-scoped/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- workflow-crd.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml new file mode 100644 index 0000000000..5a7b6a3aff --- /dev/null +++ b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml @@ -0,0 +1,67 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + version: v1alpha1 + scope: Namespaced + names: + kind: Workflow + plural: workflows + shortNames: + - wf + additionalPrinterColumns: + - JSONPath: .status.phase + description: Status of the workflow + name: Status + type: string + - JSONPath: .status.startedAt + description: When the workflow was started + format: date-time + name: Age + type: date +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + plural: cronworkflows + shortNames: + - cronwf + - cwf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + plural: workflowtemplates + shortNames: + - wftmpl + scope: Namespaced + version: v1alpha1 diff --git a/pipeline/upstream/base/argo/kustomization.yaml b/pipeline/upstream/base/argo/kustomization.yaml new file mode 100644 index 0000000000..c949a8ac30 --- /dev/null +++ b/pipeline/upstream/base/argo/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- workflow-controller-configmap.yaml +- workflow-controller-deployment.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml +- workflow-controller-sa.yaml diff --git a/pipeline/upstream/base/argo/workflow-controller-configmap.yaml b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml new file mode 100644 index 0000000000..ffb01c5fbd --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + { + namespace: $(kfp-namespace), + executorImage: gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance, + artifactRepository: + { + s3: { + bucket: $(kfp-artifact-bucket-name), + keyPrefix: artifacts, + endpoint: minio-service.$(kfp-namespace):9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + }, + archiveLogs: true + } + } diff --git a/pipeline/upstream/base/argo/workflow-controller-deployment.yaml b/pipeline/upstream/base/argo/workflow-controller-deployment.yaml new file mode 100644 index 0000000000..9395f80895 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v2.7.5-license-compliance + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/workflow-controller:v2.7.5-license-compliance + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/pipeline/upstream/base/argo/workflow-controller-role.yaml b/pipeline/upstream/base/argo/workflow-controller-role.yaml new file mode 100644 index 0000000000..d79208a99a --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-role.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + verbs: + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml new file mode 100644 index 0000000000..0484f455b8 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo diff --git a/pipeline/upstream/base/argo/workflow-controller-sa.yaml b/pipeline/upstream/base/argo/workflow-controller-sa.yaml new file mode 100644 index 0000000000..f3d5885df9 --- /dev/null +++ b/pipeline/upstream/base/argo/workflow-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml new file mode 100644 index 0000000000..d4c3ae3a86 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment + labels: + app: cache-deployer +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/cache-deployer:dummy + imagePullPolicy: Always + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-cache-deployer-sa + restartPolicy: Always diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml new file mode 100644 index 0000000000..6211517140 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..36ed4963a5 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..c0f19d7575 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa +# namespace will be added by kustomize automatically according to the namespace field in kustomization.yaml diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml new file mode 100644 index 0000000000..affada3d10 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..62374373b3 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-clusterrole.yaml +- cache-deployer-clusterrolebinding.yaml +# HACK: although a service account(SA) is not a cluster-scoped resource. +# Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add +# namespace for the clusterrolebinding's SA ref. +- cache-deployer-sa.yaml diff --git a/pipeline/upstream/base/cache-deployer/kustomization.yaml b/pipeline/upstream/base/cache-deployer/kustomization.yaml new file mode 100644 index 0000000000..9a95905720 --- /dev/null +++ b/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployer-role.yaml +- cache-deployer-rolebinding.yaml +- cache-deployer-deployment.yaml +images: +- name: gcr.io/ml-pipeline/cache-deployer + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/cache/cache-deployment.yaml b/pipeline/upstream/base/cache/cache-deployment.yaml new file mode 100644 index 0000000000..02bfa22a89 --- /dev/null +++ b/pipeline/upstream/base/cache/cache-deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-server + labels: + app: cache-server +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - name: server + image: gcr.io/ml-pipeline/cache-server:dummy + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: cacheDb + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] + imagePullPolicy: Always + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - name: webhook-tls-certs + mountPath: /etc/webhook/certs + readOnly: true + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls + serviceAccountName: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-role.yaml b/pipeline/upstream/base/cache/cache-role.yaml new file mode 100644 index 0000000000..de613b427b --- /dev/null +++ b/pipeline/upstream/base/cache/cache-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/base/cache/cache-rolebinding.yaml b/pipeline/upstream/base/cache/cache-rolebinding.yaml new file mode 100644 index 0000000000..48541bfb8a --- /dev/null +++ b/pipeline/upstream/base/cache/cache-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-sa.yaml b/pipeline/upstream/base/cache/cache-sa.yaml new file mode 100644 index 0000000000..232ddd15cf --- /dev/null +++ b/pipeline/upstream/base/cache/cache-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache diff --git a/pipeline/upstream/base/cache/cache-service.yaml b/pipeline/upstream/base/cache/cache-service.yaml new file mode 100644 index 0000000000..980619837b --- /dev/null +++ b/pipeline/upstream/base/cache/cache-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server +spec: + selector: + app: cache-server + ports: + - port: 443 + targetPort: webhook-api diff --git a/pipeline/upstream/base/cache/kustomization.yaml b/pipeline/upstream/base/cache/kustomization.yaml new file mode 100644 index 0000000000..f7479e89b1 --- /dev/null +++ b/pipeline/upstream/base/cache/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cache-deployment.yaml +- cache-service.yaml +- cache-role.yaml +- cache-rolebinding.yaml +- cache-sa.yaml +images: +- name: gcr.io/ml-pipeline/cache-server + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/kustomization.yaml b/pipeline/upstream/base/kustomization.yaml new file mode 100644 index 0000000000..5ce1fb13e7 --- /dev/null +++ b/pipeline/upstream/base/kustomization.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +bases: +- application +- argo +- pipeline +- metadata +- cache +- cache-deployer +resources: +- pipeline-application.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + envs: ["params.env"] +secretGenerator: +- name: mysql-secret + envs: ["params-db-secret.env"] +vars: +- name: kfp-namespace + objref: + kind: Deployment + apiVersion: apps/v1 + name: ml-pipeline + fieldref: + fieldpath: metadata.namespace +- name: kfp-app-name + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appName +- name: kfp-app-version + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.appVersion +- name: kfp-artifact-bucket-name + objref: + kind: ConfigMap + name: pipeline-install-config + apiVersion: v1 + fieldref: + fieldpath: data.bucketName +configurations: +- params.yaml diff --git a/pipeline/upstream/base/metadata/kustomization.yaml b/pipeline/upstream/base/metadata/kustomization.yaml new file mode 100644 index 0000000000..517d6eb23a --- /dev/null +++ b/pipeline/upstream/base/metadata/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- metadata-grpc-configmap.yaml +- metadata-grpc-deployment.yaml +- metadata-grpc-service.yaml +- metadata-envoy-deployment.yaml +- metadata-envoy-service.yaml +images: +- name: gcr.io/ml-pipeline/metadata-envoy + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..3de11bea0c --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-envoy-deployment.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-envoy-deployment + labels: + component: metadata-envoy +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-envoy + template: + metadata: + labels: + component: metadata-envoy + spec: + containers: + - name: container + image: gcr.io/ml-pipeline/metadata-envoy:dummy + ports: + - name: md-envoy + containerPort: 9090 + - name: envoy-admin + containerPort: 9901 diff --git a/pipeline/upstream/base/metadata/metadata-envoy-service.yaml b/pipeline/upstream/base/metadata/metadata-envoy-service.yaml new file mode 100644 index 0000000000..42166c85cc --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-envoy-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata-envoy + name: metadata-envoy-service +spec: + selector: + component: metadata-envoy + type: ClusterIP + ports: + - port: 9090 + protocol: TCP + name: md-envoy diff --git a/pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml b/pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..08cc7e6927 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-grpc-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-grpc-configmap + labels: + component: metadata-grpc-server +data: + METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" + METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5750e77f09 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-grpc-deployment + labels: + component: metadata-grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: metadata-grpc-server + template: + metadata: + labels: + component: metadata-grpc-server + spec: + containers: + - name: container + image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.21.1 + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: mlmdDb + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + command: ["/bin/metadata_store_server"] + args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)"] + ports: + - name: grpc-api + containerPort: 8080 + livenessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + readinessProbe: + tcpSocket: + port: grpc-api + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/pipeline/upstream/base/metadata/metadata-grpc-service.yaml b/pipeline/upstream/base/metadata/metadata-grpc-service.yaml new file mode 100644 index 0000000000..7e7b73bf02 --- /dev/null +++ b/pipeline/upstream/base/metadata/metadata-grpc-service.yaml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + labels: + app: metadata + name: metadata-grpc-service +spec: + selector: + component: metadata-grpc-server + type: ClusterIP + ports: + - port: 8080 + protocol: TCP + name: grpc-api diff --git a/pipeline/upstream/base/params-db-secret.env b/pipeline/upstream/base/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/base/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/base/params.env b/pipeline/upstream/base/params.env new file mode 100644 index 0000000000..2a95710eda --- /dev/null +++ b/pipeline/upstream/base/params.env @@ -0,0 +1,8 @@ +appName=pipeline +appVersion=1.0.0-rc.3 +dbHost=mysql +dbPort=3306 +mlmdDb=metadb +cacheDb=cachedb +pipelineDb=mlpipeline +bucketName=mlpipeline diff --git a/pipeline/upstream/base/params.yaml b/pipeline/upstream/base/params.yaml new file mode 100644 index 0000000000..1f99ef2c53 --- /dev/null +++ b/pipeline/upstream/base/params.yaml @@ -0,0 +1,8 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: metadata/name + kind: Application +- path: spec/descriptor/version + kind: Application diff --git a/pipeline/upstream/base/pipeline-application.yaml b/pipeline/upstream/base/pipeline-application.yaml new file mode 100644 index 0000000000..af30078c88 --- /dev/null +++ b/pipeline/upstream/base/pipeline-application.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: $(kfp-app-name) + annotations: + kubernetes-engine.cloud.google.com/icon: >- + data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", + "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' +spec: + addOwnerRef: true + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + descriptor: + version: $(kfp-app-version) + type: Kubeflow Pipelines + description: |- + Reusable end-to-end ML workflow + maintainers: + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + links: + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ + notes: |- + Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + info: + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml new file mode 100644 index 0000000000..9a92c2ced6 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- scheduled-workflow-crd.yaml +- viewer-crd.yaml diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/pipeline/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/pipeline/upstream/base/pipeline/container-builder-sa.yaml b/pipeline/upstream/base/pipeline/container-builder-sa.yaml new file mode 100644 index 0000000000..aa65bd9bbf --- /dev/null +++ b/pipeline/upstream/base/pipeline/container-builder-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder diff --git a/pipeline/upstream/base/pipeline/kustomization.yaml b/pipeline/upstream/base/pipeline/kustomization.yaml new file mode 100644 index 0000000000..a8c518780e --- /dev/null +++ b/pipeline/upstream/base/pipeline/kustomization.yaml @@ -0,0 +1,47 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- metadata-writer +resources: +- ml-pipeline-apiserver-deployment.yaml +- ml-pipeline-apiserver-role.yaml +- ml-pipeline-apiserver-rolebinding.yaml +- ml-pipeline-apiserver-sa.yaml +- ml-pipeline-apiserver-service.yaml +- ml-pipeline-persistenceagent-deployment.yaml +- ml-pipeline-persistenceagent-role.yaml +- ml-pipeline-persistenceagent-rolebinding.yaml +- ml-pipeline-persistenceagent-sa.yaml +- ml-pipeline-scheduledworkflow-deployment.yaml +- ml-pipeline-scheduledworkflow-role.yaml +- ml-pipeline-scheduledworkflow-rolebinding.yaml +- ml-pipeline-scheduledworkflow-sa.yaml +- ml-pipeline-ui-deployment.yaml +- ml-pipeline-ui-role.yaml +- ml-pipeline-ui-rolebinding.yaml +- ml-pipeline-ui-sa.yaml +- ml-pipeline-ui-service.yaml +- ml-pipeline-viewer-crd-role.yaml +- ml-pipeline-viewer-crd-rolebinding.yaml +- ml-pipeline-viewer-crd-deployment.yaml +- ml-pipeline-viewer-crd-sa.yaml +- ml-pipeline-visualization-deployment.yaml +- ml-pipeline-visualization-sa.yaml +- ml-pipeline-visualization-service.yaml +- pipeline-runner-role.yaml +- pipeline-runner-rolebinding.yaml +- pipeline-runner-sa.yaml +- container-builder-sa.yaml +images: +- name: gcr.io/ml-pipeline/api-server + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/frontend + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 1.0.0-rc.3 +- name: gcr.io/ml-pipeline/visualization-server + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml new file mode 100644 index 0000000000..51503e59d1 --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- metadata-writer-deployment.yaml +- metadata-writer-role.yaml +- metadata-writer-rolebinding.yaml +- metadata-writer-sa.yaml +images: +- name: gcr.io/ml-pipeline/metadata-writer + newTag: 1.0.0-rc.3 diff --git a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml new file mode 100644 index 0000000000..c51903d356 --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: metadata-writer + labels: + app: metadata-writer +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - name: main + image: gcr.io/ml-pipeline/metadata-writer:dummy + env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml new file mode 100644 index 0000000000..06317b0845 --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml new file mode 100644 index 0000000000..37263d4a8c --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml new file mode 100644 index 0000000000..77812949a8 --- /dev/null +++ b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml new file mode 100644 index 0000000000..46dbc98dd5 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -0,0 +1,96 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: pipelineDb + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + image: gcr.io/ml-pipeline/api-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - name: http + containerPort: 8888 + - name: grpc + containerPort: 8887 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml new file mode 100644 index 0000000000..3fdfeaaa9f --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml new file mode 100644 index 0000000000..78cef70d51 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml new file mode 100644 index 0000000000..95ff3141e6 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml new file mode 100644 index 0000000000..49de02bafb --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml new file mode 100644 index 0000000000..968f13a6cf --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..72757fffd8 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml new file mode 100644 index 0000000000..a690f20cbf --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml new file mode 100644 index 0000000000..158591534c --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml new file mode 100644 index 0000000000..c0ff7e68df --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - image: gcr.io/ml-pipeline/scheduledworkflow:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..187272a976 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - '' + resources: + - events + verbs: + - create + - patch diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml new file mode 100644 index 0000000000..c2d10f6e63 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml new file mode 100644 index 0000000000..285c13742f --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml new file mode 100644 index 0000000000..600909d83d --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - image: gcr.io/ml-pipeline/frontend:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml new file mode 100644 index 0000000000..0fc42c94fe --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-role.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "kubeflow.org" + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - "argoproj.io" + resources: + - workflows + verbs: + - get + - list diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml new file mode 100644 index 0000000000..e829835420 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml new file mode 100644 index 0000000000..4c890a27bb --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml new file mode 100644 index 0000000000..093ad8ca2c --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml new file mode 100644 index 0000000000..0135a5c0ed --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml new file mode 100644 index 0000000000..73bf032fdd --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml new file mode 100644 index 0000000000..bd1f77a837 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml new file mode 100644 index 0000000000..5dd08f8843 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml new file mode 100644 index 0000000000..a755e51be7 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:dummy + imagePullPolicy: IfNotPresent + name: ml-pipeline-visualizationserver + ports: + - name: http + containerPort: 8888 + readinessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + livenessProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml new file mode 100644 index 0000000000..e1bbc6ad27 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml new file mode 100644 index 0000000000..a4c7e42cb0 --- /dev/null +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml new file mode 100644 index 0000000000..e81fd91a53 --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml new file mode 100644 index 0000000000..9adae61887 --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner diff --git a/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml b/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml new file mode 100644 index 0000000000..8cb2c669fb --- /dev/null +++ b/pipeline/upstream/base/pipeline/pipeline-runner-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner diff --git a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..fb3f5aae97 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- namespace.yaml +bases: +- ../base/application/cluster-scoped +- ../base/argo/cluster-scoped +- ../base/pipeline/cluster-scoped +- ../base/cache-deployer/cluster-scoped +vars: +# NOTE: var name must be unique globally to allow composition of multiple kustomize +# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from +# others. +- name: kfp-cluster-scoped-namespace + objref: + # cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml + # so that we only need to change kustomization.yaml's namespace field for namespace customization. + kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace +configurations: +- params.yaml diff --git a/pipeline/upstream/cluster-scoped-resources/namespace.yaml b/pipeline/upstream/cluster-scoped-resources/namespace.yaml new file mode 100644 index 0000000000..3c65856e7b --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: '$(kfp-cluster-scoped-namespace)' diff --git a/pipeline/upstream/cluster-scoped-resources/params.yaml b/pipeline/upstream/cluster-scoped-resources/params.yaml new file mode 100644 index 0000000000..cc253fe266 --- /dev/null +++ b/pipeline/upstream/cluster-scoped-resources/params.yaml @@ -0,0 +1,4 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace diff --git a/pipeline/upstream/env/dev/kustomization.yaml b/pipeline/upstream/env/dev/kustomization.yaml new file mode 100644 index 0000000000..96318d6f63 --- /dev/null +++ b/pipeline/upstream/env/dev/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../platform-agnostic +- ../gcp/inverse-proxy +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources +namespace: kubeflow diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml new file mode 100644 index 0000000000..001dd89247 --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloudsqlproxy + labels: + app: cloudsqlproxy +spec: + selector: + matchLabels: + app: cloudsqlproxy + replicas: 1 + template: + metadata: + labels: + app: cloudsqlproxy + spec: + containers: + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + env: + - name: GCP_CLOUDSQL_INSTANCE_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsCloudSqlInstanceName + command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql + volumes: + - name: cloudsql + emptyDir: diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml new file mode 100644 index 0000000000..87f162bcbd --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cloudsql-proxy-deployment.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml new file mode 100644 index 0000000000..d93921d040 --- /dev/null +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: cloudsqlproxy diff --git a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml new file mode 100644 index 0000000000..a02ce98c71 --- /dev/null +++ b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + value: 'true' + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId diff --git a/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml new file mode 100644 index 0000000000..f91249a5e2 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: gcr.io/ml-pipeline/inverse-proxy-agent + newTag: 1.0.0-rc.3 +resources: +- proxy-configmap.yaml +- proxy-deployment.yaml +- proxy-role.yaml +- proxy-rolebinding.yaml +- proxy-sa.yaml diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml new file mode 100644 index 0000000000..c469f7acb9 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: inverse-proxy-config diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml new file mode 100644 index 0000000000..faf3e47309 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: proxy-agent + name: proxy-agent +spec: + selector: + matchLabels: + app: proxy-agent + template: + metadata: + labels: + app: proxy-agent + spec: + hostNetwork: true + containers: + - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy + imagePullPolicy: IfNotPresent + name: proxy-agent + serviceAccountName: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml new file mode 100644 index 0000000000..b4fae7b750 --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml new file mode 100644 index 0000000000..72f1fc0d6f --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxy-agent-runner +subjects: +- kind: ServiceAccount + name: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml new file mode 100644 index 0000000000..af8b0c3c2d --- /dev/null +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-agent-runner diff --git a/pipeline/upstream/env/gcp/kustomization.yaml b/pipeline/upstream/env/gcp/kustomization.yaml new file mode 100644 index 0000000000..8cc703dbb8 --- /dev/null +++ b/pipeline/upstream/env/gcp/kustomization.yaml @@ -0,0 +1,22 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- inverse-proxy +- minio-gcs-gateway +- cloudsql-proxy +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +patchesStrategicMerge: +- gcp-configurations-patch.yaml +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + envs: ["params.env"] + behavior: merge diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml new file mode 100644 index 0000000000..728b4d3730 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-gcs-gateway-deployment.yaml +- minio-gcs-gateway-service.yaml +secretGenerator: +- name: mlpipeline-minio-artifact + envs: ["minio-artifact-secret.env"] +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env new file mode 100644 index 0000000000..bc8613ce2a --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=minio +secretkey=minio123 diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml new file mode 100644 index 0000000000..12efb5e042 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + args: + - gateway + - gcs + - $(GCP_PROJECT_ID) + env: + - name: GCP_PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + ports: + - containerPort: 9000 diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml new file mode 100644 index 0000000000..6f542967e7 --- /dev/null +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio diff --git a/pipeline/upstream/env/gcp/params.env b/pipeline/upstream/env/gcp/params.env new file mode 100644 index 0000000000..0c1d077bee --- /dev/null +++ b/pipeline/upstream/env/gcp/params.env @@ -0,0 +1,6 @@ +pipelineDb=pipelinedb +mlmdDb=metadb +cacheDb=cachedb +bucketName=yourGcsBucketName +gcsProjectId=yourGcsProjectId +gcsCloudSqlInstanceName=yourCloudSqlInstanceName diff --git a/pipeline/upstream/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/kustomization.yaml new file mode 100644 index 0000000000..c5773ad03f --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +- minio +- mysql +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# !!! If you want to customize the namespace, +# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml +namespace: kubeflow +images: +- name: mysql + newTag: "5.6" +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml new file mode 100644 index 0000000000..48161f4f25 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio-deployment.yaml +- minio-pvc.yaml +- minio-service.yaml +secretGenerator: +- name: mlpipeline-minio-artifact + envs: ["minio-artifact-secret.env"] +generatorOptions: + # mlpipeline-minio-artifact needs to be referred by exact name + disableNameSuffixHash: true diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env b/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env new file mode 100644 index 0000000000..bc8613ce2a --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-artifact-secret.env @@ -0,0 +1,2 @@ +accesskey=minio +secretkey=minio123 diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml new file mode 100644 index 0000000000..9613615b20 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + labels: + app: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: accesskey + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: mlpipeline-minio-artifact + key: secretkey + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml new file mode 100644 index 0000000000..ecfa32bbe8 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml new file mode 100644 index 0000000000..3ab4204301 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/minio/minio-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio diff --git a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml new file mode 100644 index 0000000000..93af2924b5 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mysql-deployment.yaml +- mysql-pv-claim.yaml +- mysql-service.yaml diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml new file mode 100644 index 0000000000..ab9386e25c --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql + labels: + app: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml new file mode 100644 index 0000000000..108dc24ef3 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-pv-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml new file mode 100644 index 0000000000..a13ed76774 --- /dev/null +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 # We cannot have name: mysql here, because some requests through istio fail with it. + protocol: TCP + targetPort: 3306 + selector: + app: mysql diff --git a/pipeline/upstream/gcp-workload-identity-setup.sh b/pipeline/upstream/gcp-workload-identity-setup.sh new file mode 100755 index 0000000000..e749ccbc0d --- /dev/null +++ b/pipeline/upstream/gcp-workload-identity-setup.sh @@ -0,0 +1,131 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Google service Account (GSA) +SYSTEM_GSA=${SYSTEM_GSA:-$CLUSTER_NAME-kfp-system} +USER_GSA=${USER_GSA:-$CLUSTER_NAME-kfp-user} + +# Kubernetes Service Account (KSA) +SYSTEM_KSA=(ml-pipeline-ui ml-pipeline-visualizationserver) +USER_KSA=(pipeline-runner kubeflow-pipelines-container-builder) + +cat < CLUSTER_NAME= NAMESPACE= ./gcp-workload-identity-setup.sh +``` + +PROJECT_ID: GCP project ID your cluster belongs to. +CLUSTER_NAME: your GKE cluster's name. +NAMESPACE: Kubernetes namespace your Kubeflow Pipelines standalone deployment belongs to (default is kubeflow). +EOF +} +if [ -z "$PROJECT_ID" ]; then + usage + echo + echo "Error: PROJECT_ID env variable is empty!" + exit 1 +fi +if [ -z "$CLUSTER_NAME" ]; then + usage + echo + echo "Error: CLUSTER_NAME env variable is empty!" + exit 1 +fi +echo "Env variables set:" +echo "* PROJECT_ID=$PROJECT_ID" +echo "* CLUSTER_NAME=$CLUSTER_NAME" +echo "* NAMESPACE=$NAMESPACE" +echo + +read -p "Continue? (Y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 0 +fi + +echo "Creating Google service accounts..." +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} +create_gsa_if_not_present $SYSTEM_GSA +create_gsa_if_not_present $USER_GSA + +# You can optionally choose to add iam policy bindings to grant project permissions to these GSAs. +# You can also set these up later. +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$SYSTEM_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" +# gcloud projects add-iam-policy-binding $PROJECT_ID \ +# --member="serviceAccount:$USER_GSA@$PROJECT_ID.iam.gserviceaccount.com" \ +# --role="roles/editor" + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + + gcloud iam service-accounts add-iam-policy-binding $gsa@$PROJECT_ID.iam.gserviceaccount.com \ + --member="serviceAccount:$PROJECT_ID.svc.id.goog[$NAMESPACE/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $NAMESPACE \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa@$PROJECT_ID.iam.gserviceaccount.com + echo "* Bound KSA $ksa to GSA $gsa" +} + +echo "Binding each kfp system KSA to $SYSTEM_GSA" +for ksa in ${SYSTEM_KSA[@]}; do + bind_gsa_and_ksa $SYSTEM_GSA $ksa +done + +echo "Binding each kfp user KSA to $USER_GSA" +for ksa in ${USER_KSA[@]}; do + bind_gsa_and_ksa $USER_GSA $ksa +done diff --git a/pipeline/upstream/hack/format.sh b/pipeline/upstream/hack/format.sh new file mode 100755 index 0000000000..9eece41fbb --- /dev/null +++ b/pipeline/upstream/hack/format.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" + +function format_yaml { + local path=$1 + local tmp=$(mktemp) + yq r "$path" > "$tmp" + cp "$tmp" "$path" +} +echo "This formatting script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + format_yaml "$DIR/../$path" +done diff --git a/pipeline/upstream/hack/release.sh b/pipeline/upstream/hack/release.sh new file mode 100755 index 0000000000..4094183f95 --- /dev/null +++ b/pipeline/upstream/hack/release.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +TAG_NAME=$1 +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" + +if [[ -z "$TAG_NAME" ]]; then + echo "Usage: release.sh " >&2 + exit 1 +fi + +echo "This release script uses yq, it can be downloaded at https://github.com/mikefarah/yq/releases/tag/3.3.0" +kustomization_yamls_with_images=( + "base/cache-deployer/kustomization.yaml" + "base/cache/kustomization.yaml" + "base/metadata/kustomization.yaml" + "base/pipeline/metadata-writer/kustomization.yaml" + "base/pipeline/kustomization.yaml" + "env/gcp/inverse-proxy/kustomization.yaml" +) +for path in "${kustomization_yamls_with_images[@]}" +do + yq w -i "$DIR/../$path" images[*].newTag "$TAG_NAME" +done + +# Note, this only works in linux. TODO: make it MacOS sed compatible. +sed -i.bak -e "s|appVersion=.\+|appVersion=$TAG_NAME|g" "$DIR/../base/params.env" diff --git a/pipeline/upstream/sample/README.md b/pipeline/upstream/sample/README.md new file mode 100644 index 0000000000..cb5c7e753d --- /dev/null +++ b/pipeline/upstream/sample/README.md @@ -0,0 +1,78 @@ +# Sample installation + +1. Prepare a cluster and setup kubectl context +Do whatever you want to customize your cluster. You can use existing cluster +or create a new one. +- **ML Usage** GPU normally is required for deep learning task. +You may consider create **zero-sized GPU node-pool with autoscaling**. +Please reference [GPU Tutorial](/samples/tutorials/gpu/). +- **Security** You may consider use **Workload Identity** in GCP cluster. + +Here for simplicity we create a small cluster with **--scopes=cloud-platform** +to save credentail configure efforts. + +``` +gcloud container clusters create mycluster \ + --zone us-central1-a \ + --machine-type n1-standard-2 \ + --scopes cloud-platform \ + --enable-autoscaling \ + --min-nodes 1 \ + --max-nodes 5 \ + --num-nodes 3 +``` + +2. Prepare CloudSQL + +Create CloudSQL instance. [Console](https://console.cloud.google.com/sql/instances). + +Here is a sample for demo. + +``` +gcloud beta sql instances create mycloudsqlname \ + --database-version=MYSQL_5_7 \ + --tier=db-n1-standard-1 \ + --region=us-central1 \ + --root-password=password123 +``` + +You may use **Private IP** to well protect your CloudSQL. +If you use **Private IP**, please go to [VPC network peering](https://console.cloud.google.com/networking/peering/list) +to double check whether the "cloudsql-mysql-googleais-com" is created and the "Exchange custom routes" is enabled. You +are expected to see "Peer VPC network is connected". + +3. Prepare GCS Bucket + +Create Cloud Storage bucket. [Console](https://console.cloud.google.com/storage). + +``` +gsutil mb -p myProjectId gs://myBucketName/ +``` + +4. Customize your values +- Edit **params.env**, **params-db-secret.env** and **cluster-scoped-resources/params.env** +- Edit kustomization.yaml to set your namespace, e.x. "kubeflow" + +5. Install + +``` +kubectl apply -k sample/cluster-scoped-resources/ + +kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s + +kubectl apply -k sample/ +# If upper one action got failed, e.x. you used wrong value, try delete, fix and apply again +# kubectl delete -k sample/ + +kubectl wait applications/mypipeline -n kubeflow --for condition=Ready --timeout=1800s +``` + +Now you can find the installation in [Console](http://console.cloud.google.com/ai-platform/pipelines) + +6. Post-installation configures + +It depends on how you create the cluster, +- if the cluster is created with **--scopes=cloud-platform**, no actions required +- if the cluster is on Workload Identity, please run **gcp-workload-identity-setup.sh** + - make sure the Google Service Account (GSA) can access the CloudSQL instance and GCS bucket + - if your workload calls other GCP APIs, make sure the GSA can access them diff --git a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..191863b5ba --- /dev/null +++ b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +# !!! If you want to customize the namespace, +# please also update sample/kustomization.yaml's namespace field to the same value +namespace: kubeflow +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 +- ../../cluster-scoped-resources diff --git a/pipeline/upstream/sample/kustomization.yaml b/pipeline/upstream/sample/kustomization.yaml new file mode 100644 index 0000000000..85fa9059be --- /dev/null +++ b/pipeline/upstream/sample/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 +- ../env/gcp +# Identifier for application manager to apply ownerReference. +# The ownerReference ensures the resources get garbage collected +# when application is deleted. +commonLabels: + application-crd-id: kubeflow-pipelines +# Used by Kustomize +configMapGenerator: +- name: pipeline-install-config + envs: ["params.env"] + behavior: merge +secretGenerator: +- name: mysql-secret + envs: ["params-db-secret.env"] + behavior: merge +# !!! If you want to customize the namespace, +# please also update sample/cluster-scoped-resources/kustomization.yaml's namespace field to the same value +namespace: kubeflow + +#### Customization ### +# 1. Change values in params.env file +# 2. Change values in params-db-secret.env file for CloudSQL username and password +# 3. kubectl apply -k ./ +#### diff --git a/pipeline/upstream/sample/params-db-secret.env b/pipeline/upstream/sample/params-db-secret.env new file mode 100644 index 0000000000..c15cb2e337 --- /dev/null +++ b/pipeline/upstream/sample/params-db-secret.env @@ -0,0 +1,2 @@ +username=root +password= diff --git a/pipeline/upstream/sample/params.env b/pipeline/upstream/sample/params.env new file mode 100644 index 0000000000..6d6cca0d90 --- /dev/null +++ b/pipeline/upstream/sample/params.env @@ -0,0 +1,4 @@ +appName=mypipeline +bucketName=mybucketname +gcsProjectId=myprojectid +gcsCloudSqlInstanceName=myprojectid:myregion:myinstance diff --git a/pipeline/upstream/wi-utils.sh b/pipeline/upstream/wi-utils.sh new file mode 100644 index 0000000000..f5a06db927 --- /dev/null +++ b/pipeline/upstream/wi-utils.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +function create_gsa_if_not_present { + local name=${1} + local already_present=$(gcloud iam service-accounts list --filter='name:'$name'' --format='value(name)') + if [ -n "$already_present" ]; then + echo "Service account $name already exists" + else + gcloud iam service-accounts create $name + fi +} + +# Bind KSA to GSA through workload identity. +# Documentation: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity +function bind_gsa_and_ksa { + local gsa=${1} + local ksa=${2} + local project=${3:-$PROJECT_ID} + local gsa_full="$gsa@$project.iam.gserviceaccount.com" + local namespace=${4:-$NAMESPACE} + + gcloud iam service-accounts add-iam-policy-binding $gsa_full \ + --member="serviceAccount:$project.svc.id.goog[$namespace/$ksa]" \ + --role="roles/iam.workloadIdentityUser" \ + > /dev/null # hide verbose output + kubectl annotate serviceaccount \ + --namespace $namespace \ + --overwrite \ + $ksa \ + iam.gke.io/gcp-service-account=$gsa_full + echo "* Bound KSA $ksa in namespace $namespace to GSA $gsa_full" +} + +# This can be used to programmatically verify workload identity binding grants corresponding GSA +# permissions successfully. +# Usage: verify_workload_identity_binding $KSA $NAMESPACE +# +# If you want to verify manually, use the following command instead: +# kubectl run test-$RANDOM --rm -it --restart=Never \ +# --image=google/cloud-sdk:slim \ +# --serviceaccount $ksa \ +# --namespace $namespace \ +# -- /bin/bash +# It connects you to a pod using specified KSA running an image with gcloud and gsutil CLI tools. +function verify_workload_identity_binding { + local ksa=${1} + local namespace=${2} + local max_attempts=10 + local workload_identity_is_ready=false + for i in $(seq 1 ${max_attempts}) + do + workload_identity_is_ready=true + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gcloud auth list || workload_identity_is_ready=false + kubectl run test-$RANDOM --rm -i --restart=Never \ + --image=google/cloud-sdk:slim \ + --serviceaccount $ksa \ + --namespace $namespace \ + -- gsutil ls gs:// || workload_identity_is_ready=false + if [ "$workload_identity_is_ready" = true ]; then + break + fi + done + if [ ! "$workload_identity_is_ready" = true ]; then + echo "Workload identity bindings are not ready after $max_attempts attempts" + return 1 + fi +} From 0df67aa392e4ec3fd42c282e739df74f6763b194 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:12:40 +0800 Subject: [PATCH 33/45] fix example ref --- stacks/examples/alice/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/examples/alice/kustomization.yaml b/stacks/examples/alice/kustomization.yaml index 7b1b11d292..090a4d735b 100644 --- a/stacks/examples/alice/kustomization.yaml +++ b/stacks/examples/alice/kustomization.yaml @@ -7,7 +7,7 @@ generatorOptions: disableNameSuffixHash: true resources: # Users start by inheriting the gcp stack and then customizing it -- ../../gcp +- ../../generic patchesStrategicMerge: # Patch in modifications to the global config - kubeflow-config.yaml From 28452a31ce6370d45d312601cac04f822bb282fb Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:12:49 +0800 Subject: [PATCH 34/45] update snapshot --- .../katib-external-db/kustomize_test.go | 4 +- .../katib-standalone/kustomize_test.go | 4 +- tests/stacks/examples/alice/kustomize_test.go | 15 + ...ebhook-mutating-webhook-configuration.yaml | 0 ...cedefinition_experiments.kubeflow.org.yaml | 0 ...urcedefinition_notebooks.kubeflow.org.yaml | 0 ...cedefinition_poddefaults.kubeflow.org.yaml | 0 ...ourcedefinition_profiles.kubeflow.org.yaml | 0 ...cedefinition_pytorchjobs.kubeflow.org.yaml | 0 ...ition_scheduledworkflows.kubeflow.org.yaml | 0 ...cedefinition_suggestions.kubeflow.org.yaml | 0 ...esourcedefinition_tfjobs.kubeflow.org.yaml | 0 ...esourcedefinition_trials.kubeflow.org.yaml | 0 ...sourcedefinition_viewers.kubeflow.org.yaml | 0 ...ourcedefinition_workflows.argoproj.io.yaml | 0 .../app.k8s.io_v1beta1_application_argo.yaml | 0 ..._v1beta1_application_centraldashboard.yaml | 0 ...ation_jupyter-web-app-jupyter-web-app.yaml | 0 ..._v1beta1_application_katib-controller.yaml | 0 ...k8s.io_v1beta1_application_katib-crds.yaml | 0 .../app.k8s.io_v1beta1_application_minio.yaml | 0 .../app.k8s.io_v1beta1_application_mysql.yaml | 0 ...tebook-controller-notebook-controller.yaml | 0 ...v1beta1_application_profiles-profiles.yaml | 0 ..._v1beta1_application_pytorch-job-crds.yaml | 0 ..._v1beta1_application_pytorch-operator.yaml | 0 ...8s.io_v1beta1_application_tf-job-crds.yaml | 0 ...o_v1beta1_application_tf-job-operator.yaml | 0 ...pp.k8s.io_v1beta1_application_webhook.yaml | 0 ...ployment_admission-webhook-deployment.yaml | 0 .../expected/apps_v1_deployment_argo-ui.yaml | 0 ..._deployment_cache-deployer-deployment.yaml | 0 .