diff --git a/kfctl_k8s_istio.yaml b/kfctl_k8s_istio.yaml index ceaca08..ecb710a 100644 --- a/kfctl_k8s_istio.yaml +++ b/kfctl_k8s_istio.yaml @@ -57,6 +57,11 @@ spec: name: manifests path: istio/istio name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller - kustomizeConfig: overlays: - istio @@ -83,7 +88,13 @@ spec: name: centraldashboard - kustomizeConfig: overlays: - - cert-manager + - application + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + overlays: - application repoRef: name: manifests @@ -310,5 +321,5 @@ spec: name: seldon-core-operator repos: - name: manifests - uri: https://github.com/kubeflow/manifests/archive/v1.0.2.tar.gz - version: v1.0.2 + uri: https://github.com/kubeflow/manifests/archive/v1.1.0.tar.gz + version: v1.1.0 diff --git a/kustomize/api-service/base/config-map.yaml b/kustomize/api-service/base/config-map.yaml index 1114392..d005eec 100644 --- a/kustomize/api-service/base/config-map.yaml +++ b/kustomize/api-service/base/config-map.yaml @@ -8,12 +8,14 @@ data: "DBConfig": { "DriverName": "mysql", "DataSourceName": "", - "DBName": "mlpipeline" + "DBName": "mlpipeline", + "GroupConcatMaxLen": "4194304" }, "ObjectStoreConfig":{ "AccessKey": "minio", "SecretAccessKey": "minio123", - "BucketName": "mlpipeline" + "BucketName": "mlpipeline", + "Secure": false }, "InitConnectionTimeout": "6m", "DefaultPipelineRunnerServiceAccount": "pipeline-runner", diff --git a/kustomize/api-service/base/deployment.yaml b/kustomize/api-service/base/deployment.yaml index 424e79b..67c3eeb 100644 --- a/kustomize/api-service/base/deployment.yaml +++ b/kustomize/api-service/base/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: ml-pipeline spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: ml-pipeline-api-server @@ -15,9 +18,9 @@ spec: image: gcr.io/ml-pipeline/api-server imagePullPolicy: IfNotPresent command: - - apiserver + - apiserver - --config=/etc/ml-pipeline-config - - --sampleconfig=/config/sample_config.json + - --sampleconfig=/config/sample_config.json - -logtostderr=true ports: - containerPort: 8888 @@ -25,7 +28,7 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/ml-pipeline-config - serviceAccountName: ml-pipeline + serviceAccountName: ml-pipeline volumes: - name: config-volume configMap: diff --git a/kustomize/api-service/kustomization.yaml b/kustomize/api-service/kustomization.yaml index ac17f53..29b7ec2 100644 --- a/kustomize/api-service/kustomization.yaml +++ b/kustomize/api-service/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/api-service/overlays/application/kustomization.yaml b/kustomize/api-service/overlays/application/kustomization.yaml index b6b7750..a42bf37 100644 --- a/kustomize/api-service/overlays/application/kustomization.yaml +++ b/kustomize/api-service/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: api-service - app.kubernetes.io/instance: api-service-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: api-service - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/api-service/overlays/external-mysql/kustomization.yaml b/kustomize/api-service/overlays/external-mysql/kustomization.yaml index e86ecf2..ed28a20 100644 --- a/kustomize/api-service/overlays/external-mysql/kustomization.yaml +++ b/kustomize/api-service/overlays/external-mysql/kustomization.yaml @@ -6,7 +6,8 @@ patchesStrategicMerge: - config-map.yaml configMapGenerator: - name: pipeline-external-mysql-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/application-crds/base/crd.yaml b/kustomize/application-crds/base/crd.yaml index 133342c..bd5a7b2 100644 --- a/kustomize/application-crds/base/crd.yaml +++ b/kustomize/application-crds/base/crd.yaml @@ -231,9 +231,3 @@ spec: type: integer type: object version: v1beta1 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/application/base/kustomization.yaml b/kustomize/application/base/kustomization.yaml index dcc6709..7cb68a1 100644 --- a/kustomize/application/base/kustomization.yaml +++ b/kustomize/application/base/kustomization.yaml @@ -10,7 +10,8 @@ namespace: kubeflow nameprefix: application-controller- configMapGenerator: - name: parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true images: diff --git a/kustomize/application/base/stateful-set.yaml b/kustomize/application/base/stateful-set.yaml index 6c1d74c..11e52d8 100644 --- a/kustomize/application/base/stateful-set.yaml +++ b/kustomize/application/base/stateful-set.yaml @@ -21,6 +21,8 @@ spec: image: gcr.io/kubeflow-images-public/kubernetes-sigs/application imagePullPolicy: Always env: + # TODO(https://github.com/kubeflow/manifests/issues/1043) + # Do we really need this? - name: project value: $(project) serviceAccountName: service-account diff --git a/kustomize/application/kustomization.yaml b/kustomize/application/kustomization.yaml index 69d42b7..9f1a433 100644 --- a/kustomize/application/kustomization.yaml +++ b/kustomize/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: kubeflow - app.kubernetes.io/instance: kubeflow-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: kubeflow - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/application/overlays/application/application.yaml b/kustomize/application/overlays/application/application.yaml index 2e954db..8824962 100644 --- a/kustomize/application/overlays/application/application.yaml +++ b/kustomize/application/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: kubeflow - app.kubernetes.io/instance: kubeflow-v1.0.0 + app.kubernetes.io/instance: kubeflow-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: kubeflow app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: app.k8s.io kind: Application diff --git a/kustomize/application/overlays/application/kustomization.yaml b/kustomize/application/overlays/application/kustomization.yaml index 1b821f5..fcba25a 100644 --- a/kustomize/application/overlays/application/kustomization.yaml +++ b/kustomize/application/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: kubeflow - app.kubernetes.io/instance: kubeflow-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: kubeflow - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: kubeflow +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/argo/base/cluster-role.yaml b/kustomize/argo/base/cluster-role.yaml index c66e090..5b7fee9 100644 --- a/kustomize/argo/base/cluster-role.yaml +++ b/kustomize/argo/base/cluster-role.yaml @@ -45,6 +45,12 @@ rules: - watch - update - patch +- apiGroups: + - sparkoperator.k8s.io + resources: + - sparkapplications + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole diff --git a/kustomize/argo/base/kustomization.yaml b/kustomize/argo/base/kustomization.yaml index 481dad1..2b7507b 100644 --- a/kustomize/argo/base/kustomization.yaml +++ b/kustomize/argo/base/kustomization.yaml @@ -19,7 +19,8 @@ images: newTag: v2.3.0 configMapGenerator: - name: workflow-controller-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/argo/base/service.yaml b/kustomize/argo/base/service.yaml index 412f4ef..c8f65a1 100644 --- a/kustomize/argo/base/service.yaml +++ b/kustomize/argo/base/service.yaml @@ -1,14 +1,6 @@ apiVersion: v1 kind: Service metadata: - annotations: - getambassador.io/config: |- - --- - apiVersion: ambassador/v0 - kind: Mapping - name: argo-ui-mapping - prefix: /argo/ - service: argo-ui.$(namespace) labels: app: argo-ui name: argo-ui @@ -20,4 +12,4 @@ spec: selector: app: argo-ui sessionAffinity: None - type: ClusterIP + type: ClusterIP diff --git a/kustomize/argo/base_v3/kustomization.yaml b/kustomize/argo/base_v3/kustomization.yaml new file mode 100644 index 0000000..a6ba27c --- /dev/null +++ b/kustomize/argo/base_v3/kustomization.yaml @@ -0,0 +1,102 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../base/cluster-role-binding.yaml +- ../base/cluster-role.yaml +- ../base/config-map.yaml +- ../base/crd.yaml +- ../base/deployment.yaml +- ../base/service-account.yaml +- ../base/service.yaml +- ../overlays/istio/virtual-service.yaml +- ../overlays/application/application.yaml +commonLabels: + kustomize.component: argo + app.kubernetes.io/component: argo + app.kubernetes.io/name: argo +images: +- name: argoproj/argoui + newName: argoproj/argoui + newTag: v2.3.0 +- name: argoproj/workflow-controller + newName: argoproj/workflow-controller + newTag: v2.3.0 +configMapGenerator: +- name: workflow-controller-parameters + envs: + - ../base/params.env +generatorOptions: + disableNameSuffixHash: true +vars: +- name: executorImage + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.executorImage +- name: containerRuntimeExecutor + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.containerRuntimeExecutor +- name: artifactRepositoryBucket + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryBucket +- name: artifactRepositoryKeyPrefix + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryKeyPrefix +- name: artifactRepositoryEndpoint + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryEndpoint +- name: artifactRepositoryInsecure + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryInsecure +- name: artifactRepositoryAccessKeySecretName + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryAccessKeySecretName +- name: artifactRepositoryAccessKeySecretKey + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositoryAccessKeySecretKey +- name: artifactRepositorySecretKeySecretName + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositorySecretKeySecretName +- name: artifactRepositorySecretKeySecretKey + objref: + kind: ConfigMap + name: workflow-controller-parameters + apiVersion: v1 + fieldref: + fieldpath: data.artifactRepositorySecretKeySecretKey +configurations: +- params.yaml diff --git a/kustomize/argo/base_v3/params.yaml b/kustomize/argo/base_v3/params.yaml new file mode 100644 index 0000000..ddd470a --- /dev/null +++ b/kustomize/argo/base_v3/params.yaml @@ -0,0 +1,5 @@ +varReference: +- path: data/config + kind: ConfigMap +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/kustomize/argo/kustomization.yaml b/kustomize/argo/kustomization.yaml index 5856d4a..e4a3443 100644 --- a/kustomize/argo/kustomization.yaml +++ b/kustomize/argo/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: argo - app.kubernetes.io/instance: argo-v2.3.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: argo - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v2.3.0 configurations: - overlays/istio/params.yaml kind: Kustomization diff --git a/kustomize/argo/overlays/application/application.yaml b/kustomize/argo/overlays/application/application.yaml index ca45c4a..b3a4cdd 100644 --- a/kustomize/argo/overlays/application/application.yaml +++ b/kustomize/argo/overlays/application/application.yaml @@ -6,11 +6,7 @@ spec: selector: matchLabels: app.kubernetes.io/name: argo - app.kubernetes.io/instance: argo-v2.3.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: argo - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v2.3.0 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/argo/overlays/application/kustomization.yaml b/kustomize/argo/overlays/application/kustomization.yaml index 0774d4f..1f5a6fe 100644 --- a/kustomize/argo/overlays/application/kustomization.yaml +++ b/kustomize/argo/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: argo - app.kubernetes.io/instance: argo-v2.3.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: argo - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v2.3.0 + app.kubernetes.io/name: argo +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/bootstrap/base/cluster-role-binding.yaml b/kustomize/bootstrap/base/cluster-role-binding.yaml new file mode 100644 index 0000000..c868ca5 --- /dev/null +++ b/kustomize/bootstrap/base/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-role +subjects: +- kind: ServiceAccount + name: service-account diff --git a/kustomize/bootstrap/base/cluster-role.yaml b/kustomize/bootstrap/base/cluster-role.yaml new file mode 100644 index 0000000..5cb8e6e --- /dev/null +++ b/kustomize/bootstrap/base/cluster-role.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: cluster-role +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + verbs: + - '*' +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + diff --git a/kustomize/bootstrap/base/config-map.yaml b/kustomize/bootstrap/base/config-map.yaml new file mode 100644 index 0000000..fd9bef8 --- /dev/null +++ b/kustomize/bootstrap/base/config-map.yaml @@ -0,0 +1,131 @@ +apiVersion: v1 +data: + create_ca.sh: | + #!/bin/bash + + set -e + + usage() { + cat <> ${tmpdir}/csr.conf + [req] + req_extensions = v3_req + distinguished_name = req_distinguished_name + [req_distinguished_name] + [ v3_req ] + basicConstraints = CA:FALSE + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + extendedKeyUsage = serverAuth + subjectAltName = @alt_names + [alt_names] + DNS.1 = ${service} + DNS.2 = ${service}.${namespace} + DNS.3 = ${service}.${namespace}.svc + EOF + + openssl genrsa -out ${tmpdir}/server-key.pem 2048 + openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf + + # Self sign + openssl x509 -req -days 365 -in ${tmpdir}/server.csr -CA ${tmpdir}/self_ca.crt -CAkey ${tmpdir}/self_ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem + + # create the secret with CA cert and server cert/key + kubectl create secret generic ${secret} \ + --from-file=key.pem=${tmpdir}/server-key.pem \ + --from-file=cert.pem=${tmpdir}/server-cert.pem \ + --dry-run -o yaml | + kubectl -n ${namespace} apply -f - + + # Webhook pod needs to be restarted so that the service reload the secret + # http://github.com/kueflow/kubeflow/issues/3227 + webhookPod=$(kubectl get pods -n ${namespace} |grep ${webhookDeploymentName} |awk '{print $1;}') + # ignore error if webhook pod does not exist + kubectl delete pod ${webhookPod} 2>/dev/null || true + echo "webhook ${webhookPod} is restarted to utilize the new secret" + + cat ${tmpdir}/self_ca.crt + + # -a means base64 encode + caBundle=$(cat ${tmpdir}/self_ca.crt | openssl enc -a -A) + echo ${caBundle} + + patchString='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{CA_BUNDLE}}"}]' + patchString=$(echo ${patchString} | sed "s|{{CA_BUNDLE}}|${caBundle}|g") + echo ${patchString} + + checkWebhookConfig() { + currentBundle=$(kubectl get mutatingwebhookconfigurations -n ${namespace} ${mutatingWebhookConfigName} -o jsonpath='{.webhooks[0].clientConfig.caBundle}') + [[ "$currentBundle" == "$caBundle" ]] + } + + while true; do + if ! checkWebhookConfig; then + echo "patching ca bundle for webhook configuration..." + kubectl patch mutatingwebhookconfiguration ${mutatingWebhookConfigName} \ + --type='json' -p="${patchString}" + fi + sleep 10 + done +kind: ConfigMap +metadata: + name: config-map diff --git a/kustomize/bootstrap/base/kustomization.yaml b/kustomize/bootstrap/base/kustomization.yaml new file mode 100644 index 0000000..2f66c0e --- /dev/null +++ b/kustomize/bootstrap/base/kustomization.yaml @@ -0,0 +1,40 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- cluster-role-binding.yaml +- cluster-role.yaml +- config-map.yaml +- service-account.yaml +- stateful-set.yaml +commonLabels: + kustomize.component: admission-webhook-bootstrap +namePrefix: admission-webhook-bootstrap- +images: +- name: gcr.io/kubeflow-images-public/ingress-setup + newName: gcr.io/kubeflow-images-public/ingress-setup + newTag: latest +generatorOptions: + disableNameSuffixHash: true +configurations: +- params.yaml +namespace: kubeflow +configMapGenerator: +- name: config-map + behavior: merge + envs: + - params.env +vars: +- name: webhookNamePrefix + objref: + kind: ConfigMap + name: config-map + apiVersion: v1 + fieldref: + fieldpath: data.webhookNamePrefix +- name: namespace + objref: + kind: ConfigMap + name: config-map + apiVersion: v1 + fieldref: + fieldpath: data.namespace diff --git a/kustomize/bootstrap/base/params.env b/kustomize/bootstrap/base/params.env new file mode 100644 index 0000000..764fb2f --- /dev/null +++ b/kustomize/bootstrap/base/params.env @@ -0,0 +1,2 @@ +namespace=kubeflow +webhookNamePrefix=admission-webhook- diff --git a/kustomize/bootstrap/base/params.yaml b/kustomize/bootstrap/base/params.yaml new file mode 100644 index 0000000..3c77a16 --- /dev/null +++ b/kustomize/bootstrap/base/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: data/create_ca.sh + kind: ConfigMap diff --git a/kustomize/bootstrap/base/service-account.yaml b/kustomize/bootstrap/base/service-account.yaml new file mode 100644 index 0000000..a36cbd8 --- /dev/null +++ b/kustomize/bootstrap/base/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: service-account diff --git a/kustomize/bootstrap/base/stateful-set.yaml b/kustomize/bootstrap/base/stateful-set.yaml new file mode 100644 index 0000000..a84c273 --- /dev/null +++ b/kustomize/bootstrap/base/stateful-set.