Argo Workflows #1252
Argo Workflows #1252
Conversation
…ces, add custom options for argo helm chart
…rbac for individual argo workflows components
* Mdformat tables (#1186) * Add mdformat-tables * Run mdformat on all files * mdformat only docs folder (restore .github md files) * Fix some vale, restore README/RELEASE * [ImgBot] Optimize images (#1187) /docs/source/images/dev_postman_for_keycloak.png -- 298.79kb -> 270.60kb (9.44%) Signed-off-by: ImgBotApp <ImgBotHelp@gmail.com> Co-authored-by: ImgBotApp <ImgBotHelp@gmail.com> * Bump conda-store version to 0.3.14 (#1192) * Allow terraform init to upgrade providers within version specification (#1194) * Allow terraform init to upgrade providers within version specification Closes #1193 * Black formatting * Adding missing __init__ files (#1196) * Adding missing __init__ files Closes #1195 * Explicitely using qhub for package * Give hint on what to include * Release 0.3.15 for Conda-Store (#1205) * Profilegroups (#1203) * Fix in case groups is None * access all/keycloak/yaml * jupyterlabproflies mapper * Keycloak profiles working * ignore changes to keycloak group attributes * qhub upgrade for jupyterlab profiles * docs for jupyterlabprofiles * Renamed to jupyterlab_profiles * Render `.gitignore`, black py files (#1206) * Render .gitignore * Render clean .gitignore * Add unit test * Upgrade black * Upgrade black * black format * exclude qhub/_version.py from black * Black what needs blackening * Fix * Fix * Update qhub-dask version (#1224) * Fix env doc links and add corresponding tests (#1216) * Fix env doc links and add corresponding tests * fix broken image link * fix black formatting * map(any) -> any (#1213) * Update release notes - justification for changes in `v0.4.0` (#1178) * Update release notes * Remove ref to cookiecutter * Update link-checker version * Fix * Use lycee link-checker instead * Remove lycee, update md config.json * Revert version * Release notes cleanup * Rewording * Add to vocab * Fix table * Add explicit warning about release * Update README.md Fixed some syntax/grammar issues. * Minor updates Co-authored-by: Christopher Ostrouchov <chris.ostrouchov@gmail.com> Co-authored-by: Shannon <magsol@gmail.com> * Merge spawner and profile env vars * Support for pinning the IP address of the load balancer via terraform overrides (#1235) * Suport adding load balancer annotations and ip via terraform overrides * add documentation for terraform overrides * make terraform overrides being able to override any variable * Bump moment from 2.29.1 to 2.29.2 in /tests_e2e (#1241) Bumps [moment](https://github.com/moment/moment) from 2.29.1 to 2.29.2. - [Release notes](https://github.com/moment/moment/releases) - [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md) - [Commits](moment/moment@2.29.1...2.29.2) --- updated-dependencies: - dependency-name: moment dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update cdsdashboards to 0.6.1, Voila to 0.3.5 (#1240) * Update cdsdashboards to 0.6.1 * voila v0.3.5 * Bump minimist from 1.2.5 to 1.2.6 in /tests_e2e (#1208) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * output check fix (#1244) Co-authored-by: Adam-D-Lewis <> * Add auth to argo * add argo_workflows value to qhub init command * update black version * update black in setup.cfg Co-authored-by: Dan Lester <dan@ideonate.com> Co-authored-by: imgbot[bot] <31301654+imgbot[bot]@users.noreply.github.com> Co-authored-by: ImgBotApp <ImgBotHelp@gmail.com> Co-authored-by: Christopher Ostrouchov <chris.ostrouchov@gmail.com> Co-authored-by: Amit Kumar <dtu.amit@gmail.com> Co-authored-by: Shannon <magsol@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Adam Lewis <23342526+Adam-D-Lewis@users.noreply.github.com> Co-authored-by: Adam-D-Lewis <>
|
With the latest commit, I was able to deploy (without the need the cert) and login: The only remaining issue is the health check at the end of the deployment for |
...mplate/stages/07-kubernetes-services/modules/kubernetes/services/argo-workflows/variables.tf
Outdated
Show resolved
Hide resolved
|
I've noticed that I get a 401 (Unauthorized) status code when visiting |
|
Good catch @Adam-D-Lewis! The kubernetes test is now passing 🙌 @costrouc I think this PR is ready for another review :) |
|
The only remaining failing test appears to be unrelated to this PR, and I've opened an issue tracking it. |
qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/argo-workflows/main.tf
Outdated
Show resolved
Hide resolved
|
I made some more progress on the roles stuff in the latest commit. We may need to delete the insecure-skip-no-verify stuff still. Also, in the Argo UI, we can see all the roles (jupyterhub, dask, others) instead of just argo roles. Argo maps roles to service accounts via service account annotations. More info at https://argoproj.github.io/argo-workflows/argo-server-sso/#sso-rbac.
|
This is a bug in how the https://github.com/Quansight/qhub/tree/main/qhub/template/stages/07-kubernetes-services/modules/kubernetes/services/keycloak-client is configured. Not an issue on your end! |
|
Okay, I think this is ready for re-review @costrouc. Only vale CI test is failing, but I don't know how to disable or override them. Do I need to do that before merging? |
|
@Adam-D-Lewis I'd love to test this out. I likely won't have time until next week but I will put it on my todo list. From looking at the code this looks great it is in great shape! |
Fixes | Closes | Resolves #
Changes introduced in this PR:
Types of changes
What types of changes does your PR introduce?
Put an
xin the boxes that applyTesting
Requires testing
In case you checked yes, did you write tests?
Documentation
Does your contribution include breaking changes or deprecations?
If so have you updated the documentation?
Further comments (optional)
If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered and more.