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_centraldashboard.yaml | 4 +- ...deployment_jupyter-web-app-deployment.yaml | 6 +- .../apps_v1_deployment_katib-controller.yaml | 0 .../apps_v1_deployment_katib-db-manager.yaml | 0 .../apps_v1_deployment_katib-mysql.yaml | 0 .../expected/apps_v1_deployment_katib-ui.yaml | 0 .../apps_v1_deployment_metadata-db.yaml | 0 ...pps_v1_deployment_metadata-deployment.yaml | 0 ..._deployment_metadata-envoy-deployment.yaml | 0 ...1_deployment_metadata-grpc-deployment.yaml | 0 .../apps_v1_deployment_metadata-ui.yaml | 0 .../apps_v1_deployment_metadata-writer.yaml | 4 +- .../expected/apps_v1_deployment_minio.yaml | 0 ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 ++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 + ...yment_ml-pipeline-visualizationserver.yaml | 0 .../apps_v1_deployment_ml-pipeline.yaml | 3 + .../expected/apps_v1_deployment_mysql.yaml | 0 ...oyment_notebook-controller-deployment.yaml | 0 ...pps_v1_deployment_profiles-deployment.yaml | 8 +- .../apps_v1_deployment_pytorch-operator.yaml | 0 .../apps_v1_deployment_tf-job-operator.yaml | 0 ...pps_v1_deployment_workflow-controller.yaml | 0 ...kubeflow-pipelines-profile-controller.yaml | 34 +++ ...a2_certificate_admission-webhook-cert.yaml | 0 ...ubeflow.org_v1beta1_profile_anonymous.yaml | 0 ...kubeflow-pipelines-profile-controller.yaml | 46 +++ ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 0 ...lpha3_virtualservice_centraldashboard.yaml | 0 ...rvice_jupyter-web-app-jupyter-web-app.yaml | 0 ...o.io_v1alpha3_virtualservice_katib-ui.yaml | 0 ...v1alpha3_virtualservice_metadata-grpc.yaml | 0 ...o_v1alpha3_virtualservice_metadata-ui.yaml | 0 ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 0 ...v1alpha3_virtualservice_profiles-kfam.yaml | 0 ...errole_admission-webhook-cluster-role.yaml | 0 ...on-webhook-kubeflow-poddefaults-admin.yaml | 0 ...ion-webhook-kubeflow-poddefaults-edit.yaml | 0 ...ion-webhook-kubeflow-poddefaults-view.yaml | 0 ...8s.io_v1_clusterrole_centraldashboard.yaml | 0 ...sterrole_jupyter-web-app-cluster-role.yaml | 0 ...er-web-app-kubeflow-notebook-ui-admin.yaml | 0 ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 0 ...ter-web-app-kubeflow-notebook-ui-view.yaml | 0 ...8s.io_v1_clusterrole_katib-controller.yaml | 0 ...zation.k8s.io_v1_clusterrole_katib-ui.yaml | 0 ....k8s.io_v1_clusterrole_kubeflow-admin.yaml | 0 ...n.k8s.io_v1_clusterrole_kubeflow-edit.yaml | 0 ...o_v1_clusterrole_kubeflow-katib-admin.yaml | 0 ...io_v1_clusterrole_kubeflow-katib-edit.yaml | 0 ...io_v1_clusterrole_kubeflow-katib-view.yaml | 0 ...clusterrole_kubeflow-kubernetes-admin.yaml | 0 ..._clusterrole_kubeflow-kubernetes-edit.yaml | 0 ..._clusterrole_kubeflow-kubernetes-view.yaml | 0 ...-pipelines-cache-deployer-clusterrole.yaml | 0 ...terrole_kubeflow-pipelines-cache-role.yaml | 31 ++ ...beflow-pipelines-metadata-writer-role.yaml | 31 ++ ...lusterrole_kubeflow-pytorchjobs-admin.yaml | 0 ...clusterrole_kubeflow-pytorchjobs-edit.yaml | 0 ...clusterrole_kubeflow-pytorchjobs-view.yaml | 0 ..._v1_clusterrole_kubeflow-tfjobs-admin.yaml | 0 ...o_v1_clusterrole_kubeflow-tfjobs-edit.yaml | 0 ...o_v1_clusterrole_kubeflow-tfjobs-view.yaml | 0 ...n.k8s.io_v1_clusterrole_kubeflow-view.yaml | 0 ...ole_ml-pipeline-persistenceagent-role.yaml | 21 ++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 +++ ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 +++ ...k-controller-kubeflow-notebooks-admin.yaml | 0 ...ok-controller-kubeflow-notebooks-edit.yaml | 0 ...ok-controller-kubeflow-notebooks-view.yaml | 0 ..._clusterrole_notebook-controller-role.yaml | 0 ...dmission-webhook-cluster-role-binding.yaml | 0 ...1_clusterrolebinding_centraldashboard.yaml | 0 ..._jupyter-web-app-cluster-role-binding.yaml | 0 ...1_clusterrolebinding_katib-controller.yaml | 0 ...k8s.io_v1_clusterrolebinding_katib-ui.yaml | 0 ...ding_kubeflow-pipelines-cache-binding.yaml | 12 + ...nes-cache-deployer-clusterrolebinding.yaml | 0 ...low-pipelines-metadata-writer-binding.yaml | 12 + ..._ml-pipeline-persistenceagent-binding.yaml | 12 + ...ml-pipeline-scheduledworkflow-binding.yaml | 12 + ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 + ...ding_notebook-controller-role-binding.yaml | 0 ...binding_profiles-cluster-role-binding.yaml | 0 ...ation.k8s.io_v1_role_centraldashboard.yaml | 0 ...ubeflow-pipelines-cache-deployer-role.yaml | 0 ...v1_role_kubeflow-pipelines-cache-role.yaml | 0 ...beflow-pipelines-metadata-writer-role.yaml | 0 ...ole_ml-pipeline-persistenceagent-role.yaml | 0 ...le_ml-pipeline-scheduledworkflow-role.yaml | 0 ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 0 ...le_ml-pipeline-viewer-controller-role.yaml | 0 ...horization.k8s.io_v1_role_ml-pipeline.yaml | 0 ...zation.k8s.io_v1_role_pipeline-runner.yaml | 0 ...8s.io_v1_rolebinding_centraldashboard.yaml | 0 ...ding_kubeflow-pipelines-cache-binding.yaml | 0 ...-pipelines-cache-deployer-rolebinding.yaml | 0 ...low-pipelines-metadata-writer-binding.yaml | 0 ..._ml-pipeline-persistenceagent-binding.yaml | 0 ...ml-pipeline-scheduledworkflow-binding.yaml | 0 ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 0 ...inding_ml-pipeline-viewer-crd-binding.yaml | 0 ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 0 ...1_rolebinding_pipeline-runner-binding.yaml | 0 ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 0 ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 0 ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 +++ ..._v1beta1_clusterrole_pytorch-operator.yaml | 0 ...o_v1beta1_clusterrole_tf-job-operator.yaml | 0 ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 0 ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 0 ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 + ...1_clusterrolebinding_pytorch-operator.yaml | 0 ...a1_clusterrolebinding_tf-job-operator.yaml | 0 ...jupyter-web-app-jupyter-notebook-role.yaml | 0 ...ation.k8s.io_v1beta1_role_metadata-ui.yaml | 0 ...web-app-jupyter-notebook-role-binding.yaml | 0 ...8s.io_v1beta1_rolebinding_metadata-ui.yaml | 0 ...-webhook-admission-webhook-parameters.yaml | 0 ...map_default-install-config-h877hbtmf7.yaml | 0 ...app-jupyter-web-app-config-5cc2fchd2g.yaml | 26 ++ .../~g_v1_configmap_katib-config.yaml | 0 ...configmap_kubeflow-config-4bkkg42k5m.yaml} | 4 +- ...pelines-profile-controller-78dkmk82gc.yaml | 267 ++++++++++++++++++ ...g_v1_configmap_metadata-db-parameters.yaml | 0 ..._v1_configmap_metadata-grpc-configmap.yaml | 0 ...g_v1_configmap_metadata-ui-parameters.yaml | 0 ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 + ...notebook-controller-config-h4d668t5tb.yaml | 0 ...pipeline-api-server-config-f4t72426kt.yaml | 10 + ...ap_pipeline-install-config-2829cc67f8.yaml | 0 ...p_profiles-profiles-config-4mgcmtgk6t.yaml | 0 ...g_v1_configmap_trial-template-labeled.yaml | 0 .../~g_v1_configmap_trial-template.yaml | 0 ...nfigmap_workflow-controller-configmap.yaml | 0 ...figmap_workflow-controller-parameters.yaml | 0 ..._v1_persistentvolumeclaim_katib-mysql.yaml | 0 ..._persistentvolumeclaim_metadata-mysql.yaml | 0 ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 2 - ..._persistentvolumeclaim_mysql-pv-claim.yaml | 2 - .../~g_v1_secret_katib-controller.yaml | 0 .../~g_v1_secret_katib-mysql-secrets.yaml | 0 .../~g_v1_secret_metadata-db-secrets.yaml | 0 ...g_v1_secret_mlpipeline-minio-artifact.yaml | 0 .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 0 ..._v1_service_admission-webhook-service.yaml | 0 .../expected/~g_v1_service_argo-ui.yaml | 0 .../expected/~g_v1_service_cache-server.yaml | 0 .../~g_v1_service_centraldashboard.yaml | 0 ...~g_v1_service_jupyter-web-app-service.yaml | 0 .../~g_v1_service_katib-controller.yaml | 0 .../~g_v1_service_katib-db-manager.yaml | 0 .../expected/~g_v1_service_katib-mysql.yaml | 0 .../expected/~g_v1_service_katib-ui.yaml | 0 ...kubeflow-pipelines-profile-controller.yaml | 15 + .../expected/~g_v1_service_metadata-db.yaml | 0 .../~g_v1_service_metadata-envoy-service.yaml | 0 .../~g_v1_service_metadata-grpc-service.yaml | 0 .../~g_v1_service_metadata-service.yaml | 0 .../expected/~g_v1_service_metadata-ui.yaml | 0 .../expected/~g_v1_service_minio-service.yaml | 0 .../~g_v1_service_ml-pipeline-ui.yaml | 0 ...rvice_ml-pipeline-visualizationserver.yaml | 0 .../expected/~g_v1_service_ml-pipeline.yaml | 0 .../expected/~g_v1_service_mysql.yaml | 0 ...1_service_notebook-controller-service.yaml | 0 .../expected/~g_v1_service_profiles-kfam.yaml | 0 .../~g_v1_service_pytorch-operator.yaml | 0 .../~g_v1_service_tf-job-operator.yaml | 0 ...unt_admission-webhook-service-account.yaml | 0 .../~g_v1_serviceaccount_argo-ui.yaml | 0 .../expected/~g_v1_serviceaccount_argo.yaml | 0 ...~g_v1_serviceaccount_centraldashboard.yaml | 0 ...count_jupyter-web-app-service-account.yaml | 0 ...~g_v1_serviceaccount_katib-controller.yaml | 0 .../~g_v1_serviceaccount_katib-ui.yaml | 0 ..._kubeflow-pipelines-cache-deployer-sa.yaml | 0 ...rviceaccount_kubeflow-pipelines-cache.yaml | 0 ..._kubeflow-pipelines-container-builder.yaml | 0 ...nt_kubeflow-pipelines-metadata-writer.yaml | 0 .../~g_v1_serviceaccount_metadata-ui.yaml | 0 ...eaccount_ml-pipeline-persistenceagent.yaml | 0 ...account_ml-pipeline-scheduledworkflow.yaml | 0 .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 5 + ...l-pipeline-viewer-crd-service-account.yaml | 0 ...count_ml-pipeline-visualizationserver.yaml | 2 - .../~g_v1_serviceaccount_ml-pipeline.yaml | 0 ...t_notebook-controller-service-account.yaml | 0 .../~g_v1_serviceaccount_pipeline-runner.yaml | 5 + ...t_profiles-controller-service-account.yaml | 2 - ...~g_v1_serviceaccount_pytorch-operator.yaml | 0 ...~g_v1_serviceaccount_tf-job-dashboard.yaml | 0 .../~g_v1_serviceaccount_tf-job-operator.yaml | 0 ...app-jupyter-web-app-config-dhcbh64467.yaml | 138 --------- ...eline-minio-install-config-c42bb75m6g.yaml | 11 - ...eline-mysql-install-config-24c6km7cgg.yaml | 12 - .../~g_v1_persistentvolume_minio-pv.yaml | 15 - .../~g_v1_persistentvolume_mysql-pv.yaml | 16 -- .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 7 - .../~g_v1_serviceaccount_pipeline-runner.yaml | 7 - .../kustomize_test.go | 4 +- .../cert-manager-crds/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../cert-manager/kustomize_test.go | 4 +- .../jupyter-web-app/kustomize_test.go | 4 +- .../base/kustomize_test.go | 4 +- .../application/profiles/kustomize_test.go | 4 +- .../spark-operator/kustomize_test.go | 4 +- .../application/spartakus/kustomize_test.go | 4 +- .../application/tensorboard/kustomize_test.go | 4 +- .../api-service/kustomize_test.go | 4 +- .../application-crds/kustomize_test.go | 4 +- .../argo/kustomize_test.go | 4 +- .../bootstrap/kustomize_test.go | 4 +- .../centraldashboard/kustomize_test.go | 4 +- .../cert-manager-crds/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../istio-crds/kustomize_test.go | 4 +- .../istio-install/kustomize_test.go | 4 +- .../istio/kustomize_test.go | 4 +- .../katib-controller/kustomize_test.go | 4 +- .../kfserving-install/kustomize_test.go | 4 +- .../knative-install/kustomize_test.go | 4 +- .../kubeflow-roles/kustomize_test.go | 4 +- .../metacontroller/kustomize_test.go | 4 +- .../metadata/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../pipelines-ui/kustomize_test.go | 4 +- .../profiles/kustomize_test.go | 4 +- .../pytorch-job-crds/kustomize_test.go | 4 +- .../scheduledworkflow/kustomize_test.go | 4 +- .../seldon-core-operator/kustomize_test.go | 4 +- .../tf-job-crds/kustomize_test.go | 4 +- .../webhook/kustomize_test.go | 4 +- 269 files changed, 822 insertions(+), 308 deletions(-) create mode 100644 tests/stacks/examples/alice/kustomize_test.go rename tests/stacks/{gcp => examples/alice}/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_cache-server.yaml (95%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_centraldashboard.yaml (93%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml (87%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_katib-db-manager.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_katib-mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_katib-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-db.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_metadata-writer.yaml (84%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_minio.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml (86%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml (87%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml (70%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml (90%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_ml-pipeline.yaml (96%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_profiles-deployment.yaml (92%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_tf-job-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/apps_v1_deployment_workflow-controller.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-5cc2fchd2g.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_katib-config.yaml (100%) rename tests/stacks/{gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml => examples/alice/test_data/expected/~g_v1_configmap_kubeflow-config-4bkkg42k5m.yaml} (71%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_trial-template.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml (85%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml (85%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_secret_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_admission-webhook-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_cache-server.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_katib-db-manager.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_katib-mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_katib-ui.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_metadata-db.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_metadata-envoy-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_metadata-grpc-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_metadata-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_minio-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_ml-pipeline.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_mysql.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_notebook-controller-service.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_profiles-kfam.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_service_tf-job-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_argo.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml (52%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml (100%) create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml (61%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml (100%) rename tests/stacks/{gcp => examples/alice}/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml (100%) delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml diff --git a/tests/katib/installs/katib-external-db/kustomize_test.go b/tests/katib/installs/katib-external-db/kustomize_test.go index d2c05778b3..cfb838a247 100644 --- a/tests/katib/installs/katib-external-db/kustomize_test.go +++ b/tests/katib/installs/katib-external-db/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../katib/installs/katib-external-db", + Package: "../../../../katib/installs/katib-external-db", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/katib/installs/katib-standalone/kustomize_test.go b/tests/katib/installs/katib-standalone/kustomize_test.go index 085f8ae12d..a3cc12186c 100644 --- a/tests/katib/installs/katib-standalone/kustomize_test.go +++ b/tests/katib/installs/katib-standalone/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../katib/installs/katib-standalone", + Package: "../../../../katib/installs/katib-standalone", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/examples/alice/kustomize_test.go b/tests/stacks/examples/alice/kustomize_test.go new file mode 100644 index 0000000000..0865bae0d4 --- /dev/null +++ b/tests/stacks/examples/alice/kustomize_test.go @@ -0,0 +1,15 @@ +package alice + +import ( + "github.com/kubeflow/manifests/tests" + "testing" +) + +func TestKustomize(t *testing.T) { + testCase := &tests.KustomizeTestCase{ + Package: "../../../../stacks/examples/alice", + Expected: "test_data/expected", + } + + tests.RunTestCase(t, testCase) +} \ No newline at end of file diff --git a/tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml b/tests/stacks/examples/alice/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml rename to tests/stacks/examples/alice/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml rename to tests/stacks/examples/alice/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml b/tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml rename to tests/stacks/examples/alice/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml similarity index 95% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index 6c588c6913..06c8cfbed6 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,9 +53,7 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_centraldashboard.yaml similarity index 93% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_centraldashboard.yaml index 54717f272b..0a72d7283c 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -29,12 +29,12 @@ spec: valueFrom: configMapKeyRef: key: userid-header - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: USERID_PREFIX valueFrom: configMapKeyRef: key: userid-prefix - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gf39279c0 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml similarity index 87% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml index 2665cd2adb..5c6912f690 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -26,12 +26,12 @@ spec: valueFrom: configMapKeyRef: key: userid-header - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: USERID_PREFIX valueFrom: configMapKeyRef: key: userid-prefix - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e name: jupyter-web-app ports: @@ -42,5 +42,5 @@ spec: serviceAccountName: jupyter-web-app-service-account volumes: - configMap: - name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 + name: jupyter-web-app-jupyter-web-app-config-5cc2fchd2g name: config-volume diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-db-manager.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_katib-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-db.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml similarity index 84% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 4b0a0d0c91..83adf18f72 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,9 +18,7 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_minio.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml similarity index 86% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index a4f9177a0b..adf776c9d6 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml similarity index 87% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index f38eb6fabe..79db22ad5f 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml similarity index 70% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 0430d4b7bd..f8ca163f6a 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,6 +16,18 @@ spec: spec: containers: - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: "80" + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: "true" + - name: ENABLE_AUTHZ + value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -61,4 +73,12 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml similarity index 90% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index f6e9b9c7dc..976165b9e7 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,6 +16,9 @@ spec: spec: containers: - env: + - name: NAMESPACE + value: "" + valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml similarity index 96% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 79adf2aab0..0995593d4b 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,6 +62,9 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact + envFrom: + - configMapRef: + name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_profiles-deployment.yaml similarity index 92% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_profiles-deployment.yaml index caccc9d48f..1fe2024262 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -32,12 +32,12 @@ spec: valueFrom: configMapKeyRef: key: userid-header - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: USERID_PREFIX valueFrom: configMapKeyRef: key: userid-prefix - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: WORKLOAD_IDENTITY valueFrom: configMapKeyRef: @@ -68,12 +68,12 @@ spec: valueFrom: configMapKeyRef: key: userid-header - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: USERID_PREFIX valueFrom: configMapKeyRef: key: userid-prefix - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m - name: CLUSTER_ADMIN valueFrom: configMapKeyRef: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_workflow-controller.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..7237223586 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: kubeflow-pipelines-profile-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: kubeflow-pipelines-profile-controller + spec: + containers: + - command: + - python + - /hooks/sync.py + image: python:2.7 + name: profile-controller + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /hooks + name: hooks + volumes: + - configMap: + name: kubeflow-pipelines-profile-controller-78dkmk82gc + name: hooks diff --git a/tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml b/tests/stacks/examples/alice/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml rename to tests/stacks/examples/alice/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml diff --git a/tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml b/tests/stacks/examples/alice/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml rename to tests/stacks/examples/alice/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..96fe00bf44 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + childResources: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: serviceroles + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: servicerolebindings + updateStrategy: + method: InPlace + generateSelector: true + hooks: + sync: + webhook: + url: http://kubeflow-pipelines-profile-controller/sync + parentResource: + apiVersion: v1 + resource: namespaces + resyncPeriodSeconds: 10 diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml rename to tests/stacks/examples/alice/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..e604367357 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..a6ec986725 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..b3053317b5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..2b96dd482c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..cfc19ad40f --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..984316e3b5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..7a3f9bc2d1 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..ed59670f6c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..2ca201eb95 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..2d8fb03ae3 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml new file mode 100644 index 0000000000..a88f27ff9e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..9ce11cb2f9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-5cc2fchd2g.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-5cc2fchd2g.yaml new file mode 100644 index 0000000000..6936f83dd8 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-5cc2fchd2g.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # This is a custom spawnerUiConfig. + # + # It looks like the entire file is replaced; so the user would need to supply a complete + # spawner config. + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: alicerepo/tensorflow-1.14.0-notebook-cpu:v-base-ef41372-1177829795472347138 + # The list of available standard container Images + options: + - alicerepo/tensorflow-1.15.2-notebook-cpu:1.0.0 + - alicerepo/tensorflow-1.15.2-notebook-gpu:1.0.0 + - alicerepo//tensorflow-2.1.0-notebook-cpu:1.0.0 + - alicerepo//tensorflow-2.1.0-notebook-gpu:1.0.0 +kind: ConfigMap +metadata: + annotations: {} + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config-5cc2fchd2g + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_katib-config.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-config-4bkkg42k5m.yaml similarity index 71% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-config-4bkkg42k5m.yaml index 9ba0edebb0..4650f2dd59 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-config-4bkkg42k5m.yaml @@ -1,9 +1,11 @@ apiVersion: v1 data: clusterDomain: cluster.local + project: alice-gcp userid-header: X-Goog-Authenticated-User-Email userid-prefix: 'accounts.google.com:' + zone: us-east1-d kind: ConfigMap metadata: - name: kubeflow-config-988m2m9m87 + name: kubeflow-config-4bkkg42k5m namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml new file mode 100644 index 0000000000..4c2633f99b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml @@ -0,0 +1,267 @@ +apiVersion: v1 +data: + sync.py: | + # Copyright 2020 Google LLC + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer + import json + + + class Controller(BaseHTTPRequestHandler): + def sync(self, parent, children): + # HACK: Currently using serving.kubeflow.org/inferenceservice to identify + # kubeflow user namespaces. + # TODO: let Kubeflow profile controller add a pipeline specific label to + # user namespaces and use that label instead. + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("serving.kubeflow.org/inferenceservice") + + if not pipeline_enabled: + return {"status": {}, "children": []} + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": \ + len(children["Secret.v1"]) == 1 and \ + len(children["ConfigMap.v1"]) == 1 and \ + len(children["Deployment.apps/v1"]) == 2 and \ + len(children["Service.v1"]) == 2 and \ + len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ + len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ + len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ + "True" or "False" + } + + # Generate the desired child object(s). + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + desired_resources = [ + { + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": "bWluaW8=", # base64 for minio + "secretkey": "bWluaW8xMjM=", # base64 for minio123 + }, + }, + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + "metadata-grpc-service.kubeflow", + "METADATA_GRPC_SERVICE_PORT": "8080", + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "spec": { + "containers": [{ + "image": + "gcr.io/ml-pipeline/visualization-server:0.5.1", + "imagePullPolicy": "IfNotPresent", + "name": "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRole", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "rules": [{ + "services": ["ml-pipeline-visualizationserver.*"] + }] + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRoleBinding", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "subjects": [{ + "properties": { + "source.principal": + "cluster.local/ns/kubeflow/sa/ml-pipeline" + } + }], + "roleRef": { + "kind": "ServiceRole", + "name": "ml-pipeline-visualizationserver" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + }, + "spec": { + "containers": [{ + "name": "ml-pipeline-ui-artifact", + "image": "gcr.io/ml-pipeline/frontend:0.5.1", + "imagePullPolicy": "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }] + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request', parent, desired_resources) + + return {"status": desired_status, "children": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.getheader("content-length")))) + desired = self.sync(observed["parent"], observed["children"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(json.dumps(desired)) + + + HTTPServer(("", 80), Controller).serve_forever() +kind: ConfigMap +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller-78dkmk82gc + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml new file mode 100644 index 0000000000..3bc667cc9b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "default-editor" + } + } +kind: ConfigMap +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui-configmap + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml new file mode 100644 index 0000000000..5ffb95a2f1 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor + MULTIUSER: "true" + VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver + VISUALIZATIONSERVICE_PORT: "8888" +kind: ConfigMap +metadata: + name: pipeline-api-server-config-f4t72426kt + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_trial-template.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml similarity index 85% rename from tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml index 66356a42ba..0dd8344034 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -12,5 +12,3 @@ spec: resources: requests: storage: 20Gi - storageClassName: "" - volumeName: minio-pv diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml similarity index 85% rename from tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml index f239b247a9..bf0c560da5 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -13,5 +13,3 @@ spec: resources: requests: storage: 20Gi - storageClassName: "" - volumeName: mysql-pv diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_secret_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_admission-webhook-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_admission-webhook-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_cache-server.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-db-manager.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-db-manager.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_katib-ui.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..76400e279f --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: kubeflow-pipelines-profile-controller diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-db.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-envoy-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-grpc-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_minio-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_ml-pipeline.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_mysql.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_notebook-controller-service.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_notebook-controller-service.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_profiles-kfam.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_profiles-kfam.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_service_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_argo.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..0d70c90e4d --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml similarity index 52% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml index b47c98bb3d..f0f541f8ad 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -1,7 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - annotations: - iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com name: ml-pipeline-visualizationserver namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..a9854a58ba --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml similarity index 61% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml index 0e2bd62a2d..881ccbf1bd 100644 --- a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -1,8 +1,6 @@ apiVersion: v1 kind: ServiceAccount metadata: - annotations: - iam.gke.io/gcp-service-account: name-admin@project-id.iam.gserviceaccount.com labels: kustomize.component: profiles name: profiles-controller-service-account diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml similarity index 100% rename from tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml rename to tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml deleted file mode 100644 index 685cf43f45..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: v1 -data: - spawner_ui_config.yaml: |- - # Configuration file for the Jupyter UI. - # - # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' - # - The 'value' key contains the default value - # - The 'readOnly' key determines if the option will be available to users - # - # If the 'readOnly' key is present and set to 'true', the respective option - # will be disabled for users and only set by the admin. Also when a - # Notebook is POSTED to the API if a necessary field is not present then - # the value from the config will be used. - # - # If the 'readOnly' key is missing (defaults to 'false'), the respective option - # will be available for users to edit. - # - # Note that some values can be templated. Such values are the names of the - # Volumes as well as their StorageClass - spawnerFormDefaults: - image: - # The container Image for the user's Jupyter Notebook - # If readonly, this value must be a member of the list below - value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 - # The list of available standard container Images - options: - - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 - - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 - - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 - - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 - # By default, custom container Images are allowed - # Uncomment the following line to only enable standard container Images - readOnly: false - cpu: - # CPU for user's Notebook - value: '0.5' - readOnly: false - memory: - # Memory for user's Notebook - value: 1.0Gi - readOnly: false - workspaceVolume: - # Workspace Volume to be attached to user's Notebook - # Each Workspace Volume is declared with the following attributes: - # Type, Name, Size, MountPath and Access Mode - value: - type: - # The Type of the Workspace Volume - # Supported values: 'New', 'Existing' - value: New - name: - # The Name of the Workspace Volume - # Note that this is a templated value. Special values: - # {notebook-name}: Replaced with the name of the Notebook. The frontend - # will replace this value as the user types the name - value: 'workspace-{notebook-name}' - size: - # The Size of the Workspace Volume (in Gi) - value: '10Gi' - mountPath: - # The Path that the Workspace Volume will be mounted - value: /home/jovyan - accessModes: - # The Access Mode of the Workspace Volume - # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' - value: ReadWriteOnce - class: - # The StrageClass the PVC will use if type is New. Special values are: - # {none}: default StorageClass - # {empty}: empty string "" - value: '{none}' - readOnly: false - dataVolumes: - # List of additional Data Volumes to be attached to the user's Notebook - value: [] - # Each Data Volume is declared with the following attributes: - # Type, Name, Size, MountPath and Access Mode - # - # For example, a list with 2 Data Volumes: - # value: - # - value: - # type: - # value: New - # name: - # value: '{notebook-name}-vol-1' - # size: - # value: '10Gi' - # class: - # value: standard - # mountPath: - # value: /home/jovyan/vol-1 - # accessModes: - # value: ReadWriteOnce - # class: - # value: {none} - # - value: - # type: - # value: New - # name: - # value: '{notebook-name}-vol-2' - # size: - # value: '10Gi' - # mountPath: - # value: /home/jovyan/vol-2 - # accessModes: - # value: ReadWriteMany - # class: - # value: {none} - readOnly: false - gpus: - # Number of GPUs to be assigned to the Notebook Container - value: - # values: "none", "1", "2", "4", "8" - num: "none" - # Determines what the UI will show and send to the backend - vendors: - - limitsKey: "nvidia.com/gpu" - uiName: "NVIDIA" - # Values: "" or a `limits-key` from the vendors list - vendor: "" - readOnly: false - shm: - value: true - readOnly: false - configurations: - # List of labels to be selected, these are the labels from PodDefaults - # value: - # - add-gcp-secret - # - default-editor - value: [] - readOnly: false -kind: ConfigMap -metadata: - labels: - app: jupyter-web-app - kustomize.component: jupyter-web-app - name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml deleted file mode 100644 index 9963e3b53c..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -data: - minioPd: dls-kf-storage-artifact-store - minioPvName: minio-pv -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: minio - app.kubernetes.io/name: minio - name: pipeline-minio-install-config-c42bb75m6g - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml deleted file mode 100644 index 4c8915b459..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -data: - mysqlPd: dls-kf-storage-metadata-store - mysqlPvName: mysql-pv -kind: ConfigMap -metadata: - labels: - app: mysql - app.kubernetes.io/component: mysql - app.kubernetes.io/name: mysql - name: pipeline-mysql-install-config-24c6km7cgg - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml deleted file mode 100644 index 993f221972..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app.kubernetes.io/component: minio - app.kubernetes.io/name: minio - name: minio-pv -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 20Gi - gcePersistentDisk: - fsType: ext4 - pdName: dls-kf-storage-artifact-store diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml deleted file mode 100644 index 17f07cff7b..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - labels: - app: mysql - app.kubernetes.io/component: mysql - app.kubernetes.io/name: mysql - name: mysql-pv -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 20Gi - gcePersistentDisk: - fsType: ext4 - pdName: dls-kf-storage-metadata-store diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml deleted file mode 100644 index 3e4a136426..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com - name: ml-pipeline-ui - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml deleted file mode 100644 index 1beef50ebf..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com - name: pipeline-runner - namespace: kubeflow diff --git a/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go index 462d9f4d53..65e3ae1b4c 100644 --- a/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go +++ b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter", + Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go index 77624165ca..933e30f1aa 100644 --- a/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager-crds", + Package: "../../../../../stacks/ibm/application/cert-manager-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go index 111bc9ac67..c21811c7f3 100644 --- a/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources", + Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/cert-manager/kustomize_test.go b/tests/stacks/ibm/application/cert-manager/kustomize_test.go index 7d975b0c39..cc7dd9fcff 100644 --- a/tests/stacks/ibm/application/cert-manager/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager", + Package: "../../../../../stacks/ibm/application/cert-manager", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go index 7fea301ad2..d7cf546765 100644 --- a/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go +++ b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/jupyter-web-app", + Package: "../../../../../stacks/ibm/application/jupyter-web-app", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go index 9ff6339ab2..c955fd1683 100644 --- a/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go +++ b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../../stacks/ibm/application/notebook-controller/base", + Package: "../../../../../../stacks/ibm/application/notebook-controller/base", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/profiles/kustomize_test.go b/tests/stacks/ibm/application/profiles/kustomize_test.go index d1b349e78e..b16eef78b2 100644 --- a/tests/stacks/ibm/application/profiles/kustomize_test.go +++ b/tests/stacks/ibm/application/profiles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/profiles", + Package: "../../../../../stacks/ibm/application/profiles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/spark-operator/kustomize_test.go b/tests/stacks/ibm/application/spark-operator/kustomize_test.go index 7d14618bfe..d70735658c 100644 --- a/tests/stacks/ibm/application/spark-operator/kustomize_test.go +++ b/tests/stacks/ibm/application/spark-operator/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/spark-operator", + Package: "../../../../../stacks/ibm/application/spark-operator", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/spartakus/kustomize_test.go b/tests/stacks/ibm/application/spartakus/kustomize_test.go index ff8fdb8f2c..8185dd60e1 100644 --- a/tests/stacks/ibm/application/spartakus/kustomize_test.go +++ b/tests/stacks/ibm/application/spartakus/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/spartakus", + Package: "../../../../../stacks/ibm/application/spartakus", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/stacks/ibm/application/tensorboard/kustomize_test.go b/tests/stacks/ibm/application/tensorboard/kustomize_test.go index 2722e5798b..ac94ccea93 100644 --- a/tests/stacks/ibm/application/tensorboard/kustomize_test.go +++ b/tests/stacks/ibm/application/tensorboard/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/tensorboard", + Package: "../../../../../stacks/ibm/application/tensorboard", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/api-service/kustomize_test.go b/tests/tests/legacy_kustomizations/api-service/kustomize_test.go index 168e54aa31..5c01809d6f 100644 --- a/tests/tests/legacy_kustomizations/api-service/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/api-service/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/api-service", + Package: "../../../../tests/legacy_kustomizations/api-service", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go index 33f473fed7..28812e6ca3 100644 --- a/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/application-crds", + Package: "../../../../tests/legacy_kustomizations/application-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/argo/kustomize_test.go b/tests/tests/legacy_kustomizations/argo/kustomize_test.go index d7d2b2260d..fc6496f0ae 100644 --- a/tests/tests/legacy_kustomizations/argo/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/argo/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/argo", + Package: "../../../../tests/legacy_kustomizations/argo", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go b/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go index cf0b576fa4..35303113ac 100644 --- a/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/bootstrap", + Package: "../../../../tests/legacy_kustomizations/bootstrap", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go b/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go index b2a872e0a9..16bb674597 100644 --- a/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/centraldashboard", + Package: "../../../../tests/legacy_kustomizations/centraldashboard", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go index 3ba7d6f7d8..6d5fab471f 100644 --- a/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/cert-manager-crds", + Package: "../../../../tests/legacy_kustomizations/cert-manager-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go b/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go index 47a5ca433f..932cad34f4 100644 --- a/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/cert-manager-kube-system-resources", + Package: "../../../../tests/legacy_kustomizations/cert-manager-kube-system-resources", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go index c9405a1b6a..b00b02272e 100644 --- a/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio-crds", + Package: "../../../../tests/legacy_kustomizations/istio-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go b/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go index b2a0a15f08..daff539c6d 100644 --- a/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio-install", + Package: "../../../../tests/legacy_kustomizations/istio-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/istio/kustomize_test.go b/tests/tests/legacy_kustomizations/istio/kustomize_test.go index eb4aa1c3b1..f5086b8dd0 100644 --- a/tests/tests/legacy_kustomizations/istio/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio", + Package: "../../../../tests/legacy_kustomizations/istio", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go b/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go index 18e8be9135..be78633bc6 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/katib-controller", + Package: "../../../../tests/legacy_kustomizations/katib-controller", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go b/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go index f86acbad6c..8f58b6c401 100644 --- a/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/kfserving-install", + Package: "../../../../tests/legacy_kustomizations/kfserving-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go b/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go index 1ab3add367..344fa681bc 100644 --- a/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/knative-install", + Package: "../../../../tests/legacy_kustomizations/knative-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go b/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go index 122ffd5fee..dd86a13d20 100644 --- a/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/kubeflow-roles", + Package: "../../../../tests/legacy_kustomizations/kubeflow-roles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go b/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go index 0574b9e7fb..9b954306be 100644 --- a/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/metacontroller", + Package: "../../../../tests/legacy_kustomizations/metacontroller", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/metadata/kustomize_test.go b/tests/tests/legacy_kustomizations/metadata/kustomize_test.go index e4457ad61d..0bd78608b2 100644 --- a/tests/tests/legacy_kustomizations/metadata/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/metadata/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/metadata", + Package: "../../../../tests/legacy_kustomizations/metadata", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go b/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go index 852ee6c930..6ad2df72e2 100644 --- a/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pipeline-visualization-service", + Package: "../../../../tests/legacy_kustomizations/pipeline-visualization-service", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go b/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go index 80039e6f06..a72adfd4d1 100644 --- a/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pipelines-ui", + Package: "../../../../tests/legacy_kustomizations/pipelines-ui", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/profiles/kustomize_test.go b/tests/tests/legacy_kustomizations/profiles/kustomize_test.go index 0470f4045e..909e4653df 100644 --- a/tests/tests/legacy_kustomizations/profiles/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/profiles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/profiles", + Package: "../../../../tests/legacy_kustomizations/profiles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go index bca750136b..0c3eac8f22 100644 --- a/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pytorch-job-crds", + Package: "../../../../tests/legacy_kustomizations/pytorch-job-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go b/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go index e546d33576..08bb05a7a4 100644 --- a/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/scheduledworkflow", + Package: "../../../../tests/legacy_kustomizations/scheduledworkflow", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go b/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go index 17a40c86cf..30a74ad0af 100644 --- a/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/seldon-core-operator", + Package: "../../../../tests/legacy_kustomizations/seldon-core-operator", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go index 9cd5c23cea..3fc177e9e3 100644 --- a/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/tf-job-crds", + Package: "../../../../tests/legacy_kustomizations/tf-job-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file diff --git a/tests/tests/legacy_kustomizations/webhook/kustomize_test.go b/tests/tests/legacy_kustomizations/webhook/kustomize_test.go index 485d3a1a39..5c767391ab 100644 --- a/tests/tests/legacy_kustomizations/webhook/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/webhook/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/webhook", + Package: "../../../../tests/legacy_kustomizations/webhook", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} +} \ No newline at end of file From 4faf67368598d42e5e115320aa34e8bd95d44131 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:20:23 +0800 Subject: [PATCH 35/45] fix gcp pd manifest --- .../mysql/installs/gcp-pd/kustomization.yaml | 1 - .../katib-external-db/kustomize_test.go | 4 +- .../katib-standalone/kustomize_test.go | 4 +- tests/stacks/examples/alice/kustomize_test.go | 4 +- ...ebhook-mutating-webhook-configuration.yaml | 31 ++ ...cedefinition_experiments.kubeflow.org.yaml | 28 ++ ...urcedefinition_notebooks.kubeflow.org.yaml | 69 +++++ ...cedefinition_poddefaults.kubeflow.org.yaml | 56 ++++ ...ourcedefinition_profiles.kubeflow.org.yaml | 158 +++++++++++ ...cedefinition_pytorchjobs.kubeflow.org.yaml | 45 +++ ...ition_scheduledworkflows.kubeflow.org.yaml | 18 ++ ...cedefinition_suggestions.kubeflow.org.yaml | 37 +++ ...esourcedefinition_tfjobs.kubeflow.org.yaml | 50 ++++ ...esourcedefinition_trials.kubeflow.org.yaml | 31 ++ ...sourcedefinition_viewers.kubeflow.org.yaml | 18 ++ ...ourcedefinition_workflows.argoproj.io.yaml | 19 ++ .../app.k8s.io_v1beta1_application_argo.yaml | 39 +++ ..._v1beta1_application_centraldashboard.yaml | 57 ++++ ...ation_jupyter-web-app-jupyter-web-app.yaml | 55 ++++ ..._v1beta1_application_katib-controller.yaml | 70 +++++ ...k8s.io_v1beta1_application_katib-crds.yaml | 68 +++++ .../app.k8s.io_v1beta1_application_minio.yaml | 31 ++ .../app.k8s.io_v1beta1_application_mysql.yaml | 32 +++ ...tebook-controller-notebook-controller.yaml | 46 +++ ...v1beta1_application_profiles-profiles.yaml | 44 +++ ..._v1beta1_application_pytorch-job-crds.yaml | 46 +++ ..._v1beta1_application_pytorch-operator.yaml | 49 ++++ ...8s.io_v1beta1_application_tf-job-crds.yaml | 46 +++ ...o_v1beta1_application_tf-job-operator.yaml | 47 +++ ...pp.k8s.io_v1beta1_application_webhook.yaml | 39 +++ ...ployment_admission-webhook-deployment.yaml | 42 +++ .../expected/apps_v1_deployment_argo-ui.yaml | 66 +++++ ..._deployment_cache-deployer-deployment.yaml | 30 ++ .../apps_v1_deployment_cache-server.yaml | 73 +++++ .../apps_v1_deployment_centraldashboard.yaml | 50 ++++ ...deployment_jupyter-web-app-deployment.yaml | 46 +++ .../apps_v1_deployment_katib-controller.yaml | 56 ++++ .../apps_v1_deployment_katib-db-manager.yaml | 60 ++++ .../apps_v1_deployment_katib-mysql.yaml | 74 +++++ .../expected/apps_v1_deployment_katib-ui.yaml | 46 +++ .../apps_v1_deployment_metadata-db.yaml | 53 ++++ ...pps_v1_deployment_metadata-deployment.yaml | 61 ++++ ..._deployment_metadata-envoy-deployment.yaml | 30 ++ ...1_deployment_metadata-grpc-deployment.yaml | 44 +++ .../apps_v1_deployment_metadata-ui.yaml | 29 ++ .../apps_v1_deployment_metadata-writer.yaml | 26 ++ .../expected/apps_v1_deployment_minio.yaml | 51 ++++ ...ployment_ml-pipeline-persistenceagent.yaml | 26 ++ ...loyment_ml-pipeline-scheduledworkflow.yaml | 26 ++ .../apps_v1_deployment_ml-pipeline-ui.yaml | 64 +++++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 28 ++ ...yment_ml-pipeline-visualizationserver.yaml | 48 ++++ .../apps_v1_deployment_ml-pipeline.yaml | 97 +++++++ .../expected/apps_v1_deployment_mysql.yaml | 40 +++ ...oyment_notebook-controller-deployment.yaml | 51 ++++ ...pps_v1_deployment_profiles-deployment.yaml | 95 +++++++ .../apps_v1_deployment_pytorch-operator.yaml | 45 +++ .../apps_v1_deployment_tf-job-operator.yaml | 43 +++ ...pps_v1_deployment_workflow-controller.yaml | 61 ++++ ...a2_certificate_admission-webhook-cert.yaml | 18 ++ ...ubeflow.org_v1beta1_profile_anonymous.yaml | 9 + ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 25 ++ ...lpha3_virtualservice_centraldashboard.yaml | 24 ++ ...rvice_jupyter-web-app-jupyter-web-app.yaml | 28 ++ ...o.io_v1alpha3_virtualservice_katib-ui.yaml | 24 ++ ...v1alpha3_virtualservice_metadata-grpc.yaml | 22 ++ ...o_v1alpha3_virtualservice_metadata-ui.yaml | 22 ++ ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 22 ++ ...v1alpha3_virtualservice_profiles-kfam.yaml | 27 ++ ...errole_admission-webhook-cluster-role.yaml | 22 ++ ...on-webhook-kubeflow-poddefaults-admin.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-edit.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-view.yaml | 21 ++ ...8s.io_v1_clusterrole_centraldashboard.yaml | 19 ++ ...sterrole_jupyter-web-app-cluster-role.yaml | 57 ++++ ...er-web-app-kubeflow-notebook-ui-admin.yaml | 9 + ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 20 ++ ...ter-web-app-kubeflow-notebook-ui-view.yaml | 26 ++ ...8s.io_v1_clusterrole_katib-controller.yaml | 75 +++++ ...zation.k8s.io_v1_clusterrole_katib-ui.yaml | 23 ++ ....k8s.io_v1_clusterrole_kubeflow-admin.yaml | 9 + ...n.k8s.io_v1_clusterrole_kubeflow-edit.yaml | 11 + ...o_v1_clusterrole_kubeflow-katib-admin.yaml | 13 + ...io_v1_clusterrole_kubeflow-katib-edit.yaml | 25 ++ ...io_v1_clusterrole_kubeflow-katib-view.yaml | 19 ++ ...clusterrole_kubeflow-kubernetes-admin.yaml | 27 ++ ..._clusterrole_kubeflow-kubernetes-edit.yaml | 135 +++++++++ ..._clusterrole_kubeflow-kubernetes-view.yaml | 125 ++++++++ ...-pipelines-cache-deployer-clusterrole.yaml | 24 ++ ...lusterrole_kubeflow-pytorchjobs-admin.yaml | 14 + ...clusterrole_kubeflow-pytorchjobs-edit.yaml | 26 ++ ...clusterrole_kubeflow-pytorchjobs-view.yaml | 20 ++ ..._v1_clusterrole_kubeflow-tfjobs-admin.yaml | 14 + ...o_v1_clusterrole_kubeflow-tfjobs-edit.yaml | 25 ++ ...o_v1_clusterrole_kubeflow-tfjobs-view.yaml | 19 ++ ...n.k8s.io_v1_clusterrole_kubeflow-view.yaml | 11 + ...k-controller-kubeflow-notebooks-admin.yaml | 15 + ...ok-controller-kubeflow-notebooks-edit.yaml | 26 ++ ...ok-controller-kubeflow-notebooks-view.yaml | 20 ++ ..._clusterrole_notebook-controller-role.yaml | 54 ++++ ...dmission-webhook-cluster-role-binding.yaml | 17 ++ ...1_clusterrolebinding_centraldashboard.yaml | 16 ++ ..._jupyter-web-app-cluster-role-binding.yaml | 15 + ...1_clusterrolebinding_katib-controller.yaml | 15 + ...k8s.io_v1_clusterrolebinding_katib-ui.yaml | 15 + ...nes-cache-deployer-clusterrolebinding.yaml | 12 + ...ding_notebook-controller-role-binding.yaml | 17 ++ ...binding_profiles-cluster-role-binding.yaml | 14 + ...ation.k8s.io_v1_role_centraldashboard.yaml | 28 ++ ...ubeflow-pipelines-cache-deployer-role.yaml | 16 ++ ...v1_role_kubeflow-pipelines-cache-role.yaml | 34 +++ ...beflow-pipelines-metadata-writer-role.yaml | 34 +++ ...ole_ml-pipeline-persistenceagent-role.yaml | 22 ++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 39 +++ ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 45 +++ ...le_ml-pipeline-viewer-controller-role.yaml | 31 ++ ...horization.k8s.io_v1_role_ml-pipeline.yaml | 39 +++ ...zation.k8s.io_v1_role_pipeline-runner.yaml | 81 ++++++ ...8s.io_v1_rolebinding_centraldashboard.yaml | 17 ++ ...ding_kubeflow-pipelines-cache-binding.yaml | 13 + ...-pipelines-cache-deployer-rolebinding.yaml | 13 + ...low-pipelines-metadata-writer-binding.yaml | 13 + ..._ml-pipeline-persistenceagent-binding.yaml | 13 + ...ml-pipeline-scheduledworkflow-binding.yaml | 13 + ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 15 + ...inding_ml-pipeline-viewer-crd-binding.yaml | 13 + ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 15 + ...1_rolebinding_pipeline-runner-binding.yaml | 13 + ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 35 +++ ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 54 ++++ ..._v1beta1_clusterrole_pytorch-operator.yaml | 33 +++ ...o_v1beta1_clusterrole_tf-job-operator.yaml | 40 +++ ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 17 ++ ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 17 ++ ...1_clusterrolebinding_pytorch-operator.yaml | 17 ++ ...a1_clusterrolebinding_tf-job-operator.yaml | 17 ++ ...jupyter-web-app-jupyter-notebook-role.yaml | 39 +++ ...ation.k8s.io_v1beta1_role_metadata-ui.yaml | 28 ++ ...web-app-jupyter-notebook-role-binding.yaml | 15 + ...8s.io_v1beta1_rolebinding_metadata-ui.yaml | 16 ++ ...-webhook-admission-webhook-parameters.yaml | 14 + ...map_default-install-config-h877hbtmf7.yaml | 8 + ...app-jupyter-web-app-config-dhcbh64467.yaml | 138 +++++++++ .../~g_v1_configmap_katib-config.yaml | 59 ++++ ..._configmap_kubeflow-config-988m2m9m87.yaml | 9 + ...g_v1_configmap_metadata-db-parameters.yaml | 11 + ..._v1_configmap_metadata-grpc-configmap.yaml | 10 + ...g_v1_configmap_metadata-ui-parameters.yaml | 9 + ...notebook-controller-config-h4d668t5tb.yaml | 13 + ...ap_pipeline-install-config-2829cc67f8.yaml | 12 + ...eline-minio-install-config-c42bb75m6g.yaml | 11 + ...eline-mysql-install-config-24c6km7cgg.yaml | 12 + ...p_profiles-profiles-config-4mgcmtgk6t.yaml | 10 + ...g_v1_configmap_trial-template-labeled.yaml | 97 +++++++ .../~g_v1_configmap_trial-template.yaml | 31 ++ ...nfigmap_workflow-controller-configmap.yaml | 32 +++ ...figmap_workflow-controller-parameters.yaml | 22 ++ .../~g_v1_persistentvolume_minio-pv.yaml | 15 + .../~g_v1_persistentvolume_mysql-pv.yaml | 16 ++ ..._v1_persistentvolumeclaim_katib-mysql.yaml | 14 + ..._persistentvolumeclaim_metadata-mysql.yaml | 13 + ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 16 ++ ..._persistentvolumeclaim_mysql-pv-claim.yaml | 17 ++ .../~g_v1_secret_katib-controller.yaml | 8 + .../~g_v1_secret_katib-mysql-secrets.yaml | 11 + .../~g_v1_secret_metadata-db-secrets.yaml | 11 + ...g_v1_secret_mlpipeline-minio-artifact.yaml | 12 + .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 9 + ..._v1_service_admission-webhook-service.yaml | 19 ++ .../expected/~g_v1_service_argo-ui.yaml | 21 ++ .../expected/~g_v1_service_cache-server.yaml | 11 + .../~g_v1_service_centraldashboard.yaml | 29 ++ ...~g_v1_service_jupyter-web-app-service.yaml | 29 ++ .../~g_v1_service_katib-controller.yaml | 25 ++ .../~g_v1_service_katib-db-manager.yaml | 21 ++ .../expected/~g_v1_service_katib-mysql.yaml | 21 ++ .../expected/~g_v1_service_katib-ui.yaml | 22 ++ .../expected/~g_v1_service_metadata-db.yaml | 17 ++ .../~g_v1_service_metadata-envoy-service.yaml | 17 ++ .../~g_v1_service_metadata-grpc-service.yaml | 17 ++ .../~g_v1_service_metadata-service.yaml | 17 ++ .../expected/~g_v1_service_metadata-ui.yaml | 15 + .../expected/~g_v1_service_minio-service.yaml | 18 ++ .../~g_v1_service_ml-pipeline-ui.yaml | 15 + ...rvice_ml-pipeline-visualizationserver.yaml | 13 + .../expected/~g_v1_service_ml-pipeline.yaml | 17 ++ .../expected/~g_v1_service_mysql.yaml | 18 ++ ...1_service_notebook-controller-service.yaml | 18 ++ .../expected/~g_v1_service_profiles-kfam.yaml | 12 + .../~g_v1_service_pytorch-operator.yaml | 25 ++ .../~g_v1_service_tf-job-operator.yaml | 25 ++ ...unt_admission-webhook-service-account.yaml | 10 + .../~g_v1_serviceaccount_argo-ui.yaml | 9 + .../expected/~g_v1_serviceaccount_argo.yaml | 9 + ...~g_v1_serviceaccount_centraldashboard.yaml | 8 + ...count_jupyter-web-app-service-account.yaml | 8 + ...~g_v1_serviceaccount_katib-controller.yaml | 8 + .../~g_v1_serviceaccount_katib-ui.yaml | 8 + ..._kubeflow-pipelines-cache-deployer-sa.yaml | 5 + ...rviceaccount_kubeflow-pipelines-cache.yaml | 5 + ..._kubeflow-pipelines-container-builder.yaml | 5 + ...nt_kubeflow-pipelines-metadata-writer.yaml | 5 + .../~g_v1_serviceaccount_metadata-ui.yaml | 7 + ...eaccount_ml-pipeline-persistenceagent.yaml | 5 + ...account_ml-pipeline-scheduledworkflow.yaml | 5 + .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 7 + ...l-pipeline-viewer-crd-service-account.yaml | 5 + ...count_ml-pipeline-visualizationserver.yaml | 7 + .../~g_v1_serviceaccount_ml-pipeline.yaml | 5 + ...t_notebook-controller-service-account.yaml | 10 + .../~g_v1_serviceaccount_pipeline-runner.yaml | 7 + ...t_profiles-controller-service-account.yaml | 9 + ...~g_v1_serviceaccount_pytorch-operator.yaml | 10 + ...~g_v1_serviceaccount_tf-job-dashboard.yaml | 10 + .../~g_v1_serviceaccount_tf-job-operator.yaml | 10 + ...ebhook-mutating-webhook-configuration.yaml | 31 ++ ...cedefinition_experiments.kubeflow.org.yaml | 28 ++ ...urcedefinition_notebooks.kubeflow.org.yaml | 69 +++++ ...cedefinition_poddefaults.kubeflow.org.yaml | 56 ++++ ...ourcedefinition_profiles.kubeflow.org.yaml | 158 +++++++++++ ...cedefinition_pytorchjobs.kubeflow.org.yaml | 45 +++ ...ition_scheduledworkflows.kubeflow.org.yaml | 18 ++ ...cedefinition_suggestions.kubeflow.org.yaml | 37 +++ ...esourcedefinition_tfjobs.kubeflow.org.yaml | 50 ++++ ...esourcedefinition_trials.kubeflow.org.yaml | 31 ++ ...sourcedefinition_viewers.kubeflow.org.yaml | 18 ++ ...ourcedefinition_workflows.argoproj.io.yaml | 19 ++ .../app.k8s.io_v1beta1_application_argo.yaml | 39 +++ ..._v1beta1_application_centraldashboard.yaml | 57 ++++ ...ation_jupyter-web-app-jupyter-web-app.yaml | 55 ++++ ..._v1beta1_application_katib-controller.yaml | 70 +++++ ...k8s.io_v1beta1_application_katib-crds.yaml | 68 +++++ .../app.k8s.io_v1beta1_application_minio.yaml | 31 ++ .../app.k8s.io_v1beta1_application_mysql.yaml | 32 +++ ...tebook-controller-notebook-controller.yaml | 46 +++ ...v1beta1_application_profiles-profiles.yaml | 44 +++ ..._v1beta1_application_pytorch-job-crds.yaml | 46 +++ ..._v1beta1_application_pytorch-operator.yaml | 49 ++++ ...8s.io_v1beta1_application_tf-job-crds.yaml | 46 +++ ...o_v1beta1_application_tf-job-operator.yaml | 47 +++ ...pp.k8s.io_v1beta1_application_webhook.yaml | 39 +++ ...ployment_admission-webhook-deployment.yaml | 42 +++ .../expected/apps_v1_deployment_argo-ui.yaml | 66 +++++ ..._deployment_cache-deployer-deployment.yaml | 30 ++ .../apps_v1_deployment_cache-server.yaml | 71 +++++ .../apps_v1_deployment_centraldashboard.yaml | 50 ++++ ...deployment_jupyter-web-app-deployment.yaml | 46 +++ .../apps_v1_deployment_katib-controller.yaml | 56 ++++ .../apps_v1_deployment_katib-db-manager.yaml | 60 ++++ .../apps_v1_deployment_katib-mysql.yaml | 74 +++++ .../expected/apps_v1_deployment_katib-ui.yaml | 46 +++ .../apps_v1_deployment_metadata-db.yaml | 53 ++++ ...pps_v1_deployment_metadata-deployment.yaml | 61 ++++ ..._deployment_metadata-envoy-deployment.yaml | 30 ++ ...1_deployment_metadata-grpc-deployment.yaml | 44 +++ .../apps_v1_deployment_metadata-ui.yaml | 29 ++ .../apps_v1_deployment_metadata-writer.yaml | 24 ++ .../expected/apps_v1_deployment_minio.yaml | 51 ++++ ...ployment_ml-pipeline-persistenceagent.yaml | 24 ++ ...loyment_ml-pipeline-scheduledworkflow.yaml | 24 ++ .../apps_v1_deployment_ml-pipeline-ui.yaml | 84 ++++++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 31 ++ ...yment_ml-pipeline-visualizationserver.yaml | 48 ++++ .../apps_v1_deployment_ml-pipeline.yaml | 100 +++++++ .../expected/apps_v1_deployment_mysql.yaml | 40 +++ ...oyment_notebook-controller-deployment.yaml | 51 ++++ ...pps_v1_deployment_profiles-deployment.yaml | 95 +++++++ .../apps_v1_deployment_pytorch-operator.yaml | 45 +++ .../apps_v1_deployment_tf-job-operator.yaml | 43 +++ ...pps_v1_deployment_workflow-controller.yaml | 61 ++++ ...kubeflow-pipelines-profile-controller.yaml | 34 +++ ...a2_certificate_admission-webhook-cert.yaml | 18 ++ ...ubeflow.org_v1beta1_profile_anonymous.yaml | 9 + ...kubeflow-pipelines-profile-controller.yaml | 46 +++ ...io.io_v1alpha3_virtualservice_argo-ui.yaml | 25 ++ ...lpha3_virtualservice_centraldashboard.yaml | 24 ++ ...rvice_jupyter-web-app-jupyter-web-app.yaml | 28 ++ ...o.io_v1alpha3_virtualservice_katib-ui.yaml | 24 ++ ...v1alpha3_virtualservice_metadata-grpc.yaml | 22 ++ ...o_v1alpha3_virtualservice_metadata-ui.yaml | 22 ++ ...1alpha3_virtualservice_ml-pipeline-ui.yaml | 22 ++ ...v1alpha3_virtualservice_profiles-kfam.yaml | 27 ++ ...errole_admission-webhook-cluster-role.yaml | 22 ++ ...on-webhook-kubeflow-poddefaults-admin.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-edit.yaml | 15 + ...ion-webhook-kubeflow-poddefaults-view.yaml | 21 ++ ...8s.io_v1_clusterrole_centraldashboard.yaml | 19 ++ ...sterrole_jupyter-web-app-cluster-role.yaml | 57 ++++ ...er-web-app-kubeflow-notebook-ui-admin.yaml | 9 + ...ter-web-app-kubeflow-notebook-ui-edit.yaml | 20 ++ ...ter-web-app-kubeflow-notebook-ui-view.yaml | 26 ++ ...8s.io_v1_clusterrole_katib-controller.yaml | 75 +++++ ...zation.k8s.io_v1_clusterrole_katib-ui.yaml | 23 ++ ....k8s.io_v1_clusterrole_kubeflow-admin.yaml | 9 + ...n.k8s.io_v1_clusterrole_kubeflow-edit.yaml | 11 + ...o_v1_clusterrole_kubeflow-katib-admin.yaml | 13 + ...io_v1_clusterrole_kubeflow-katib-edit.yaml | 25 ++ ...io_v1_clusterrole_kubeflow-katib-view.yaml | 19 ++ ...clusterrole_kubeflow-kubernetes-admin.yaml | 27 ++ ..._clusterrole_kubeflow-kubernetes-edit.yaml | 135 +++++++++ ..._clusterrole_kubeflow-kubernetes-view.yaml | 125 ++++++++ ...-pipelines-cache-deployer-clusterrole.yaml | 24 ++ ...terrole_kubeflow-pipelines-cache-role.yaml | 31 ++ ...beflow-pipelines-metadata-writer-role.yaml | 31 ++ ...lusterrole_kubeflow-pytorchjobs-admin.yaml | 14 + ...clusterrole_kubeflow-pytorchjobs-edit.yaml | 26 ++ ...clusterrole_kubeflow-pytorchjobs-view.yaml | 20 ++ ..._v1_clusterrole_kubeflow-tfjobs-admin.yaml | 14 + ...o_v1_clusterrole_kubeflow-tfjobs-edit.yaml | 25 ++ ...o_v1_clusterrole_kubeflow-tfjobs-view.yaml | 19 ++ ...n.k8s.io_v1_clusterrole_kubeflow-view.yaml | 11 + ...ole_ml-pipeline-persistenceagent-role.yaml | 21 ++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 +++ ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 +++ ...k-controller-kubeflow-notebooks-admin.yaml | 15 + ...ok-controller-kubeflow-notebooks-edit.yaml | 26 ++ ...ok-controller-kubeflow-notebooks-view.yaml | 20 ++ ..._clusterrole_notebook-controller-role.yaml | 54 ++++ ...dmission-webhook-cluster-role-binding.yaml | 17 ++ ...1_clusterrolebinding_centraldashboard.yaml | 16 ++ ..._jupyter-web-app-cluster-role-binding.yaml | 15 + ...1_clusterrolebinding_katib-controller.yaml | 15 + ...k8s.io_v1_clusterrolebinding_katib-ui.yaml | 15 + ...ding_kubeflow-pipelines-cache-binding.yaml | 12 + ...nes-cache-deployer-clusterrolebinding.yaml | 12 + ...low-pipelines-metadata-writer-binding.yaml | 12 + ..._ml-pipeline-persistenceagent-binding.yaml | 12 + ...ml-pipeline-scheduledworkflow-binding.yaml | 12 + ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 + ...ding_notebook-controller-role-binding.yaml | 17 ++ ...binding_profiles-cluster-role-binding.yaml | 14 + ...ation.k8s.io_v1_role_centraldashboard.yaml | 28 ++ ...ubeflow-pipelines-cache-deployer-role.yaml | 16 ++ ...v1_role_kubeflow-pipelines-cache-role.yaml | 34 +++ ...beflow-pipelines-metadata-writer-role.yaml | 34 +++ ...ole_ml-pipeline-persistenceagent-role.yaml | 22 ++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 39 +++ ...ization.k8s.io_v1_role_ml-pipeline-ui.yaml | 45 +++ ...le_ml-pipeline-viewer-controller-role.yaml | 31 ++ ...horization.k8s.io_v1_role_ml-pipeline.yaml | 39 +++ ...zation.k8s.io_v1_role_pipeline-runner.yaml | 81 ++++++ ...8s.io_v1_rolebinding_centraldashboard.yaml | 17 ++ ...ding_kubeflow-pipelines-cache-binding.yaml | 13 + ...-pipelines-cache-deployer-rolebinding.yaml | 13 + ...low-pipelines-metadata-writer-binding.yaml | 13 + ..._ml-pipeline-persistenceagent-binding.yaml | 13 + ...ml-pipeline-scheduledworkflow-binding.yaml | 13 + ....k8s.io_v1_rolebinding_ml-pipeline-ui.yaml | 15 + ...inding_ml-pipeline-viewer-crd-binding.yaml | 13 + ...ion.k8s.io_v1_rolebinding_ml-pipeline.yaml | 15 + ...1_rolebinding_pipeline-runner-binding.yaml | 13 + ...on.k8s.io_v1beta1_clusterrole_argo-ui.yaml | 35 +++ ...ation.k8s.io_v1beta1_clusterrole_argo.yaml | 54 ++++ ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 +++ ..._v1beta1_clusterrole_pytorch-operator.yaml | 33 +++ ...o_v1beta1_clusterrole_tf-job-operator.yaml | 40 +++ ...io_v1beta1_clusterrolebinding_argo-ui.yaml | 17 ++ ...8s.io_v1beta1_clusterrolebinding_argo.yaml | 17 ++ ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 + ...1_clusterrolebinding_pytorch-operator.yaml | 17 ++ ...a1_clusterrolebinding_tf-job-operator.yaml | 17 ++ ...jupyter-web-app-jupyter-notebook-role.yaml | 39 +++ ...ation.k8s.io_v1beta1_role_metadata-ui.yaml | 28 ++ ...web-app-jupyter-notebook-role-binding.yaml | 15 + ...8s.io_v1beta1_rolebinding_metadata-ui.yaml | 16 ++ ...-webhook-admission-webhook-parameters.yaml | 14 + ...map_default-install-config-h877hbtmf7.yaml | 8 + ...app-jupyter-web-app-config-dhcbh64467.yaml | 138 +++++++++ .../~g_v1_configmap_katib-config.yaml | 59 ++++ ..._configmap_kubeflow-config-988m2m9m87.yaml | 9 + ...pelines-profile-controller-78dkmk82gc.yaml | 267 ++++++++++++++++++ ...g_v1_configmap_metadata-db-parameters.yaml | 11 + ..._v1_configmap_metadata-grpc-configmap.yaml | 10 + ...g_v1_configmap_metadata-ui-parameters.yaml | 9 + ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 + ...notebook-controller-config-h4d668t5tb.yaml | 13 + ...pipeline-api-server-config-f4t72426kt.yaml | 10 + ...ap_pipeline-install-config-2829cc67f8.yaml | 12 + ...p_profiles-profiles-config-4mgcmtgk6t.yaml | 10 + ...g_v1_configmap_trial-template-labeled.yaml | 97 +++++++ .../~g_v1_configmap_trial-template.yaml | 31 ++ ...nfigmap_workflow-controller-configmap.yaml | 32 +++ ...figmap_workflow-controller-parameters.yaml | 22 ++ ..._v1_persistentvolumeclaim_katib-mysql.yaml | 14 + ..._persistentvolumeclaim_metadata-mysql.yaml | 13 + ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 14 + ..._persistentvolumeclaim_mysql-pv-claim.yaml | 15 + .../~g_v1_secret_katib-controller.yaml | 8 + .../~g_v1_secret_katib-mysql-secrets.yaml | 11 + .../~g_v1_secret_metadata-db-secrets.yaml | 11 + ...g_v1_secret_mlpipeline-minio-artifact.yaml | 12 + .../~g_v1_secret_mysql-secret-fd5gktm75t.yaml | 9 + ..._v1_service_admission-webhook-service.yaml | 19 ++ .../expected/~g_v1_service_argo-ui.yaml | 21 ++ .../expected/~g_v1_service_cache-server.yaml | 11 + .../~g_v1_service_centraldashboard.yaml | 29 ++ ...~g_v1_service_jupyter-web-app-service.yaml | 29 ++ .../~g_v1_service_katib-controller.yaml | 25 ++ .../~g_v1_service_katib-db-manager.yaml | 21 ++ .../expected/~g_v1_service_katib-mysql.yaml | 21 ++ .../expected/~g_v1_service_katib-ui.yaml | 22 ++ ...kubeflow-pipelines-profile-controller.yaml | 15 + .../expected/~g_v1_service_metadata-db.yaml | 17 ++ .../~g_v1_service_metadata-envoy-service.yaml | 17 ++ .../~g_v1_service_metadata-grpc-service.yaml | 17 ++ .../~g_v1_service_metadata-service.yaml | 17 ++ .../expected/~g_v1_service_metadata-ui.yaml | 15 + .../expected/~g_v1_service_minio-service.yaml | 18 ++ .../~g_v1_service_ml-pipeline-ui.yaml | 15 + ...rvice_ml-pipeline-visualizationserver.yaml | 13 + .../expected/~g_v1_service_ml-pipeline.yaml | 17 ++ .../expected/~g_v1_service_mysql.yaml | 18 ++ ...1_service_notebook-controller-service.yaml | 18 ++ .../expected/~g_v1_service_profiles-kfam.yaml | 12 + .../~g_v1_service_pytorch-operator.yaml | 25 ++ .../~g_v1_service_tf-job-operator.yaml | 25 ++ ...unt_admission-webhook-service-account.yaml | 10 + .../~g_v1_serviceaccount_argo-ui.yaml | 9 + .../expected/~g_v1_serviceaccount_argo.yaml | 9 + ...~g_v1_serviceaccount_centraldashboard.yaml | 8 + ...count_jupyter-web-app-service-account.yaml | 8 + ...~g_v1_serviceaccount_katib-controller.yaml | 8 + .../~g_v1_serviceaccount_katib-ui.yaml | 8 + ..._kubeflow-pipelines-cache-deployer-sa.yaml | 5 + ...rviceaccount_kubeflow-pipelines-cache.yaml | 5 + ..._kubeflow-pipelines-container-builder.yaml | 5 + ...nt_kubeflow-pipelines-metadata-writer.yaml | 5 + .../~g_v1_serviceaccount_metadata-ui.yaml | 7 + ...eaccount_ml-pipeline-persistenceagent.yaml | 5 + ...account_ml-pipeline-scheduledworkflow.yaml | 5 + .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 5 + ...l-pipeline-viewer-crd-service-account.yaml | 5 + ...count_ml-pipeline-visualizationserver.yaml | 5 + .../~g_v1_serviceaccount_ml-pipeline.yaml | 5 + ...t_notebook-controller-service-account.yaml | 10 + .../~g_v1_serviceaccount_pipeline-runner.yaml | 5 + ...t_profiles-controller-service-account.yaml | 7 + ...~g_v1_serviceaccount_pytorch-operator.yaml | 10 + ...~g_v1_serviceaccount_tf-job-dashboard.yaml | 10 + .../~g_v1_serviceaccount_tf-job-operator.yaml | 10 + .../kustomize_test.go | 4 +- .../cert-manager-crds/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../cert-manager/kustomize_test.go | 4 +- .../jupyter-web-app/kustomize_test.go | 4 +- .../base/kustomize_test.go | 4 +- .../application/profiles/kustomize_test.go | 4 +- .../spark-operator/kustomize_test.go | 4 +- .../application/spartakus/kustomize_test.go | 4 +- .../application/tensorboard/kustomize_test.go | 4 +- .../api-service/kustomize_test.go | 4 +- .../application-crds/kustomize_test.go | 4 +- .../argo/kustomize_test.go | 4 +- .../bootstrap/kustomize_test.go | 4 +- .../centraldashboard/kustomize_test.go | 4 +- .../cert-manager-crds/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../istio-crds/kustomize_test.go | 4 +- .../istio-install/kustomize_test.go | 4 +- .../istio/kustomize_test.go | 4 +- .../katib-controller/kustomize_test.go | 4 +- .../kfserving-install/kustomize_test.go | 4 +- .../knative-install/kustomize_test.go | 4 +- .../kubeflow-roles/kustomize_test.go | 4 +- .../metacontroller/kustomize_test.go | 4 +- .../metadata/kustomize_test.go | 4 +- .../kustomize_test.go | 4 +- .../pipelines-ui/kustomize_test.go | 4 +- .../profiles/kustomize_test.go | 4 +- .../pytorch-job-crds/kustomize_test.go | 4 +- .../scheduledworkflow/kustomize_test.go | 4 +- .../seldon-core-operator/kustomize_test.go | 4 +- .../tf-job-crds/kustomize_test.go | 4 +- .../webhook/kustomize_test.go | 4 +- 474 files changed, 12803 insertions(+), 75 deletions(-) create mode 100644 tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml create mode 100644 tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml create mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml create mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml create mode 100644 tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_profiles-deployment.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml create mode 100644 tests/stacks/generic/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml create mode 100644 tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml create mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_admission-webhook-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_katib-db-manager.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_katib-mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_notebook-controller-service.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_profiles-kfam.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_tf-job-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml create mode 100644 tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml diff --git a/pipeline/mysql/installs/gcp-pd/kustomization.yaml b/pipeline/mysql/installs/gcp-pd/kustomization.yaml index 025187059c..b442b739b5 100644 --- a/pipeline/mysql/installs/gcp-pd/kustomization.yaml +++ b/pipeline/mysql/installs/gcp-pd/kustomization.yaml @@ -8,7 +8,6 @@ resources: - ../../../upstream/env/platform-agnostic/mysql - ../../overlays/application/application.yaml - persistent-volume.yaml -- ../generic/configmap.yaml patchesStrategicMerge: - persistent-volume-claim.yaml images: diff --git a/tests/katib/installs/katib-external-db/kustomize_test.go b/tests/katib/installs/katib-external-db/kustomize_test.go index cfb838a247..d2c05778b3 100644 --- a/tests/katib/installs/katib-external-db/kustomize_test.go +++ b/tests/katib/installs/katib-external-db/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../katib/installs/katib-external-db", + Package: "../../../../katib/installs/katib-external-db", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/katib/installs/katib-standalone/kustomize_test.go b/tests/katib/installs/katib-standalone/kustomize_test.go index a3cc12186c..085f8ae12d 100644 --- a/tests/katib/installs/katib-standalone/kustomize_test.go +++ b/tests/katib/installs/katib-standalone/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../katib/installs/katib-standalone", + Package: "../../../../katib/installs/katib-standalone", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/examples/alice/kustomize_test.go b/tests/stacks/examples/alice/kustomize_test.go index 0865bae0d4..ce08630a3d 100644 --- a/tests/stacks/examples/alice/kustomize_test.go +++ b/tests/stacks/examples/alice/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../stacks/examples/alice", + Package: "../../../../stacks/examples/alice", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml b/tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml new file mode 100644 index 0000000000..2879750ea8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/admission-webhook-cert + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: "" + service: + name: admission-webhook-service + namespace: kubeflow + path: /apply-poddefault + name: admission-webhook-deployment.kubeflow.org + namespaceSelector: + matchLabels: + app.kubernetes.io/part-of: kubeflow-profile + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml new file mode 100644 index 0000000000..8412945bc0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: experiments.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Experiment + plural: experiments + singular: experiment + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 0000000000..1e031ae88b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml new file mode 100644 index 0000000000..808eb4db0c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: poddefaults.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PodDefault + plural: poddefaults + singular: poddefault + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + desc: + type: string + env: + items: + type: object + type: array + envFrom: + items: + type: object + type: array + selector: + type: object + serviceAccountName: + type: string + volumeMounts: + items: + type: object + type: array + volumes: + items: + type: object + type: array + required: + - selector + type: object + status: + type: object + type: object + version: v1alpha1 diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 0000000000..c299e91151 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..2dc516cbcc --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml new file mode 100644 index 0000000000..9f1cabef76 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: suggestions.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .spec.requests + name: Requested + type: string + - JSONPath: .status.suggestionCount + name: Assigned + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Suggestion + plural: suggestions + singular: suggestion + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..ebfcefbc9b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tfjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: TFJob + plural: tfjobs + singular: tfjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + tfReplicaSpecs: + properties: + Chief: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + PS: + properties: + replicas: + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml new file mode 100644 index 0000000000..5c42ede721 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: trials.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Trial + plural: trials + singular: trial + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml new file mode 100644 index 0000000000..a77aa95832 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a Dashboard UI for kubeflow + keywords: + - centraldashboard + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard + maintainers: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + owners: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + type: centraldashboard + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/instance: centraldashboard-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: centraldashboard + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..be3f76b96d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,55 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml new file mode 100644 index 0000000000..d104a57371 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml @@ -0,0 +1,70 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: Secret + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-controller + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-controller + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml new file mode 100644 index 0000000000..017c6c72f4 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml @@ -0,0 +1,68 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: katib-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-crds + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-crds + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml new file mode 100644 index 0000000000..f462651b3b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml new file mode 100644 index 0000000000..fc90772a0b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml new file mode 100644 index 0000000000..56a1457579 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorch-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-job-crds contains the "PyTorchJob" custom resource definition. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml new file mode 100644 index 0000000000..44ea79a4b8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-operator allows users to create and manage the "PyTorchJob" + custom resource. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml new file mode 100644 index 0000000000..fc9715bb53 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tf-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-job-crds contains the "TFJob" custom resource definition. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml new file mode 100644 index 0000000000..6e38dd861e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-operator allows users to create and manage the "TFJob" custom + resource. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml new file mode 100644 index 0000000000..fcf807af27 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: webhook + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: ServiceAccount + descriptor: + description: injects volume, volume mounts, env vars into PodDefault + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + maintainers: [] + owners: [] + type: bootstrap + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/instance: webhook-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: webhook + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml new file mode 100644 index 0000000000..8b8111f51b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + spec: + containers: + - args: + - --tlsCertFile=/etc/webhook/certs/tls.crt + - --tlsKeyFile=/etc/webhook/certs/tls.key + image: gcr.io/kubeflow-images-public/admission-webhook:vmaster-gaf96e4e3 + name: admission-webhook + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-cert + readOnly: true + serviceAccountName: admission-webhook-service-account + volumes: + - name: webhook-cert + secret: + secretName: webhook-certs diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..77b5349e6c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..6c588c6913 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml new file mode 100644 index 0000000000..54717f272b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gf39279c0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + name: centraldashboard + ports: + - containerPort: 8082 + protocol: TCP + serviceAccountName: centraldashboard diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..2665cd2adb --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 + name: config-volume diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml new file mode 100644 index 0000000000..517b53a1c1 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + spec: + containers: + - args: + - --webhook-port=8443 + command: + - ./katib-controller + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller:917164a + imagePullPolicy: IfNotPresent + name: katib-controller + ports: + - containerPort: 8443 + name: webhook + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + serviceAccountName: katib-controller + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: katib-controller diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml new file mode 100644 index 0000000000..1fe98f2288 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + spec: + containers: + - command: + - ./katib-db-manager + env: + - name: DB_NAME + value: mysql + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-db-manager:917164a + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 60 + name: katib-db-manager + ports: + - containerPort: 6789 + name: api + readinessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + initialDelaySeconds: 5 diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml new file mode 100644 index 0000000000..c122ae873f --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: katib + image: mysql:8 + livenessProbe: + exec: + command: + - /bin/bash + - -c + - mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: katib-mysql + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D ${MYSQL_DATABASE} -u root -p${MYSQL_ROOT_PASSWORD} -e 'SELECT + 1' + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: katib-mysql + volumes: + - name: katib-mysql + persistentVolumeClaim: + claimName: katib-mysql diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml new file mode 100644 index 0000000000..1b9998781c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + spec: + containers: + - args: + - --port=8080 + command: + - ./katib-ui + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-ui:917164a + imagePullPolicy: IfNotPresent + name: katib-ui + ports: + - containerPort: 8080 + name: ui + serviceAccountName: katib-ui diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..44ad98e9d8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 0000000000..462f937f60 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 0000000000..f6f5c19dc9 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..4b0a0d0c91 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..996689be19 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..a4f9177a0b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..f38eb6fabe --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,26 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..0430d4b7bd --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-ui diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..f6e9b9c7dc --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..4204e13687 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..79adf2aab0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,97 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 0000000000..44d27f8695 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-notebook-controller-config-h4d668t5tb + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-notebook-controller-config-h4d668t5tb + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 0000000000..caccc9d48f --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml new file mode 100644 index 0000000000..a8ad07dc31 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_pytorch-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + spec: + containers: + - command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/pytorch-operator:vmaster-gd596e904 + name: pytorch-operator + serviceAccountName: pytorch-operator diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml new file mode 100644 index 0000000000..0b61b51343 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_tf-job-operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + spec: + containers: + - args: + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/tf_operator:vmaster-ga2ae7bff + name: tf-job-operator + serviceAccountName: tf-job-operator diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml b/tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml new file mode 100644 index 0000000000..c9e1f4f031 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: admission-webhook-cert + namespace: kubeflow +spec: + commonName: admission-webhook-service.kubeflow.svc + dnsNames: + - admission-webhook-service.kubeflow.svc + - admission-webhook-service.kubeflow.svc.cluster.local + isCA: true + issuerRef: + kind: ClusterIssuer + name: kubeflow-self-signing-issuer + secretName: webhook-certs diff --git a/tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml b/tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml new file mode 100644 index 0000000000..d80509f7d0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml @@ -0,0 +1,9 @@ +apiVersion: kubeflow.org/v1beta1 +kind: Profile +metadata: + name: anonymous + namespace: kubeflow +spec: + owner: + kind: User + name: anonymous diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..a5ab61a1c2 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml new file mode 100644 index 0000000000..b08a52c193 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: centraldashboard.