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: stateful-set +spec: + replicas: 1 + serviceName: service + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - command: + - sh + - /var/webhook-config/create_ca.sh + image: gcr.io/kubeflow-images-public/ingress-setup:latest + name: bootstrap + volumeMounts: + - mountPath: /var/webhook-config/ + name: admission-webhook-config + restartPolicy: Always + serviceAccountName: service-account + volumes: + - configMap: + name: config-map + name: admission-webhook-config + # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677 + volumeClaimTemplates: [] diff --git a/kustomize/bootstrap/kustomization.yaml b/kustomize/bootstrap/kustomization.yaml new file mode 100644 index 0000000..872edf8 --- /dev/null +++ b/kustomize/bootstrap/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +bases: +- base +commonLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap +kind: Kustomization +namespace: kubeflow +resources: +- overlays/application/application.yaml diff --git a/kustomize/bootstrap/overlays/application/application.yaml b/kustomize/bootstrap/overlays/application/application.yaml new file mode 100644 index 0000000..2ed77f1 --- /dev/null +++ b/kustomize/bootstrap/overlays/application/application.yaml @@ -0,0 +1,34 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: bootstrap +spec: + selector: + matchLabels: + app.kubernetes.io/name: bootstrap + app.kubernetes.io/instance: bootstrap-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/component: bootstrap + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 + componentKinds: + - group: core + kind: ConfigMap + - group: apps + kind: StatefulSet + - group: core + kind: ServiceAccount + descriptor: + type: bootstrap + version: v1beta1 + description: Bootstraps the admission-webhook controller + maintainers: [] + owners: [] + keywords: + - admission-webhook + - kubeflow + links: + - description: About + url: https://github.com/kubeflow/kubeflow/tree/master/components/admission-webhook + addOwnerRef: true + diff --git a/kustomize/bootstrap/overlays/application/kustomization.yaml b/kustomize/bootstrap/overlays/application/kustomization.yaml new file mode 100644 index 0000000..ea76c63 --- /dev/null +++ b/kustomize/bootstrap/overlays/application/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +bases: +- ../../base +commonLabels: + app.kubernetes.io/component: bootstrap + app.kubernetes.io/name: bootstrap +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/centraldashboard/base/deployment.yaml b/kustomize/centraldashboard/base/deployment.yaml index 1d079c7..e48e2a7 100644 --- a/kustomize/centraldashboard/base/deployment.yaml +++ b/kustomize/centraldashboard/base/deployment.yaml @@ -13,6 +13,8 @@ spec: metadata: labels: app: centraldashboard + annotations: + sidecar.istio.io/inject: "false" spec: containers: - image: gcr.io/kubeflow-images-public/centraldashboard @@ -27,13 +29,6 @@ spec: ports: - containerPort: 8082 protocol: TCP - env: - - name: USERID_HEADER - value: $(userid-header) - - name: USERID_PREFIX - value: $(userid-prefix) - - name: PROFILES_KFAM_SERVICE_HOST - value: profiles-kfam.kubeflow serviceAccountName: centraldashboard imagePullSecrets: - name: k8scc01covidacr-registry-connection diff --git a/kustomize/centraldashboard/base/deployment_patch.yaml b/kustomize/centraldashboard/base/deployment_patch.yaml new file mode 100644 index 0000000..591c634 --- /dev/null +++ b/kustomize/centraldashboard/base/deployment_patch.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: centraldashboard +spec: + template: + spec: + containers: + - name: centraldashboard + env: + - name: USERID_HEADER + value: $(userid-header) + - name: USERID_PREFIX + value: $(userid-prefix) + - name: PROFILES_KFAM_SERVICE_HOST + value: profiles-kfam.kubeflow diff --git a/kustomize/centraldashboard/base/kustomization.yaml b/kustomize/centraldashboard/base/kustomization.yaml index 652f125..c411e84 100644 --- a/kustomize/centraldashboard/base/kustomization.yaml +++ b/kustomize/centraldashboard/base/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow resources: - clusterrole-binding.yaml - clusterrole.yaml @@ -8,6 +9,8 @@ resources: - role.yaml - service-account.yaml - service.yaml +patchesStrategicMerge: +- deployment_patch.yaml namespace: kubeflow commonLabels: kustomize.component: centraldashboard diff --git a/kustomize/centraldashboard/base_v3/kustomization.yaml b/kustomize/centraldashboard/base_v3/kustomization.yaml new file mode 100644 index 0000000..169ef78 --- /dev/null +++ b/kustomize/centraldashboard/base_v3/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: gcr.io/kubeflow-images-public/centraldashboard + newName: gcr.io/kubeflow-images-public/centraldashboard + newTag: vmaster-gf39279c0 +resources: +- ../base/clusterrole-binding.yaml +- ../base/clusterrole.yaml +- ../base/deployment.yaml +- ../base/role-binding.yaml +- ../base/role.yaml +- ../base/service-account.yaml +- ../base/service.yaml diff --git a/kustomize/centraldashboard/kustomization.yaml b/kustomize/centraldashboard/kustomization.yaml index 293a702..26d54c8 100644 --- a/kustomize/centraldashboard/kustomization.yaml +++ b/kustomize/centraldashboard/kustomization.yaml @@ -1,17 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base -commonLabels: - app.kubernetes.io/component: centraldashboard - app.kubernetes.io/instance: centraldashboard-v1.0.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: centraldashboard - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 -configurations: -- overlays/istio/params.yaml +- overlays/istio +- overlays/application kind: Kustomization namespace: kubeflow -resources: -- overlays/istio/virtual-service.yaml -- overlays/application/application.yaml diff --git a/kustomize/centraldashboard/overlays/application/application.yaml b/kustomize/centraldashboard/overlays/application/application.yaml index bf49da3..84d95de 100644 --- a/kustomize/centraldashboard/overlays/application/application.yaml +++ b/kustomize/centraldashboard/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: centraldashboard - app.kubernetes.io/instance: centraldashboard-v1.0.0 + app.kubernetes.io/instance: centraldashboard-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: centraldashboard app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/centraldashboard/overlays/application/kustomization.yaml b/kustomize/centraldashboard/overlays/application/kustomization.yaml index da7638e..d08f6ad 100644 --- a/kustomize/centraldashboard/overlays/application/kustomization.yaml +++ b/kustomize/centraldashboard/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard kind: Kustomization -bases: -- ../../base resources: - application.yaml -commonLabels: - app.kubernetes.io/name: centraldashboard - app.kubernetes.io/instance: centraldashboard-v1.0.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: centraldashboard - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 diff --git a/kustomize/centraldashboard/overlays/istio/kustomization.yaml b/kustomize/centraldashboard/overlays/istio/kustomization.yaml index 2718e55..13e13f2 100644 --- a/kustomize/centraldashboard/overlays/istio/kustomization.yaml +++ b/kustomize/centraldashboard/overlays/istio/kustomization.yaml @@ -1,7 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: -- ../../base resources: - virtual-service.yaml configurations: diff --git a/kustomize/centraldashboard/overlays/stacks/deployment_kf_config.yaml b/kustomize/centraldashboard/overlays/stacks/deployment_kf_config.yaml new file mode 100644 index 0000000..00d69cb --- /dev/null +++ b/kustomize/centraldashboard/overlays/stacks/deployment_kf_config.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: centraldashboard +spec: + template: + spec: + containers: + - name: centraldashboard + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix \ No newline at end of file diff --git a/kustomize/centraldashboard/overlays/stacks/kustomization.yaml b/kustomize/centraldashboard/overlays/stacks/kustomization.yaml new file mode 100644 index 0000000..6998ba9 --- /dev/null +++ b/kustomize/centraldashboard/overlays/stacks/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: centraldashboard + app.kubernetes.io/name: centraldashboard +kind: Kustomization +namespace: kubeflow +patchesStrategicMerge: +- deployment_kf_config.yaml +resources: +- ../../base_v3 +- ../../overlays/istio +- ../../overlays/application diff --git a/kustomize/cluster-local-gateway/base/service.yaml b/kustomize/cluster-local-gateway/base/service.yaml index ba98f61..6783abe 100644 --- a/kustomize/cluster-local-gateway/base/service.yaml +++ b/kustomize/cluster-local-gateway/base/service.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: Service metadata: name: cluster-local-gateway - annotations: labels: app: cluster-local-gateway istio: cluster-local-gateway diff --git a/kustomize/istio/base/kf-istio-resources.yaml b/kustomize/istio/base/kf-istio-resources.yaml index a89372c..3d938a8 100644 --- a/kustomize/istio/base/kf-istio-resources.yaml +++ b/kustomize/istio/base/kf-istio-resources.yaml @@ -108,3 +108,6 @@ metadata: name: default spec: mode: $(clusterRbacConfig) + exclusion: + namespaces: + - istio-system # Accessing Istio services won't require an rbac policy. diff --git a/kustomize/istio/base/kustomization.yaml b/kustomize/istio/base/kustomization.yaml index 062807f..47bc1e1 100644 --- a/kustomize/istio/base/kustomization.yaml +++ b/kustomize/istio/base/kustomization.yaml @@ -6,7 +6,8 @@ resources: namespace: kubeflow configMapGenerator: - name: istio-parameters - env: params.env + envs: + - params.env vars: - name: clusterRbacConfig objref: diff --git a/kustomize/istio/base/params.env b/kustomize/istio/base/params.env index f919909..0b04b4a 100644 --- a/kustomize/istio/base/params.env +++ b/kustomize/istio/base/params.env @@ -1,2 +1,2 @@ -clusterRbacConfig=ON +clusterRbacConfig=ON_WITH_EXCLUSION gatewaySelector=ingressgateway-kubeflow diff --git a/kustomize/istio/overlays/https-gateway/kustomization.yaml b/kustomize/istio/overlays/https-gateway/kustomization.yaml index 4a0e56c..cb1123f 100644 --- a/kustomize/istio/overlays/https-gateway/kustomization.yaml +++ b/kustomize/istio/overlays/https-gateway/kustomization.yaml @@ -8,6 +8,7 @@ patchesStrategicMerge: configMapGenerator: - name: istio-parameters behavior: merge - env: params.env + envs: + - params.env configurations: - params.yaml diff --git a/kustomize/jupyter-web-app/base/cluster-role.yaml b/kustomize/jupyter-web-app/base/cluster-role.yaml index 9b4838c..adcc689 100644 --- a/kustomize/jupyter-web-app/base/cluster-role.yaml +++ b/kustomize/jupyter-web-app/base/cluster-role.yaml @@ -65,10 +65,6 @@ metadata: name: kubeflow-notebook-ui-admin labels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" rules: [] --- @@ -79,7 +75,6 @@ metadata: name: kubeflow-notebook-ui-edit labels: rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-tfjobs-admin: "true" rules: - apiGroups: - kubeflow.org @@ -112,8 +107,10 @@ rules: - get - list - apiGroups: - - "" + - storage.k8s.io resources: - - events + - storageclasses verbs: + - get - list + - watch diff --git a/kustomize/jupyter-web-app/base/configs/spawner_ui_config.yaml b/kustomize/jupyter-web-app/base/configs/spawner_ui_config.yaml new file mode 100644 index 0000000..87ce234 --- /dev/null +++ b/kustomize/jupyter-web-app/base/configs/spawner_ui_config.yaml @@ -0,0 +1,134 @@ +# Configuration file for the Jupyter UI. +# +# Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' +# - The 'value' key contains the default value +# - The 'readOnly' key determines if the option will be available to users +# +# If the 'readOnly' key is present and set to 'true', the respective option +# will be disabled for users and only set by the admin. Also when a +# Notebook is POSTED to the API if a necessary field is not present then +# the value from the config will be used. +# +# If the 'readOnly' key is missing (defaults to 'false'), the respective option +# will be available for users to edit. +# +# Note that some values can be templated. Such values are the names of the +# Volumes as well as their StorageClass +spawnerFormDefaults: + image: + # The container Image for the user's Jupyter Notebook + # If readonly, this value must be a member of the list below + value: k8scc01covidacr.azurecr.io/minimal-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + # The list of available standard container Images + options: + - k8scc01covidacr.azurecr.io/minimal-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/minimal-notebook-gpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/geomatics-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/machine-learning-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/machine-learning-notebook-gpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/r-studio-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + - k8scc01covidacr.azurecr.io/remote-desktop-r:5e67ecb21efece51727c39c8ef75682cf5af12ac + - k8scc01covidacr.azurecr.io/remote-desktop-geomatics:5e67ecb21efece51727c39c8ef75682cf5af12ac + # By default, custom container Images are allowed + # Uncomment the following line to only enable standard container Images + readOnly: false + hideRegistry: true + hideVersion: true + cpu: + # CPU for user's Notebook + value: '1.0' + readOnly: false + memory: + # Memory for user's Notebook + value: 2.0Gi + readOnly: false + workspaceVolume: + # Workspace Volume to be attached to user's Notebook + # Each Workspace Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + value: + type: + # The Type of the Workspace Volume + # Supported values: 'New', 'Existing' + value: New + name: + # The Name of the Workspace Volume + # Note that this is a templated value. Special values: + # {notebook-name}: Replaced with the name of the Notebook. The frontend + # will replace this value as the user types the name + value: 'workspace-{notebook-name}' + size: + # The Size of the Workspace Volume (in Gi) + value: '10Gi' + mountPath: + # The Path that the Workspace Volume will be mounted + value: /home/jovyan + accessModes: + # The Access Mode of the Workspace Volume + # Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' + value: ReadWriteOnce + class: + # The StrageClass the PVC will use if type is New. Special values are: + # {none}: default StorageClass + # {empty}: empty string "" + value: '{none}' + readOnly: false + dataVolumes: + # List of additional Data Volumes to be attached to the user's Notebook + value: [] + # Each Data Volume is declared with the following attributes: + # Type, Name, Size, MountPath and Access Mode + # + # For example, a list with 2 Data Volumes: + # value: + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-1' + # size: + # value: '10Gi' + # class: + # value: standard + # mountPath: + # value: /home/jovyan/vol-1 + # accessModes: + # value: ReadWriteOnce + # class: + # value: {none} + # - value: + # type: + # value: New + # name: + # value: '{notebook-name}-vol-2' + # size: + # value: '10Gi' + # mountPath: + # value: /home/jovyan/vol-2 + # accessModes: + # value: ReadWriteMany + # class: + # value: {none} + readOnly: false + gpus: + # Number of GPUs to be assigned to the Notebook Container + value: + # values: "none", "1", "2", "4", "8" + num: "none" + # Determines what the UI will show and send to the backend + vendors: + - limitsKey: "nvidia.com/gpu" + uiName: "NVIDIA" + # Values: "" or a `limits-key` from the vendors list + vendor: "" + readOnly: false + shm: + value: true + readOnly: false + configurations: + # List of labels to be selected, these are the labels from PodDefaults + # value: + # - add-gcp-secret + # - default-editor + value: [] + readOnly: false diff --git a/kustomize/jupyter-web-app/base/deployment.yaml b/kustomize/jupyter-web-app/base/deployment.yaml index 08b011e..dd3bade 100644 --- a/kustomize/jupyter-web-app/base/deployment.yaml +++ b/kustomize/jupyter-web-app/base/deployment.yaml @@ -5,30 +5,12 @@ metadata: spec: replicas: 3 template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - - env: - - name: ROK_SECRET_NAME - valueFrom: - configMapKeyRef: - name: parameters - key: ROK_SECRET_NAME - - name: UI - valueFrom: - configMapKeyRef: - name: parameters - key: UI - - name: USERID_HEADER - value: $(userid-header) - - name: USERID_PREFIX - value: $(userid-prefix) - - name: KUBECOST_URL - valueFrom: - configMapKeyRef: - name: parameters - key: KUBECOST_URL - image: gcr.io/kubeflow-images-public/jupyter-web-app:v0.5.0 - imagePullPolicy: $(policy) + - image: gcr.io/kubeflow-images-public/jupyter-web-app name: jupyter-web-app ports: - containerPort: 5000 @@ -38,7 +20,7 @@ spec: serviceAccountName: service-account volumes: - configMap: - name: config + name: jupyter-web-app-config name: config-volume imagePullSecrets: - name: k8scc01covidacr-registry-connection diff --git a/kustomize/jupyter-web-app/base/deployment_patch.yaml b/kustomize/jupyter-web-app/base/deployment_patch.yaml new file mode 100644 index 0000000..cfc3b8f --- /dev/null +++ b/kustomize/jupyter-web-app/base/deployment_patch.yaml @@ -0,0 +1,32 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch +# that pulls out from core the parts that should be in pulled into stacks. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: jupyter-web-app + imagePullPolicy: $(policy) + env: + - name: ROK_SECRET_NAME + valueFrom: + configMapKeyRef: + name: parameters + key: ROK_SECRET_NAME + - name: UI + valueFrom: + configMapKeyRef: + name: parameters + key: UI + - name: USERID_HEADER + value: $(userid-header) + - name: USERID_PREFIX + value: $(userid-prefix) + - name: KUBECOST_URL + valueFrom: + configMapKeyRef: + name: parameters + key: KUBECOST_URL diff --git a/kustomize/jupyter-web-app/base/kustomization.yaml b/kustomize/jupyter-web-app/base/kustomization.yaml index b6273e9..91e1668 100644 --- a/kustomize/jupyter-web-app/base/kustomization.yaml +++ b/kustomize/jupyter-web-app/base/kustomization.yaml @@ -1,9 +1,14 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): +# This is a legacy package. Hopefully we can get rid of it once +# 774 is complete. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +# TODO(jlewi): We can't depend on base because of the deployment_patch. +# but maybe if we changed that to use ConfigMapRef then the patch would correctly +# override the patch applied in base_v3 - cluster-role-binding.yaml - cluster-role.yaml -- config-map.yaml - deployment.yaml - role-binding.yaml - role.yaml @@ -22,8 +27,17 @@ configMapGenerator: - envs: - params.env name: parameters +# We need the name to be unique without the suffix because the original name is what +# gets used with patches +- name: jupyter-web-app-config + files: + - configs/spawner_ui_config.yaml generatorOptions: + # TODO(jlewi): Why are we setting disableNameSuffixHash true? Don't we want a content hash so that if the config map + # changes we would update the configmap? disableNameSuffixHash: true +patchesStrategicMerge: +- deployment_patch.yaml vars: - fieldref: fieldPath: data.policy diff --git a/kustomize/jupyter-web-app/base_v3/deployment_patch.yaml b/kustomize/jupyter-web-app/base_v3/deployment_patch.yaml new file mode 100644 index 0000000..ca39d15 --- /dev/null +++ b/kustomize/jupyter-web-app/base_v3/deployment_patch.yaml @@ -0,0 +1,22 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch +# that pulls out from core the parts that should be in pulled into stacks. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: jupyter-web-app + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix \ No newline at end of file diff --git a/kustomize/jupyter-web-app/base_v3/kustomization.yaml b/kustomize/jupyter-web-app/base_v3/kustomization.yaml new file mode 100644 index 0000000..e1c07bd --- /dev/null +++ b/kustomize/jupyter-web-app/base_v3/kustomization.yaml @@ -0,0 +1,50 @@ +# TODO(https://github.com/kubeflow/manifests/issues/774): +# This is a new kustomization file intended to get rid of the +# need to rely on kfctl to build the kustomization.yaml file. +# We might want to eventually move it to jupyter/jupyter-web-app/kustomization.yaml +# We currently don't do that because we don't want to interfere with existing behavior. +# +# This kustomization.yaml file doesn't depend on base/kustomization.yaml +# because that file contains changes that won't work with the new stack kustomize +# packages that we want to define. For example, we can't define vars namespace, clusterDomain +# etc... because we want those to be defined at the stack level and reused across applications. +# We don't want to modify jupyter-web-app/kustomization.yaml because that would +# break the existing KFDef files. So we want to make the stacks work +# and then replace it. +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/instance: jupyter-web-app-v1.0.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: jupyter-web-app + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v1.0.0 +kind: Kustomization +namePrefix: jupyter-web-app- +namespace: kubeflow +commonLabels: + app: jupyter-web-app + kustomize.component: jupyter-web-app +namespace: kubeflow +images: +- name: gcr.io/kubeflow-images-public/jupyter-web-app + newName: gcr.io/kubeflow-images-public/jupyter-web-app + newTag: vmaster-gd9be4b9e +resources: +- ../base/cluster-role-binding.yaml +- ../base/cluster-role.yaml +- ../base/deployment.yaml +- ../base/role-binding.yaml +- ../base/role.yaml +- ../base/service-account.yaml +- ../base/service.yaml +- ../overlays/istio +- ../overlays/application +configMapGenerator: +# We need the name to be unique without the suffix because the original name is what +# gets used with patches +- name: jupyter-web-app-config + files: + - ../base/configs/spawner_ui_config.yaml +patchesStrategicMerge: +- deployment_patch.yaml \ No newline at end of file diff --git a/kustomize/jupyter-web-app/kustomization.yaml b/kustomize/jupyter-web-app/kustomization.yaml index 4519d71..26d54c8 100644 --- a/kustomize/jupyter-web-app/kustomization.yaml +++ b/kustomize/jupyter-web-app/kustomization.yaml @@ -2,14 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base - overlays/istio -commonLabels: - app.kubernetes.io/component: jupyter-web-app - app.kubernetes.io/instance: jupyter-web-app-v1.0.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: jupyter-web-app - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 +- overlays/application kind: Kustomization namespace: kubeflow -resources: -- overlays/application/application.yaml diff --git a/kustomize/jupyter-web-app/overlays/application/application.yaml b/kustomize/jupyter-web-app/overlays/application/application.yaml index 6582d37..403e269 100644 --- a/kustomize/jupyter-web-app/overlays/application/application.yaml +++ b/kustomize/jupyter-web-app/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: jupyter-web-app - app.kubernetes.io/instance: jupyter-web-app-v1.0.0 + app.kubernetes.io/instance: jupyter-web-app-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: jupyter-web-app app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/jupyter-web-app/overlays/application/kustomization.yaml b/kustomize/jupyter-web-app/overlays/application/kustomization.yaml index 41bbb86..6cdc486 100644 --- a/kustomize/jupyter-web-app/overlays/application/kustomization.yaml +++ b/kustomize/jupyter-web-app/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: jupyter-web-app + app.kubernetes.io/name: jupyter-web-app kind: Kustomization -bases: -- ../../base resources: - application.yaml -commonLabels: - app.kubernetes.io/name: jupyter-web-app - app.kubernetes.io/instance: jupyter-web-app-v1.0.0 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: jupyter-web-app - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 diff --git a/kustomize/jupyter-web-app/base/config-map.yaml b/kustomize/jupyter-web-app/overlays/aws/config-map.yaml similarity index 81% rename from kustomize/jupyter-web-app/base/config-map.yaml rename to kustomize/jupyter-web-app/overlays/aws/config-map.yaml index 783e828..91681a8 100644 --- a/kustomize/jupyter-web-app/base/config-map.yaml +++ b/kustomize/jupyter-web-app/overlays/aws/config-map.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - spawner_ui_config.yaml: | + spawner_ui_config.yaml: |- # Configuration file for the Jupyter UI. # # Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' @@ -21,29 +21,27 @@ data: image: # The container Image for the user's Jupyter Notebook # If readonly, this value must be a member of the list below - value: k8scc01covidacr.azurecr.io/minimal-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 + # value: 527798164940.dkr.ecr.us-west-2.amazonaws.com/tensorflow-1.15.2-notebook-cpu:1.0.0 # The list of available standard container Images options: - - k8scc01covidacr.azurecr.io/minimal-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/minimal-notebook-gpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/geomatics-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/machine-learning-notebook-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/machine-learning-notebook-gpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/r-studio-cpu:18d1fb7a40fed543dd4ff2f05a9388a3ff9f3263 - - k8scc01covidacr.azurecr.io/remote-desktop-r:5e67ecb21efece51727c39c8ef75682cf5af12ac - - k8scc01covidacr.azurecr.io/remote-desktop-geomatics:5e67ecb21efece51727c39c8ef75682cf5af12ac + - 527798164940.dkr.ecr.us-west-2.amazonaws.com/tensorflow-1.15.2-notebook-cpu:1.0.0 + - 527798164940.dkr.ecr.us-west-2.amazonaws.com/tensorflow-1.15.2-notebook-gpu:1.0.0 + - 527798164940.dkr.ecr.us-west-2.amazonaws.com/tensorflow-2.1.0-notebook-cpu:1.0.0 + - 527798164940.dkr.ecr.us-west-2.amazonaws.com/tensorflow-2.1.0-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-1.15.2-notebook-gpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-cpu:1.0.0 + - gcr.io/kubeflow-images-public/tensorflow-2.1.0-notebook-gpu:1.0.0 # By default, custom container Images are allowed # Uncomment the following line to only enable standard container Images readOnly: false - hideRegistry: true - hideVersion: true cpu: # CPU for user's Notebook - value: '1.0' + value: '0.5' readOnly: false memory: # Memory for user's Notebook - value: 2.0Gi + value: 1.0Gi readOnly: false workspaceVolume: # Workspace Volume to be attached to user's Notebook @@ -137,4 +135,9 @@ data: readOnly: false kind: ConfigMap metadata: - name: config + labels: + app: jupyter-web-app + kustomize.component: jupyter-web-app + name: jupyter-web-app-jupyter-web-app-config-aws + namespace: kubeflow + diff --git a/kustomize/jupyter-web-app/overlays/aws/deployment-aws-patch.yaml b/kustomize/jupyter-web-app/overlays/aws/deployment-aws-patch.yaml new file mode 100644 index 0000000..ab9cf23 --- /dev/null +++ b/kustomize/jupyter-web-app/overlays/aws/deployment-aws-patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + volumes: + - configMap: + name: jupyter-web-app-jupyter-web-app-config-aws + name: config-volume diff --git a/kustomize/jupyter-web-app/overlays/aws/kustomization.yaml b/kustomize/jupyter-web-app/overlays/aws/kustomization.yaml new file mode 100644 index 0000000..03d1643 --- /dev/null +++ b/kustomize/jupyter-web-app/overlays/aws/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +commonLabels: + app: jupyter-web-app + kustomize.component: jupyter-web-app +bases: +- ../../base +resources: +- config-map.yaml +patchesStrategicMerge: +- deployment-aws-patch.yaml \ No newline at end of file diff --git a/kustomize/katib-controller/base/katib-configmap.yaml b/kustomize/katib-controller/base/katib-configmap.yaml index d4b26db..8c746c5 100644 --- a/kustomize/katib-controller/base/katib-configmap.yaml +++ b/kustomize/katib-controller/base/katib-configmap.yaml @@ -6,13 +6,13 @@ data: metrics-collector-sidecar: |- { "StdOut": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" }, "File": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/file-metrics-collector:917164a" }, "TensorFlowEvent": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/tfevent-metrics-collector:v0.8.0", + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/tfevent-metrics-collector:917164a", "resources": { "limits": { "memory": "1Gi" @@ -23,27 +23,33 @@ data: suggestion: |- { "random": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" }, "grid": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-chocolate:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-chocolate:917164a" }, "hyperband": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperband:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperband:917164a" }, "bayesianoptimization": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-skopt:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-skopt:917164a" }, "tpe": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:v0.8.0" + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-hyperopt:917164a" }, - "nasrl": { - "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-nasrl:v0.8.0", + "enas": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-enas:917164a", "imagePullPolicy": "Always", "resources": { "limits": { "memory": "200Mi" } } + }, + "cmaes": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-goptuna:917164a" + }, + "darts": { + "image": "gcr.io/kubeflow-images-public/katib/v1alpha3/suggestion-darts:917164a" } } diff --git a/kustomize/katib-controller/base/katib-ui-deployment.yaml b/kustomize/katib-controller/base/katib-ui-deployment.yaml index aa5db38..833986e 100644 --- a/kustomize/katib-controller/base/katib-ui-deployment.yaml +++ b/kustomize/katib-controller/base/katib-ui-deployment.yaml @@ -17,6 +17,8 @@ spec: labels: app: katib component: ui + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: katib-ui diff --git a/kustomize/katib-controller/base/katib-ui-rbac.yaml b/kustomize/katib-controller/base/katib-ui-rbac.yaml index 6ff7844..039c821 100644 --- a/kustomize/katib-controller/base/katib-ui-rbac.yaml +++ b/kustomize/katib-controller/base/katib-ui-rbac.yaml @@ -15,6 +15,7 @@ rules: resources: - experiments - trials + - suggestions verbs: - "*" --- diff --git a/kustomize/katib-controller/base/kustomization.yaml b/kustomize/katib-controller/base/kustomization.yaml index e723833..b2ab26d 100644 --- a/kustomize/katib-controller/base/kustomization.yaml +++ b/kustomize/katib-controller/base/kustomization.yaml @@ -15,20 +15,22 @@ resources: - katib-ui-rbac.yaml - katib-ui-service.yaml - trial-template-configmap.yaml +- trial-template-configmap-labeled.yaml configMapGenerator: - name: katib-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true images: - name: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller - newTag: v0.8.0 + newTag: 917164a newName: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-controller - name: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-db-manager - newTag: v0.8.0 + newTag: 917164a newName: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-db-manager - name: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-ui - newTag: v0.8.0 + newTag: 917164a newName: gcr.io/kubeflow-images-public/katib/v1alpha3/katib-ui - name: mysql newTag: "8" @@ -41,7 +43,7 @@ vars: apiVersion: v1 fieldref: fieldpath: data.clusterDomain -- name: namespace +- name: katib-ui-namespace objref: kind: Service name: katib-ui diff --git a/kustomize/katib-controller/base/trial-template-configmap-labeled.yaml b/kustomize/katib-controller/base/trial-template-configmap-labeled.yaml new file mode 100644 index 0000000..211f77b --- /dev/null +++ b/kustomize/katib-controller/base/trial-template-configmap-labeled.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: trial-template-labeled + namespace: kubeflow + labels: + app: katib-trial-templates +data: + defaultTrialTemplate.yaml: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/mxnet-mnist + command: + - "python3" + - "/opt/mxnet-mnist/mnist.py" + - "--batch-size=64" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + restartPolicy: Never + enasCPUTemplate: |- + apiVersion: batch/v1 + kind: Job + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + template: + spec: + containers: + - name: {{.Trial}} + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu + command: + - "python3.5" + - "-u" + - "RunTrial.py" + {{- with .HyperParameters}} + {{- range .}} + - "--{{.Name}}=\"{{.Value}}\"" + {{- end}} + {{- end}} + - "--num_epochs=1" + restartPolicy: Never + pytorchJobTemplate: |- + apiVersion: "kubeflow.org/v1" + kind: PyTorchJob + metadata: + name: {{.Trial}} + namespace: {{.NameSpace}} + spec: + pytorchReplicaSpecs: + Master: + replicas: 1 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} + Worker: + replicas: 2 + restartPolicy: OnFailure + template: + spec: + containers: + - name: pytorch + image: gcr.io/kubeflow-ci/pytorch-dist-mnist-test:v1.0 + imagePullPolicy: Always + command: + - "python" + - "/var/mnist.py" + {{- with .HyperParameters}} + {{- range .}} + - "{{.Name}}={{.Value}}" + {{- end}} + {{- end}} diff --git a/kustomize/katib-controller/kustomization.yaml b/kustomize/katib-controller/kustomization.yaml index 49c4510..e81f418 100644 --- a/kustomize/katib-controller/kustomization.yaml +++ b/kustomize/katib-controller/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-controller-0.8.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-controller - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 configurations: - overlays/istio/params.yaml kind: Kustomization diff --git a/kustomize/katib-controller/overlays/application/application.yaml b/kustomize/katib-controller/overlays/application/application.yaml index 3e288cd..8f65d9c 100644 --- a/kustomize/katib-controller/overlays/application/application.yaml +++ b/kustomize/katib-controller/overlays/application/application.yaml @@ -40,6 +40,8 @@ spec: name: Richard Liu - email: yuji.oshima0x3fd@gmail.com name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich owners: - email: gaoce@caicloud.io name: Ce Gao @@ -51,13 +53,14 @@ spec: name: Richard Liu - email: yuji.oshima0x3fd@gmail.com name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich type: katib version: v1alpha3 selector: matchLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-controller-0.8.0 + app.kubernetes.io/instance: katib-controller app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-controller app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 diff --git a/kustomize/katib-controller/overlays/application/kustomization.yaml b/kustomize/katib-controller/overlays/application/kustomization.yaml index 9984ac9..a23cd38 100644 --- a/kustomize/katib-controller/overlays/application/kustomization.yaml +++ b/kustomize/katib-controller/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-controller-0.8.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-controller - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 kind: Kustomization resources: - application.yaml diff --git a/kustomize/katib-controller/overlays/istio/katib-ui-virtual-service.yaml b/kustomize/katib-controller/overlays/istio/katib-ui-virtual-service.yaml index d13cca8..f20286a 100644 --- a/kustomize/katib-controller/overlays/istio/katib-ui-virtual-service.yaml +++ b/kustomize/katib-controller/overlays/istio/katib-ui-virtual-service.yaml @@ -15,6 +15,6 @@ spec: uri: /katib/ route: - destination: - host: katib-ui.$(namespace).svc.$(clusterDomain) + host: katib-ui.$(katib-ui-namespace).svc.$(clusterDomain) port: number: 80 diff --git a/kustomize/katib-crds/kustomization.yaml b/kustomize/katib-crds/kustomization.yaml index 364aa23..2fa932b 100644 --- a/kustomize/katib-crds/kustomization.yaml +++ b/kustomize/katib-crds/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-crds-0.8.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/katib-crds/overlays/application/application.yaml b/kustomize/katib-crds/overlays/application/application.yaml index 3a41b74..43f63fa 100644 --- a/kustomize/katib-crds/overlays/application/application.yaml +++ b/kustomize/katib-crds/overlays/application/application.yaml @@ -38,6 +38,8 @@ spec: name: Richard Liu - email: yuji.oshima0x3fd@gmail.com name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich owners: - email: gaoce@caicloud.io name: Ce Gao @@ -49,13 +51,14 @@ spec: name: Richard Liu - email: yuji.oshima0x3fd@gmail.com name: YujiOshima + - email: andrey.velichkevich@gmail.com + name: Andrey Velichkevich type: katib version: v1alpha3 selector: matchLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-crds-0.8.0 + app.kubernetes.io/instance: katib-crds app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-crds app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 diff --git a/kustomize/katib-crds/overlays/application/kustomization.yaml b/kustomize/katib-crds/overlays/application/kustomization.yaml index 9ef44e4..e6734f9 100644 --- a/kustomize/katib-crds/overlays/application/kustomization.yaml +++ b/kustomize/katib-crds/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: katib - app.kubernetes.io/instance: katib-crds-0.8.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: katib-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.8.0 kind: Kustomization resources: - application.yaml diff --git a/kustomize/kfserving-crds/base/crd.yaml b/kustomize/kfserving-crds/base/crd.yaml index 459a74a..3a780d0 100644 --- a/kustomize/kfserving-crds/base/crd.yaml +++ b/kustomize/kfserving-crds/base/crd.yaml @@ -1,9 +1,9 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) creationTimestamp: null - labels: - controller-tools.k8s.io: "1.0" name: inferenceservices.serving.kubeflow.org spec: additionalPrinterColumns: @@ -25,12 +25,17 @@ spec: group: serving.kubeflow.org names: kind: InferenceService + listKind: InferenceServiceList plural: inferenceservices shortNames: - inferenceservice + singular: inferenceservice scope: Namespaced + subresources: + status: {} validation: openAPIV3Schema: + description: InferenceService is the Schema for the services API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -45,6 +50,7 @@ spec: metadata: type: object spec: + description: InferenceServiceSpec defines the desired state of InferenceService properties: canary: description: Canary defines an alternate endpoints to route a percentage @@ -58,11 +64,29 @@ spec: description: Spec for alibi explainer properties: config: + additionalProperties: + type: string description: Inline custom parameter settings for explainer type: object resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Defaults to latest Alibi Version @@ -80,6 +104,965 @@ spec: description: Spec for a custom explainer properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -96,12 +1079,17 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 + type: integer + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. type: integer serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount @@ -109,12 +1097,971 @@ spec: type: string type: object predictor: - description: Predictor defines the model serving spec +required + description: Predictor defines the model serving spec properties: custom: description: Spec for a custom predictor properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -131,12 +2078,10 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 type: integer onnx: description: Spec for ONNX runtime (https://github.com/microsoft/onnxruntime) @@ -144,6 +2089,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -155,6 +2116,13 @@ spec: required: - storageUri type: object + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. + type: integer pytorch: description: Spec for PyTorch predictor properties: @@ -164,6 +2132,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -185,6 +2169,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -202,6 +2202,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -219,6 +2235,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -235,11 +2267,26 @@ spec: properties: nthread: description: Number of thread to be used by XGBoost - format: int64 type: integer resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -261,6 +2308,965 @@ spec: description: Spec for a custom transformer properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -277,12 +3283,17 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 + type: integer + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. type: integer serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount @@ -295,10 +3306,9 @@ spec: canaryTrafficPercent: description: CanaryTrafficPercent defines the percentage of traffic going to canary InferenceService endpoints - format: int64 type: integer default: - description: Default defines default InferenceService endpoints +required + description: Default defines default InferenceService endpoints properties: explainer: description: Explainer defines the model explanation service spec, @@ -308,11 +3318,29 @@ spec: description: Spec for alibi explainer properties: config: + additionalProperties: + type: string description: Inline custom parameter settings for explainer type: object resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Defaults to latest Alibi Version @@ -330,6 +3358,965 @@ spec: description: Spec for a custom explainer properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -346,12 +4333,17 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 + type: integer + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. type: integer serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount @@ -359,12 +4351,971 @@ spec: type: string type: object predictor: - description: Predictor defines the model serving spec +required + description: Predictor defines the model serving spec properties: custom: description: Spec for a custom predictor properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -381,12 +5332,10 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 type: integer onnx: description: Spec for ONNX runtime (https://github.com/microsoft/onnxruntime) @@ -394,6 +5343,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -405,6 +5370,13 @@ spec: required: - storageUri type: object + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. + type: integer pytorch: description: Spec for PyTorch predictor properties: @@ -414,6 +5386,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -435,6 +5423,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -452,6 +5456,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -469,6 +5489,22 @@ spec: resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -485,11 +5521,26 @@ spec: properties: nthread: description: Number of thread to be used by XGBoost - format: int64 type: integer resources: description: Defaults to requests and limits of 1CPU, 2Gb MEM. + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object type: object runtimeVersion: description: Allowed runtime versions are specified in the @@ -511,6 +5562,965 @@ spec: description: Spec for a custom transformer properties: container: + description: A single application container that you want + to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. The + $(VAR_NAME) syntax can be escaped with a double $$, + ie: $$(VAR_NAME). Escaped references will never be + expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in + the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previous defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a + double $$, ie: $$(VAR_NAME). Escaped references + will never be expanded, regardless of whether + the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: + supports metadata.name, metadata.namespace, + metadata.labels, metadata.annotations, spec.nodeName, + spec.serviceAccountName, status.hostIP, + status.podIP.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format + of the exposed resources, defaults to + "1" + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in + the pod's namespace + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is + starting. When a key exists in multiple sources, the + value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will + take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :v0.3.0 tag is + specified, or IfNotPresent otherwise. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. + properties: + postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, + the container is terminated and restarted according + to its restart policy. Other management of the + container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness probe failure, + preemption, resource contention, etc. The handler + is not called if the container crashes or exits. + The reason for termination is passed to the handler. + The Pod''s termination grace period countdown + begins before the PreStop hooked is executed. + Regardless of the outcome of the handler, the + container will eventually terminate within the + Pod''s termination grace period. Other management + of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: One and only one of the following + should be specified. Exec specifies the action + to take. + properties: + command: + description: Command is the command line + to execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside + a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, + you need to explicitly call out to that + shell. Exit status of 0 is treated as + live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: 'TCPSocket specifies an action + involving a TCP port. TCP hooks not yet supported + TODO: implement a realistic TCP lifecycle + hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port + to access on the container. Number must + be in the range 1 to 65535. Name must + be an IANA_SVC_NAME. + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. + Container will be restarted if the probe fails. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port + here DOES NOT prevent that port from being exposed. + Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from + the network. Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the + port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: One and only one of the following should + be specified. Exec specifies the action to take. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') in + the container's filesystem. The command is + simply exec'd, it is not run inside a shell, + so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is + treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGet specifies the http request + to perform. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: string + - type: integer + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + scheme: + description: Scheme to use for connecting to + the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is + 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having + failed. Defaults to 1. Must be 1 for liveness. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: 'TCPSocket specifies an action involving + a TCP port. TCP hooks not yet supported TODO: + implement a realistic TCP lifecycle hook' + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + anyOf: + - type: string + - type: integer + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + properties: + limits: + additionalProperties: + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: 'Security options the pod should run with. + More info: https://kubernetes.io/docs/concepts/policy/security-context/ + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the container + process. AllowPrivilegeEscalation is true always + when the container is: 1) run as Privileged 2) + has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default is + DefaultProcMount which uses the container runtime + defaults for readonly paths and masked paths. + This requires the ProcMountType feature flag to + be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will + validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no + such validation will be performed. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in + SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + windowsOptions: + description: Windows security options. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + This field is alpha-level and is only honored + by servers that enable the WindowsGMSA feature + flag. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. This field + is alpha-level and is only honored by servers + that enable the WindowsGMSA feature flag. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the container will + always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, + is empty until the first client attaches to stdin, + and then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such + as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be + updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. This is a beta feature. + items: + description: volumeDevice describes a mapping of a + raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a + Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. This field is beta in + 1.15. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot + be updated. + type: string + required: + - name type: object required: - container @@ -527,12 +6537,17 @@ spec: type: object maxReplicas: description: This is the up bound for autoscaler to scale to - format: int64 type: integer minReplicas: description: Minimum number of replicas, pods won't scale down to 0 in case of no traffic - format: int64 + type: integer + parallelism: + description: Parallelism specifies how many requests can be + processed concurrently, this sets the target concurrency for + Autoscaling(KPA). For model servers that support tuning parallelism + will use this value, by default the parallelism is the number + of the CPU cores for most of the model servers. type: integer serviceAccountName: description: ServiceAccountName is the name of the ServiceAccount @@ -546,13 +6561,35 @@ spec: - default type: object status: + description: InferenceServiceStatus defines the observed state of InferenceService properties: + address: + description: Ducktype for addressable + properties: + url: + description: URL is an alias of url.URL. It has custom json marshal + methods that enable it to be used in K8s CRDs such that the CRD + resource will have the URL but operator code can can work with + url.URL struct + type: string canary: + additionalProperties: + description: StatusConfigurationSpec describes the state of the configuration + receiving traffic. + properties: + host: + description: Host name of the service + type: string + name: + description: Latest revision name that is in ready state + type: string + replicas: + type: integer + type: object description: Statuses for the canary endpoints of the InferenceService type: object canaryTraffic: description: Traffic percentage that goes to canary services - format: int64 type: integer conditions: description: Conditions the latest available observations of a resource's @@ -589,6 +6626,19 @@ spec: type: object type: array default: + additionalProperties: + description: StatusConfigurationSpec describes the state of the configuration + receiving traffic. + properties: + host: + description: Host name of the service + type: string + name: + description: Latest revision name that is in ready state + type: string + replicas: + type: integer + type: object description: Statuses for the default endpoints of the InferenceService type: object observedGeneration: @@ -598,16 +6648,14 @@ spec: type: integer traffic: description: Traffic percentage that goes to default services - format: int64 type: integer url: description: URL of the InferenceService type: string type: object + type: object version: v1alpha2 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + versions: + - name: v1alpha2 + served: true + storage: true diff --git a/kustomize/kfserving-crds/kustomization.yaml b/kustomize/kfserving-crds/kustomization.yaml index 5c979ee..79a839c 100644 --- a/kustomize/kfserving-crds/kustomization.yaml +++ b/kustomize/kfserving-crds/kustomization.yaml @@ -1,14 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base -commonLabels: - app.kubernetes.io/component: kfserving-crds - app.kubernetes.io/instance: kfserving-crds-0.2.2 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: kfserving-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 +- overlays/application kind: Kustomization namespace: kubeflow -resources: -- overlays/application/application.yaml diff --git a/kustomize/kfserving-crds/overlays/application/application.yaml b/kustomize/kfserving-crds/overlays/application/application.yaml index 06d4836..2841aa9 100644 --- a/kustomize/kfserving-crds/overlays/application/application.yaml +++ b/kustomize/kfserving-crds/overlays/application/application.yaml @@ -3,29 +3,29 @@ kind: Application metadata: name: kfserving-crds spec: - addOwnerRef: true + selector: + matchLabels: + app.kubernetes.io/name: kfserving-crds + app.kubernetes.io/instance: kfserving-crds-v0.7.0 + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/component: kfserving-crds + app.kubernetes.io/part-of: kubeflow + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: ConfigMap - group: apps kind: Deployment descriptor: - description: '' + type: kfserving-crds + version: v1beta1 + description: "" + maintainers: [] + owners: [] keywords: - - kfserving-crds - - kubeflow + - kfserving-crds + - kubeflow links: - description: About - url: '' - maintainers: [] - owners: [] - type: kfserving-crds - version: v1beta1 - selector: - matchLabels: - app.kubernetes.io/component: kfserving-crds - app.kubernetes.io/instance: kfserving-crds-0.2.2 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: kfserving-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 + url: "" + addOwnerRef: true diff --git a/kustomize/kfserving-crds/overlays/application/kustomization.yaml b/kustomize/kfserving-crds/overlays/application/kustomization.yaml index d4e25e5..ce2fb54 100644 --- a/kustomize/kfserving-crds/overlays/application/kustomization.yaml +++ b/kustomize/kfserving-crds/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base commonLabels: app.kubernetes.io/component: kfserving-crds - app.kubernetes.io/instance: kfserving-crds-0.2.2 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: kfserving-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 kind: Kustomization resources: - application.yaml diff --git a/kustomize/kfserving-install/base/cert.yaml b/kustomize/kfserving-install/base/cert.yaml new file mode 100644 index 0000000..c977527 --- /dev/null +++ b/kustomize/kfserving-install/base/cert.yaml @@ -0,0 +1,21 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: serving-cert + namespace: kubeflow +spec: + commonName: kfserving-webhook-server-service.kubeflow.svc + dnsNames: + - kfserving-webhook-server-service.kubeflow.svc + issuerRef: + kind: Issuer + name: selfsigned-issuer + secretName: kfserving-webhook-server-cert +--- +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: kubeflow +spec: + selfSigned: {} diff --git a/kustomize/kfserving-install/base/cluster-role-binding.yaml b/kustomize/kfserving-install/base/cluster-role-binding.yaml index abb8b2c..e201b85 100644 --- a/kustomize/kfserving-install/base/cluster-role-binding.yaml +++ b/kustomize/kfserving-install/base/cluster-role-binding.yaml @@ -13,7 +13,6 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - creationTimestamp: null name: manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io @@ -22,4 +21,3 @@ roleRef: subjects: - kind: ServiceAccount name: default ---- diff --git a/kustomize/kfserving-install/base/config-map.yaml b/kustomize/kfserving-install/base/config-map.yaml index 8a9d600..3b2b368 100644 --- a/kustomize/kfserving-install/base/config-map.yaml +++ b/kustomize/kfserving-install/base/config-map.yaml @@ -1,8 +1,38 @@ apiVersion: v1 -kind: ConfigMap -metadata: - name: inferenceservice-config data: + credentials: |- + { + "gcs": { + "gcsCredentialFileName": "gcloud-application-credentials.json" + }, + "s3": { + "s3AccessKeyIDName": "awsAccessKeyID", + "s3SecretAccessKeyName": "awsSecretAccessKey" + } + } + explainers: |- + { + "alibi": { + "image" : "docker.io/seldonio/kfserving-alibiexplainer", + "defaultImageVersion": "v0.3.0", + "allowedImageVersions": [ + "v0.3.0" + ] + } + } + ingress: |- + { + "ingressGateway" : "kubeflow-gateway.kubeflow", + "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local" + } + logger: |- + { + "image" : "gcr.io/kfserving/logger:v0.3.0", + "memoryRequest": "100Mi", + "memoryLimit": "1Gi", + "cpuRequest": "100m", + "cpuLimit": "1" + } predictors: |- { "tensorflow": { @@ -29,23 +59,25 @@ data: }, "sklearn": { "image": "gcr.io/kfserving/sklearnserver", - "defaultImageVersion": "0.2.2", + "defaultImageVersion": "v0.3.0", "allowedImageVersions": [ - "0.2.2" + "v0.3.0" ] }, "xgboost": { "image": "gcr.io/kfserving/xgbserver", - "defaultImageVersion": "0.2.2", + "defaultImageVersion": "v0.3.0", "allowedImageVersions": [ - "0.2.2" + "v0.3.0" ] }, "pytorch": { "image": "gcr.io/kfserving/pytorchserver", - "defaultImageVersion": "0.2.2", + "defaultImageVersion": "v0.3.0", + "defaultGpuImageVersion": "v0.3.0-gpu", "allowedImageVersions": [ - "0.2.2" + "v0.3.0", + "v0.3.0-gpu" ] }, "tensorrt": { @@ -56,47 +88,17 @@ data: ] } } - transformers: |- - { - } - explainers: |- - { - "alibi": { - "image" : "gcr.io/kfserving/alibi-explainer", - "defaultImageVersion": "0.2.2", - "allowedImageVersions": [ - "0.2.2" - ] - } - } storageInitializer: |- { - "image" : "gcr.io/kfserving/storage-initializer:0.2.2", + "image" : "gcr.io/kfserving/storage-initializer:v0.3.