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..1aaf497f8a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml new file mode 100644 index 0000000000..6bb614b82b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /katib/ + rewrite: + uri: /katib/ + route: + - destination: + host: katib-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 0000000000..e888e4eafa --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..a4d16ceb65 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml new file mode 100644 index 0000000000..1bfe3a5c76 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.kubeflow.svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml new file mode 100644 index 0000000000..3ed69a58a6 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - watch + - list + - update + - create + - patch + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml new file mode 100644 index 0000000000..ae97df8cf3 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: admission-webhook-kubeflow-poddefaults-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml new file mode 100644 index 0000000000..09813d57ad --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: admission-webhook-kubeflow-poddefaults-edit +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml new file mode 100644 index 0000000000..1a80b46609 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: admission-webhook-kubeflow-poddefaults-view +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml new file mode 100644 index 0000000000..7491bff88e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..e15e8b6e22 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,57 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..0ae2ffa5c6 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..9cff1100a0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..265ceff545 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml new file mode 100644 index 0000000000..9ea77c91fc --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -0,0 +1,75 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + - secrets + - events + - namespaces + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/status + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - experiments/finalizers + - trials + - trials/status + - trials/finalizers + - suggestions + - suggestions/status + - suggestions/finalizers + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml new file mode 100644 index 0000000000..66faccefb1 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml new file mode 100644 index 0000000000..0520bc0bc9 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml @@ -0,0 +1,9 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml new file mode 100644 index 0000000000..7f472eddde --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-edit +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml new file mode 100644 index 0000000000..45d4cb1843 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml @@ -0,0 +1,13 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-katib-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml new file mode 100644 index 0000000000..11ad89cab6 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" + name: kubeflow-katib-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml new file mode 100644 index 0000000000..95b524a46e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-katib-view +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml new file mode 100644 index 0000000000..d879f2f6c8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kubernetes-admin +rules: +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml new file mode 100644 index 0000000000..8343f92fda --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml @@ -0,0 +1,135 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-kubernetes-edit +rules: +- apiGroups: + - "" + resources: + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + - secrets + - services/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - impersonate +- apiGroups: + - "" + resources: + - pods + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - services/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml new file mode 100644 index 0000000000..d8a396b9de --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kubernetes-view +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - persistentvolumeclaims/status + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - replicasets + - replicasets/scale + - replicasets/status + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + - horizontalpodautoscalers/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - cronjobs/status + - jobs + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - ingresses + - ingresses/status + - networkpolicies + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - poddisruptionbudgets/status + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + - networkpolicies + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml new file mode 100644 index 0000000000..161f232e59 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-pytorchjobs-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml new file mode 100644 index 0000000000..57a5fc7f42 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + name: kubeflow-pytorchjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml new file mode 100644 index 0000000000..4f9ef4f8d3 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pytorchjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml new file mode 100644 index 0000000000..03147422e8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-tfjobs-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml new file mode 100644 index 0000000000..942e4a625a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" + name: kubeflow-tfjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml new file mode 100644 index 0000000000..3ebf508e03 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-tfjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml new file mode 100644 index 0000000000..5420a10679 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-view +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 0000000000..41459ef302 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 0000000000..3ae0c1cd8e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 0000000000..9e28e08290 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 0000000000..02d880f8e2 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml new file mode 100644 index 0000000000..48bed8ccb7 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admission-webhook-cluster-role +subjects: +- kind: ServiceAccount + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..d06cac3fd8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..925b70ec6f --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml new file mode 100644 index 0000000000..908f9dad49 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-controller +subjects: +- kind: ServiceAccount + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml new file mode 100644 index 0000000000..e9f5ce2506 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-ui +subjects: +- kind: ServiceAccount + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..d6fcfce7a0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 0000000000..30d3f08b7e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 0000000000..663e87dbcd --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml new file mode 100644 index 0000000000..2bfa19ba0e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +rules: +- apiGroups: + - "" + - app.k8s.io + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..70f3d41e36 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..160cf9ea6a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..980ce39aee --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..d64ed61477 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..123822f5f3 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..d144ee4569 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..9770a49a31 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..e666a9e18d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..70dd95e964 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..c1c4c30793 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..ed98cee5d5 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..aba290eebe --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..5eb0fe2494 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..84a4a4fbe5 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..cf0a50fda8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4378687932 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..a57eea89f4 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..0c17f98ca1 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..e75d2ecf13 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml new file mode 100644 index 0000000000..13352b970d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml new file mode 100644 index 0000000000..ac48bdc241 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + - tfjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml new file mode 100644 index 0000000000..cefdad39ee --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pytorch-operator +subjects: +- kind: ServiceAccount + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml new file mode 100644 index 0000000000..b69f8e4e4b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tf-job-operator +subjects: +- kind: ServiceAccount + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..0c57d76f07 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 0000000000..adbb844006 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..e07f869911 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 0000000000..1431841c38 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml new file mode 100644 index 0000000000..1dd6173c08 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + issuer: kubeflow-self-signing-issuer + namespace: kubeflow +kind: ConfigMap +metadata: + annotations: {} + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-admission-webhook-parameters + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml new file mode 100644 index 0000000000..0af9fe8d4b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + profile-name: anonymous + user: anonymous +kind: ConfigMap +metadata: + name: default-install-config-h877hbtmf7 + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml new file mode 100644 index 0000000000..685cf43f45 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml @@ -0,0 +1,138 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml new file mode 100644 index 0000000000..3d25f1c358 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + metrics-collector-sidecar: |- + { + "StdOut": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "File": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "TensorFlowEvent": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/tfevent-metrics-collector:917164a", + "resources": { + "limits": { + "memory": "1Gi" + } + } + } + } + suggestion: |- + { + "random": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "grid": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-chocolate:917164a" + }, + "hyperband": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperband:917164a" + }, + "bayesianoptimization": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-skopt:917164a" + }, + "tpe": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "enas": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-enas:917164a", + "imagePullPolicy": "Always", + "resources": { + "limits": { + "memory": "200Mi" + } + } + }, + "cmaes": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-goptuna:917164a" + }, + "darts": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-darts:917164a" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-config + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml new file mode 100644 index 0000000000..9ba0edebb0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + userid-header: X-Goog-Authenticated-User-Email + userid-prefix: 'accounts.google.com:' +kind: ConfigMap +metadata: + name: kubeflow-config-988m2m9m87 + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml new file mode 100644 index 0000000000..ca0dc1ba50 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller-config-h4d668t5tb + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..7d1bd6d4dd --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml new file mode 100644 index 0000000000..9963e3b53c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + minioPd: dls-kf-storage-artifact-store + minioPvName: minio-pv +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: pipeline-minio-install-config-c42bb75m6g + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml new file mode 100644 index 0000000000..4c8915b459 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + mysqlPd: dls-kf-storage-metadata-store + mysqlPvName: mysql-pv +kind: ConfigMap +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: pipeline-mysql-install-config-24c6km7cgg + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 0000000000..e77d6f69ed --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml new file mode 100644 index 0000000000..51936282ad --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml @@ -0,0 +1,97 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu + command: + - "python3.5" + - "-u" + - "RunTrial.py" + {{- with .HyperParameters}} + {{- range .}} + - "--{{.Name}}=\"{{.Value}}\"" + {{- end}} + {{- end}} + - "--num_epochs=1" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} +kind: ConfigMap +metadata: + labels: + app: katib-trial-templates + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template-labeled + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml new file mode 100644 index 0000000000..5a69403a98 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..9d9b1dcd68 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: docker, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..0f695c21ce --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: docker + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml new file mode 100644 index 0000000000..993f221972 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pv +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 20Gi + gcePersistentDisk: + fsType: ext4 + pdName: dls-kf-storage-artifact-store diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml new file mode 100644 index 0000000000..17f07cff7b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 20Gi + gcePersistentDisk: + fsType: ext4 + pdName: dls-kf-storage-metadata-store diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml new file mode 100644 index 0000000000..f07c332452 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..66356a42ba --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: "" + volumeName: minio-pv diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..f239b247a9 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + storageClassName: "" + volumeName: mysql-pv diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml new file mode 100644 index 0000000000..debbabb435 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml new file mode 100644 index 0000000000..8394d22cf8 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..a3765c43ea --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml new file mode 100644 index 0000000000..1636dc9520 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_admission-webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..577a5067a0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml new file mode 100644 index 0000000000..3f50af45e4 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: centralui-mapping + prefix: / + rewrite: / + service: centraldashboard.$(namespace) + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8082 + selector: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + sessionAffinity: None + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..cbc5e87e29 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /$(prefix)/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml new file mode 100644 index 0000000000..59c34c7868 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8443 + - name: metrics + port: 8080 + targetPort: 8080 + selector: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml new file mode 100644 index 0000000000..ff2e1df9ab --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-db-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + ports: + - name: api + port: 6789 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml new file mode 100644 index 0000000000..5b3c87b53e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-mysql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml new file mode 100644 index 0000000000..399b6e1644 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_katib-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + ports: + - name: ui + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 0000000000..a16c797088 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 0000000000..72fa14f488 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + kustomize.component: metadata diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..c7f0acee21 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1b80f6bf6e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..e5335f0516 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..408d80dc5a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..da8f8cb93a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 0000000000..a9f1b4b8e0 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 0000000000..db1f50bd7d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml new file mode 100644 index 0000000000..4114ea5f9f --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_pytorch-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml new file mode 100644 index 0000000000..a13b8ac441 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_service_tf-job-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + type: ClusterIP diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml new file mode 100644 index 0000000000..6f41ce954d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml new file mode 100644 index 0000000000..55deba785d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..926d7e9b7a --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml new file mode 100644 index 0000000000..bfbc7b770e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml new file mode 100644 index 0000000000..16c2b45417 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..0795171aed --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f19e4b2100 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..35bd75a84e --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..4c30a4d63b --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 0000000000..4b277b0557 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..47dbc68b67 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..41eb27ec1d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..3e4a136426 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..f48dc88670 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..b47c98bb3d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..3cc4d2a987 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 0000000000..d34df92177 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..1beef50ebf --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 0000000000..0e2bd62a2d --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + iam.gke.io/gcp-service-account: name-admin@project-id.iam.gserviceaccount.com + labels: + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml new file mode 100644 index 0000000000..3d3555c2b1 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml new file mode 100644 index 0000000000..3e0982e277 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-dashboard + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-dashboard + namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml new file mode 100644 index 0000000000..f7bf874b73 --- /dev/null +++ b/tests/stacks/gcp/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml b/tests/stacks/generic/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml new file mode 100644 index 0000000000..2879750ea8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/admissionregistration.k8s.io_v1beta1_mutatingwebhookconfiguration_admission-webhook-mutating-webhook-configuration.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/admission-webhook-cert + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-mutating-webhook-configuration +webhooks: +- clientConfig: + caBundle: "" + service: + name: admission-webhook-service + namespace: kubeflow + path: /apply-poddefault + name: admission-webhook-deployment.kubeflow.org + namespaceSelector: + matchLabels: + app.kubernetes.io/part-of: kubeflow-profile + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml new file mode 100644 index 0000000000..8412945bc0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_experiments.kubeflow.org.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: experiments.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Experiment + plural: experiments + singular: experiment + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml new file mode 100644 index 0000000000..1e031ae88b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_notebooks.kubeflow.org.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebooks.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Notebook + plural: notebooks + singular: notebook + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + template: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + properties: + spec: + type: object + type: object + type: object + status: + properties: + conditions: + description: Conditions is an array of current conditions + items: + properties: + type: + description: Type of the confition/ + type: string + required: + - type + type: object + type: array + required: + - conditions + type: object + versions: + - name: v1alpha1 + served: true + storage: false + - name: v1beta1 + served: true + storage: true + - name: v1 + served: true + storage: false diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml new file mode 100644 index 0000000000..808eb4db0c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_poddefaults.kubeflow.org.yaml @@ -0,0 +1,56 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: poddefaults.kubeflow.org +spec: + group: kubeflow.org + names: + kind: PodDefault + plural: poddefaults + singular: poddefault + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + desc: + type: string + env: + items: + type: object + type: array + envFrom: + items: + type: object + type: array + selector: + type: object + serviceAccountName: + type: string + volumeMounts: + items: + type: object + type: array + volumes: + items: + type: object + type: array + required: + - selector + type: object + status: + type: object + type: object + version: v1alpha1 diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml new file mode 100644 index 0000000000..c299e91151 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_profiles.kubeflow.org.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + labels: + kustomize.component: profiles + name: profiles.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Profile + plural: profiles + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProfileSpec defines the desired state of Profile + properties: + owner: + description: The profile owner + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If the + Authorizer does not recognized the kind value, the Authorizer + should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + required: + - kind + - name + type: object + plugins: + items: + description: Plugin is for customize actions on different platform. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + type: object + type: object + type: array + resourceQuotaSpec: + description: Resourcequota that will be applied to target namespace + properties: + hard: + additionalProperties: + type: string + description: 'hard is the set of desired hard limits for each named + resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + items: + description: A scoped-resource selector requirement is a selector + that contains values, a scope name, and an operator that + relates the scope name and values. + properties: + operator: + description: Represents a scope's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + type: string + scopeName: + description: The name of the scope that the selector applies + to. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - operator + - scopeName + type: object + type: array + type: object + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all objects. + items: + description: A ResourceQuotaScope defines a filter that must match + each object tracked by a quota + type: string + type: array + type: object + type: object + status: + description: ProfileStatus defines the observed state of Profile + properties: + conditions: + items: + properties: + message: + type: string + status: + type: string + type: + type: string + type: object + type: array + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true + - name: v1beta1 + served: true + storage: false diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..2dc516cbcc --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_pytorchjobs.kubeflow.org.yaml @@ -0,0 +1,45 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorchjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: PyTorchJob + plural: pytorchjobs + singular: pytorchjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + pytorchReplicaSpecs: + properties: + Master: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 0000000000..22dc3c8a00 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml new file mode 100644 index 0000000000..9f1cabef76 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_suggestions.kubeflow.org.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: suggestions.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .spec.requests + name: Requested + type: string + - JSONPath: .status.suggestionCount + name: Assigned + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Suggestion + plural: suggestions + singular: suggestion + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml new file mode 100644 index 0000000000..ebfcefbc9b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_tfjobs.kubeflow.org.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tfjobs.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: State + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + kind: TFJob + plural: tfjobs + singular: tfjob + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + spec: + properties: + tfReplicaSpecs: + properties: + Chief: + properties: + replicas: + maximum: 1 + minimum: 1 + type: integer + PS: + properties: + replicas: + minimum: 1 + type: integer + Worker: + properties: + replicas: + minimum: 1 + type: integer + versions: + - name: v1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml new file mode 100644 index 0000000000..5c42ede721 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_trials.kubeflow.org.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: trials.kubeflow.org +spec: + additionalPrinterColumns: + - JSONPath: .status.conditions[-1:].type + name: Type + type: string + - JSONPath: .status.conditions[-1:].status + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: kubeflow.org + names: + categories: + - all + - kubeflow + - katib + kind: Trial + plural: trials + singular: trial + scope: Namespaced + subresources: + status: {} + version: v1alpha3 diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml new file mode 100644 index 0000000000..dcb5db0f88 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_viewers.kubeflow.org.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true diff --git a/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml new file mode 100644 index 0000000000..08f6d1185c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apiextensions.k8s.io_v1beta1_customresourcedefinition_workflows.argoproj.io.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + version: v1alpha1 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml new file mode 100644 index 0000000000..4c20d279dd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_argo.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Argo Workflows is an open source container-native workflow engine + for orchestrating parallel jobs on Kubernetes + keywords: + - argo + - kubeflow + links: + - description: About + url: https://github.com/argoproj/argo + maintainers: [] + owners: [] + type: argo + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml new file mode 100644 index 0000000000..a77aa95832 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_centraldashboard.yaml @@ -0,0 +1,57 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a Dashboard UI for kubeflow + keywords: + - centraldashboard + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard + maintainers: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + owners: + - email: prodonjs@gmail.com + name: Jason Prodonovich + - email: apverma@google.com + name: Apoorv Verma + - email: adhita94@gmail.com + name: Adhita Selvaraj + type: centraldashboard + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/instance: centraldashboard-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: centraldashboard + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..be3f76b96d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,55 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: jupyter-web-app + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + - group: rbac.authorization.k8s.io + kind: RoleBinding + - group: rbac.authorization.k8s.io + kind: Role + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: networking.istio.io + kind: VirtualService + descriptor: + description: Provides a UI which allows the user to create/conect/delete jupyter + notebooks. + keywords: + - jupyterhub + - jupyter ui + - notebooks + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app + - description: Docs + url: https://www.kubeflow.org/docs/notebooks + maintainers: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + owners: + - email: kimwnasptd@arrikto.com + name: Kimonas Sotirchos + type: jupyter-web-app + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml new file mode 100644 index 0000000000..d104a57371 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-controller.yaml @@ -0,0 +1,70 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: Secret + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-controller + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-controller + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml new file mode 100644 index 0000000000..017c6c72f4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_katib-crds.yaml @@ -0,0 +1,68 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-crds + name: katib-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: Experiment + - group: kubeflow.org + kind: Suggestion + - group: kubeflow.org + kind: Trial + descriptor: + description: Katib is a service for hyperparameter tuning and neural architecture + search. + keywords: + - katib + - katib-controller + - hyperparameter tuning + links: + - description: About + url: https://github.com/kubeflow/katib + maintainers: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + owners: + - email: gaoce@caicloud.io + name: Ce Gao + - email: johnugeo@cisco.com + name: Johnu George + - email: liuhougang6@126.com + name: Hougang Liu + - email: ricliu@google.com + name: Richard Liu + - email: yuji.oshima0x3fd@gmail.com + name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich + type: katib + version: v1alpha3 + selector: + matchLabels: + app.kubernetes.io/component: katib + app.kubernetes.io/instance: katib-crds + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: katib-crds + app.kubernetes.io/part-of: kubeflow diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml new file mode 100644 index 0000000000..e1b386dfb9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_minio.yaml @@ -0,0 +1,31 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - minio + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: minio + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml new file mode 100644 index 0000000000..d4db458295 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_mysql.yaml @@ -0,0 +1,32 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: Deployment + descriptor: + description: "" + keywords: + - mysql + - kubeflow + links: + - description: About + url: "" + maintainers: [] + owners: [] + type: mysql + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml new file mode 100644 index 0000000000..f462651b3b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_notebook-controller-notebook-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + descriptor: + description: Notebooks controller allows users to create a custom resource \"Notebook\" + (jupyter notebook). + keywords: + - jupyter + - notebook + - notebook-controller + - jupyterhub + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller + maintainers: + - email: lunkai@google.com + name: Lun-kai Hsu + owners: + - email: lunkai@gogle.com + name: Lun-kai Hsu + type: notebook-controller + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/instance: notebook-controller-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: notebook-controller + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml new file mode 100644 index 0000000000..fc90772a0b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_profiles-profiles.yaml @@ -0,0 +1,44 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: core + kind: Service + - group: kubeflow.org + kind: Profile + descriptor: + description: "" + keywords: + - profiles + - kubeflow + links: + - description: profiles + url: https://github.com/kubeflow/kubeflow/tree/master/components/profile-controller + - description: kfam + url: https://github.com/kubeflow/kubeflow/tree/master/components/access-management + maintainers: + - email: kunming@google.com + name: Kunming Qu + owners: + - email: kunming@google.com + name: Kunming Qu + type: profiles + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: profiles + app.kubernetes.io/instance: profiles-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: profiles + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml new file mode 100644 index 0000000000..56a1457579 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-job-crds + name: pytorch-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-job-crds contains the "PyTorchJob" custom resource definition. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml new file mode 100644 index 0000000000..44ea79a4b8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_pytorch-operator.yaml @@ -0,0 +1,49 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ConfigMap + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: PyTorchJob + descriptor: + description: Pytorch-operator allows users to create and manage the "PyTorchJob" + custom resource. + keywords: + - pytorchjob + - pytorch-operator + - pytorch-training + links: + - description: About + url: https://github.com/kubeflow/pytorch-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/pytorchjob/v1/pytorch/ + maintainers: + - email: johnugeo@cisco.com + name: Johnu George + owners: + - email: johnugeo@cisco.com + name: Johnu George + type: pytorch-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml new file mode 100644 index 0000000000..fc9715bb53 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-crds.yaml @@ -0,0 +1,46 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-crds + name: tf-job-crds + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-job-crds contains the "TFJob" custom resource definition. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-crds + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml new file mode 100644 index 0000000000..6e38dd861e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_tf-job-operator.yaml @@ -0,0 +1,47 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: Service + - group: apps + kind: Deployment + - group: core + kind: ServiceAccount + - group: kubeflow.org + kind: TFJob + descriptor: + description: Tf-operator allows users to create and manage the "TFJob" custom + resource. + keywords: + - tfjob + - tf-operator + - tf-training + links: + - description: About + url: https://github.com/kubeflow/tf-operator + - description: Docs + url: https://www.kubeflow.org/docs/reference/tfjob/v1/tensorflow/ + maintainers: + - email: ricliu@google.com + name: Richard Liu + owners: + - email: ricliu@google.com + name: Richard Liu + type: tf-job-operator + version: v1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/instance: tf-job-operator-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: tf-job-operator + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 diff --git a/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml new file mode 100644 index 0000000000..fcf807af27 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/app.k8s.io_v1beta1_application_webhook.yaml @@ -0,0 +1,39 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: webhook + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: Service + - group: core + kind: ServiceAccount + descriptor: + description: injects volume, volume mounts, env vars into PodDefault + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + maintainers: [] + owners: [] + type: bootstrap + version: v1beta1 + selector: + matchLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/instance: webhook-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: webhook + app.kubernetes.io/version: v1.0.0 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml new file mode 100644 index 0000000000..8b8111f51b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_admission-webhook-deployment.yaml @@ -0,0 +1,42 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + spec: + containers: + - args: + - --tlsCertFile=/etc/webhook/certs/tls.crt + - --tlsKeyFile=/etc/webhook/certs/tls.key + image: gcr.io/kubeflow-images-public/admission-webhook:vmaster-gaf96e4e3 + name: admission-webhook + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-cert + readOnly: true + serviceAccountName: admission-webhook-service-account + volumes: + - name: webhook-cert + secret: + secretName: webhook-certs diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml new file mode 100644 index 0000000000..94c841f165 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_argo-ui.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: IN_CLUSTER + value: "true" + - name: ENABLE_WEB_CONSOLE + value: "false" + - name: BASE_HREF + value: /argo/ + image: argoproj/argoui:v2.3.0 + imagePullPolicy: IfNotPresent + name: argo-ui + readinessProbe: + httpGet: + path: / + port: 8001 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo-ui + serviceAccountName: argo-ui + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml new file mode 100644 index 0000000000..77b5349e6c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-deployer-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.0.0-rc.3 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml new file mode 100644 index 0000000000..06c8cfbed6 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + template: + metadata: + labels: + app: cache-server + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + value: "" + image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_centraldashboard.yaml new file mode 100644 index 0000000000..54717f272b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_centraldashboard.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + image: gcr.io/kubeflow-images-public/centraldashboard:vmaster-gf39279c0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8082 + initialDelaySeconds: 30 + periodSeconds: 30 + name: centraldashboard + ports: + - containerPort: 8082 + protocol: TCP + serviceAccountName: centraldashboard diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml new file mode 100644 index 0000000000..2665cd2adb --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_jupyter-web-app-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + spec: + containers: + - env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + image: gcr.io/kubeflow-images-public/jupyter-web-app:vmaster-gd9be4b9e + name: jupyter-web-app + ports: + - containerPort: 5000 + volumeMounts: + - mountPath: /etc/config + name: config-volume + serviceAccountName: jupyter-web-app-service-account + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 + name: config-volume diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml new file mode 100644 index 0000000000..517b53a1c1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-controller.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + template: + metadata: + annotations: + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + labels: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + spec: + containers: + - args: + - --webhook-port=8443 + command: + - ./katib-controller + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller:917164a + imagePullPolicy: IfNotPresent + name: katib-controller + ports: + - containerPort: 8443 + name: webhook + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + serviceAccountName: katib-controller + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: katib-controller diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml new file mode 100644 index 0000000000..1fe98f2288 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-db-manager.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + spec: + containers: + - command: + - ./katib-db-manager + env: + - name: DB_NAME + value: mysql + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-db-manager:917164a + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 60 + name: katib-db-manager + ports: + - containerPort: 6789 + name: api + readinessProbe: + exec: + command: + - /bin/grpc_health_probe + - -addr=:6789 + initialDelaySeconds: 5 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-mysql.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-mysql.yaml new file mode 100644 index 0000000000..c122ae873f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-mysql.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: katib-mysql-secrets + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: katib + image: mysql:8 + livenessProbe: + exec: + command: + - /bin/bash + - -c + - mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD} + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + name: katib-mysql + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D ${MYSQL_DATABASE} -u root -p${MYSQL_ROOT_PASSWORD} -e 'SELECT + 1' + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: katib-mysql + volumes: + - name: katib-mysql + persistentVolumeClaim: + claimName: katib-mysql diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml new file mode 100644 index 0000000000..1b9998781c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_katib-ui.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + spec: + containers: + - args: + - --port=8080 + command: + - ./katib-ui + env: + - name: KATIB_CORE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-ui:917164a + imagePullPolicy: IfNotPresent + name: katib-ui + ports: + - containerPort: 8080 + name: ui + serviceAccountName: katib-ui diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml new file mode 100644 index 0000000000..44ad98e9d8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-db.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: db + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: db + kustomize.component: metadata + name: db + spec: + containers: + - args: + - --datadir + - /var/lib/mysql/datadir + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: mysql:8.0.3 + name: db-container + ports: + - containerPort: 3306 + name: dbapi + readinessProbe: + exec: + command: + - /bin/bash + - -c + - mysql -D $$MYSQL_DATABASE -p$$MYSQL_ROOT_PASSWORD -e 'SELECT 1' + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 1 + volumeMounts: + - mountPath: /var/lib/mysql + name: metadata-mysql + volumes: + - name: metadata-mysql + persistentVolumeClaim: + claimName: metadata-mysql diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml new file mode 100644 index 0000000000..462f937f60 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: server + kustomize.component: metadata + name: metadata-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: server + kustomize.component: metadata + spec: + containers: + - command: + - ./server/server + - --http_port=8080 + - --mysql_service_host=metadata-db + - --mysql_service_port=$(MYSQL_PORT) + - --mysql_service_user=$(MYSQL_USER_NAME) + - --mysql_service_password=$(MYSQL_ROOT_PASSWORD) + - --mlmd_db_name=$(MYSQL_DATABASE) + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + image: gcr.io/kubeflow-images-public/metadata:v0.1.11 + livenessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: backendapi + readinessProbe: + httpGet: + httpHeaders: + - name: ContentType + value: application/json + path: /api/v1alpha1/artifact_types + port: backendapi + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml new file mode 100644 index 0000000000..66929f9f1d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-envoy-deployment.yaml @@ -0,0 +1,30 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: envoy + kustomize.component: metadata + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: envoy + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: envoy + kustomize.component: metadata + spec: + containers: + - image: gcr.io/ml-pipeline/envoy:metadata-grpc + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml new file mode 100644 index 0000000000..5f53346cb8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-grpc-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + component: grpc-server + kustomize.component: metadata + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + component: grpc-server + kustomize.component: metadata + spec: + containers: + - args: + - --grpc_port=$(METADATA_GRPC_SERVICE_PORT) + - --mysql_config_host=metadata-db + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(MYSQL_USER_NAME) + - --mysql_config_password=$(MYSQL_ROOT_PASSWORD) + command: + - /bin/metadata_store_server + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + image: gcr.io/tfx-oss-public/ml_metadata_store_server:v0.21.1 + name: container + ports: + - containerPort: 8080 + name: grpc-backendapi diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml new file mode 100644 index 0000000000..f6f5c19dc9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-ui.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: metadata-ui + kustomize.component: metadata + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: metadata-ui + kustomize.component: metadata + name: ui + spec: + containers: + - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 + imagePullPolicy: IfNotPresent + name: metadata-ui + ports: + - containerPort: 3000 + serviceAccountName: metadata-ui diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml new file mode 100644 index 0000000000..83adf18f72 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + template: + metadata: + labels: + app: metadata-writer + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + value: "" + image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml new file mode 100644 index 0000000000..996689be19 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_minio.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..adf776c9d6 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + value: "" + image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..79db22ad5f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,24 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + value: "" + image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..f8ca163f6a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: "80" + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: "true" + - name: ENABLE_AUTHZ + value: "true" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: gcr.io/ml-pipeline/frontend:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml new file mode 100644 index 0000000000..976165b9e7 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - env: + - name: NAMESPACE + value: "" + valueFrom: null + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.0.0-rc.3 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..4204e13687 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml new file mode 100644 index 0000000000..0995593d4b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -0,0 +1,100 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-2829cc67f8 + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-2829cc67f8 + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + envFrom: + - configMapRef: + name: pipeline-api-server-config-f4t72426kt + image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml new file mode 100644 index 0000000000..b47bdbb60a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_mysql.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml new file mode 100644 index 0000000000..44d27f8695 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_notebook-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-deployment + namespace: kubeflow +spec: + selector: + matchLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + spec: + containers: + - command: + - /manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + key: USE_ISTIO + name: notebook-controller-notebook-controller-config-h4d668t5tb + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + key: ISTIO_GATEWAY + name: notebook-controller-notebook-controller-config-h4d668t5tb + image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-gf39279c0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + serviceAccountName: notebook-controller-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_profiles-deployment.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_profiles-deployment.yaml new file mode 100644 index 0000000000..caccc9d48f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_profiles-deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kustomize.component: profiles + name: profiles-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + kustomize.component: profiles + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + kustomize.component: profiles + spec: + containers: + - args: null + command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + key: gcp-sa + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/profile-controller:vmaster-g34aa47c2 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 30 + name: manager + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP + - args: null + command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + key: userid-header + name: kubeflow-config-988m2m9m87 + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + key: userid-prefix + name: kubeflow-config-988m2m9m87 + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + key: admin + name: profiles-profiles-config-4mgcmtgk6t + image: gcr.io/kubeflow-images-public/kfam:vmaster-gf3e09203 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /metrics + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + name: kfam + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP + serviceAccountName: profiles-controller-service-account diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_pytorch-operator.yaml new file mode 100644 index 0000000000..a8ad07dc31 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_pytorch-operator.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + spec: + containers: + - command: + - /pytorch-operator.v1 + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/pytorch-operator:vmaster-gd596e904 + name: pytorch-operator + serviceAccountName: pytorch-operator diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_tf-job-operator.yaml new file mode 100644 index 0000000000..0b61b51343 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_tf-job-operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + spec: + containers: + - args: + - --alsologtostderr + - -v=1 + - --monitoring-port=8443 + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: gcr.io/kubeflow-images-public/tf_operator:vmaster-ga2ae7bff + name: tf-job-operator + serviceAccountName: tf-job-operator diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml new file mode 100644 index 0000000000..a7fdf681eb --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_workflow-controller.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + app: workflow-controller + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 diff --git a/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..7237223586 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: kubeflow-pipelines-profile-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: kubeflow-pipelines-profile-controller + spec: + containers: + - command: + - python + - /hooks/sync.py + image: python:2.7 + name: profile-controller + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /hooks + name: hooks + volumes: + - configMap: + name: kubeflow-pipelines-profile-controller-78dkmk82gc + name: hooks diff --git a/tests/stacks/generic/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml b/tests/stacks/generic/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml new file mode 100644 index 0000000000..c9e1f4f031 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/cert-manager.io_v1alpha2_certificate_admission-webhook-cert.yaml @@ -0,0 +1,18 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + labels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + name: admission-webhook-cert + namespace: kubeflow +spec: + commonName: admission-webhook-service.kubeflow.svc + dnsNames: + - admission-webhook-service.kubeflow.svc + - admission-webhook-service.kubeflow.svc.cluster.local + isCA: true + issuerRef: + kind: ClusterIssuer + name: kubeflow-self-signing-issuer + secretName: webhook-certs diff --git a/tests/stacks/generic/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml b/tests/stacks/generic/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml new file mode 100644 index 0000000000..d80509f7d0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/kubeflow.org_v1beta1_profile_anonymous.yaml @@ -0,0 +1,9 @@ +apiVersion: kubeflow.org/v1beta1 +kind: Profile +metadata: + name: anonymous + namespace: kubeflow +spec: + owner: + kind: User + name: anonymous diff --git a/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..96fe00bf44 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + childResources: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: serviceroles + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: servicerolebindings + updateStrategy: + method: InPlace + generateSelector: true + hooks: + sync: + webhook: + url: http://kubeflow-pipelines-profile-controller/sync + parentResource: + apiVersion: v1 + resource: namespaces + resyncPeriodSeconds: 10 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml new file mode 100644 index 0000000000..a5ab61a1c2 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_argo-ui.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /argo/ + rewrite: + uri: / + route: + - destination: + host: argo-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml new file mode 100644 index 0000000000..b08a52c193 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_centraldashboard.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: / + rewrite: + uri: / + route: + - destination: + host: centraldashboard.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml new file mode 100644 index 0000000000..1aaf497f8a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_jupyter-web-app-jupyter-web-app.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /jupyter + match: + - uri: + prefix: /jupyter/ + rewrite: + uri: / + route: + - destination: + host: jupyter-web-app-service.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml new file mode 100644 index 0000000000..6bb614b82b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_katib-ui.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /katib/ + rewrite: + uri: /katib/ + route: + - destination: + host: katib-ui.kubeflow.svc.cluster.local + port: + number: 80 diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml new file mode 100644 index 0000000000..cc9741b27e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-grpc.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-grpc + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /ml_metadata + rewrite: + uri: /ml_metadata + route: + - destination: + host: metadata-envoy-service.kubeflow.svc.cluster.local + port: + number: 9090 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml new file mode 100644 index 0000000000..e888e4eafa --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_metadata-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: metadata-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /metadata + rewrite: + uri: /metadata + route: + - destination: + host: metadata-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..a4d16ceb65 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_ml-pipeline-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: ml-pipeline-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /pipeline + rewrite: + uri: /pipeline + route: + - destination: + host: ml-pipeline-ui.kubeflow.svc.cluster.local + port: + number: 80 + timeout: 300s diff --git a/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml new file mode 100644 index 0000000000..1bfe3a5c76 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/networking.istio.io_v1alpha3_virtualservice_profiles-kfam.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + - headers: + request: + add: + x-forwarded-prefix: /kfam + match: + - uri: + prefix: /kfam/ + rewrite: + uri: /kfam/ + route: + - destination: + host: profiles-kfam.kubeflow.svc.cluster.local + port: + number: 8081 diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml new file mode 100644 index 0000000000..3ed69a58a6 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-cluster-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - watch + - list + - update + - create + - patch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml new file mode 100644 index 0000000000..ae97df8cf3 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: admission-webhook-kubeflow-poddefaults-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml new file mode 100644 index 0000000000..09813d57ad --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-edit.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: admission-webhook-kubeflow-poddefaults-edit +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml new file mode 100644 index 0000000000..1a80b46609 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_admission-webhook-kubeflow-poddefaults-view.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-admin: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-poddefaults-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: admission-webhook-kubeflow-poddefaults-view +rules: +- apiGroups: + - kubeflow.org + resources: + - poddefaults + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml new file mode 100644 index 0000000000..7491bff88e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_centraldashboard.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +rules: +- apiGroups: + - "" + resources: + - events + - namespaces + - nodes + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml new file mode 100644 index 0000000000..e15e8b6e22 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-cluster-role.yaml @@ -0,0 +1,57 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml new file mode 100644 index 0000000000..0ae2ffa5c6 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-admin.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: jupyter-web-app-kubeflow-notebook-ui-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml new file mode 100644 index 0000000000..9cff1100a0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-edit.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: jupyter-web-app-kubeflow-notebook-ui-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list + - create + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml new file mode 100644 index 0000000000..265ceff545 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_jupyter-web-app-kubeflow-notebook-ui-view.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: jupyter-web-app-kubeflow-notebook-ui-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/finalizers + - poddefaults + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml new file mode 100644 index 0000000000..9ea77c91fc --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-controller.yaml @@ -0,0 +1,75 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + - serviceaccounts + - services + - secrets + - events + - namespaces + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - pods/log + - pods/status + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - experiments/status + - experiments/finalizers + - trials + - trials/status + - trials/finalizers + - suggestions + - suggestions/status + - suggestions/finalizers + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - pytorchjobs + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml new file mode 100644 index 0000000000..66faccefb1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_katib-ui.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +rules: +- apiGroups: + - "" + resources: + - configmaps + - namespaces + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml new file mode 100644 index 0000000000..0520bc0bc9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-admin.yaml @@ -0,0 +1,9 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml new file mode 100644 index 0000000000..7f472eddde --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-edit.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-edit +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml new file mode 100644 index 0000000000..45d4cb1843 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-admin.yaml @@ -0,0 +1,13 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-katib-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml new file mode 100644 index 0000000000..11ad89cab6 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-katib-admin: "true" + name: kubeflow-katib-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml new file mode 100644 index 0000000000..95b524a46e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-katib-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-katib-view +rules: +- apiGroups: + - kubeflow.org + resources: + - experiments + - trials + - suggestions + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml new file mode 100644 index 0000000000..d879f2f6c8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-admin.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-kubernetes-admin +rules: +- apiGroups: + - authorization.k8s.io + resources: + - localsubjectaccessreviews + verbs: + - create +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml new file mode 100644 index 0000000000..8343f92fda --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-edit.yaml @@ -0,0 +1,135 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-kubernetes-edit +rules: +- apiGroups: + - "" + resources: + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + - secrets + - services/proxy + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - impersonate +- apiGroups: + - "" + resources: + - pods + - pods/attach + - pods/exec + - pods/portforward + - pods/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - replicationcontrollers + - replicationcontrollers/scale + - secrets + - serviceaccounts + - services + - services/proxy + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - deployments/rollback + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml new file mode 100644 index 0000000000..d8a396b9de --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-kubernetes-view.yaml @@ -0,0 +1,125 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-kubernetes-view +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - persistentvolumeclaims + - persistentvolumeclaims/status + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - services/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - bindings + - events + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - controllerrevisions + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - replicasets + - replicasets/scale + - replicasets/status + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + - horizontalpodautoscalers/status + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - cronjobs/status + - jobs + - jobs/status + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - daemonsets/status + - deployments + - deployments/scale + - deployments/status + - ingresses + - ingresses/status + - networkpolicies + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers/scale + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + - poddisruptionbudgets/status + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + - networkpolicies + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml new file mode 100644 index 0000000000..e2d6e75f45 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-deployer-clusterrole.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - get diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..e604367357 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..a6ec986725 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml new file mode 100644 index 0000000000..161f232e59 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-pytorchjobs-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml new file mode 100644 index 0000000000..57a5fc7f42 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-pytorchjobs-admin: "true" + name: kubeflow-pytorchjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml new file mode 100644 index 0000000000..4f9ef4f8d3 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pytorchjobs-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-pytorchjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml new file mode 100644 index 0000000000..03147422e8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-admin.yaml @@ -0,0 +1,14 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: kubeflow-tfjobs-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml new file mode 100644 index 0000000000..942e4a625a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-edit.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" + name: kubeflow-tfjobs-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml new file mode 100644 index 0000000000..3ebf508e03 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-tfjobs-view.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: kubeflow-tfjobs-view +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml new file mode 100644 index 0000000000..5420a10679 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-view.yaml @@ -0,0 +1,11 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + name: kubeflow-view +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..b3053317b5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..2b96dd482c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..cfc19ad40f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml new file mode 100644 index 0000000000..41459ef302 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-admin.yaml @@ -0,0 +1,15 @@ +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" + name: notebook-controller-kubeflow-notebooks-admin +rules: [] diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml new file mode 100644 index 0000000000..3ae0c1cd8e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-edit.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-notebooks-admin: "true" + name: notebook-controller-kubeflow-notebooks-edit +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml new file mode 100644 index 0000000000..9e28e08290 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-kubeflow-notebooks-view.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" + name: notebook-controller-kubeflow-notebooks-view +rules: +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml new file mode 100644 index 0000000000..02d880f8e2 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_notebook-controller-role.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role +rules: +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create +- apiGroups: + - kubeflow.org + resources: + - notebooks + - notebooks/status + - notebooks/finalizers + verbs: + - '*' +- apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml new file mode 100644 index 0000000000..48bed8ccb7 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_admission-webhook-cluster-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admission-webhook-cluster-role +subjects: +- kind: ServiceAccount + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..d06cac3fd8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_centraldashboard.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml new file mode 100644 index 0000000000..925b70ec6f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_jupyter-web-app-cluster-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jupyter-web-app-cluster-role +subjects: +- kind: ServiceAccount + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml new file mode 100644 index 0000000000..908f9dad49 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-controller +subjects: +- kind: ServiceAccount + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml new file mode 100644 index 0000000000..e9f5ce2506 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_katib-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: katib-ui +subjects: +- kind: ServiceAccount + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..984316e3b5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml new file mode 100644 index 0000000000..d6fcfce7a0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-deployer-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..7a3f9bc2d1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..ed59670f6c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..2ca201eb95 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..2d8fb03ae3 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml new file mode 100644 index 0000000000..30d3f08b7e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_notebook-controller-role-binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: notebook-controller-role +subjects: +- kind: ServiceAccount + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml new file mode 100644 index 0000000000..663e87dbcd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_profiles-cluster-role-binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + kustomize.component: profiles + name: profiles-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml new file mode 100644 index 0000000000..2bfa19ba0e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_centraldashboard.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +rules: +- apiGroups: + - "" + - app.k8s.io + resources: + - applications + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml new file mode 100644 index 0000000000..70f3d41e36 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-deployer-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..160cf9ea6a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..980ce39aee --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..d64ed61477 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..123822f5f3 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..d144ee4569 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-ui.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 0000000000..9770a49a31 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml new file mode 100644 index 0000000000..e666a9e18d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_ml-pipeline.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml new file mode 100644 index 0000000000..70dd95e964 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_role_pipeline-runner.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml new file mode 100644 index 0000000000..c1c4c30793 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_centraldashboard.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: centraldashboard +subjects: +- kind: ServiceAccount + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..ed98cee5d5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml new file mode 100644 index 0000000000..aba290eebe --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-cache-deployer-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..5eb0fe2494 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..84a4a4fbe5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..cf0a50fda8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..4378687932 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 0000000000..a57eea89f4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..0c17f98ca1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_ml-pipeline.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml new file mode 100644 index 0000000000..e75d2ecf13 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_rolebinding_pipeline-runner-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml new file mode 100644 index 0000000000..c9e39f4614 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo-ui.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml new file mode 100644 index 0000000000..7651a6568e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_argo.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml new file mode 100644 index 0000000000..a88f27ff9e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml new file mode 100644 index 0000000000..13352b970d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_pytorch-operator.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - pytorchjobs + - pytorchjobs/status + - pytorchjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml new file mode 100644 index 0000000000..ac48bdc241 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_tf-job-operator.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +rules: +- apiGroups: + - kubeflow.org + resources: + - tfjobs + - tfjobs/status + - tfjobs/finalizers + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - events + verbs: + - '*' +- apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml new file mode 100644 index 0000000000..f1df09722c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo-ui.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-ui +subjects: +- kind: ServiceAccount + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml new file mode 100644 index 0000000000..266bc01c4e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_argo.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..9ce11cb2f9 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml new file mode 100644 index 0000000000..cefdad39ee --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_pytorch-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pytorch-operator +subjects: +- kind: ServiceAccount + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml new file mode 100644 index 0000000000..b69f8e4e4b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_tf-job-operator.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tf-job-operator +subjects: +- kind: ServiceAccount + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml new file mode 100644 index 0000000000..0c57d76f07 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_jupyter-web-app-jupyter-notebook-role.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml new file mode 100644 index 0000000000..adbb844006 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_role_metadata-ui.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml new file mode 100644 index 0000000000..e07f869911 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_jupyter-web-app-jupyter-notebook-role-binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-notebook-role-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jupyter-web-app-jupyter-notebook-role +subjects: +- kind: ServiceAccount + name: jupyter-notebook diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml new file mode 100644 index 0000000000..1431841c38 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_rolebinding_metadata-ui.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: metadata-ui +subjects: +- kind: ServiceAccount + name: ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml new file mode 100644 index 0000000000..1dd6173c08 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_admission-webhook-admission-webhook-parameters.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + issuer: kubeflow-self-signing-issuer + namespace: kubeflow +kind: ConfigMap +metadata: + annotations: {} + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-admission-webhook-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml new file mode 100644 index 0000000000..0af9fe8d4b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_default-install-config-h877hbtmf7.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + profile-name: anonymous + user: anonymous +kind: ConfigMap +metadata: + name: default-install-config-h877hbtmf7 + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml new file mode 100644 index 0000000000..685cf43f45 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_jupyter-web-app-jupyter-web-app-config-dhcbh64467.yaml @@ -0,0 +1,138 @@ +apiVersion: v1 +data: + spawner_ui_config.yaml: |- + # Configuration file for the Jupyter UI. + # + # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' + # - The 'value' key contains the default value + # - The 'readOnly' key determines if the option will be available to users + # + # If the 'readOnly' key is present and set to 'true', the respective option + # will be disabled for users and only set by the admin. Also when a + # Notebook is POSTED to the API if a necessary field is not present then + # the value from the config will be used. + # + # If the 'readOnly' key is missing (defaults to 'false'), the respective option + # will be available for users to edit. + # + # Note that some values can be templated. Such values are the names of the + # Volumes as well as their StorageClass + spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + # The list of available standard container Images + options: + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + cpu: + # CPU for user's Notebook + value: '0.5' + readOnly: false + memory: + # Memory for user's Notebook + value: 1.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false +kind: ConfigMap +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config-dhcbh64467 + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml new file mode 100644 index 0000000000..3d25f1c358 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_katib-config.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +data: + metrics-collector-sidecar: |- + { + "StdOut": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "File": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" + }, + "TensorFlowEvent": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/tfevent-metrics-collector:917164a", + "resources": { + "limits": { + "memory": "1Gi" + } + } + } + } + suggestion: |- + { + "random": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "grid": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-chocolate:917164a" + }, + "hyperband": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperband:917164a" + }, + "bayesianoptimization": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-skopt:917164a" + }, + "tpe": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" + }, + "enas": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-enas:917164a", + "imagePullPolicy": "Always", + "resources": { + "limits": { + "memory": "200Mi" + } + } + }, + "cmaes": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-goptuna:917164a" + }, + "darts": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-darts:917164a" + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-config + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml new file mode 100644 index 0000000000..9ba0edebb0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-config-988m2m9m87.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + clusterDomain: cluster.local + userid-header: X-Goog-Authenticated-User-Email + userid-prefix: 'accounts.google.com:' +kind: ConfigMap +metadata: + name: kubeflow-config-988m2m9m87 + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml new file mode 100644 index 0000000000..4c2633f99b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml @@ -0,0 +1,267 @@ +apiVersion: v1 +data: + sync.py: | + # Copyright 2020 Google LLC + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer + import json + + + class Controller(BaseHTTPRequestHandler): + def sync(self, parent, children): + # HACK: Currently using serving.kubeflow.org/inferenceservice to identify + # kubeflow user namespaces. + # TODO: let Kubeflow profile controller add a pipeline specific label to + # user namespaces and use that label instead. + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("serving.kubeflow.org/inferenceservice") + + if not pipeline_enabled: + return {"status": {}, "children": []} + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": \ + len(children["Secret.v1"]) == 1 and \ + len(children["ConfigMap.v1"]) == 1 and \ + len(children["Deployment.apps/v1"]) == 2 and \ + len(children["Service.v1"]) == 2 and \ + len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ + len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ + len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ + "True" or "False" + } + + # Generate the desired child object(s). + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + desired_resources = [ + { + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": "bWluaW8=", # base64 for minio + "secretkey": "bWluaW8xMjM=", # base64 for minio123 + }, + }, + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + "metadata-grpc-service.kubeflow", + "METADATA_GRPC_SERVICE_PORT": "8080", + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "spec": { + "containers": [{ + "image": + "gcr.io/ml-pipeline/visualization-server:0.5.1", + "imagePullPolicy": "IfNotPresent", + "name": "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRole", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "rules": [{ + "services": ["ml-pipeline-visualizationserver.*"] + }] + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRoleBinding", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "subjects": [{ + "properties": { + "source.principal": + "cluster.local/ns/kubeflow/sa/ml-pipeline" + } + }], + "roleRef": { + "kind": "ServiceRole", + "name": "ml-pipeline-visualizationserver" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + }, + "spec": { + "containers": [{ + "name": "ml-pipeline-ui-artifact", + "image": "gcr.io/ml-pipeline/frontend:0.5.1", + "imagePullPolicy": "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }] + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request', parent, desired_resources) + + return {"status": desired_status, "children": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.getheader("content-length")))) + desired = self.sync(observed["parent"], observed["children"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(json.dumps(desired)) + + + HTTPServer(("", 80), Controller).serve_forever() +kind: ConfigMap +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller-78dkmk82gc + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml new file mode 100644 index 0000000000..3aa74d8ac5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-db-parameters.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ALLOW_EMPTY_PASSWORD: "true" + MYSQL_DATABASE: metadb + MYSQL_PORT: "3306" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-db-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml new file mode 100644 index 0000000000..b8605cd7b7 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-grpc-configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-grpc-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml new file mode 100644 index 0000000000..d6a0de88e5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_metadata-ui-parameters.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + uiClusterDomain: cluster.local +kind: ConfigMap +metadata: + labels: + kustomize.component: metadata + name: metadata-ui-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml new file mode 100644 index 0000000000..3bc667cc9b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "default-editor" + } + } +kind: ConfigMap +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml new file mode 100644 index 0000000000..ca0dc1ba50 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_notebook-controller-notebook-controller-config-h4d668t5tb.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + ISTIO_GATEWAY: kubeflow/kubeflow-gateway + USE_ISTIO: "true" +kind: ConfigMap +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-notebook-controller-config-h4d668t5tb + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml new file mode 100644 index 0000000000..5ffb95a2f1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor + MULTIUSER: "true" + VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver + VISUALIZATIONSERVICE_PORT: "8888" +kind: ConfigMap +metadata: + name: pipeline-api-server-config-f4t72426kt + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml new file mode 100644 index 0000000000..7d1bd6d4dd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-install-config-2829cc67f8.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + bucketName: mlpipeline + cacheDb: cachedb + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + name: pipeline-install-config-2829cc67f8 + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml new file mode 100644 index 0000000000..e77d6f69ed --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_profiles-profiles-config-4mgcmtgk6t.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + admin: "" + gcp-sa: "" +kind: ConfigMap +metadata: + labels: + kustomize.component: profiles + name: profiles-profiles-config-4mgcmtgk6t + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml new file mode 100644 index 0000000000..51936282ad --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template-labeled.yaml @@ -0,0 +1,97 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu + command: + - "python3.5" + - "-u" + - "RunTrial.py" + {{- with .HyperParameters}} + {{- range .}} + - "--{{.Name}}=\"{{.Value}}\"" + {{- end}} + {{- end}} + - "--num_epochs=1" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} +kind: ConfigMap +metadata: + labels: + app: katib-trial-templates + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template-labeled + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml new file mode 100644 index 0000000000..5a69403a98 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_trial-template.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: trial-template + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml new file mode 100644 index 0000000000..9d9b1dcd68 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-configmap.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +data: + config: | + { + executorImage: argoproj/argoexec:v2.3.0, + containerRuntimeExecutor: docker, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-configmap + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml new file mode 100644 index 0000000000..0f695c21ce --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_configmap_workflow-controller-parameters.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +data: + artifactRepositoryAccessKeySecretKey: accesskey + artifactRepositoryAccessKeySecretName: mlpipeline-minio-artifact + artifactRepositoryBucket: mlpipeline + artifactRepositoryEndpoint: minio-service.kubeflow:9000 + artifactRepositoryInsecure: "true" + artifactRepositoryKeyPrefix: artifacts + artifactRepositorySecretKeySecretKey: secretkey + artifactRepositorySecretKeySecretName: mlpipeline-minio-artifact + clusterDomain: cluster.local + containerRuntimeExecutor: docker + executorImage: argoproj/argoexec:v2.3.0 + namespace: "" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: workflow-controller-parameters + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml new file mode 100644 index 0000000000..f07c332452 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_katib-mysql.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml new file mode 100644 index 0000000000..d08a7d2475 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_metadata-mysql.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + kustomize.component: metadata + name: metadata-mysql + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml new file mode 100644 index 0000000000..0dd8344034 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml new file mode 100644 index 0000000000..bf0c560da5 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-controller.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-controller.yaml new file mode 100644 index 0000000000..debbabb435 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml new file mode 100644 index 0000000000..8394d22cf8 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_katib-mysql-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== +kind: Secret +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-mysql-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml new file mode 100644 index 0000000000..918b7d1198 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_metadata-db-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + MYSQL_ROOT_PASSWORD: dGVzdA== + MYSQL_USER_NAME: cm9vdA== +kind: Secret +metadata: + labels: + kustomize.component: metadata + name: metadata-db-secrets + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml new file mode 100644 index 0000000000..2c774e447c --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_mlpipeline-minio-artifact.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml b/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml new file mode 100644 index 0000000000..a3765c43ea --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_secret_mysql-secret-fd5gktm75t.