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", "cpuLimit": "1" } - credentials: |- - { - "gcs": { - "gcsCredentialFileName": "gcloud-application-credentials.json" - }, - "s3": { - "s3AccessKeyIDName": "awsAccessKeyID", - "s3SecretAccessKeyName": "awsSecretAccessKey" - } - } - ingress: |- + transformers: |- { - "ingressGateway" : "knative-ingress-gateway.knative-serving", - "ingressService" : "kfserving-ingressgateway.istio-system.svc.cluster.local" - } - logger: |- - { - "image" : "gcr.io/kfserving/logger:0.2.2", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1" } +kind: ConfigMap +metadata: + name: inferenceservice-config diff --git a/kustomize/kfserving-install/base/kustomization.yaml b/kustomize/kfserving-install/base/kustomization.yaml index f452fba..7cf4b62 100644 --- a/kustomize/kfserving-install/base/kustomization.yaml +++ b/kustomize/kfserving-install/base/kustomization.yaml @@ -2,22 +2,27 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: +- cert.yaml +- config-map.yaml - cluster-role-binding.yaml - cluster-role.yaml -- config-map.yaml - secret.yaml - statefulset.yaml - service.yaml +- webhook.yaml commonLabels: kustomize.component: kfserving +generatorOptions: + disableNameSuffixHash: true configMapGenerator: -- name: kfserving-parameters - env: params.env +- envs: + - params.env + name: kfserving-config vars: - name: registry objref: kind: ConfigMap - name: kfserving-parameters + name: kfserving-config apiVersion: v1 fieldref: fieldpath: data.registry @@ -29,4 +34,4 @@ images: newTag: v0.4.0 - name: $(registry)/kfserving-controller newName: $(registry)/kfserving-controller - newTag: 0.2.2 + newTag: v0.3.0 diff --git a/kustomize/kfserving-install/base/service.yaml b/kustomize/kfserving-install/base/service.yaml index 29398ef..53f2b48 100644 --- a/kustomize/kfserving-install/base/service.yaml +++ b/kustomize/kfserving-install/base/service.yaml @@ -9,6 +9,7 @@ metadata: control-plane: controller-manager controller-tools.k8s.io: "1.0" name: kfserving-controller-manager-metrics-service + namespace: kubeflow spec: ports: - name: https @@ -32,3 +33,13 @@ spec: control-plane: kfserving-controller-manager controller-tools.k8s.io: "1.0" --- +apiVersion: v1 +kind: Service +metadata: + name: kfserving-webhook-server-service +spec: + ports: + - port: 443 + targetPort: 443 + selector: + control-plane: kfserving-controller-manager diff --git a/kustomize/kfserving-install/base/statefulset.yaml b/kustomize/kfserving-install/base/statefulset.yaml index 1a1beec..17e4575 100644 --- a/kustomize/kfserving-install/base/statefulset.yaml +++ b/kustomize/kfserving-install/base/statefulset.yaml @@ -40,14 +40,14 @@ spec: fieldRef: fieldPath: metadata.namespace - name: SECRET_NAME - value: kfserving-webhook-server-secret + value: kfserving-webhook-server-cert - name: ENABLE_WEBHOOK_NAMESPACE_SELECTOR value: enabled - image: $(registry)/kfserving-controller:0.2.2 + image: $(registry)/kfserving-controller:v0.3.0 imagePullPolicy: Always name: manager ports: - - containerPort: 9876 + - containerPort: 443 name: webhook-server protocol: TCP resources: @@ -58,7 +58,7 @@ spec: cpu: 100m memory: 200Mi volumeMounts: - - mountPath: /tmp/cert + - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true terminationGracePeriodSeconds: 10 @@ -66,5 +66,4 @@ spec: - name: cert secret: defaultMode: 420 - secretName: kfserving-webhook-server-secret - volumeClaimTemplates: [] + secretName: kfserving-webhook-server-cert diff --git a/kustomize/kfserving-install/base/webhook.yaml b/kustomize/kfserving-install/base/webhook.yaml new file mode 100644 index 0000000..af108c7 --- /dev/null +++ b/kustomize/kfserving-install/base/webhook.yaml @@ -0,0 +1,75 @@ +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + name: inferenceservice.serving.kubeflow.org +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /mutate-inferenceservices + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.defaulter + rules: + - apiGroups: + - serving.kubeflow.org + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /mutate-pods + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.pod-mutator + namespaceSelector: + matchExpressions: + - key: control-plane + operator: DoesNotExist + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + creationTimestamp: null + name: inferenceservice.serving.kubeflow.org +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: kfserving-webhook-server-service + namespace: kubeflow + path: /validate-inferenceservices + failurePolicy: Fail + name: inferenceservice.kfserving-webhook-server.validator + rules: + - apiGroups: + - serving.kubeflow.org + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - inferenceservices diff --git a/kustomize/kfserving-install/kustomization.yaml b/kustomize/kfserving-install/kustomization.yaml index 52ae281..79a839c 100644 --- a/kustomize/kfserving-install/kustomization.yaml +++ b/kustomize/kfserving-install/kustomization.yaml @@ -1,14 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base -commonLabels: - app.kubernetes.io/component: kfserving-install - app.kubernetes.io/instance: kfserving-install-0.2.2 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: kfserving-install - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 +- overlays/application kind: Kustomization namespace: kubeflow -resources: -- overlays/application/application.yaml diff --git a/kustomize/kfserving-install/overlays/application/application.yaml b/kustomize/kfserving-install/overlays/application/application.yaml index 4830f91..f44a1bd 100644 --- a/kustomize/kfserving-install/overlays/application/application.yaml +++ b/kustomize/kfserving-install/overlays/application/application.yaml @@ -1,41 +1,40 @@ apiVersion: app.k8s.io/v1beta1 kind: Application metadata: - name: kfserving + name: "kfserving" spec: - componentKinds: - - group: apps/v1 - kind: StatefulSet - - group: v1 - kind: Service - - group: apps/v1 - kind: Deployment - - group: v1 - kind: Secret - - group: v1 - kind: ConfigMap - description: KFServing provides a Kubernetes Custom Resource Definition for serving - ML Models on arbitrary frameworks - icons: null - keywords: - - kfserving - - inference - links: - - description: About - url: https://github.com/kubeflow/kfserving - maintainers: - - email: johnugeo@cisco.com - name: Johnu George - owners: - - email: johnugeo@cisco.com - name: Johnu George selector: matchLabels: - app.kubernetes.io/component: kfserving-install - app.kubernetes.io/instance: kfserving-install-0.2.2 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: kfserving-install + app.kubernetes.io/instance: kfserving-install + app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/component: kfserving-install app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 - type: kfserving - version: v1alpha2 + app.kubernetes.io/version: v0.3.0 + type: "kfserving" + componentKinds: + - group: apps/v1 + kind: StatefulSet + - group: v1 + kind: Service + - group: apps/v1 + kind: Deployment + - group: v1 + kind: Secret + - group: v1 + kind: ConfigMap + version: "v1alpha2" + description: "KFServing provides a Kubernetes Custom Resource Definition for serving ML Models on arbitrary frameworks" + icons: + maintainers: + - name: Johnu George + email: johnugeo@cisco.com + owners: + - name: Johnu George + email: johnugeo@cisco.com + keywords: + - "kfserving" + - "inference" + links: + - description: About + url: "https://github.com/kubeflow/kfserving" diff --git a/kustomize/kfserving-install/overlays/application/kustomization.yaml b/kustomize/kfserving-install/overlays/application/kustomization.yaml index 5695641..c16270b 100644 --- a/kustomize/kfserving-install/overlays/application/kustomization.yaml +++ b/kustomize/kfserving-install/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -bases: -- ../../base commonLabels: app.kubernetes.io/component: kfserving-install - app.kubernetes.io/instance: kfserving-install-0.2.2 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: kfserving-install - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.2 kind: Kustomization resources: - application.yaml diff --git a/kustomize/knative-crds/base/crd.yaml b/kustomize/knative-crds/base/crd.yaml index 1ce7c59..9472244 100644 --- a/kustomize/knative-crds/base/crd.yaml +++ b/kustomize/knative-crds/base/crd.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: certificates.networking.internal.knative.dev spec: additionalPrinterColumns: @@ -36,7 +36,7 @@ metadata: labels: duck.knative.dev/podspecable: "true" knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: configurations.serving.knative.dev spec: additionalPrinterColumns: @@ -107,7 +107,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: ingresses.networking.internal.knative.dev spec: additionalPrinterColumns: @@ -141,7 +141,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: metrics.autoscaling.internal.knative.dev spec: additionalPrinterColumns: @@ -170,7 +170,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: podautoscalers.autoscaling.internal.knative.dev spec: additionalPrinterColumns: @@ -211,7 +211,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: revisions.serving.knative.dev spec: additionalPrinterColumns: @@ -262,7 +262,7 @@ metadata: labels: duck.knative.dev/addressable: "true" knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: routes.serving.knative.dev spec: additionalPrinterColumns: @@ -308,7 +308,7 @@ metadata: duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: services.serving.knative.dev spec: additionalPrinterColumns: @@ -359,7 +359,7 @@ kind: CustomResourceDefinition metadata: labels: knative.dev/crd-install: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: serverlessservices.networking.internal.knative.dev spec: additionalPrinterColumns: diff --git a/kustomize/knative-crds/base/namespace.yaml b/kustomize/knative-crds/base/namespace.yaml index 04bb5b5..c1bc80b 100644 --- a/kustomize/knative-crds/base/namespace.yaml +++ b/kustomize/knative-crds/base/namespace.yaml @@ -3,7 +3,7 @@ kind: Namespace metadata: labels: istio-injection: enabled - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving diff --git a/kustomize/knative-crds/kustomization.yaml b/kustomize/knative-crds/kustomization.yaml index e287258..b9d8669 100644 --- a/kustomize/knative-crds/kustomization.yaml +++ b/kustomize/knative-crds/kustomization.yaml @@ -1,14 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base -commonLabels: - app.kubernetes.io/component: knative-serving-crds - app.kubernetes.io/instance: knative-serving-crds-v0.11.1 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: knative-serving-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 +- overlays/application kind: Kustomization namespace: knative-serving -resources: -- overlays/application/application.yaml diff --git a/kustomize/knative-crds/overlays/application/application.yaml b/kustomize/knative-crds/overlays/application/application.yaml index 855a6ff..c859152 100644 --- a/kustomize/knative-crds/overlays/application/application.yaml +++ b/kustomize/knative-crds/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: knative-serving-crds - app.kubernetes.io/instance: knative-serving-crds-v0.11.1 + app.kubernetes.io/instance: knative-serving-crds app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: knative-serving-crds app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 + app.kubernetes.io/version: v0.11.2 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/knative-crds/overlays/application/kustomization.yaml b/kustomize/knative-crds/overlays/application/kustomization.yaml index 8b00b56..d47ebfe 100644 --- a/kustomize/knative-crds/overlays/application/kustomization.yaml +++ b/kustomize/knative-crds/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: knative-serving-crds + app.kubernetes.io/name: knative-serving-crds kind: Kustomization -bases: -- ../../base resources: - application.yaml -commonLabels: - app.kubernetes.io/name: knative-serving-crds - app.kubernetes.io/instance: knative-serving-crds-v0.11.1 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: knative-serving-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 diff --git a/kustomize/knative-install/base/apiservice.yaml b/kustomize/knative-install/base/apiservice.yaml index 18500e6..f5c4c7e 100644 --- a/kustomize/knative-install/base/apiservice.yaml +++ b/kustomize/knative-install/base/apiservice.yaml @@ -3,7 +3,7 @@ kind: APIService metadata: labels: autoscaling.knative.dev/metric-provider: custom-metrics - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: v1beta1.custom.metrics.k8s.io spec: group: custom.metrics.k8s.io diff --git a/kustomize/knative-install/base/cluster-role-binding.yaml b/kustomize/knative-install/base/cluster-role-binding.yaml index e69e4db..7d958cc 100644 --- a/kustomize/knative-install/base/cluster-role-binding.yaml +++ b/kustomize/knative-install/base/cluster-role-binding.yaml @@ -4,7 +4,7 @@ kind: ClusterRoleBinding metadata: labels: autoscaling.knative.dev/metric-provider: custom-metrics - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: custom-metrics:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io @@ -21,7 +21,7 @@ kind: ClusterRoleBinding metadata: labels: autoscaling.knative.dev/metric-provider: custom-metrics - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: hpa-controller-custom-metrics roleRef: apiGroup: rbac.authorization.k8s.io @@ -37,7 +37,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-controller-admin roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/knative-install/base/cluster-role.yaml b/kustomize/knative-install/base/cluster-role.yaml index 8127963..6326ff2 100644 --- a/kustomize/knative-install/base/cluster-role.yaml +++ b/kustomize/knative-install/base/cluster-role.yaml @@ -4,7 +4,7 @@ kind: ClusterRole metadata: labels: duck.knative.dev/addressable: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-addressable-resolver rules: - apiGroups: @@ -26,7 +26,7 @@ kind: ClusterRole metadata: labels: autoscaling.knative.dev/metric-provider: custom-metrics - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: custom-metrics-server-resources rules: - apiGroups: @@ -42,7 +42,7 @@ kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-namespaced-admin rules: - apiGroups: @@ -60,7 +60,7 @@ kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-namespaced-edit rules: - apiGroups: @@ -81,7 +81,7 @@ kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-namespaced-view rules: - apiGroups: @@ -105,7 +105,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-admin rules: [] --- @@ -114,7 +114,7 @@ kind: ClusterRole metadata: labels: serving.knative.dev/controller: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-core rules: - apiGroups: @@ -228,7 +228,7 @@ kind: ClusterRole metadata: labels: duck.knative.dev/podspecable: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-podspecable-binding rules: - apiGroups: @@ -247,7 +247,7 @@ metadata: labels: networking.knative.dev/ingress-provider: istio serving.knative.dev/controller: "true" - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: knative-serving-istio rules: - apiGroups: diff --git a/kustomize/knative-install/base/config-map.yaml b/kustomize/knative-install/base/config-map.yaml index 93b18b4..47bd7fc 100644 --- a/kustomize/knative-install/base/config-map.yaml +++ b/kustomize/knative-install/base/config-map.yaml @@ -113,7 +113,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-autoscaler namespace: knative-serving @@ -185,7 +185,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-defaults namespace: knative-serving @@ -214,7 +214,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-deployment namespace: knative-serving @@ -260,7 +260,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-domain namespace: knative-serving @@ -299,7 +299,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-gc namespace: knative-serving @@ -359,7 +359,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-logging namespace: knative-serving @@ -485,7 +485,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-network namespace: knative-serving @@ -584,7 +584,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-observability namespace: knative-serving @@ -628,7 +628,7 @@ data: kind: ConfigMap metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-tracing namespace: knative-serving @@ -658,7 +658,7 @@ data: # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} # is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `knative-serving` - gateway.knative-serving.knative-ingress-gateway: "kfserving-ingressgateway.istio-system.svc.cluster.local" + gateway.kubeflow.kubeflow-gateway: "istio-ingressgateway-kubeflow.istio-system.svc.cluster.local" # A cluster local gateway to allow pods outside of the mesh to access # Services and Routes not exposing through an ingress. If the users @@ -689,6 +689,6 @@ kind: ConfigMap metadata: labels: networking.knative.dev/ingress-provider: istio - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config-istio namespace: knative-serving diff --git a/kustomize/knative-install/base/deployment.yaml b/kustomize/knative-install/base/deployment.yaml index afa56c3..9c547da 100644 --- a/kustomize/knative-install/base/deployment.yaml +++ b/kustomize/knative-install/base/deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: activator namespace: knative-serving spec: @@ -19,7 +19,7 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - env: @@ -83,7 +83,7 @@ kind: Deployment metadata: labels: autoscaling.knative.dev/autoscaler-provider: hpa - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: autoscaler-hpa namespace: knative-serving spec: @@ -97,7 +97,7 @@ spec: sidecar.istio.io/inject: "false" labels: app: autoscaler-hpa - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - env: @@ -133,7 +133,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: autoscaler namespace: knative-serving spec: @@ -149,7 +149,7 @@ spec: traffic.sidecar.istio.io/includeInboundPorts: 8080,9090 labels: app: autoscaler - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - args: @@ -207,7 +207,7 @@ kind: Deployment metadata: labels: networking.knative.dev/ingress-provider: istio - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: networking-istio namespace: knative-serving spec: @@ -221,7 +221,7 @@ spec: sidecar.istio.io/inject: "false" labels: app: networking-istio - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - env: @@ -235,7 +235,7 @@ spec: value: config-observability - name: METRICS_DOMAIN value: knative.dev/serving - image: gcr.io/knative-releases/knative.dev/serving/cmd/networking/istio@sha256:727a623ccb17676fae8058cb1691207a9658a8d71bc7603d701e23b1a6037e6c + image: gcr.io/knative-releases/knative.dev/serving/cmd/networking/istio@sha256:61461fa789e19895d7d1e5ab96d8bb52a63788e0607e1bd2948b9570efeb6a8f name: networking-istio ports: - containerPort: 9090 @@ -257,7 +257,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: webhook namespace: knative-serving spec: @@ -274,7 +274,7 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - env: @@ -310,7 +310,7 @@ apiVersion: apps/v1 kind: Deployment metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: controller namespace: knative-serving spec: @@ -324,7 +324,7 @@ spec: sidecar.istio.io/inject: "false" labels: app: controller - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" spec: containers: - env: diff --git a/kustomize/knative-install/base/gateway.yaml b/kustomize/knative-install/base/gateway.yaml index 8b93939..b1d2a64 100644 --- a/kustomize/knative-install/base/gateway.yaml +++ b/kustomize/knative-install/base/gateway.yaml @@ -3,7 +3,7 @@ kind: Gateway metadata: labels: networking.knative.dev/ingress-provider: istio - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: cluster-local-gateway namespace: knative-serving spec: @@ -16,23 +16,3 @@ spec: name: http number: 80 protocol: HTTP - ---- -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - labels: - networking.knative.dev/ingress-provider: istio - name: knative-ingress-gateway - namespace: knative-serving -spec: - selector: - app: kfserving-ingressgateway - kfserving: ingressgateway - servers: - - hosts: - - '*' - port: - name: http - number: 80 - protocol: HTTP diff --git a/kustomize/knative-install/base/hpa.yaml b/kustomize/knative-install/base/hpa.yaml index 4cbde7f..5d3d2f2 100644 --- a/kustomize/knative-install/base/hpa.yaml +++ b/kustomize/knative-install/base/hpa.yaml @@ -3,7 +3,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: activator namespace: knative-serving spec: diff --git a/kustomize/knative-install/base/image.yaml b/kustomize/knative-install/base/image.yaml index 21e4084..f013ea6 100644 --- a/kustomize/knative-install/base/image.yaml +++ b/kustomize/knative-install/base/image.yaml @@ -3,7 +3,7 @@ apiVersion: caching.internal.knative.dev/v1alpha1 kind: Image metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: queue-proxy namespace: knative-serving spec: diff --git a/kustomize/knative-install/base/kustomization.yaml b/kustomize/knative-install/base/kustomization.yaml index 9134caf..bfe7dd4 100644 --- a/kustomize/knative-install/base/kustomization.yaml +++ b/kustomize/knative-install/base/kustomization.yaml @@ -21,19 +21,19 @@ commonLabels: images: - name: gcr.io/knative-releases/knative.dev/serving/cmd/activator newName: gcr.io/knative-releases/knative.dev/serving/cmd/activator - digest: sha256:8e606671215cc029683e8cd633ec5de9eabeaa6e9a4392ff289883304be1f418 + digest: sha256:c51023e62e351d5910f92ee941b4929eb82539e62636dd3ccb4a016d73e86b2e - name: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa newName: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler-hpa - digest: sha256:5e0fadf574e66fb1c893806b5c5e5f19139cc476ebf1dff9860789fe4ac5f545 + digest: sha256:75da5ff75bc1e71799d039846b1bbd632343894c88feaa59914cfeeb1b213c81 - name: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler newName: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler - digest: sha256:ef1f01b5fb3886d4c488a219687aac72d28e72f808691132f658259e4e02bb27 + digest: sha256:998a405454832cda18a4bf956d26d610a2df2130a39b834b597a89a3153c8c15 - name: gcr.io/knative-releases/knative.dev/serving/cmd/networking/istio newName: gcr.io/knative-releases/knative.dev/serving/cmd/networking/istio - digest: sha256:727a623ccb17676fae8058cb1691207a9658a8d71bc7603d701e23b1a6037e6c + digest: sha256:61461fa789e19895d7d1e5ab96d8bb52a63788e0607e1bd2948b9570efeb6a8f - name: gcr.io/knative-releases/knative.dev/serving/cmd/webhook newName: gcr.io/knative-releases/knative.dev/serving/cmd/webhook - digest: sha256:1ef3328282f31704b5802c1136bd117e8598fd9f437df8209ca87366c5ce9fcb + digest: sha256:d07560cd5548640cc79abc819608844527351f10e8b0a847988f9eb602c18972 - name: gcr.io/knative-releases/knative.dev/serving/cmd/controller newName: gcr.io/knative-releases/knative.dev/serving/cmd/controller - digest: sha256:5ca13e5b3ce5e2819c4567b75c0984650a57272ece44bc1dabf930f9fe1e19a1 + digest: sha256:1e77bdab30c8d0f0df299f5fa93d6f99eb63071b9d3329937dff0c6acb99e059 diff --git a/kustomize/knative-install/base/role-binding.yaml b/kustomize/knative-install/base/role-binding.yaml index ce3a111..8027476 100644 --- a/kustomize/knative-install/base/role-binding.yaml +++ b/kustomize/knative-install/base/role-binding.yaml @@ -4,7 +4,7 @@ kind: RoleBinding metadata: labels: autoscaling.knative.dev/metric-provider: custom-metrics - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: custom-metrics-auth-reader namespace: kube-system roleRef: diff --git a/kustomize/knative-install/base/service-account.yaml b/kustomize/knative-install/base/service-account.yaml index 9517a13..2de2605 100644 --- a/kustomize/knative-install/base/service-account.yaml +++ b/kustomize/knative-install/base/service-account.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: controller namespace: knative-serving diff --git a/kustomize/knative-install/base/service.yaml b/kustomize/knative-install/base/service.yaml index f96f1db..b456932 100644 --- a/kustomize/knative-install/base/service.yaml +++ b/kustomize/knative-install/base/service.yaml @@ -4,7 +4,7 @@ kind: Service metadata: labels: app: activator - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: activator-service namespace: knative-serving spec: @@ -31,7 +31,7 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: controller namespace: knative-serving spec: @@ -49,7 +49,7 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: webhook namespace: knative-serving spec: @@ -65,7 +65,7 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: autoscaler namespace: knative-serving spec: diff --git a/kustomize/knative-install/base/webhook-configuration.yaml b/kustomize/knative-install/base/webhook-configuration.yaml index fb77b16..c879f72 100644 --- a/kustomize/knative-install/base/webhook-configuration.yaml +++ b/kustomize/knative-install/base/webhook-configuration.yaml @@ -3,7 +3,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: webhook.serving.knative.dev webhooks: - admissionReviewVersions: @@ -19,7 +19,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: validation.webhook.serving.knative.dev webhooks: - admissionReviewVersions: @@ -35,7 +35,7 @@ apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: config.webhook.serving.knative.dev webhooks: - admissionReviewVersions: @@ -55,7 +55,7 @@ apiVersion: v1 kind: Secret metadata: labels: - serving.knative.dev/release: "v0.11.1" + serving.knative.dev/release: "v0.11.2" name: webhook-certs namespace: knative-serving diff --git a/kustomize/knative-install/kustomization.yaml b/kustomize/knative-install/kustomization.yaml index 262a8c3..b9d8669 100644 --- a/kustomize/knative-install/kustomization.yaml +++ b/kustomize/knative-install/kustomization.yaml @@ -1,14 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 bases: - base -commonLabels: - app.kubernetes.io/component: knative-serving-install - app.kubernetes.io/instance: knative-serving-install-v0.11.1 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/name: knative-serving-install - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 +- overlays/application kind: Kustomization namespace: knative-serving -resources: -- overlays/application/application.yaml diff --git a/kustomize/knative-install/overlays/application/application.yaml b/kustomize/knative-install/overlays/application/application.yaml index 1c7ff24..2aed159 100644 --- a/kustomize/knative-install/overlays/application/application.yaml +++ b/kustomize/knative-install/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: knative-serving-install - app.kubernetes.io/instance: knative-serving-install-v0.11.1 + app.kubernetes.io/instance: knative-serving-install app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: knative-serving-install app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 + app.kubernetes.io/version: v0.11.2 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/knative-install/overlays/application/kustomization.yaml b/kustomize/knative-install/overlays/application/kustomization.yaml index 29ae6e9..f5fd3ed 100644 --- a/kustomize/knative-install/overlays/application/kustomization.yaml +++ b/kustomize/knative-install/overlays/application/kustomization.yaml @@ -1,13 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: knative-serving-install + app.kubernetes.io/name: knative-serving-install kind: Kustomization -bases: -- ../../base resources: - application.yaml -commonLabels: - app.kubernetes.io/name: knative-serving-install - app.kubernetes.io/instance: knative-serving-install-v0.11.1 - app.kubernetes.io/managed-by: kfctl - app.kubernetes.io/component: knative-serving-install - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v0.11.1 diff --git a/kustomize/kubeflow-roles/README.md b/kustomize/kubeflow-roles/README.md index cf75d02..85c74e2 100644 --- a/kustomize/kubeflow-roles/README.md +++ b/kustomize/kubeflow-roles/README.md @@ -8,7 +8,7 @@ These roles are currently assigned to users by Profiles (profile-controller and ## How to define role privileges for your Kubeflow application? Each application defines its own ClusterRole for each role here in kubeflow-roles. We use [ClusterRole Aggregation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) for these application ClusterRoles to be aggregated to their corresponding Kubeflow roles. An example implementation showing the same can be found here: -The example is taken from [istio manifests](istio/istio/base/cluster-roles.yaml). +The example is taken from [istio manifests](../istio/istio/base/cluster-roles.yaml). ``` --- diff --git a/kustomize/metacontroller/base/cluster-role-binding.yaml b/kustomize/metacontroller/base/cluster-role-binding.yaml new file mode 100644 index 0000000..dc9c732 --- /dev/null +++ b/kustomize/metacontroller/base/cluster-role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: meta-controller-cluster-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: meta-controller-service diff --git a/kustomize/metacontroller/base/crd.yaml b/kustomize/metacontroller/base/crd.yaml new file mode 100644 index 0000000..0ae8700 --- /dev/null +++ b/kustomize/metacontroller/base/crd.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: compositecontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: CompositeController + plural: compositecontrollers + shortNames: + - cc + - cctl + singular: compositecontroller + scope: Cluster + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: controllerrevisions.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: ControllerRevision + plural: controllerrevisions + singular: controllerrevision + scope: Namespaced + version: v1alpha1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: decoratorcontrollers.metacontroller.k8s.io +spec: + group: metacontroller.k8s.io + names: + kind: DecoratorController + plural: decoratorcontrollers + shortNames: + - dec + - decorators + singular: decoratorcontroller + scope: Cluster + version: v1alpha1 diff --git a/kustomize/metacontroller/base/kustomization.yaml b/kustomize/metacontroller/base/kustomization.yaml new file mode 100644 index 0000000..fb7f0e8 --- /dev/null +++ b/kustomize/metacontroller/base/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- cluster-role-binding.yaml +- crd.yaml +- service-account.yaml +- stateful-set.yaml +commonLabels: + kustomize.component: metacontroller +images: +- name: metacontroller/metacontroller + newName: metacontroller/metacontroller + newTag: v0.3.0 diff --git a/kustomize/metacontroller/base/service-account.yaml b/kustomize/metacontroller/base/service-account.yaml new file mode 100644 index 0000000..85c48de --- /dev/null +++ b/kustomize/metacontroller/base/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: meta-controller-service diff --git a/kustomize/metacontroller/base/stateful-set.yaml b/kustomize/metacontroller/base/stateful-set.yaml new file mode 100644 index 0000000..7bbc387 --- /dev/null +++ b/kustomize/metacontroller/base/stateful-set.