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_admission-webhook-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_admission-webhook-service.yaml new file mode 100644 index 0000000000..1636dc9520 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_admission-webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml new file mode 100644 index 0000000000..0e091e0898 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_argo-ui.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 8001 + selector: + app: argo-ui + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + sessionAffinity: None + type: NodePort diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml new file mode 100644 index 0000000000..577a5067a0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_cache-server.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_centraldashboard.yaml new file mode 100644 index 0000000000..3f50af45e4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_centraldashboard.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: centralui-mapping + prefix: / + rewrite: / + service: centraldashboard.$(namespace) + labels: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow +spec: + ports: + - port: 80 + protocol: TCP + targetPort: 8082 + selector: + app: centraldashboard + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + sessionAffinity: None + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml new file mode 100644 index 0000000000..cbc5e87e29 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_jupyter-web-app-service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: webapp_mapping + prefix: /$(prefix)/ + service: jupyter-web-app-service.$(namespace) + add_request_headers: + x-forwarded-prefix: /jupyter + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + run: jupyter-web-app + name: jupyter-web-app-service + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 5000 + selector: + app: jupyter-web-app + kustomize.component: jupyter-web-app + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_katib-controller.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-controller.yaml new file mode 100644 index 0000000000..59c34c7868 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow +spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: 8443 + - name: metrics + port: 8080 + targetPort: 8080 + selector: + app: katib-controller + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_katib-db-manager.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-db-manager.yaml new file mode 100644 index 0000000000..ff2e1df9ab --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-db-manager.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + name: katib-db-manager + namespace: kubeflow +spec: + ports: + - name: api + port: 6789 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: db-manager + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_katib-mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-mysql.yaml new file mode 100644 index 0000000000..5b3c87b53e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-mysql.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + name: katib-mysql + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: mysql + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_katib-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-ui.yaml new file mode 100644 index 0000000000..399b6e1644 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_katib-ui.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + name: katib-ui + namespace: kubeflow +spec: + ports: + - name: ui + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: katib + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + component: ui + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..76400e279f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: kubeflow-pipelines-profile-controller diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml new file mode 100644 index 0000000000..eb77733c55 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-db.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + component: db + kustomize.component: metadata + name: metadata-db + namespace: kubeflow +spec: + ports: + - name: dbapi + port: 3306 + protocol: TCP + selector: + component: db + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml new file mode 100644 index 0000000000..88f6246f90 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-envoy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + component: envoy + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml new file mode 100644 index 0000000000..a7f38d715b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-grpc-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: grpc-metadata + kustomize.component: metadata + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-backendapi + port: 8080 + protocol: TCP + selector: + component: grpc-server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml new file mode 100644 index 0000000000..a16c797088 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + kustomize.component: metadata + name: metadata-service + namespace: kubeflow +spec: + ports: + - name: backendapi + port: 8080 + protocol: TCP + selector: + component: server + kustomize.component: metadata + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml new file mode 100644 index 0000000000..72fa14f488 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_metadata-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-ui + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: metadata-ui + kustomize.component: metadata diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml new file mode 100644 index 0000000000..c7f0acee21 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_minio-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..1b80f6bf6e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-ui.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..e5335f0516 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml new file mode 100644 index 0000000000..408d80dc5a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_ml-pipeline.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml new file mode 100644 index 0000000000..da8f8cb93a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_mysql.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_notebook-controller-service.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_notebook-controller-service.yaml new file mode 100644 index 0000000000..a9f1b4b8e0 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_notebook-controller-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_profiles-kfam.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_profiles-kfam.yaml new file mode 100644 index 0000000000..db1f50bd7d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_profiles-kfam.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + kustomize.component: profiles + name: profiles-kfam + namespace: kubeflow +spec: + ports: + - port: 8081 + selector: + kustomize.component: profiles diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_pytorch-operator.yaml new file mode 100644 index 0000000000..4114ea5f9f --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_pytorch-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_tf-job-operator.yaml new file mode 100644 index 0000000000..a13b8ac441 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_service_tf-job-operator.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8443" + prometheus.io/scrape: "true" + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow +spec: + ports: + - name: monitoring-port + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + type: ClusterIP diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml new file mode 100644 index 0000000000..6f41ce954d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_admission-webhook-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: admission-webhook + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults + kustomize.component: admission-webhook + name: admission-webhook-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml new file mode 100644 index 0000000000..c58dd0a3d4 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo-ui.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml new file mode 100644 index 0000000000..ad307ff2ca --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_argo.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo + kustomize.component: argo + name: argo + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml new file mode 100644 index 0000000000..55deba785d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_centraldashboard.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard + name: centraldashboard + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml new file mode 100644 index 0000000000..926d7e9b7a --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_jupyter-web-app-service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml new file mode 100644 index 0000000000..bfbc7b770e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-controller.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-controller + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml new file mode 100644 index 0000000000..16c2b45417 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_katib-ui.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: katib + app.kubernetes.io/name: katib-controller + name: katib-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml new file mode 100644 index 0000000000..0795171aed --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache-deployer-sa.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml new file mode 100644 index 0000000000..f19e4b2100 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-cache.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml new file mode 100644 index 0000000000..35bd75a84e --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-container-builder + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 0000000000..4c30a4d63b --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml new file mode 100644 index 0000000000..4b277b0557 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_metadata-ui.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: metadata + name: metadata-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml new file mode 100644 index 0000000000..47dbc68b67 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-persistenceagent.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 0000000000..41eb27ec1d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..0d70c90e4d --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 0000000000..f48dc88670 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml new file mode 100644 index 0000000000..f0f541f8ad --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-visualizationserver + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml new file mode 100644 index 0000000000..3cc4d2a987 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_ml-pipeline.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml new file mode 100644 index 0000000000..d34df92177 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_notebook-controller-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller + name: notebook-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml new file mode 100644 index 0000000000..a9854a58ba --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml new file mode 100644 index 0000000000..881ccbf1bd --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + kustomize.component: profiles + name: profiles-controller-service-account + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml new file mode 100644 index 0000000000..3d3555c2b1 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_pytorch-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: pytorch-operator + app.kubernetes.io/component: pytorch + app.kubernetes.io/name: pytorch-operator + kustomize.component: pytorch-operator + name: pytorch-operator + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml new file mode 100644 index 0000000000..3e0982e277 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-dashboard.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-dashboard + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-dashboard + namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml new file mode 100644 index 0000000000..f7bf874b73 --- /dev/null +++ b/tests/stacks/generic/test_data/expected/~g_v1_serviceaccount_tf-job-operator.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: tf-job-operator + app.kubernetes.io/component: tfjob + app.kubernetes.io/name: tf-job-operator + kustomize.component: tf-job-operator + name: tf-job-operator + namespace: kubeflow diff --git a/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go index 65e3ae1b4c..462d9f4d53 100644 --- a/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go +++ b/tests/stacks/ibm/application/add-anonymous-user-filter/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter", + Package: "../../../../../stacks/ibm/application/add-anonymous-user-filter", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go index 933e30f1aa..77624165ca 100644 --- a/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager-crds", + Package: "../../../../../stacks/ibm/application/cert-manager-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go index c21811c7f3..111bc9ac67 100644 --- a/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager-kube-system-resources/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources", + Package: "../../../../../stacks/ibm/application/cert-manager-kube-system-resources", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/cert-manager/kustomize_test.go b/tests/stacks/ibm/application/cert-manager/kustomize_test.go index cc7dd9fcff..7d975b0c39 100644 --- a/tests/stacks/ibm/application/cert-manager/kustomize_test.go +++ b/tests/stacks/ibm/application/cert-manager/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/cert-manager", + Package: "../../../../../stacks/ibm/application/cert-manager", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go index d7cf546765..7fea301ad2 100644 --- a/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go +++ b/tests/stacks/ibm/application/jupyter-web-app/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/jupyter-web-app", + Package: "../../../../../stacks/ibm/application/jupyter-web-app", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go index c955fd1683..9ff6339ab2 100644 --- a/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go +++ b/tests/stacks/ibm/application/notebook-controller/base/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../../stacks/ibm/application/notebook-controller/base", + Package: "../../../../../../stacks/ibm/application/notebook-controller/base", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/profiles/kustomize_test.go b/tests/stacks/ibm/application/profiles/kustomize_test.go index b16eef78b2..d1b349e78e 100644 --- a/tests/stacks/ibm/application/profiles/kustomize_test.go +++ b/tests/stacks/ibm/application/profiles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/profiles", + Package: "../../../../../stacks/ibm/application/profiles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/spark-operator/kustomize_test.go b/tests/stacks/ibm/application/spark-operator/kustomize_test.go index d70735658c..7d14618bfe 100644 --- a/tests/stacks/ibm/application/spark-operator/kustomize_test.go +++ b/tests/stacks/ibm/application/spark-operator/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/spark-operator", + Package: "../../../../../stacks/ibm/application/spark-operator", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/spartakus/kustomize_test.go b/tests/stacks/ibm/application/spartakus/kustomize_test.go index 8185dd60e1..ff8fdb8f2c 100644 --- a/tests/stacks/ibm/application/spartakus/kustomize_test.go +++ b/tests/stacks/ibm/application/spartakus/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/spartakus", + Package: "../../../../../stacks/ibm/application/spartakus", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/stacks/ibm/application/tensorboard/kustomize_test.go b/tests/stacks/ibm/application/tensorboard/kustomize_test.go index ac94ccea93..2722e5798b 100644 --- a/tests/stacks/ibm/application/tensorboard/kustomize_test.go +++ b/tests/stacks/ibm/application/tensorboard/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../../stacks/ibm/application/tensorboard", + Package: "../../../../../stacks/ibm/application/tensorboard", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/api-service/kustomize_test.go b/tests/tests/legacy_kustomizations/api-service/kustomize_test.go index 5c01809d6f..168e54aa31 100644 --- a/tests/tests/legacy_kustomizations/api-service/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/api-service/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/api-service", + Package: "../../../../tests/legacy_kustomizations/api-service", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go index 28812e6ca3..33f473fed7 100644 --- a/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/application-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/application-crds", + Package: "../../../../tests/legacy_kustomizations/application-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/argo/kustomize_test.go b/tests/tests/legacy_kustomizations/argo/kustomize_test.go index fc6496f0ae..d7d2b2260d 100644 --- a/tests/tests/legacy_kustomizations/argo/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/argo/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/argo", + Package: "../../../../tests/legacy_kustomizations/argo", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go b/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go index 35303113ac..cf0b576fa4 100644 --- a/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/bootstrap/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/bootstrap", + Package: "../../../../tests/legacy_kustomizations/bootstrap", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go b/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go index 16bb674597..b2a872e0a9 100644 --- a/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/centraldashboard/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/centraldashboard", + Package: "../../../../tests/legacy_kustomizations/centraldashboard", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go index 6d5fab471f..3ba7d6f7d8 100644 --- a/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/cert-manager-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/cert-manager-crds", + Package: "../../../../tests/legacy_kustomizations/cert-manager-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go b/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go index 932cad34f4..47a5ca433f 100644 --- a/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/cert-manager-kube-system-resources/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/cert-manager-kube-system-resources", + Package: "../../../../tests/legacy_kustomizations/cert-manager-kube-system-resources", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go index b00b02272e..c9405a1b6a 100644 --- a/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio-crds", + Package: "../../../../tests/legacy_kustomizations/istio-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go b/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go index daff539c6d..b2a0a15f08 100644 --- a/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio-install", + Package: "../../../../tests/legacy_kustomizations/istio-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/istio/kustomize_test.go b/tests/tests/legacy_kustomizations/istio/kustomize_test.go index f5086b8dd0..eb4aa1c3b1 100644 --- a/tests/tests/legacy_kustomizations/istio/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/istio/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/istio", + Package: "../../../../tests/legacy_kustomizations/istio", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go b/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go index be78633bc6..18e8be9135 100644 --- a/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/katib-controller/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/katib-controller", + Package: "../../../../tests/legacy_kustomizations/katib-controller", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go b/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go index 8f58b6c401..f86acbad6c 100644 --- a/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/kfserving-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/kfserving-install", + Package: "../../../../tests/legacy_kustomizations/kfserving-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go b/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go index 344fa681bc..1ab3add367 100644 --- a/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/knative-install/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/knative-install", + Package: "../../../../tests/legacy_kustomizations/knative-install", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go b/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go index dd86a13d20..122ffd5fee 100644 --- a/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/kubeflow-roles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/kubeflow-roles", + Package: "../../../../tests/legacy_kustomizations/kubeflow-roles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go b/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go index 9b954306be..0574b9e7fb 100644 --- a/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/metacontroller/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/metacontroller", + Package: "../../../../tests/legacy_kustomizations/metacontroller", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/metadata/kustomize_test.go b/tests/tests/legacy_kustomizations/metadata/kustomize_test.go index 0bd78608b2..e4457ad61d 100644 --- a/tests/tests/legacy_kustomizations/metadata/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/metadata/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/metadata", + Package: "../../../../tests/legacy_kustomizations/metadata", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go b/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go index 6ad2df72e2..852ee6c930 100644 --- a/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pipeline-visualization-service/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pipeline-visualization-service", + Package: "../../../../tests/legacy_kustomizations/pipeline-visualization-service", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go b/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go index a72adfd4d1..80039e6f06 100644 --- a/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pipelines-ui/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pipelines-ui", + Package: "../../../../tests/legacy_kustomizations/pipelines-ui", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/profiles/kustomize_test.go b/tests/tests/legacy_kustomizations/profiles/kustomize_test.go index 909e4653df..0470f4045e 100644 --- a/tests/tests/legacy_kustomizations/profiles/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/profiles/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/profiles", + Package: "../../../../tests/legacy_kustomizations/profiles", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go index 0c3eac8f22..bca750136b 100644 --- a/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/pytorch-job-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/pytorch-job-crds", + Package: "../../../../tests/legacy_kustomizations/pytorch-job-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go b/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go index 08bb05a7a4..e546d33576 100644 --- a/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/scheduledworkflow/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/scheduledworkflow", + Package: "../../../../tests/legacy_kustomizations/scheduledworkflow", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go b/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go index 30a74ad0af..17a40c86cf 100644 --- a/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/seldon-core-operator/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/seldon-core-operator", + Package: "../../../../tests/legacy_kustomizations/seldon-core-operator", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go b/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go index 3fc177e9e3..9cd5c23cea 100644 --- a/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/tf-job-crds/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/tf-job-crds", + Package: "../../../../tests/legacy_kustomizations/tf-job-crds", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} diff --git a/tests/tests/legacy_kustomizations/webhook/kustomize_test.go b/tests/tests/legacy_kustomizations/webhook/kustomize_test.go index 5c767391ab..485d3a1a39 100644 --- a/tests/tests/legacy_kustomizations/webhook/kustomize_test.go +++ b/tests/tests/legacy_kustomizations/webhook/kustomize_test.go @@ -7,9 +7,9 @@ import ( func TestKustomize(t *testing.T) { testCase := &tests.KustomizeTestCase{ - Package: "../../../../tests/legacy_kustomizations/webhook", + Package: "../../../../tests/legacy_kustomizations/webhook", Expected: "test_data/expected", } tests.RunTestCase(t, testCase) -} \ No newline at end of file +} From 2b35d9efc7f04d9d9df46bcba615697d5d3be3a3 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:23:15 +0800 Subject: [PATCH 36/45] Update stacks ref --- stacks/gcp/kustomization.yaml | 2 +- stacks/generic/kustomization.yaml | 2 +- .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 -- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 - .../apps_v1_deployment_ml-pipeline.yaml | 3 - .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 ++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 + .../apps_v1_deployment_ml-pipeline.yaml | 3 + ...kubeflow-pipelines-profile-controller.yaml | 0 ...kubeflow-pipelines-profile-controller.yaml | 0 ...terrole_kubeflow-pipelines-cache-role.yaml | 0 ...beflow-pipelines-metadata-writer-role.yaml | 0 ...ole_ml-pipeline-persistenceagent-role.yaml | 0 ...le_ml-pipeline-scheduledworkflow-role.yaml | 0 ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 0 ...ding_kubeflow-pipelines-cache-binding.yaml | 0 ...low-pipelines-metadata-writer-binding.yaml | 0 ..._ml-pipeline-persistenceagent-binding.yaml | 0 ...ml-pipeline-scheduledworkflow-binding.yaml | 0 ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 0 ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 0 ...1beta1_clusterrolebinding_ml-pipeline.yaml | 0 ...pelines-profile-controller-78dkmk82gc.yaml | 0 ...v1_configmap_ml-pipeline-ui-configmap.yaml | 0 ...pipeline-api-server-config-f4t72426kt.yaml | 0 ...kubeflow-pipelines-profile-controller.yaml | 0 .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 -- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 - .../apps_v1_deployment_ml-pipeline.yaml | 3 - ...kubeflow-pipelines-profile-controller.yaml | 34 --- ...kubeflow-pipelines-profile-controller.yaml | 46 --- ...terrole_kubeflow-pipelines-cache-role.yaml | 31 -- ...beflow-pipelines-metadata-writer-role.yaml | 31 -- ...ole_ml-pipeline-persistenceagent-role.yaml | 21 -- ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 --- ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 --- ...ding_kubeflow-pipelines-cache-binding.yaml | 12 - ...low-pipelines-metadata-writer-binding.yaml | 12 - ..._ml-pipeline-persistenceagent-binding.yaml | 12 - ...ml-pipeline-scheduledworkflow-binding.yaml | 12 - ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 - ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 --- ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 - ...pelines-profile-controller-78dkmk82gc.yaml | 267 ------------------ ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 - ...pipeline-api-server-config-f4t72426kt.yaml | 10 - ...kubeflow-pipelines-profile-controller.yaml | 15 - 59 files changed, 56 insertions(+), 731 deletions(-) rename tests/stacks/{examples/alice => gcp}/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml (100%) rename tests/stacks/{examples/alice => gcp}/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml (100%) delete mode 100644 tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml delete mode 100644 tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml delete mode 100644 tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml diff --git a/stacks/gcp/kustomization.yaml b/stacks/gcp/kustomization.yaml index 1bd9b429d8..95fbb8e94d 100644 --- a/stacks/gcp/kustomization.yaml +++ b/stacks/gcp/kustomization.yaml @@ -18,7 +18,7 @@ resources: - ../../argo/base_v3 - ../../pipeline/minio/installs/gcp-pd - ../../pipeline/mysql/installs/gcp-pd - - ../../pipeline/installs/generic + - ../../pipeline/installs/multi-user - ../../metadata/v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base diff --git a/stacks/generic/kustomization.yaml b/stacks/generic/kustomization.yaml index 2aed4f9ff4..b125dd221c 100644 --- a/stacks/generic/kustomization.yaml +++ b/stacks/generic/kustomization.yaml @@ -18,7 +18,7 @@ resources: - ../../argo/base_v3 - ../../pipeline/minio/installs/generic - ../../pipeline/mysql/installs/generic - - ../../pipeline/installs/multi-user + - ../../pipeline/installs/generic - ../../metadata/v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index 06c8cfbed6..6c588c6913 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,7 +53,9 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 83adf18f72..4b0a0d0c91 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,7 +18,9 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index adf776c9d6..a4f9177a0b 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 79db22ad5f..f38eb6fabe 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index f8ca163f6a..0430d4b7bd 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,18 +16,6 @@ spec: spec: containers: - env: - - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH - value: /etc/config/viewer-pod-template.json - - name: DEPLOYMENT - value: KUBEFLOW - - name: ARTIFACTS_SERVICE_PROXY_NAME - value: ml-pipeline-ui-artifact - - name: ARTIFACTS_SERVICE_PROXY_PORT - value: "80" - - name: ARTIFACTS_SERVICE_PROXY_ENABLED - value: "true" - - name: ENABLE_AUTHZ - value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -73,12 +61,4 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 - volumeMounts: - - mountPath: /etc/config - name: config-volume - readOnly: true serviceAccountName: ml-pipeline-ui - volumes: - - configMap: - name: ml-pipeline-ui-configmap - name: config-volume diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 976165b9e7..f6e9b9c7dc 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,9 +16,6 @@ spec: spec: containers: - env: - - name: NAMESPACE - value: "" - valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 0995593d4b..79adf2aab0 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,9 +62,6 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact - envFrom: - - configMapRef: - name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml index 6c588c6913..06c8cfbed6 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,9 +53,7 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 4b0a0d0c91..83adf18f72 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,9 +18,7 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index a4f9177a0b..adf776c9d6 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index f38eb6fabe..79db22ad5f 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 0430d4b7bd..f8ca163f6a 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,6 +16,18 @@ spec: spec: containers: - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: "80" + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: "true" + - name: ENABLE_AUTHZ + value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -61,4 +73,12 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index f6e9b9c7dc..976165b9e7 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,6 +16,9 @@ spec: spec: containers: - env: + - name: NAMESPACE + value: "" + valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 79adf2aab0..0995593d4b 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,6 +62,9 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact + envFrom: + - configMapRef: + name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml rename to tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml rename to tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml rename to tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml rename to tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml rename to tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml rename to tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml similarity index 100% rename from tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml rename to tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml index 06c8cfbed6..6c588c6913 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,7 +53,9 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 83adf18f72..4b0a0d0c91 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,7 +18,9 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index adf776c9d6..a4f9177a0b 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 79db22ad5f..f38eb6fabe 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index f8ca163f6a..0430d4b7bd 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,18 +16,6 @@ spec: spec: containers: - env: - - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH - value: /etc/config/viewer-pod-template.json - - name: DEPLOYMENT - value: KUBEFLOW - - name: ARTIFACTS_SERVICE_PROXY_NAME - value: ml-pipeline-ui-artifact - - name: ARTIFACTS_SERVICE_PROXY_PORT - value: "80" - - name: ARTIFACTS_SERVICE_PROXY_ENABLED - value: "true" - - name: ENABLE_AUTHZ - value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -73,12 +61,4 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 - volumeMounts: - - mountPath: /etc/config - name: config-volume - readOnly: true serviceAccountName: ml-pipeline-ui - volumes: - - configMap: - name: ml-pipeline-ui-configmap - name: config-volume diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 976165b9e7..f6e9b9c7dc 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,9 +16,6 @@ spec: spec: containers: - env: - - name: NAMESPACE - value: "" - valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 0995593d4b..79adf2aab0 100644 --- a/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/generic/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,9 +62,6 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact - envFrom: - - configMapRef: - name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 7237223586..0000000000 --- a/tests/stacks/generic/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - replicas: 1 - selector: - matchLabels: - app: kubeflow-pipelines-profile-controller - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: kubeflow-pipelines-profile-controller - spec: - containers: - - command: - - python - - /hooks/sync.py - image: python:2.7 - name: profile-controller - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /hooks - name: hooks - volumes: - - configMap: - name: kubeflow-pipelines-profile-controller-78dkmk82gc - name: hooks diff --git a/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 96fe00bf44..0000000000 --- a/tests/stacks/generic/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - childResources: - - apiVersion: v1 - resource: secrets - updateStrategy: - method: OnDelete - - apiVersion: v1 - resource: configmaps - updateStrategy: - method: OnDelete - - apiVersion: apps/v1 - resource: deployments - updateStrategy: - method: InPlace - - apiVersion: v1 - resource: services - updateStrategy: - method: InPlace - - apiVersion: networking.istio.io/v1alpha3 - resource: destinationrules - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: serviceroles - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: servicerolebindings - updateStrategy: - method: InPlace - generateSelector: true - hooks: - sync: - webhook: - url: http://kubeflow-pipelines-profile-controller/sync - parentResource: - apiVersion: v1 - resource: namespaces - resyncPeriodSeconds: 10 diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml deleted file mode 100644 index e604367357..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-cache-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml deleted file mode 100644 index a6ec986725..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-metadata-writer-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml deleted file mode 100644 index b3053317b5..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-persistenceagent-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - get - - list - - watch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml deleted file mode 100644 index 2b96dd482c..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-scheduledworkflow-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml deleted file mode 100644 index cfc19ad40f..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -rules: -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml deleted file mode 100644 index 984316e3b5..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-cache-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-cache-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml deleted file mode 100644 index 7a3f9bc2d1..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-metadata-writer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-metadata-writer-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml deleted file mode 100644 index ed59670f6c..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-persistenceagent-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-persistenceagent-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-persistenceagent - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml deleted file mode 100644 index 2ca201eb95..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-scheduledworkflow-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-scheduledworkflow-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-scheduledworkflow - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml deleted file mode 100644 index 2d8fb03ae3..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-ui -subjects: -- kind: ServiceAccount - name: ml-pipeline-ui - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml deleted file mode 100644 index a88f27ff9e..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: ml-pipeline -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - update - - patch - - delete -- apiGroups: - - "" - resources: - - pods - verbs: - - delete diff --git a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml deleted file mode 100644 index 9ce11cb2f9..0000000000 --- a/tests/stacks/generic/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline -subjects: -- kind: ServiceAccount - name: ml-pipeline - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml deleted file mode 100644 index 4c2633f99b..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: v1 -data: - sync.py: | - # Copyright 2020 Google LLC - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - - from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer - import json - - - class Controller(BaseHTTPRequestHandler): - def sync(self, parent, children): - # HACK: Currently using serving.kubeflow.org/inferenceservice to identify - # kubeflow user namespaces. - # TODO: let Kubeflow profile controller add a pipeline specific label to - # user namespaces and use that label instead. - pipeline_enabled = parent.get("metadata", {}).get( - "labels", {}).get("serving.kubeflow.org/inferenceservice") - - if not pipeline_enabled: - return {"status": {}, "children": []} - - # Compute status based on observed state. - desired_status = { - "kubeflow-pipelines-ready": \ - len(children["Secret.v1"]) == 1 and \ - len(children["ConfigMap.v1"]) == 1 and \ - len(children["Deployment.apps/v1"]) == 2 and \ - len(children["Service.v1"]) == 2 and \ - len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ - len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ - len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ - "True" or "False" - } - - # Generate the desired child object(s). - # parent is a namespace - namespace = parent.get("metadata", {}).get("name") - desired_resources = [ - { - "apiVersion": "v1", - "kind": "Secret", - "metadata": { - "name": "mlpipeline-minio-artifact", - "namespace": namespace, - }, - "data": { - "accesskey": "bWluaW8=", # base64 for minio - "secretkey": "bWluaW8xMjM=", # base64 for minio123 - }, - }, - { - "apiVersion": "v1", - "kind": "ConfigMap", - "metadata": { - "name": "metadata-grpc-configmap", - "namespace": namespace, - }, - "data": { - "METADATA_GRPC_SERVICE_HOST": - "metadata-grpc-service.kubeflow", - "METADATA_GRPC_SERVICE_PORT": "8080", - }, - }, - # Visualization server related manifests below - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "spec": { - "containers": [{ - "image": - "gcr.io/ml-pipeline/visualization-server:0.5.1", - "imagePullPolicy": "IfNotPresent", - "name": "ml-pipeline-visualizationserver", - "ports": [{ - "containerPort": 8888 - }], - }], - "serviceAccountName": - "default-editor", - }, - }, - }, - }, - { - "apiVersion": "networking.istio.io/v1alpha3", - "kind": "DestinationRule", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "host": "ml-pipeline-visualizationserver", - "trafficPolicy": { - "tls": { - "mode": "ISTIO_MUTUAL" - } - } - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRole", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "rules": [{ - "services": ["ml-pipeline-visualizationserver.*"] - }] - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRoleBinding", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "subjects": [{ - "properties": { - "source.principal": - "cluster.local/ns/kubeflow/sa/ml-pipeline" - } - }], - "roleRef": { - "kind": "ServiceRole", - "name": "ml-pipeline-visualizationserver" - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "ports": [{ - "name": "http", - "port": 8888, - "protocol": "TCP", - "targetPort": 8888, - }], - "selector": { - "app": "ml-pipeline-visualizationserver", - }, - }, - }, - # Artifact fetcher related resources below. - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - }, - "spec": { - "containers": [{ - "name": "ml-pipeline-ui-artifact", - "image": "gcr.io/ml-pipeline/frontend:0.5.1", - "imagePullPolicy": "IfNotPresent", - "ports": [{ - "containerPort": 3000 - }] - }], - "serviceAccountName": - "default-editor" - } - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - "labels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "spec": { - "ports": [{ - "name": - "http", # name is required to let istio understand request protocol - "port": 80, - "protocol": "TCP", - "targetPort": 3000 - }], - "selector": { - "app": "ml-pipeline-ui-artifact" - } - } - }, - ] - print('Received request', parent, desired_resources) - - return {"status": desired_status, "children": desired_resources} - - def do_POST(self): - # Serve the sync() function as a JSON webhook. - observed = json.loads( - self.rfile.read(int(self.headers.getheader("content-length")))) - desired = self.sync(observed["parent"], observed["children"]) - - self.send_response(200) - self.send_header("Content-type", "application/json") - self.end_headers() - self.wfile.write(json.dumps(desired)) - - - HTTPServer(("", 80), Controller).serve_forever() -kind: ConfigMap -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller-78dkmk82gc - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml deleted file mode 100644 index 3bc667cc9b..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - viewer-pod-template.json: |- - { - "spec": { - "serviceAccountName": "default-editor" - } - } -kind: ConfigMap -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui-configmap - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml deleted file mode 100644 index 5ffb95a2f1..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor - MULTIUSER: "true" - VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver - VISUALIZATIONSERVICE_PORT: "8888" -kind: ConfigMap -metadata: - name: pipeline-api-server-config-f4t72426kt - namespace: kubeflow diff --git a/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 76400e279f..0000000000 --- a/tests/stacks/generic/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: kubeflow-pipelines-profile-controller From 6df2abc5196a38c2e5a8440428ff6b29353c1259 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:25:42 +0800 Subject: [PATCH 37/45] revert alice example to gcp stack --- stacks/examples/alice/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/examples/alice/kustomization.yaml b/stacks/examples/alice/kustomization.yaml index 090a4d735b..7b1b11d292 100644 --- a/stacks/examples/alice/kustomization.yaml +++ b/stacks/examples/alice/kustomization.yaml @@ -7,7 +7,7 @@ generatorOptions: disableNameSuffixHash: true resources: # Users start by inheriting the gcp stack and then customizing it -- ../../generic +- ../../gcp patchesStrategicMerge: # Patch in modifications to the global config - kubeflow-config.yaml From 0230d0c24b757b291d5030b7b4f1aea29fdc8427 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:26:04 +0800 Subject: [PATCH 38/45] update snapshot --- .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 ++ ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 + .../apps_v1_deployment_ml-pipeline.yaml | 3 + ...kubeflow-pipelines-profile-controller.yaml | 34 +++ ...kubeflow-pipelines-profile-controller.yaml | 46 +++ ...terrole_kubeflow-pipelines-cache-role.yaml | 31 ++ ...beflow-pipelines-metadata-writer-role.yaml | 31 ++ ...ole_ml-pipeline-persistenceagent-role.yaml | 21 ++ ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 +++ ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 +++ ...ding_kubeflow-pipelines-cache-binding.yaml | 12 + ...low-pipelines-metadata-writer-binding.yaml | 12 + ..._ml-pipeline-persistenceagent-binding.yaml | 12 + ...ml-pipeline-scheduledworkflow-binding.yaml | 12 + ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 + ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 +++ ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 + ...pelines-profile-controller-78dkmk82gc.yaml | 267 ++++++++++++++++++ ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 + ...pipeline-api-server-config-f4t72426kt.yaml | 10 + ...eline-minio-install-config-c42bb75m6g.yaml | 11 + ...eline-mysql-install-config-24c6km7cgg.yaml | 12 + .../~g_v1_persistentvolume_minio-pv.yaml | 15 + .../~g_v1_persistentvolume_mysql-pv.yaml | 16 ++ ...~g_v1_persistentvolumeclaim_minio-pvc.yaml | 2 + ..._persistentvolumeclaim_mysql-pv-claim.yaml | 2 + ...kubeflow-pipelines-profile-controller.yaml | 15 + .../~g_v1_serviceaccount_ml-pipeline-ui.yaml | 2 + ...count_ml-pipeline-visualizationserver.yaml | 2 + .../~g_v1_serviceaccount_pipeline-runner.yaml | 2 + ...t_profiles-controller-service-account.yaml | 2 + 35 files changed, 753 insertions(+), 12 deletions(-) create mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml create mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index 6c588c6913..06c8cfbed6 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,9 +53,7 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 4b0a0d0c91..83adf18f72 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,9 +18,7 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index a4f9177a0b..adf776c9d6 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index f38eb6fabe..79db22ad5f 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,9 +17,7 @@ spec: containers: - env: - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: "" image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index 0430d4b7bd..f8ca163f6a 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,6 +16,18 @@ spec: spec: containers: - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: DEPLOYMENT + value: KUBEFLOW + - name: ARTIFACTS_SERVICE_PROXY_NAME + value: ml-pipeline-ui-artifact + - name: ARTIFACTS_SERVICE_PROXY_PORT + value: "80" + - name: ARTIFACTS_SERVICE_PROXY_ENABLED + value: "true" + - name: ENABLE_AUTHZ + value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -61,4 +73,12 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index f6e9b9c7dc..976165b9e7 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,6 +16,9 @@ spec: spec: containers: - env: + - name: NAMESPACE + value: "" + valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 79adf2aab0..0995593d4b 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,6 +62,9 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact + envFrom: + - configMapRef: + name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..7237223586 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: kubeflow-pipelines-profile-controller + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + app: kubeflow-pipelines-profile-controller + spec: + containers: + - command: + - python + - /hooks/sync.py + image: python:2.7 + name: profile-controller + ports: + - containerPort: 80 + volumeMounts: + - mountPath: /hooks + name: hooks + volumes: + - configMap: + name: kubeflow-pipelines-profile-controller-78dkmk82gc + name: hooks diff --git a/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..96fe00bf44 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,46 @@ +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + childResources: + - apiVersion: v1 + resource: secrets + updateStrategy: + method: OnDelete + - apiVersion: v1 + resource: configmaps + updateStrategy: + method: OnDelete + - apiVersion: apps/v1 + resource: deployments + updateStrategy: + method: InPlace + - apiVersion: v1 + resource: services + updateStrategy: + method: InPlace + - apiVersion: networking.istio.io/v1alpha3 + resource: destinationrules + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: serviceroles + updateStrategy: + method: InPlace + - apiVersion: rbac.istio.io/v1alpha1 + resource: servicerolebindings + updateStrategy: + method: InPlace + generateSelector: true + hooks: + sync: + webhook: + url: http://kubeflow-pipelines-profile-controller/sync + parentResource: + apiVersion: v1 + resource: namespaces + resyncPeriodSeconds: 10 diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml new file mode 100644 index 0000000000..e604367357 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 0000000000..a6ec986725 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 0000000000..b3053317b5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 0000000000..2b96dd482c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..cfc19ad40f --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml @@ -0,0 +1,44 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml new file mode 100644 index 0000000000..984316e3b5 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 0000000000..7a3f9bc2d1 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 0000000000..ed59670f6c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 0000000000..2ca201eb95 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml new file mode 100644 index 0000000000..2d8fb03ae3 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml new file mode 100644 index 0000000000..a88f27ff9e --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - delete diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml new file mode 100644 index 0000000000..9ce11cb2f9 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml new file mode 100644 index 0000000000..4c2633f99b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml @@ -0,0 +1,267 @@ +apiVersion: v1 +data: + sync.py: | + # Copyright 2020 Google LLC + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer + import json + + + class Controller(BaseHTTPRequestHandler): + def sync(self, parent, children): + # HACK: Currently using serving.kubeflow.org/inferenceservice to identify + # kubeflow user namespaces. + # TODO: let Kubeflow profile controller add a pipeline specific label to + # user namespaces and use that label instead. + pipeline_enabled = parent.get("metadata", {}).get( + "labels", {}).get("serving.kubeflow.org/inferenceservice") + + if not pipeline_enabled: + return {"status": {}, "children": []} + + # Compute status based on observed state. + desired_status = { + "kubeflow-pipelines-ready": \ + len(children["Secret.v1"]) == 1 and \ + len(children["ConfigMap.v1"]) == 1 and \ + len(children["Deployment.apps/v1"]) == 2 and \ + len(children["Service.v1"]) == 2 and \ + len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ + len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ + len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ + "True" or "False" + } + + # Generate the desired child object(s). + # parent is a namespace + namespace = parent.get("metadata", {}).get("name") + desired_resources = [ + { + "apiVersion": "v1", + "kind": "Secret", + "metadata": { + "name": "mlpipeline-minio-artifact", + "namespace": namespace, + }, + "data": { + "accesskey": "bWluaW8=", # base64 for minio + "secretkey": "bWluaW8xMjM=", # base64 for minio123 + }, + }, + { + "apiVersion": "v1", + "kind": "ConfigMap", + "metadata": { + "name": "metadata-grpc-configmap", + "namespace": namespace, + }, + "data": { + "METADATA_GRPC_SERVICE_HOST": + "metadata-grpc-service.kubeflow", + "METADATA_GRPC_SERVICE_PORT": "8080", + }, + }, + # Visualization server related manifests below + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-visualizationserver" + }, + }, + "spec": { + "containers": [{ + "image": + "gcr.io/ml-pipeline/visualization-server:0.5.1", + "imagePullPolicy": "IfNotPresent", + "name": "ml-pipeline-visualizationserver", + "ports": [{ + "containerPort": 8888 + }], + }], + "serviceAccountName": + "default-editor", + }, + }, + }, + }, + { + "apiVersion": "networking.istio.io/v1alpha3", + "kind": "DestinationRule", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "host": "ml-pipeline-visualizationserver", + "trafficPolicy": { + "tls": { + "mode": "ISTIO_MUTUAL" + } + } + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRole", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "rules": [{ + "services": ["ml-pipeline-visualizationserver.*"] + }] + } + }, + { + "apiVersion": "rbac.istio.io/v1alpha1", + "kind": "ServiceRoleBinding", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "subjects": [{ + "properties": { + "source.principal": + "cluster.local/ns/kubeflow/sa/ml-pipeline" + } + }], + "roleRef": { + "kind": "ServiceRole", + "name": "ml-pipeline-visualizationserver" + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-visualizationserver", + "namespace": namespace, + }, + "spec": { + "ports": [{ + "name": "http", + "port": 8888, + "protocol": "TCP", + "targetPort": 8888, + }], + "selector": { + "app": "ml-pipeline-visualizationserver", + }, + }, + }, + # Artifact fetcher related resources below. + { + "apiVersion": "apps/v1", + "kind": "Deployment", + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + }, + "spec": { + "selector": { + "matchLabels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "template": { + "metadata": { + "labels": { + "app": "ml-pipeline-ui-artifact" + }, + }, + "spec": { + "containers": [{ + "name": "ml-pipeline-ui-artifact", + "image": "gcr.io/ml-pipeline/frontend:0.5.1", + "imagePullPolicy": "IfNotPresent", + "ports": [{ + "containerPort": 3000 + }] + }], + "serviceAccountName": + "default-editor" + } + } + } + }, + { + "apiVersion": "v1", + "kind": "Service", + "metadata": { + "name": "ml-pipeline-ui-artifact", + "namespace": namespace, + "labels": { + "app": "ml-pipeline-ui-artifact" + } + }, + "spec": { + "ports": [{ + "name": + "http", # name is required to let istio understand request protocol + "port": 80, + "protocol": "TCP", + "targetPort": 3000 + }], + "selector": { + "app": "ml-pipeline-ui-artifact" + } + } + }, + ] + print('Received request', parent, desired_resources) + + return {"status": desired_status, "children": desired_resources} + + def do_POST(self): + # Serve the sync() function as a JSON webhook. + observed = json.loads( + self.rfile.read(int(self.headers.getheader("content-length")))) + desired = self.sync(observed["parent"], observed["children"]) + + self.send_response(200) + self.send_header("Content-type", "application/json") + self.end_headers() + self.wfile.write(json.dumps(desired)) + + + HTTPServer(("", 80), Controller).serve_forever() +kind: ConfigMap +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller-78dkmk82gc + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml new file mode 100644 index 0000000000..3bc667cc9b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "default-editor" + } + } +kind: ConfigMap +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui-configmap + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml new file mode 100644 index 0000000000..5ffb95a2f1 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor + MULTIUSER: "true" + VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver + VISUALIZATIONSERVICE_PORT: "8888" +kind: ConfigMap +metadata: + name: pipeline-api-server-config-f4t72426kt + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml new file mode 100644 index 0000000000..9963e3b53c --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-minio-install-config-c42bb75m6g.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + minioPd: dls-kf-storage-artifact-store + minioPvName: minio-pv +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: pipeline-minio-install-config-c42bb75m6g + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml new file mode 100644 index 0000000000..4c8915b459 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-mysql-install-config-24c6km7cgg.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: + mysqlPd: dls-kf-storage-metadata-store + mysqlPvName: mysql-pv +kind: ConfigMap +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: pipeline-mysql-install-config-24c6km7cgg + namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml new file mode 100644 index 0000000000..993f221972 --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_minio-pv.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio + name: minio-pv +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 20Gi + gcePersistentDisk: + fsType: ext4 + pdName: dls-kf-storage-artifact-store diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml new file mode 100644 index 0000000000..17f07cff7b --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolume_mysql-pv.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + labels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql + name: mysql-pv +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 20Gi + gcePersistentDisk: + fsType: ext4 + pdName: dls-kf-storage-metadata-store diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml index 0dd8344034..66356a42ba 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_minio-pvc.yaml @@ -12,3 +12,5 @@ spec: resources: requests: storage: 20Gi + storageClassName: "" + volumeName: minio-pv diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml index bf0c560da5..f239b247a9 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_persistentvolumeclaim_mysql-pv-claim.yaml @@ -13,3 +13,5 @@ spec: resources: requests: storage: 20Gi + storageClassName: "" + volumeName: mysql-pv diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml new file mode 100644 index 0000000000..76400e279f --- /dev/null +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: kubeflow-pipelines-profile-controller + name: kubeflow-pipelines-profile-controller + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: kubeflow-pipelines-profile-controller diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml index 0d70c90e4d..3e4a136426 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-ui.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com name: ml-pipeline-ui namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml index f0f541f8ad..b47c98bb3d 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_ml-pipeline-visualizationserver.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com name: ml-pipeline-visualizationserver namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml index a9854a58ba..1beef50ebf 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_pipeline-runner.yaml @@ -1,5 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + iam.gke.io/gcp-service-account: name-user@project-id.iam.gserviceaccount.com name: pipeline-runner namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml index 881ccbf1bd..0e2bd62a2d 100644 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml +++ b/tests/stacks/examples/alice/test_data/expected/~g_v1_serviceaccount_profiles-controller-service-account.yaml @@ -1,6 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: + annotations: + iam.gke.io/gcp-service-account: name-admin@project-id.iam.gserviceaccount.com labels: kustomize.component: profiles name: profiles-controller-service-account From 5b3d8823f05bc61087004aba4678b7c0934432b0 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Fri, 3 Jul 2020 14:55:49 +0800 Subject: [PATCH 39/45] fix profile controller iam binding --- .../cnrm/iam/kf-admin-owns-user-policy.yaml | 11 ++++++ gcp/v2/cnrm/iam/kf-admin-policy.yaml | 14 -------- gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml | 11 ++++++ gcp/v2/cnrm/iam/kf-user-policy.yaml | 16 --------- gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml | 35 +++++++++++++++++++ gcp/v2/cnrm/iam/kustomization.yaml | 3 ++ 6 files changed, 60 insertions(+), 30 deletions(-) create mode 100644 gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml create mode 100644 gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml create mode 100644 gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml diff --git a/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml b/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml new file mode 100644 index 0000000000..ccd63fb243 --- /dev/null +++ b/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml @@ -0,0 +1,11 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: name-admin-owns-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +spec: + member: serviceAccount:name-admin@project-id.iam.gserviceaccount.com # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"},{"name":"gcloud.core.project","value":"project-id"}]}} + role: roles/iam.serviceAccountAdmin + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} diff --git a/gcp/v2/cnrm/iam/kf-admin-policy.yaml b/gcp/v2/cnrm/iam/kf-admin-policy.yaml index 529fbb2cb7..b391e5b9da 100644 --- a/gcp/v2/cnrm/iam/kf-admin-policy.yaml +++ b/gcp/v2/cnrm/iam/kf-admin-policy.yaml @@ -165,17 +165,3 @@ spec: apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 kind: Project external: projects/project-id # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} ---- -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicy -metadata: - name: name-admin-workload-identity-users # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-admin # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} - bindings: - - role: roles/iam.workloadIdentityUser - members: - - serviceAccount:project-id.svc.id.goog[kubeflow/profiles-controller-service-account] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} diff --git a/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml b/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml new file mode 100644 index 0000000000..3817ae1334 --- /dev/null +++ b/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml @@ -0,0 +1,11 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: name-admin-workload-identity-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +spec: + member: serviceAccount:project-id.svc.id.goog[kubeflow/profiles-controller-service-account] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: name-admin # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} diff --git a/gcp/v2/cnrm/iam/kf-user-policy.yaml b/gcp/v2/cnrm/iam/kf-user-policy.yaml index ff2f213b45..f89fe4ec1f 100644 --- a/gcp/v2/cnrm/iam/kf-user-policy.yaml +++ b/gcp/v2/cnrm/iam/kf-user-policy.yaml @@ -141,19 +141,3 @@ spec: apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 kind: Project external: projects/project-id # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} ---- -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicy -metadata: - name: name-user-workload-identity-users # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} - bindings: - - role: roles/iam.workloadIdentityUser - members: - - serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-ui] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - - serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-visualizationserver] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - - serviceAccount:project-id.svc.id.goog[kubeflow/pipeline-runner] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} diff --git a/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml b/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml new file mode 100644 index 0000000000..88e69a7744 --- /dev/null +++ b/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml @@ -0,0 +1,35 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: name-user-workload-identity-user-ml-pipeline-ui # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +spec: + member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-ui] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: name-user-workload-identity-user-ml-pipeline-visualizationserver # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +spec: + member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-visualizationserver] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: name-user-workload-identity-user-pipeline-runner # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} +spec: + member: serviceAccount:project-id.svc.id.goog[kubeflow/pipeline-runner] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} diff --git a/gcp/v2/cnrm/iam/kustomization.yaml b/gcp/v2/cnrm/iam/kustomization.yaml index 2341a5fded..4a7eccebff 100644 --- a/gcp/v2/cnrm/iam/kustomization.yaml +++ b/gcp/v2/cnrm/iam/kustomization.yaml @@ -5,3 +5,6 @@ resources: - kf-admin-sa.yaml - kf-user-policy.yaml - kf-user-sa.yaml +- kf-admin-wi-bindings.yaml +- kf-user-wi-bindings.yaml +- kf-admin-owns-user-policy.yaml From 30552d1a860941e8836304d30a783211a12a3233 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Mon, 6 Jul 2020 18:45:27 +0800 Subject: [PATCH 40/45] Update kfp profile controller can be configured to different images and istio sidecar --- .../deployment.yaml | 5 ++++ .../pipelines-profile-controller/sync.py | 28 +++++++++++++++---- 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml index 50c62ca9d2..2ccd2d8f78 100644 --- a/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml +++ b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml @@ -13,6 +13,11 @@ spec: - name: profile-controller image: python:2.7 command: ["python", "/hooks/sync.py"] + env: + - name: KFP_VERSION + value: 1.0.0-rc.3 + - name: DISABLE_ISTIO_SIDECAR + value: "true" # TODO: make visualization server work with sidecar volumeMounts: - name: hooks mountPath: /hooks diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/sync.py b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py index 8cce485107..b2154c488a 100644 --- a/pipeline/installs/multi-user/pipelines-profile-controller/sync.py +++ b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py @@ -14,6 +14,10 @@ from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer import json +import os + +kfp_version = os.environ["KFP_VERSION"] +disable_istio_sidecar = os.environ.get("DISABLE_ISTIO_SIDECAR") == "true" class Controller(BaseHTTPRequestHandler): @@ -92,13 +96,19 @@ def sync(self, parent, children): "labels": { "app": "ml-pipeline-visualizationserver" }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, }, "spec": { "containers": [{ "image": - "gcr.io/ml-pipeline/visualization-server:0.5.1", - "imagePullPolicy": "IfNotPresent", - "name": "ml-pipeline-visualizationserver", + "gcr.io/ml-pipeline/visualization-server:" + + kfp_version, + "imagePullPolicy": + "IfNotPresent", + "name": + "ml-pipeline-visualizationserver", "ports": [{ "containerPort": 8888 }], @@ -199,12 +209,18 @@ def sync(self, parent, children): "labels": { "app": "ml-pipeline-ui-artifact" }, + "annotations": disable_istio_sidecar and { + "sidecar.istio.io/inject": "false" + } or {}, }, "spec": { "containers": [{ - "name": "ml-pipeline-ui-artifact", - "image": "gcr.io/ml-pipeline/frontend:0.5.1", - "imagePullPolicy": "IfNotPresent", + "name": + "ml-pipeline-ui-artifact", + "image": + "gcr.io/ml-pipeline/frontend:" + kfp_version, + "imagePullPolicy": + "IfNotPresent", "ports": [{ "containerPort": 3000 }] From c71bf14e36f95cbd2ac07359182fc02605a84c5c Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 7 Jul 2020 16:24:25 +0800 Subject: [PATCH 41/45] add missing viewer controller cluster roles --- pipeline/installs/multi-user/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/pipeline/installs/multi-user/kustomization.yaml b/pipeline/installs/multi-user/kustomization.yaml index e3a4d06ca7..8d3aef475f 100644 --- a/pipeline/installs/multi-user/kustomization.yaml +++ b/pipeline/installs/multi-user/kustomization.yaml @@ -7,6 +7,7 @@ resources: - pipelines-ui - pipelines-profile-controller - scheduled-workflow +- viewer-controller - persistence-agent - cache - metadata-writer From 4f2f96ce41dd0f3ce6be08b2b16cbce277b8e430 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 7 Jul 2020 17:12:04 +0800 Subject: [PATCH 42/45] Use python3 for sync.py --- .../pipelines-profile-controller/deployment.yaml | 12 +++++------- .../pipelines-profile-controller/kustomization.yaml | 5 ++++- .../pipelines-profile-controller/params.env | 3 +++ .../multi-user/pipelines-profile-controller/sync.py | 6 +++--- 4 files changed, 15 insertions(+), 11 deletions(-) create mode 100644 pipeline/installs/multi-user/pipelines-profile-controller/params.env diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml index 2ccd2d8f78..0ccf450289 100644 --- a/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml +++ b/pipeline/installs/multi-user/pipelines-profile-controller/deployment.yaml @@ -11,13 +11,11 @@ spec: spec: containers: - name: profile-controller - image: python:2.7 + image: python:3.7 command: ["python", "/hooks/sync.py"] - env: - - name: KFP_VERSION - value: 1.0.0-rc.3 - - name: DISABLE_ISTIO_SIDECAR - value: "true" # TODO: make visualization server work with sidecar + envFrom: + - configMapRef: + name: profile-controller-env volumeMounts: - name: hooks mountPath: /hooks @@ -26,4 +24,4 @@ spec: volumes: - name: hooks configMap: - name: profile-controller + name: profile-controller-code diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml b/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml index 0e1814f7b4..76a257965e 100644 --- a/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml +++ b/pipeline/installs/multi-user/pipelines-profile-controller/kustomization.yaml @@ -9,6 +9,9 @@ resources: - deployment.yaml - composite-controller.yaml configMapGenerator: -- name: profile-controller +- name: profile-controller-code files: - sync.py +- name: profile-controller-env + envs: + - params.env diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/params.env b/pipeline/installs/multi-user/pipelines-profile-controller/params.env new file mode 100644 index 0000000000..49e9aedae8 --- /dev/null +++ b/pipeline/installs/multi-user/pipelines-profile-controller/params.env @@ -0,0 +1,3 @@ +KFP_VERSION=1.0.0-rc.3 +# TODO: make visualization server work with sidecar +DISABLE_ISTIO_SIDECAR=true diff --git a/pipeline/installs/multi-user/pipelines-profile-controller/sync.py b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py index b2154c488a..8604ef4ef6 100644 --- a/pipeline/installs/multi-user/pipelines-profile-controller/sync.py +++ b/pipeline/installs/multi-user/pipelines-profile-controller/sync.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer +from http.server import BaseHTTPRequestHandler, HTTPServer import json import os @@ -262,13 +262,13 @@ def sync(self, parent, children): def do_POST(self): # Serve the sync() function as a JSON webhook. observed = json.loads( - self.rfile.read(int(self.headers.getheader("content-length")))) + self.rfile.read(int(self.headers.get("content-length")))) desired = self.sync(observed["parent"], observed["children"]) self.send_response(200) self.send_header("Content-type", "application/json") self.end_headers() - self.wfile.write(json.dumps(desired)) + self.wfile.write(bytes(json.dumps(desired), 'utf-8')) HTTPServer(("", 80), Controller).serve_forever() From 78b3eead88b705df4ccf4e462484e51540957f0f Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 7 Jul 2020 17:16:13 +0800 Subject: [PATCH 43/45] Revert gcp stack back to use non multi user kfp --- stacks/gcp/kustomization.yaml | 2 +- .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 -- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 - .../apps_v1_deployment_ml-pipeline.yaml | 3 - ...kubeflow-pipelines-profile-controller.yaml | 34 --- ...kubeflow-pipelines-profile-controller.yaml | 46 --- ...terrole_kubeflow-pipelines-cache-role.yaml | 31 -- ...beflow-pipelines-metadata-writer-role.yaml | 31 -- ...ole_ml-pipeline-persistenceagent-role.yaml | 21 -- ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 --- ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 --- ...ding_kubeflow-pipelines-cache-binding.yaml | 12 - ...low-pipelines-metadata-writer-binding.yaml | 12 - ..._ml-pipeline-persistenceagent-binding.yaml | 12 - ...ml-pipeline-scheduledworkflow-binding.yaml | 12 - ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 - ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 --- ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 - ...pelines-profile-controller-78dkmk82gc.yaml | 267 ------------------ ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 - ...pipeline-api-server-config-f4t72426kt.yaml | 10 - ...kubeflow-pipelines-profile-controller.yaml | 15 - .../apps_v1_deployment_cache-server.yaml | 4 +- .../apps_v1_deployment_metadata-writer.yaml | 4 +- ...ployment_ml-pipeline-persistenceagent.yaml | 4 +- ...loyment_ml-pipeline-scheduledworkflow.yaml | 4 +- .../apps_v1_deployment_ml-pipeline-ui.yaml | 20 -- ..._v1_deployment_ml-pipeline-viewer-crd.yaml | 3 - .../apps_v1_deployment_ml-pipeline.yaml | 3 - ...kubeflow-pipelines-profile-controller.yaml | 34 --- ...kubeflow-pipelines-profile-controller.yaml | 46 --- ...terrole_kubeflow-pipelines-cache-role.yaml | 31 -- ...beflow-pipelines-metadata-writer-role.yaml | 31 -- ...ole_ml-pipeline-persistenceagent-role.yaml | 21 -- ...le_ml-pipeline-scheduledworkflow-role.yaml | 36 --- ....k8s.io_v1_clusterrole_ml-pipeline-ui.yaml | 44 --- ...ding_kubeflow-pipelines-cache-binding.yaml | 12 - ...low-pipelines-metadata-writer-binding.yaml | 12 - ..._ml-pipeline-persistenceagent-binding.yaml | 12 - ...ml-pipeline-scheduledworkflow-binding.yaml | 12 - ..._v1_clusterrolebinding_ml-pipeline-ui.yaml | 14 - ...8s.io_v1beta1_clusterrole_ml-pipeline.yaml | 34 --- ...1beta1_clusterrolebinding_ml-pipeline.yaml | 12 - ...pelines-profile-controller-78dkmk82gc.yaml | 267 ------------------ ...v1_configmap_ml-pipeline-ui-configmap.yaml | 14 - ...pipeline-api-server-config-f4t72426kt.yaml | 10 - ...kubeflow-pipelines-profile-controller.yaml | 15 - 51 files changed, 25 insertions(+), 1375 deletions(-) delete mode 100644 tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml delete mode 100644 tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml delete mode 100644 tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml diff --git a/stacks/gcp/kustomization.yaml b/stacks/gcp/kustomization.yaml index 95fbb8e94d..1bd9b429d8 100644 --- a/stacks/gcp/kustomization.yaml +++ b/stacks/gcp/kustomization.yaml @@ -18,7 +18,7 @@ resources: - ../../argo/base_v3 - ../../pipeline/minio/installs/gcp-pd - ../../pipeline/mysql/installs/gcp-pd - - ../../pipeline/installs/multi-user + - ../../pipeline/installs/generic - ../../metadata/v3 # This package will create a profile resource so it needs to be installed after the profiles CR - ../../default-install/base diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml index 06c8cfbed6..6c588c6913 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,7 +53,9 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 83adf18f72..4b0a0d0c91 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,7 +18,9 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index adf776c9d6..a4f9177a0b 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 79db22ad5f..f38eb6fabe 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index f8ca163f6a..0430d4b7bd 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,18 +16,6 @@ spec: spec: containers: - env: - - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH - value: /etc/config/viewer-pod-template.json - - name: DEPLOYMENT - value: KUBEFLOW - - name: ARTIFACTS_SERVICE_PROXY_NAME - value: ml-pipeline-ui-artifact - - name: ARTIFACTS_SERVICE_PROXY_PORT - value: "80" - - name: ARTIFACTS_SERVICE_PROXY_ENABLED - value: "true" - - name: ENABLE_AUTHZ - value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -73,12 +61,4 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 - volumeMounts: - - mountPath: /etc/config - name: config-volume - readOnly: true serviceAccountName: ml-pipeline-ui - volumes: - - configMap: - name: ml-pipeline-ui-configmap - name: config-volume diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 976165b9e7..f6e9b9c7dc 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,9 +16,6 @@ spec: spec: containers: - env: - - name: NAMESPACE - value: "" - valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 0995593d4b..79adf2aab0 100644 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/examples/alice/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,9 +62,6 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact - envFrom: - - configMapRef: - name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 7237223586..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - replicas: 1 - selector: - matchLabels: - app: kubeflow-pipelines-profile-controller - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: kubeflow-pipelines-profile-controller - spec: - containers: - - command: - - python - - /hooks/sync.py - image: python:2.7 - name: profile-controller - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /hooks - name: hooks - volumes: - - configMap: - name: kubeflow-pipelines-profile-controller-78dkmk82gc - name: hooks diff --git a/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 96fe00bf44..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - childResources: - - apiVersion: v1 - resource: secrets - updateStrategy: - method: OnDelete - - apiVersion: v1 - resource: configmaps - updateStrategy: - method: OnDelete - - apiVersion: apps/v1 - resource: deployments - updateStrategy: - method: InPlace - - apiVersion: v1 - resource: services - updateStrategy: - method: InPlace - - apiVersion: networking.istio.io/v1alpha3 - resource: destinationrules - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: serviceroles - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: servicerolebindings - updateStrategy: - method: InPlace - generateSelector: true - hooks: - sync: - webhook: - url: http://kubeflow-pipelines-profile-controller/sync - parentResource: - apiVersion: v1 - resource: namespaces - resyncPeriodSeconds: 10 diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml deleted file mode 100644 index e604367357..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-cache-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml deleted file mode 100644 index a6ec986725..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-metadata-writer-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml deleted file mode 100644 index b3053317b5..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-persistenceagent-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - get - - list - - watch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml deleted file mode 100644 index 2b96dd482c..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-scheduledworkflow-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml deleted file mode 100644 index cfc19ad40f..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -rules: -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml deleted file mode 100644 index 984316e3b5..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-cache-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-cache-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml deleted file mode 100644 index 7a3f9bc2d1..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-metadata-writer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-metadata-writer-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml deleted file mode 100644 index ed59670f6c..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-persistenceagent-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-persistenceagent-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-persistenceagent - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml deleted file mode 100644 index 2ca201eb95..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-scheduledworkflow-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-scheduledworkflow-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-scheduledworkflow - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml deleted file mode 100644 index 2d8fb03ae3..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-ui -subjects: -- kind: ServiceAccount - name: ml-pipeline-ui - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml deleted file mode 100644 index a88f27ff9e..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: ml-pipeline -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - update - - patch - - delete -- apiGroups: - - "" - resources: - - pods - verbs: - - delete diff --git a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml deleted file mode 100644 index 9ce11cb2f9..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline -subjects: -- kind: ServiceAccount - name: ml-pipeline - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml deleted file mode 100644 index 4c2633f99b..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: v1 -data: - sync.py: | - # Copyright 2020 Google LLC - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - - from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer - import json - - - class Controller(BaseHTTPRequestHandler): - def sync(self, parent, children): - # HACK: Currently using serving.kubeflow.org/inferenceservice to identify - # kubeflow user namespaces. - # TODO: let Kubeflow profile controller add a pipeline specific label to - # user namespaces and use that label instead. - pipeline_enabled = parent.get("metadata", {}).get( - "labels", {}).get("serving.kubeflow.org/inferenceservice") - - if not pipeline_enabled: - return {"status": {}, "children": []} - - # Compute status based on observed state. - desired_status = { - "kubeflow-pipelines-ready": \ - len(children["Secret.v1"]) == 1 and \ - len(children["ConfigMap.v1"]) == 1 and \ - len(children["Deployment.apps/v1"]) == 2 and \ - len(children["Service.v1"]) == 2 and \ - len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ - len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ - len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ - "True" or "False" - } - - # Generate the desired child object(s). - # parent is a namespace - namespace = parent.get("metadata", {}).get("name") - desired_resources = [ - { - "apiVersion": "v1", - "kind": "Secret", - "metadata": { - "name": "mlpipeline-minio-artifact", - "namespace": namespace, - }, - "data": { - "accesskey": "bWluaW8=", # base64 for minio - "secretkey": "bWluaW8xMjM=", # base64 for minio123 - }, - }, - { - "apiVersion": "v1", - "kind": "ConfigMap", - "metadata": { - "name": "metadata-grpc-configmap", - "namespace": namespace, - }, - "data": { - "METADATA_GRPC_SERVICE_HOST": - "metadata-grpc-service.kubeflow", - "METADATA_GRPC_SERVICE_PORT": "8080", - }, - }, - # Visualization server related manifests below - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "spec": { - "containers": [{ - "image": - "gcr.io/ml-pipeline/visualization-server:0.5.1", - "imagePullPolicy": "IfNotPresent", - "name": "ml-pipeline-visualizationserver", - "ports": [{ - "containerPort": 8888 - }], - }], - "serviceAccountName": - "default-editor", - }, - }, - }, - }, - { - "apiVersion": "networking.istio.io/v1alpha3", - "kind": "DestinationRule", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "host": "ml-pipeline-visualizationserver", - "trafficPolicy": { - "tls": { - "mode": "ISTIO_MUTUAL" - } - } - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRole", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "rules": [{ - "services": ["ml-pipeline-visualizationserver.*"] - }] - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRoleBinding", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "subjects": [{ - "properties": { - "source.principal": - "cluster.local/ns/kubeflow/sa/ml-pipeline" - } - }], - "roleRef": { - "kind": "ServiceRole", - "name": "ml-pipeline-visualizationserver" - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "ports": [{ - "name": "http", - "port": 8888, - "protocol": "TCP", - "targetPort": 8888, - }], - "selector": { - "app": "ml-pipeline-visualizationserver", - }, - }, - }, - # Artifact fetcher related resources below. - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - }, - "spec": { - "containers": [{ - "name": "ml-pipeline-ui-artifact", - "image": "gcr.io/ml-pipeline/frontend:0.5.1", - "imagePullPolicy": "IfNotPresent", - "ports": [{ - "containerPort": 3000 - }] - }], - "serviceAccountName": - "default-editor" - } - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - "labels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "spec": { - "ports": [{ - "name": - "http", # name is required to let istio understand request protocol - "port": 80, - "protocol": "TCP", - "targetPort": 3000 - }], - "selector": { - "app": "ml-pipeline-ui-artifact" - } - } - }, - ] - print('Received request', parent, desired_resources) - - return {"status": desired_status, "children": desired_resources} - - def do_POST(self): - # Serve the sync() function as a JSON webhook. - observed = json.loads( - self.rfile.read(int(self.headers.getheader("content-length")))) - desired = self.sync(observed["parent"], observed["children"]) - - self.send_response(200) - self.send_header("Content-type", "application/json") - self.end_headers() - self.wfile.write(json.dumps(desired)) - - - HTTPServer(("", 80), Controller).serve_forever() -kind: ConfigMap -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller-78dkmk82gc - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml deleted file mode 100644 index 3bc667cc9b..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - viewer-pod-template.json: |- - { - "spec": { - "serviceAccountName": "default-editor" - } - } -kind: ConfigMap -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui-configmap - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml deleted file mode 100644 index 5ffb95a2f1..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor - MULTIUSER: "true" - VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver - VISUALIZATIONSERVICE_PORT: "8888" -kind: ConfigMap -metadata: - name: pipeline-api-server-config-f4t72426kt - namespace: kubeflow diff --git a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 76400e279f..0000000000 --- a/tests/stacks/examples/alice/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: kubeflow-pipelines-profile-controller diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml index 06c8cfbed6..6c588c6913 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_cache-server.yaml @@ -53,7 +53,9 @@ spec: key: password name: mysql-secret-fd5gktm75t - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/cache-server:1.0.0-rc.3 imagePullPolicy: Always name: server diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml index 83adf18f72..4b0a0d0c91 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_metadata-writer.yaml @@ -18,7 +18,9 @@ spec: containers: - env: - name: NAMESPACE_TO_WATCH - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/metadata-writer:1.0.0-rc.3 name: main serviceAccountName: kubeflow-pipelines-metadata-writer diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml index adf776c9d6..a4f9177a0b 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-persistenceagent.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml index 79db22ad5f..f38eb6fabe 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-scheduledworkflow.yaml @@ -17,7 +17,9 @@ spec: containers: - env: - name: NAMESPACE - value: "" + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/scheduledworkflow:1.0.0-rc.3 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml index f8ca163f6a..0430d4b7bd 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-ui.yaml @@ -16,18 +16,6 @@ spec: spec: containers: - env: - - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH - value: /etc/config/viewer-pod-template.json - - name: DEPLOYMENT - value: KUBEFLOW - - name: ARTIFACTS_SERVICE_PROXY_NAME - value: ml-pipeline-ui-artifact - - name: ARTIFACTS_SERVICE_PROXY_PORT - value: "80" - - name: ARTIFACTS_SERVICE_PROXY_ENABLED - value: "true" - - name: ENABLE_AUTHZ - value: "true" - name: MINIO_NAMESPACE valueFrom: fieldRef: @@ -73,12 +61,4 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 - volumeMounts: - - mountPath: /etc/config - name: config-volume - readOnly: true serviceAccountName: ml-pipeline-ui - volumes: - - configMap: - name: ml-pipeline-ui-configmap - name: config-volume diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml index 976165b9e7..f6e9b9c7dc 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline-viewer-crd.yaml @@ -16,9 +16,6 @@ spec: spec: containers: - env: - - name: NAMESPACE - value: "" - valueFrom: null - name: MAX_NUM_VIEWERS value: "50" - name: MINIO_NAMESPACE diff --git a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml index 0995593d4b..79adf2aab0 100644 --- a/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml +++ b/tests/stacks/gcp/test_data/expected/apps_v1_deployment_ml-pipeline.yaml @@ -62,9 +62,6 @@ spec: secretKeyRef: key: secretkey name: mlpipeline-minio-artifact - envFrom: - - configMapRef: - name: pipeline-api-server-config-f4t72426kt image: gcr.io/ml-pipeline/api-server:1.0.0-rc.3 imagePullPolicy: IfNotPresent livenessProbe: diff --git a/tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 7237223586..0000000000 --- a/tests/stacks/gcp/test_data/expected/apps_v1beta1_deployment_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - replicas: 1 - selector: - matchLabels: - app: kubeflow-pipelines-profile-controller - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: kubeflow-pipelines-profile-controller - spec: - containers: - - command: - - python - - /hooks/sync.py - image: python:2.7 - name: profile-controller - ports: - - containerPort: 80 - volumeMounts: - - mountPath: /hooks - name: hooks - volumes: - - configMap: - name: kubeflow-pipelines-profile-controller-78dkmk82gc - name: hooks diff --git a/tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 96fe00bf44..0000000000 --- a/tests/stacks/gcp/test_data/expected/metacontroller.k8s.io_v1alpha1_compositecontroller_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - childResources: - - apiVersion: v1 - resource: secrets - updateStrategy: - method: OnDelete - - apiVersion: v1 - resource: configmaps - updateStrategy: - method: OnDelete - - apiVersion: apps/v1 - resource: deployments - updateStrategy: - method: InPlace - - apiVersion: v1 - resource: services - updateStrategy: - method: InPlace - - apiVersion: networking.istio.io/v1alpha3 - resource: destinationrules - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: serviceroles - updateStrategy: - method: InPlace - - apiVersion: rbac.istio.io/v1alpha1 - resource: servicerolebindings - updateStrategy: - method: InPlace - generateSelector: true - hooks: - sync: - webhook: - url: http://kubeflow-pipelines-profile-controller/sync - parentResource: - apiVersion: v1 - resource: namespaces - resyncPeriodSeconds: 10 diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml deleted file mode 100644 index e604367357..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-cache-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-cache-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml deleted file mode 100644 index a6ec986725..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_kubeflow-pipelines-metadata-writer-role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-pipelines-metadata-writer-role -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml deleted file mode 100644 index b3053317b5..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-persistenceagent-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-persistenceagent-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - get - - list - - watch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml deleted file mode 100644 index 2b96dd482c..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-scheduledworkflow-role.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ml-pipeline-scheduledworkflow-role -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml deleted file mode 100644 index cfc19ad40f..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrole_ml-pipeline-ui.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -rules: -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - get -- apiGroups: - - "" - resources: - - events - verbs: - - list -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml deleted file mode 100644 index 984316e3b5..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-cache-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-cache-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-cache-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-cache - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml deleted file mode 100644 index 7a3f9bc2d1..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_kubeflow-pipelines-metadata-writer-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubeflow-pipelines-metadata-writer-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubeflow-pipelines-metadata-writer-role -subjects: -- kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml deleted file mode 100644 index ed59670f6c..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-persistenceagent-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-persistenceagent-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-persistenceagent-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-persistenceagent - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml deleted file mode 100644 index 2ca201eb95..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-scheduledworkflow-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline-scheduledworkflow-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-scheduledworkflow-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-scheduledworkflow - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml deleted file mode 100644 index 2d8fb03ae3..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1_clusterrolebinding_ml-pipeline-ui.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline-ui -subjects: -- kind: ServiceAccount - name: ml-pipeline-ui - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml deleted file mode 100644 index a88f27ff9e..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrole_ml-pipeline.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: ml-pipeline -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - update - - patch - - delete -- apiGroups: - - "" - resources: - - pods - verbs: - - delete diff --git a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml b/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml deleted file mode 100644 index 9ce11cb2f9..0000000000 --- a/tests/stacks/gcp/test_data/expected/rbac.authorization.k8s.io_v1beta1_clusterrolebinding_ml-pipeline.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: ml-pipeline -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ml-pipeline -subjects: -- kind: ServiceAccount - name: ml-pipeline - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml deleted file mode 100644 index 4c2633f99b..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_kubeflow-pipelines-profile-controller-78dkmk82gc.yaml +++ /dev/null @@ -1,267 +0,0 @@ -apiVersion: v1 -data: - sync.py: | - # Copyright 2020 Google LLC - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - - from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer - import json - - - class Controller(BaseHTTPRequestHandler): - def sync(self, parent, children): - # HACK: Currently using serving.kubeflow.org/inferenceservice to identify - # kubeflow user namespaces. - # TODO: let Kubeflow profile controller add a pipeline specific label to - # user namespaces and use that label instead. - pipeline_enabled = parent.get("metadata", {}).get( - "labels", {}).get("serving.kubeflow.org/inferenceservice") - - if not pipeline_enabled: - return {"status": {}, "children": []} - - # Compute status based on observed state. - desired_status = { - "kubeflow-pipelines-ready": \ - len(children["Secret.v1"]) == 1 and \ - len(children["ConfigMap.v1"]) == 1 and \ - len(children["Deployment.apps/v1"]) == 2 and \ - len(children["Service.v1"]) == 2 and \ - len(children["DestinationRule.networking.istio.io/v1alpha3"]) == 1 and \ - len(children["ServiceRole.rbac.istio.io/v1alpha1"]) == 1 and \ - len(children["ServiceRoleBinding.rbac.istio.io/v1alpha1"]) == 1 and \ - "True" or "False" - } - - # Generate the desired child object(s). - # parent is a namespace - namespace = parent.get("metadata", {}).get("name") - desired_resources = [ - { - "apiVersion": "v1", - "kind": "Secret", - "metadata": { - "name": "mlpipeline-minio-artifact", - "namespace": namespace, - }, - "data": { - "accesskey": "bWluaW8=", # base64 for minio - "secretkey": "bWluaW8xMjM=", # base64 for minio123 - }, - }, - { - "apiVersion": "v1", - "kind": "ConfigMap", - "metadata": { - "name": "metadata-grpc-configmap", - "namespace": namespace, - }, - "data": { - "METADATA_GRPC_SERVICE_HOST": - "metadata-grpc-service.kubeflow", - "METADATA_GRPC_SERVICE_PORT": "8080", - }, - }, - # Visualization server related manifests below - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-visualizationserver" - }, - }, - "spec": { - "containers": [{ - "image": - "gcr.io/ml-pipeline/visualization-server:0.5.1", - "imagePullPolicy": "IfNotPresent", - "name": "ml-pipeline-visualizationserver", - "ports": [{ - "containerPort": 8888 - }], - }], - "serviceAccountName": - "default-editor", - }, - }, - }, - }, - { - "apiVersion": "networking.istio.io/v1alpha3", - "kind": "DestinationRule", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "host": "ml-pipeline-visualizationserver", - "trafficPolicy": { - "tls": { - "mode": "ISTIO_MUTUAL" - } - } - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRole", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "rules": [{ - "services": ["ml-pipeline-visualizationserver.*"] - }] - } - }, - { - "apiVersion": "rbac.istio.io/v1alpha1", - "kind": "ServiceRoleBinding", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "subjects": [{ - "properties": { - "source.principal": - "cluster.local/ns/kubeflow/sa/ml-pipeline" - } - }], - "roleRef": { - "kind": "ServiceRole", - "name": "ml-pipeline-visualizationserver" - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-visualizationserver", - "namespace": namespace, - }, - "spec": { - "ports": [{ - "name": "http", - "port": 8888, - "protocol": "TCP", - "targetPort": 8888, - }], - "selector": { - "app": "ml-pipeline-visualizationserver", - }, - }, - }, - # Artifact fetcher related resources below. - { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - }, - "spec": { - "selector": { - "matchLabels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "template": { - "metadata": { - "labels": { - "app": "ml-pipeline-ui-artifact" - }, - }, - "spec": { - "containers": [{ - "name": "ml-pipeline-ui-artifact", - "image": "gcr.io/ml-pipeline/frontend:0.5.1", - "imagePullPolicy": "IfNotPresent", - "ports": [{ - "containerPort": 3000 - }] - }], - "serviceAccountName": - "default-editor" - } - } - } - }, - { - "apiVersion": "v1", - "kind": "Service", - "metadata": { - "name": "ml-pipeline-ui-artifact", - "namespace": namespace, - "labels": { - "app": "ml-pipeline-ui-artifact" - } - }, - "spec": { - "ports": [{ - "name": - "http", # name is required to let istio understand request protocol - "port": 80, - "protocol": "TCP", - "targetPort": 3000 - }], - "selector": { - "app": "ml-pipeline-ui-artifact" - } - } - }, - ] - print('Received request', parent, desired_resources) - - return {"status": desired_status, "children": desired_resources} - - def do_POST(self): - # Serve the sync() function as a JSON webhook. - observed = json.loads( - self.rfile.read(int(self.headers.getheader("content-length")))) - desired = self.sync(observed["parent"], observed["children"]) - - self.send_response(200) - self.send_header("Content-type", "application/json") - self.end_headers() - self.wfile.write(json.dumps(desired)) - - - HTTPServer(("", 80), Controller).serve_forever() -kind: ConfigMap -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller-78dkmk82gc - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml deleted file mode 100644 index 3bc667cc9b..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_ml-pipeline-ui-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - viewer-pod-template.json: |- - { - "spec": { - "serviceAccountName": "default-editor" - } - } -kind: ConfigMap -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui-configmap - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml deleted file mode 100644 index 5ffb95a2f1..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_configmap_pipeline-api-server-config-f4t72426kt.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - DEFAULTPIPELINERUNNERSERVICEACCOUNT: default-editor - MULTIUSER: "true" - VISUALIZATIONSERVICE_NAME: ml-pipeline-visualizationserver - VISUALIZATIONSERVICE_PORT: "8888" -kind: ConfigMap -metadata: - name: pipeline-api-server-config-f4t72426kt - namespace: kubeflow diff --git a/tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml b/tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml deleted file mode 100644 index 76400e279f..0000000000 --- a/tests/stacks/gcp/test_data/expected/~g_v1_service_kubeflow-pipelines-profile-controller.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: kubeflow-pipelines-profile-controller - name: kubeflow-pipelines-profile-controller - namespace: kubeflow -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 80 - selector: - app: kubeflow-pipelines-profile-controller From 09cdd13d1e3abc80424f1048d8eadf22c64a5e53 Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 7 Jul 2020 17:20:09 +0800 Subject: [PATCH 44/45] revert unintended changes --- .../cnrm/iam/kf-admin-owns-user-policy.yaml | 11 ------ gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml | 11 ------ gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml | 35 ------------------- 3 files changed, 57 deletions(-) delete mode 100644 gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml delete mode 100644 gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml delete mode 100644 gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml diff --git a/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml b/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml deleted file mode 100644 index ccd63fb243..0000000000 --- a/gcp/v2/cnrm/iam/kf-admin-owns-user-policy.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: name-admin-owns-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - member: serviceAccount:name-admin@project-id.iam.gserviceaccount.com # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"},{"name":"gcloud.core.project","value":"project-id"}]}} - role: roles/iam.serviceAccountAdmin - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} diff --git a/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml b/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml deleted file mode 100644 index 3817ae1334..0000000000 --- a/gcp/v2/cnrm/iam/kf-admin-wi-bindings.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: name-admin-workload-identity-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - member: serviceAccount:project-id.svc.id.goog[kubeflow/profiles-controller-service-account] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - role: roles/iam.workloadIdentityUser - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-admin # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} diff --git a/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml b/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml deleted file mode 100644 index 88e69a7744..0000000000 --- a/gcp/v2/cnrm/iam/kf-user-wi-bindings.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: name-user-workload-identity-user-ml-pipeline-ui # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-ui] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - role: roles/iam.workloadIdentityUser - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} ---- -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: name-user-workload-identity-user-ml-pipeline-visualizationserver # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-visualizationserver] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - role: roles/iam.workloadIdentityUser - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} ---- -apiVersion: iam.cnrm.cloud.google.com/v1beta1 -kind: IAMPolicyMember -metadata: - name: name-user-workload-identity-user-pipeline-runner # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} -spec: - member: serviceAccount:project-id.svc.id.goog[kubeflow/pipeline-runner] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}} - role: roles/iam.workloadIdentityUser - resourceRef: - apiVersion: iam.cnrm.cloud.google.com/v1beta1 - kind: IAMServiceAccount - name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}} From e0baea1465c0185be6c7e8d27ac7db4cd62d9c7a Mon Sep 17 00:00:00 2001 From: Yuan Gong Date: Tue, 7 Jul 2020 17:24:29 +0800 Subject: [PATCH 45/45] revert upstream changes --- .../application-controller-deployment.yaml | 38 +++++----- .../application-controller-role.yaml | 32 ++++---- .../application-controller-rolebinding.yaml | 4 +- .../application-controller-service.yaml | 2 +- .../cluster-scoped/application-crd.yaml | 6 +- .../base/application/kustomization.yaml | 11 +-- .../argo/cluster-scoped/workflow-crd.yaml | 2 +- .../upstream/base/argo/kustomization.yaml | 1 + .../base/argo/workflow-controller-role.yaml | 2 +- .../argo/workflow-controller-rolebinding.yaml | 2 +- .../cache-deployer-rolebinding.yaml | 2 +- .../cluster-scoped/kustomization.yaml | 14 ++-- .../upstream/base/cache/cache-deployment.yaml | 73 ++++++++++--------- .../base/cache/cache-rolebinding.yaml | 2 +- .../upstream/base/cache/cache-service.yaml | 4 +- .../metadata/metadata-grpc-deployment.yaml | 10 ++- .../upstream/base/pipeline-application.yaml | 52 ++++++------- .../scheduled-workflow-crd.yaml | 2 +- .../metadata-writer-rolebinding.yaml | 2 +- .../ml-pipeline-apiserver-deployment.yaml | 24 +++--- .../pipeline/ml-pipeline-apiserver-role.yaml | 2 +- .../ml-pipeline-apiserver-rolebinding.yaml | 2 +- .../ml-pipeline-apiserver-service.yaml | 2 +- ...-pipeline-persistenceagent-deployment.yaml | 8 +- .../ml-pipeline-persistenceagent-role.yaml | 2 +- .../ml-pipeline-persistenceagent-sa.yaml | 2 +- ...pipeline-scheduledworkflow-deployment.yaml | 8 +- ...ipeline-scheduledworkflow-rolebinding.yaml | 2 +- .../pipeline/ml-pipeline-ui-deployment.yaml | 24 +++--- .../base/pipeline/ml-pipeline-ui-sa.yaml | 2 +- .../ml-pipeline-visualization-deployment.yaml | 24 +++--- .../ml-pipeline-visualization-service.yaml | 2 +- .../kustomization.yaml | 2 + pipeline/upstream/env/dev/kustomization.yaml | 7 +- .../cloudsql-proxy-deployment.yaml | 54 +++++++------- .../env/gcp/cloudsql-proxy/kustomization.yaml | 1 + .../env/gcp/cloudsql-proxy/mysql-service.yaml | 2 +- .../env/gcp/gcp-configurations-patch.yaml | 28 +++---- .../env/gcp/inverse-proxy/proxy-role.yaml | 2 +- pipeline/upstream/env/gcp/kustomization.yaml | 21 ++++-- .../gcp/minio-gcs-gateway/kustomization.yaml | 2 + .../minio-gcs-gateway-service.yaml | 8 +- .../env/platform-agnostic/kustomization.yaml | 18 +++-- .../minio/kustomization.yaml | 2 + .../mysql/kustomization.yaml | 1 + .../mysql/mysql-deployment.yaml | 2 +- .../mysql/mysql-service.yaml | 3 +- .../kustomization.yaml | 6 +- pipeline/upstream/sample/kustomization.yaml | 21 ++++-- 49 files changed, 294 insertions(+), 251 deletions(-) diff --git a/pipeline/upstream/base/application/application-controller-deployment.yaml b/pipeline/upstream/base/application/application-controller-deployment.yaml index b4cc7042d9..0278b03500 100644 --- a/pipeline/upstream/base/application/application-controller-deployment.yaml +++ b/pipeline/upstream/base/application/application-controller-deployment.yaml @@ -17,22 +17,22 @@ spec: controller-tools.k8s.io: "1.0" spec: containers: - - command: - - /root/manager - # A customized image with https://github.com/kubernetes-sigs/application/pull/127 - image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role - imagePullPolicy: IfNotPresent - name: manager - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - serviceAccountName: application + - command: + - /root/manager + # A customized image with https://github.com/kubernetes-sigs/application/pull/127 + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application \ No newline at end of file diff --git a/pipeline/upstream/base/application/application-controller-role.yaml b/pipeline/upstream/base/application/application-controller-role.yaml index a17dbaea09..ac06135087 100644 --- a/pipeline/upstream/base/application/application-controller-role.yaml +++ b/pipeline/upstream/base/application/application-controller-role.yaml @@ -3,19 +3,19 @@ kind: Role metadata: name: application-manager-role rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - app.k8s.io - resources: - - '*' - verbs: - - '*' + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch + - apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/pipeline/upstream/base/application/application-controller-rolebinding.yaml b/pipeline/upstream/base/application/application-controller-rolebinding.yaml index 71a3f42d24..24b383a180 100644 --- a/pipeline/upstream/base/application/application-controller-rolebinding.yaml +++ b/pipeline/upstream/base/application/application-controller-rolebinding.yaml @@ -7,5 +7,5 @@ roleRef: kind: Role name: application-manager-role subjects: -- kind: ServiceAccount - name: application + - kind: ServiceAccount + name: application diff --git a/pipeline/upstream/base/application/application-controller-service.yaml b/pipeline/upstream/base/application/application-controller-service.yaml index f5f7d8bac6..e4b6086bad 100644 --- a/pipeline/upstream/base/application/application-controller-service.yaml +++ b/pipeline/upstream/base/application/application-controller-service.yaml @@ -10,4 +10,4 @@ spec: control-plane: controller-manager controller-tools.k8s.io: "1.0" ports: - - port: 443 + - port: 443 \ No newline at end of file diff --git a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml index 0cbab2d480..e17455d521 100644 --- a/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml +++ b/pipeline/upstream/base/application/cluster-scoped/application-crd.yaml @@ -43,7 +43,7 @@ spec: type: type: string required: - - src + - src type: object type: array keywords: @@ -223,8 +223,8 @@ spec: type: type: string required: - - type - - status + - type + - status type: object type: array observedGeneration: diff --git a/pipeline/upstream/base/application/kustomization.yaml b/pipeline/upstream/base/application/kustomization.yaml index 8d65bf8915..c35e3eebcb 100644 --- a/pipeline/upstream/base/application/kustomization.yaml +++ b/pipeline/upstream/base/application/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- application-controller-deployment.yaml -- application-controller-role.yaml -- application-controller-rolebinding.yaml -- application-controller-sa.yaml -- application-controller-service.yaml + - application-controller-deployment.yaml + - application-controller-role.yaml + - application-controller-rolebinding.yaml + - application-controller-sa.yaml + - application-controller-service.yaml diff --git a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml index 5a7b6a3aff..2fe424583c 100644 --- a/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml +++ b/pipeline/upstream/base/argo/cluster-scoped/workflow-crd.yaml @@ -64,4 +64,4 @@ spec: shortNames: - wftmpl scope: Namespaced - version: v1alpha1 + version: v1alpha1 \ No newline at end of file diff --git a/pipeline/upstream/base/argo/kustomization.yaml b/pipeline/upstream/base/argo/kustomization.yaml index c949a8ac30..890cb4cb39 100644 --- a/pipeline/upstream/base/argo/kustomization.yaml +++ b/pipeline/upstream/base/argo/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - workflow-controller-configmap.yaml - workflow-controller-deployment.yaml diff --git a/pipeline/upstream/base/argo/workflow-controller-role.yaml b/pipeline/upstream/base/argo/workflow-controller-role.yaml index d79208a99a..03f12ce9d6 100644 --- a/pipeline/upstream/base/argo/workflow-controller-role.yaml +++ b/pipeline/upstream/base/argo/workflow-controller-role.yaml @@ -45,4 +45,4 @@ rules: - watch - update - patch - - delete + - delete \ No newline at end of file diff --git a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml index 0484f455b8..05a7b3a46e 100644 --- a/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml +++ b/pipeline/upstream/base/argo/workflow-controller-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: argo-role subjects: - kind: ServiceAccount - name: argo + name: argo \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml index 36ed4963a5..824a95726e 100644 --- a/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml +++ b/pipeline/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-cache-deployer-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-cache-deployer-sa + name: kubeflow-pipelines-cache-deployer-sa \ No newline at end of file diff --git a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml index 62374373b3..25deaf831f 100644 --- a/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml +++ b/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml @@ -1,9 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: -- cache-deployer-clusterrole.yaml -- cache-deployer-clusterrolebinding.yaml -# HACK: although a service account(SA) is not a cluster-scoped resource. -# Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add -# namespace for the clusterrolebinding's SA ref. -- cache-deployer-sa.yaml + - cache-deployer-clusterrole.yaml + - cache-deployer-clusterrolebinding.yaml + # HACK: although a service account(SA) is not a cluster-scoped resource. + # Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add + # namespace for the clusterrolebinding's SA ref. + - cache-deployer-sa.yaml + diff --git a/pipeline/upstream/base/cache/cache-deployment.yaml b/pipeline/upstream/base/cache/cache-deployment.yaml index 02bfa22a89..e1ba167978 100644 --- a/pipeline/upstream/base/cache/cache-deployment.yaml +++ b/pipeline/upstream/base/cache/cache-deployment.yaml @@ -18,40 +18,45 @@ spec: - name: server image: gcr.io/ml-pipeline/cache-server:dummy env: - - name: DBCONFIG_DRIVER - value: mysql - - name: DBCONFIG_DB_NAME - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: cacheDb - - name: DBCONFIG_HOST_NAME - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: dbHost - - name: DBCONFIG_PORT - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: dbPort - - name: DBCONFIG_USER - valueFrom: - secretKeyRef: - name: mysql-secret - key: username - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-secret - key: password - - name: NAMESPACE_TO_WATCH - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: ["--db_driver=$(DBCONFIG_DRIVER)", "--db_host=$(DBCONFIG_HOST_NAME)", - "--db_port=$(DBCONFIG_PORT)", "--db_name=$(DBCONFIG_DB_NAME)", "--db_user=$(DBCONFIG_USER)", - "--db_password=$(DBCONFIG_PASSWORD)", "--namespace_to_watch=$(NAMESPACE_TO_WATCH)"] + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: cacheDb + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbHost + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: dbPort + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + name: mysql-secret + key: username + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-secret + key: password + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: ["--db_driver=$(DBCONFIG_DRIVER)", + "--db_host=$(DBCONFIG_HOST_NAME)", + "--db_port=$(DBCONFIG_PORT)", + "--db_name=$(DBCONFIG_DB_NAME)", + "--db_user=$(DBCONFIG_USER)", + "--db_password=$(DBCONFIG_PASSWORD)", + "--namespace_to_watch=$(NAMESPACE_TO_WATCH)", + ] imagePullPolicy: Always ports: - containerPort: 8443 diff --git a/pipeline/upstream/base/cache/cache-rolebinding.yaml b/pipeline/upstream/base/cache/cache-rolebinding.yaml index 48541bfb8a..9c8924918f 100644 --- a/pipeline/upstream/base/cache/cache-rolebinding.yaml +++ b/pipeline/upstream/base/cache/cache-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-cache-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-cache + name: kubeflow-pipelines-cache \ No newline at end of file diff --git a/pipeline/upstream/base/cache/cache-service.yaml b/pipeline/upstream/base/cache/cache-service.yaml index 980619837b..5916d541ec 100644 --- a/pipeline/upstream/base/cache/cache-service.yaml +++ b/pipeline/upstream/base/cache/cache-service.yaml @@ -6,5 +6,5 @@ spec: selector: app: cache-server ports: - - port: 443 - targetPort: webhook-api + - port: 443 + targetPort: webhook-api \ No newline at end of file diff --git a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml index 5750e77f09..7e383d5ca2 100644 --- a/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml +++ b/pipeline/upstream/base/metadata/metadata-grpc-deployment.yaml @@ -44,9 +44,13 @@ spec: name: pipeline-install-config key: dbPort command: ["/bin/metadata_store_server"] - args: ["--grpc_port=8080", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_host=$(MYSQL_HOST)", - "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(DBCONFIG_USER)", - "--mysql_config_password=$(DBCONFIG_PASSWORD)"] + args: ["--grpc_port=8080", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(DBCONFIG_USER)", + "--mysql_config_password=$(DBCONFIG_PASSWORD)" + ] ports: - name: grpc-api containerPort: 8080 diff --git a/pipeline/upstream/base/pipeline-application.yaml b/pipeline/upstream/base/pipeline-application.yaml index af30078c88..6d8cdf3232 100644 --- a/pipeline/upstream/base/pipeline-application.yaml +++ b/pipeline/upstream/base/pipeline-application.yaml @@ -5,8 +5,7 @@ metadata: annotations: kubernetes-engine.cloud.google.com/icon: >- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== - marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", - "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' spec: addOwnerRef: true selector: @@ -18,32 +17,33 @@ spec: description: |- Reusable end-to-end ML workflow maintainers: - - name: Google Cloud AI Platform - url: https://cloud.google.com/ai-platform/ - - name: Kubeflow Pipelines - url: https://github.com/kubeflow/pipelines + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines links: - - description: 'Kubeflow Pipelines Documentation' - url: https://www.kubeflow.org/docs/pipelines/ + - description: 'Kubeflow Pipelines Documentation' + url: https://www.kubeflow.org/docs/pipelines/ notes: |- Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + info: - - name: Console - value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' + - name: Console + value: 'https://console.cloud.google.com/ai-platform/pipelines/clusters' componentKinds: - - group: v1 - kind: ServiceAccount - - group: rbac.authorization.k8s.io/v1 - kind: Role - - group: rbac.authorization.k8s.io/v1 - kind: RoleBinding - - group: v1 - kind: Service - - group: v1 - kind: PersistentVolumeClaim - - group: v1 - kind: ConfigMap - - group: v1 - kind: Secret - - group: apps/v1 - kind: Deployment + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: PersistentVolumeClaim + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment diff --git a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml index 22dc3c8a00..623e183494 100644 --- a/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml +++ b/pipeline/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml @@ -15,4 +15,4 @@ spec: versions: - name: v1beta1 served: true - storage: true + storage: true \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml index 37263d4a8c..5a6c1fef24 100644 --- a/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml +++ b/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: kubeflow-pipelines-metadata-writer-role subjects: - kind: ServiceAccount - name: kubeflow-pipelines-metadata-writer + name: kubeflow-pipelines-metadata-writer \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 46dbc98dd5..f9e23fbe79 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -72,24 +72,24 @@ spec: readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml index 3fdfeaaa9f..fe8146b3d8 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -35,4 +35,4 @@ rules: - list - update - patch - - delete + - delete \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml index 78cef70d51..c4ef4f5ffe 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -10,4 +10,4 @@ roleRef: name: ml-pipeline subjects: - kind: ServiceAccount - name: ml-pipeline + name: ml-pipeline \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml index 49de02bafb..4ac2ba4ac9 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -13,4 +13,4 @@ spec: protocol: TCP targetPort: 8887 selector: - app: ml-pipeline + app: ml-pipeline \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml index 968f13a6cf..0591088b12 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -15,10 +15,10 @@ spec: spec: containers: - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:dummy imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml index 72757fffd8..830ee8b14e 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -18,4 +18,4 @@ rules: verbs: - get - list - - watch + - watch \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml index 158591534c..4725287b37 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml index c0ff7e68df..d0cbe3f9a0 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -18,8 +18,8 @@ spec: imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace serviceAccountName: ml-pipeline-scheduledworkflow diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml index c2d10f6e63..e9429f3662 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -8,4 +8,4 @@ roleRef: name: ml-pipeline-scheduledworkflow-role subjects: - kind: ServiceAccount - name: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml index dddff8c987..70664377c7 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -39,24 +39,24 @@ spec: readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:3000/apis/v1beta1/healthz + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:3000/apis/v1beta1/healthz initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml index 4c890a27bb..06bc445384 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-ui-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: ml-pipeline-ui + name: ml-pipeline-ui \ No newline at end of file diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml index a755e51be7..89ed745ed3 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml @@ -23,24 +23,24 @@ spec: readinessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 livenessProbe: exec: command: - - wget - - -q # quiet - - -S # show server response - - -O - - "-" # Redirect output to stdout - - http://localhost:8888/ + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/ initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 diff --git a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml index a4c7e42cb0..83c7dd6750 100644 --- a/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml +++ b/pipeline/upstream/base/pipeline/ml-pipeline-visualization-service.yaml @@ -9,4 +9,4 @@ spec: protocol: TCP targetPort: 8888 selector: - app: ml-pipeline-visualizationserver + app: ml-pipeline-visualizationserver \ No newline at end of file diff --git a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml index fb3f5aae97..911c595cf0 100644 --- a/pipeline/upstream/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/cluster-scoped-resources/kustomization.yaml @@ -1,6 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + namespace: kubeflow + resources: - namespace.yaml bases: diff --git a/pipeline/upstream/env/dev/kustomization.yaml b/pipeline/upstream/env/dev/kustomization.yaml index 96318d6f63..7510e9641d 100644 --- a/pipeline/upstream/env/dev/kustomization.yaml +++ b/pipeline/upstream/env/dev/kustomization.yaml @@ -1,13 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../platform-agnostic -- ../gcp/inverse-proxy + - ../platform-agnostic + - ../gcp/inverse-proxy + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources namespace: kubeflow diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml index 001dd89247..434afd2ee8 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -15,30 +15,32 @@ spec: app: cloudsqlproxy spec: containers: - - image: gcr.io/cloudsql-docker/gce-proxy:1.14 - name: cloudsqlproxy - env: - - name: GCP_CLOUDSQL_INSTANCE_NAME - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: gcsCloudSqlInstanceName - command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", - "term_timeout=10s"] - # set term_timeout if require graceful handling of shutdown - # NOTE: proxy will stop accepting new connections; only wait on existing connections - lifecycle: - preStop: - exec: - # (optional) add a preStop hook so that termination is delayed - # this is required if your server still require new connections (e.g., connection pools) - command: ['sleep', '10'] - ports: - - name: mysql - containerPort: 3306 - volumeMounts: - - mountPath: /cloudsql - name: cloudsql + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + name: cloudsqlproxy + env: + - name: GCP_CLOUDSQL_INSTANCE_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsCloudSqlInstanceName + command: ["/cloud_sql_proxy", + "-dir=/cloudsql", + "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: mysql + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql volumes: - - name: cloudsql - emptyDir: + - name: cloudsql + emptyDir: diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml index 87f162bcbd..7c4a112164 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - cloudsql-proxy-deployment.yaml - mysql-service.yaml diff --git a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml index d93921d040..f97dbc3a20 100644 --- a/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml +++ b/pipeline/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml @@ -4,6 +4,6 @@ metadata: name: mysql spec: ports: - - port: 3306 + - port: 3306 selector: app: cloudsqlproxy diff --git a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml index a02ce98c71..5e725b536d 100644 --- a/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml +++ b/pipeline/upstream/env/gcp/gcp-configurations-patch.yaml @@ -6,17 +6,17 @@ spec: template: spec: containers: - - name: ml-pipeline-api-server - env: - - name: HAS_DEFAULT_BUCKET - value: 'true' - - name: BUCKET_NAME - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: bucketName - - name: PROJECT_ID - valueFrom: - configMapKeyRef: - name: pipeline-install-config - key: gcsProjectId + - name: ml-pipeline-api-server + env: + - name: HAS_DEFAULT_BUCKET + value: 'true' + - name: BUCKET_NAME + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: bucketName + - name: PROJECT_ID + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: gcsProjectId diff --git a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml index b4fae7b750..d6c03d5d04 100644 --- a/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml +++ b/pipeline/upstream/env/gcp/inverse-proxy/proxy-role.yaml @@ -10,4 +10,4 @@ rules: resources: - configmaps verbs: - - '*' + - '*' \ No newline at end of file diff --git a/pipeline/upstream/env/gcp/kustomization.yaml b/pipeline/upstream/env/gcp/kustomization.yaml index 8cc703dbb8..a6aadea054 100644 --- a/pipeline/upstream/env/gcp/kustomization.yaml +++ b/pipeline/upstream/env/gcp/kustomization.yaml @@ -1,22 +1,27 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../../base -- inverse-proxy -- minio-gcs-gateway -- cloudsql-proxy + - ../../base + - inverse-proxy + - minio-gcs-gateway + - cloudsql-proxy + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml namespace: kubeflow + patchesStrategicMerge: -- gcp-configurations-patch.yaml + - gcp-configurations-patch.yaml + # Used by Kustomize configMapGenerator: -- name: pipeline-install-config - envs: ["params.env"] - behavior: merge + - name: pipeline-install-config + envs: ["params.env"] + behavior: merge diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml index 728b4d3730..08876d3990 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml @@ -1,8 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - minio-gcs-gateway-deployment.yaml - minio-gcs-gateway-service.yaml + secretGenerator: - name: mlpipeline-minio-artifact envs: ["minio-artifact-secret.env"] diff --git a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml index 6f542967e7..7dd1817496 100644 --- a/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml +++ b/pipeline/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml @@ -4,8 +4,8 @@ metadata: name: minio-service spec: ports: - - port: 9000 - targetPort: 9000 - protocol: TCP + - port: 9000 + targetPort: 9000 + protocol: TCP selector: - app: minio + app: minio \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/kustomization.yaml index c5773ad03f..20db7f9b8b 100644 --- a/pipeline/upstream/env/platform-agnostic/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/kustomization.yaml @@ -1,19 +1,23 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -- ../../base -- minio -- mysql + - ../../base + - minio + - mysql + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # !!! If you want to customize the namespace, # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml namespace: kubeflow + images: -- name: mysql - newTag: "5.6" -- name: minio/minio - newTag: RELEASE.2018-02-09T22-40-05Z + - name: mysql + newTag: "5.6" + - name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z diff --git a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml index 48161f4f25..daae052f4d 100644 --- a/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/minio/kustomization.yaml @@ -1,9 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - minio-deployment.yaml - minio-pvc.yaml - minio-service.yaml + secretGenerator: - name: mlpipeline-minio-artifact envs: ["minio-artifact-secret.env"] diff --git a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml index 93af2924b5..672ab517b5 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + resources: - mysql-deployment.yaml - mysql-pv-claim.yaml diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml index ab9386e25c..91c9910768 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-deployment.yaml @@ -30,4 +30,4 @@ spec: volumes: - name: mysql-persistent-storage persistentVolumeClaim: - claimName: mysql-pv-claim + claimName: mysql-pv-claim \ No newline at end of file diff --git a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml index a13ed76774..d52482770e 100644 --- a/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml +++ b/pipeline/upstream/env/platform-agnostic/mysql/mysql-service.yaml @@ -4,7 +4,8 @@ metadata: name: mysql spec: ports: - - port: 3306 # We cannot have name: mysql here, because some requests through istio fail with it. + - # We cannot have name: mysql here, because some requests through istio fail with it. + port: 3306 protocol: TCP targetPort: 3306 selector: diff --git a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml index 191863b5ba..83c54aa99c 100644 --- a/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml +++ b/pipeline/upstream/sample/cluster-scoped-resources/kustomization.yaml @@ -1,8 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + # !!! If you want to customize the namespace, # please also update sample/kustomization.yaml's namespace field to the same value namespace: kubeflow + bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 -- ../../cluster-scoped-resources + # Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 + - ../../cluster-scoped-resources diff --git a/pipeline/upstream/sample/kustomization.yaml b/pipeline/upstream/sample/kustomization.yaml index 85fa9059be..1cd7a8cdd7 100644 --- a/pipeline/upstream/sample/kustomization.yaml +++ b/pipeline/upstream/sample/kustomization.yaml @@ -1,22 +1,27 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + bases: -# Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 -- ../env/gcp + # Or github.com/kubeflow/pipelines/manifests/kustomize/env/gcp?ref=1.0.0 + - ../env/gcp + # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected # when application is deleted. commonLabels: application-crd-id: kubeflow-pipelines + # Used by Kustomize configMapGenerator: -- name: pipeline-install-config - envs: ["params.env"] - behavior: merge + - name: pipeline-install-config + envs: ["params.env"] + behavior: merge + secretGenerator: -- name: mysql-secret - envs: ["params-db-secret.env"] - behavior: merge + - name: mysql-secret + envs: ["params-db-secret.env"] + behavior: merge + # !!! If you want to customize the namespace, # please also update sample/cluster-scoped-resources/kustomization.yaml's namespace field to the same value namespace: kubeflow