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: metacontroller + name: metacontroller +spec: + replicas: 1 + selector: + matchLabels: + app: metacontroller + serviceName: "" + template: + metadata: + labels: + app: metacontroller + annotations: + sidecar.istio.io/inject: "false" + spec: + containers: + - command: + - /usr/bin/metacontroller + - --logtostderr + - -v=4 + - --discovery-interval=20s + image: metacontroller/metacontroller:v0.3.0 + imagePullPolicy: Always + name: metacontroller + ports: + - containerPort: 2345 + resources: + limits: + cpu: "4" + memory: 4Gi + requests: + cpu: 500m + memory: 1Gi + securityContext: + allowPrivilegeEscalation: true + privileged: true + serviceAccountName: meta-controller-service + # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677 + volumeClaimTemplates: [] diff --git a/kustomize/metacontroller/kustomization.yaml b/kustomize/metacontroller/kustomization.yaml new file mode 100644 index 0000000..4e745bd --- /dev/null +++ b/kustomize/metacontroller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +bases: +- base +kind: Kustomization +namespace: kubeflow diff --git a/kustomize/metadata/OWNERS b/kustomize/metadata/OWNERS index b8bf7ba..c814ca1 100644 --- a/kustomize/metadata/OWNERS +++ b/kustomize/metadata/OWNERS @@ -1,5 +1,4 @@ approvers: - neuromage - prodonjs - - rileyjbauer - zhenghuiwang diff --git a/kustomize/metadata/base/kustomization.yaml b/kustomize/metadata/base/kustomization.yaml index 56708b7..3f387af 100644 --- a/kustomize/metadata/base/kustomization.yaml +++ b/kustomize/metadata/base/kustomization.yaml @@ -5,9 +5,11 @@ commonLabels: kustomize.component: metadata configMapGenerator: - name: ui-parameters - env: params.env + envs: + - params.env - name: grpc-configmap - env: grpc-params.env + envs: + - grpc-params.env generatorOptions: # TFX pipelines use metadata-grpc-configmap for finding grpc server host and # port at runtime. Because they don't know the suffix, we have to disable it. @@ -24,6 +26,9 @@ resources: - metadata-envoy-service.yaml namespace: kubeflow vars: +# These vars are used internally for the kustomize package. +# i.e to substitute values into fields kustomize isn't aware of. +# The names should be unique enough that we don't get conflicts with other packages - name: ui-namespace objref: kind: Service @@ -38,7 +43,7 @@ vars: version: v1 fieldref: fieldpath: data.uiClusterDomain -- name: service +- name: metadata-service objref: kind: Service name: ui diff --git a/kustomize/metadata/base/metadata-deployment.yaml b/kustomize/metadata/base/metadata-deployment.yaml index b93a927..584ac5d 100644 --- a/kustomize/metadata/base/metadata-deployment.yaml +++ b/kustomize/metadata/base/metadata-deployment.yaml @@ -13,6 +13,8 @@ spec: metadata: labels: component: server + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: container @@ -33,6 +35,17 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 + + livenessProbe: + httpGet: + path: /api/v1alpha1/artifact_types + port: backendapi + httpHeaders: + - name: ContentType + value: application/json + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 --- apiVersion: apps/v1 kind: Deployment @@ -49,6 +62,8 @@ spec: metadata: labels: component: grpc-server + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: container diff --git a/kustomize/metadata/base/metadata-envoy-deployment.yaml b/kustomize/metadata/base/metadata-envoy-deployment.yaml index c388a60..48c00a3 100644 --- a/kustomize/metadata/base/metadata-envoy-deployment.yaml +++ b/kustomize/metadata/base/metadata-envoy-deployment.yaml @@ -13,6 +13,8 @@ spec: metadata: labels: component: envoy + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: container diff --git a/kustomize/metadata/base/metadata-ui-deployment.yaml b/kustomize/metadata/base/metadata-ui-deployment.yaml index bfd9112..859f6ec 100644 --- a/kustomize/metadata/base/metadata-ui-deployment.yaml +++ b/kustomize/metadata/base/metadata-ui-deployment.yaml @@ -13,6 +13,8 @@ spec: name: ui labels: app: metadata-ui + annotations: + sidecar.istio.io/inject: "false" spec: containers: - image: gcr.io/kubeflow-images-public/metadata-frontend:v0.1.8 diff --git a/kustomize/metadata/kustomization.yaml b/kustomize/metadata/kustomization.yaml index 88cfc02..89631af 100644 --- a/kustomize/metadata/kustomization.yaml +++ b/kustomize/metadata/kustomization.yaml @@ -3,15 +3,10 @@ bases: - base commonLabels: app.kubernetes.io/component: metadata - app.kubernetes.io/instance: metadata-0.2.1 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: metadata - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.1 kustomize.component: metadata configMapGenerator: - behavior: unspecified - env: overlays/db/params.env name: metadata-db-parameters configurations: - overlays/istio/params.yaml @@ -34,7 +29,8 @@ resources: - overlays/db/metadata-db-service.yaml secretGenerator: - behavior: unspecified - env: overlays/db/secrets.env + envs: + - secrets.env name: metadata-db-secrets vars: - fieldref: diff --git a/kustomize/metadata/overlays/application/kustomization.yaml b/kustomize/metadata/overlays/application/kustomization.yaml index 590c4d3..a1297a1 100644 --- a/kustomize/metadata/overlays/application/kustomization.yaml +++ b/kustomize/metadata/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: metadata - app.kubernetes.io/instance: metadata-0.2.1 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: metadata - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.1 kind: Kustomization resources: - application.yaml diff --git a/kustomize/metadata/overlays/db/kustomization.yaml b/kustomize/metadata/overlays/db/kustomization.yaml index 32bb9f4..8ab5e9d 100644 --- a/kustomize/metadata/overlays/db/kustomization.yaml +++ b/kustomize/metadata/overlays/db/kustomization.yaml @@ -8,10 +8,12 @@ generatorOptions: disableNameSuffixHash: true configMapGenerator: - name: metadata-db-parameters - env: params.env + envs: + - params.env secretGenerator: - name: metadata-db-secrets - env: secrets.env + envs: + - secrets.env bases: - ../../base resources: diff --git a/kustomize/metadata/overlays/db/metadata-db-deployment.yaml b/kustomize/metadata/overlays/db/metadata-db-deployment.yaml index 9a50a24..c766db3 100644 --- a/kustomize/metadata/overlays/db/metadata-db-deployment.yaml +++ b/kustomize/metadata/overlays/db/metadata-db-deployment.yaml @@ -14,6 +14,8 @@ spec: name: db labels: component: db + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: db-container diff --git a/kustomize/metadata/overlays/external-mysql/kustomization.yaml b/kustomize/metadata/overlays/external-mysql/kustomization.yaml index 0d2de74..71a71e0 100644 --- a/kustomize/metadata/overlays/external-mysql/kustomization.yaml +++ b/kustomize/metadata/overlays/external-mysql/kustomization.yaml @@ -4,10 +4,12 @@ commonLabels: kustomize.component: metadata configMapGenerator: - name: metadata-db-parameters - env: params.env + envs: + - params.env secretGenerator: - name: metadata-db-secrets - env: secrets.env + envs: + - secrets.env bases: - ../../base patchesStrategicMerge: diff --git a/kustomize/metadata/overlays/google-cloudsql/README.md b/kustomize/metadata/overlays/google-cloudsql/README.md new file mode 100644 index 0000000..47632ce --- /dev/null +++ b/kustomize/metadata/overlays/google-cloudsql/README.md @@ -0,0 +1,58 @@ +This directory contains configurations and guidelines on setting up metadata services to connect to a [Google CloudSQL](https://cloud.google.com/sql) instance. +You will get all the benefits of using CloudSQL comparing to managing your own MySQL server in a Kubernetes cluster. + +#### Prerequisites +- Install [kustomize](https://github.com/kubernetes-sigs/kustomize) for building Kubernetes configurations. +- Install [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for managing workloads on Kubernetes clusters. + +#### 0. Remove default metadata services. +By default, Metadata component starts a MySQL server in `kubeflow` namespace. Since we are going to deploy metadata services with CloudSQL, you should delete the default services by running + +``` +kustomize build metadata/overlays/db | kubectl delete -n kubeflow -f - +``` + +#### 1. Create a CloudSQL instance. + +If you don't have an existing one, you need to [create a CloudSQL instance](https://cloud.google.com/sql/docs/mysql/create-instance) of type MySQL in your GCP project. +If you want to connect the instance via private IP, you also need to enable the private IP configuration when creating the instance. + +#### 2. Create a Kubernetes secret for accessing the CloudSQL instance. +You can follow [this guide](https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine#secrets) +to set up a [service account with permissions](https://cloud.google.com/sql/docs/mysql/sql-proxy#create-service-account) to connect to the instance, download the JSON key file, and name it `credentials.json`. +You need to create a secret via command: +``` +kubectl create secret -n kubeflow generic cloudsql-instance-credentials --from-file /credentials.json +``` +Note that you must name the key file `credentials.json`, because we will later refer to this file name in the deployment configuration. + +#### 3. Create a Kubernetes secret for MySQL account and password. +Besides the service account with permissions, the metadata services also need a MySQL account name and password to be authenticated for accessing databases. Secret is the way how Kubernetes manages sensitive information. + +You need to [create a secret](https://kubernetes.io/docs/concepts/configuration/secret/#creating-your-own-secrets) under `kubeflow` namespace with name `metadata-db-secrets`, containing values of `MYSQL_USERNAME` and `MYSQL_PASSWORD`. +You should be able to see the secret after its creation via command: +``` +kubectl describe secrets -n kubeflow metadata-db-secrets + +Name: metadata-db-secrets +Namespace: kubeflow +Labels: kustomize.component=metadata +Annotations: +Type: Opaque + +Data +==== +MYSQL_PASSWORD: 9 bytes +MYSQL_USERNAME: 4 bytes +``` + +#### 4. Specify the instance connection name. +Change the value of `MYSQL_INSTANCE` in `params.env` to your CloudSQL instance connection name. The connection name is in the form of `::`. + +#### 5. Start metadata services with CloudSQL proxy. +Start metadata services with CloudSQL proxy sidecar containers via command: +``` +kustomize build metadata/overlays/google-cloudsql | kubectl apply -n kubeflow -f - +``` +You may find the CloudSQL proxy container logs useful to debug connection errors. + diff --git a/kustomize/metadata/overlays/google-cloudsql/kustomization.yaml b/kustomize/metadata/overlays/google-cloudsql/kustomization.yaml new file mode 100644 index 0000000..168a8a7 --- /dev/null +++ b/kustomize/metadata/overlays/google-cloudsql/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generatorOptions: + # name suffix hash is not propagated correctly to base resources due to + # https://github.com/kubernetes-sigs/kustomize/issues/1301 + disableNameSuffixHash: true +commonLabels: + kustomize.component: metadata +configMapGenerator: +- name: metadata-db-parameters + envs: + - params.env +bases: +- ../../base +patchesStrategicMerge: +- metadata-deployment.yaml \ No newline at end of file diff --git a/kustomize/metadata/overlays/google-cloudsql/metadata-deployment.yaml b/kustomize/metadata/overlays/google-cloudsql/metadata-deployment.yaml new file mode 100644 index 0000000..8097e7d --- /dev/null +++ b/kustomize/metadata/overlays/google-cloudsql/metadata-deployment.yaml @@ -0,0 +1,108 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment + labels: + component: server +spec: + replicas: 1 + selector: + matchLabels: + component: server + template: + metadata: + labels: + component: server + spec: + volumes: + - name: cloudsql-instance-credentials + secret: + secretName: cloudsql-instance-credentials + containers: + - name: cloudsql-proxy + envFrom: + - configMapRef: + name: metadata-db-parameters + image: gcr.io/cloudsql-docker/gce-proxy:1.16 + command: ["/cloud_sql_proxy", + "-instances=$(MYSQL_INSTANCE)=tcp:3306", + # If running on a VPC, the Cloud SQL proxy can connect via Private IP. See: + # https://cloud.google.com/sql/docs/mysql/private-ip for more info. + # "-ip_address_types=PRIVATE", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: cloudsql-instance-credentials + mountPath: /secrets/cloudsql + readOnly: true + - name: container + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + command: ["./server/server", + "--http_port=8080", + "--mysql_service_host=$(MYSQL_HOST)", + "--mysql_service_port=$(MYSQL_PORT)", + "--mysql_service_user=$(MYSQL_USERNAME)", + "--mysql_service_password=$(MYSQL_PASSWORD)", + "--mlmd_db_name=$(MYSQL_DATABASE)"] +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: grpc-deployment + labels: + component: grpc-server +spec: + replicas: 1 + selector: + matchLabels: + component: grpc-server + template: + metadata: + labels: + component: grpc-server + spec: + volumes: + - name: cloudsql-instance-credentials + secret: + secretName: cloudsql-instance-credentials + containers: + - name: container + envFrom: + - configMapRef: + name: metadata-db-parameters + - secretRef: + name: metadata-db-secrets + - configMapRef: + name: metadata-grpc-configmap + args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", + "--mysql_config_host=$(MYSQL_HOST)", + "--mysql_config_database=$(MYSQL_DATABASE)", + "--mysql_config_port=$(MYSQL_PORT)", + "--mysql_config_user=$(MYSQL_USERNAME)", + "--mysql_config_password=$(MYSQL_PASSWORD)" + ] + - name: cloudsql-proxy + envFrom: + - configMapRef: + name: metadata-db-parameters + image: gcr.io/cloudsql-docker/gce-proxy:1.16 + command: ["/cloud_sql_proxy", + "-instances=$(MYSQL_INSTANCE)=tcp:3306", + # If running on a VPC, the Cloud SQL proxy can connect via Private IP. See: + # https://cloud.google.com/sql/docs/mysql/private-ip for more info. + # "-ip_address_types=PRIVATE", + "-credential_file=/secrets/cloudsql/credentials.json"] + securityContext: + runAsUser: 2 # non-root user + allowPrivilegeEscalation: false + volumeMounts: + - name: cloudsql-instance-credentials + mountPath: /secrets/cloudsql + readOnly: true + diff --git a/kustomize/metadata/overlays/google-cloudsql/params.env b/kustomize/metadata/overlays/google-cloudsql/params.env new file mode 100644 index 0000000..203ba0d --- /dev/null +++ b/kustomize/metadata/overlays/google-cloudsql/params.env @@ -0,0 +1,5 @@ +MYSQL_HOST=127.0.0.1 +MYSQL_DATABASE=metadb +MYSQL_PORT=3306 +MYSQL_ALLOW_EMPTY_PASSWORD=true +MYSQL_INSTANCE=your-project:your-region:your-mysql-instance-id \ No newline at end of file diff --git a/kustomize/metadata/overlays/istio/virtual-service.yaml b/kustomize/metadata/overlays/istio/virtual-service.yaml index 49b58fb..8e3e130 100644 --- a/kustomize/metadata/overlays/istio/virtual-service.yaml +++ b/kustomize/metadata/overlays/istio/virtual-service.yaml @@ -15,7 +15,7 @@ spec: uri: /metadata route: - destination: - host: $(service).$(ui-namespace).svc.$(ui-clusterDomain) + host: $(metadata-service).$(ui-namespace).svc.$(ui-clusterDomain) port: number: 80 timeout: 300s diff --git a/kustomize/metadata/v3/kustomization.yaml b/kustomize/metadata/v3/kustomization.yaml new file mode 100644 index 0000000..ad9706b --- /dev/null +++ b/kustomize/metadata/v3/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../overlays/db +- ../overlays/istio/virtual-service.yaml +- ../overlays/istio/virtual-service-metadata-grpc.yaml +configurations: +- params.yaml diff --git a/kustomize/metadata/v3/params.yaml b/kustomize/metadata/v3/params.yaml new file mode 100644 index 0000000..eea869e --- /dev/null +++ b/kustomize/metadata/v3/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/kustomize/minio/base/deployment.yaml b/kustomize/minio/base/deployment.yaml index 20da439..8bd11d3 100644 --- a/kustomize/minio/base/deployment.yaml +++ b/kustomize/minio/base/deployment.yaml @@ -6,6 +6,9 @@ spec: strategy: type: Recreate template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: minio diff --git a/kustomize/minio/base/kustomization.yaml b/kustomize/minio/base/kustomization.yaml index fb5241d..61e7ec5 100644 --- a/kustomize/minio/base/kustomization.yaml +++ b/kustomize/minio/base/kustomization.yaml @@ -9,7 +9,8 @@ resources: - persistent-volume-claim.yaml configMapGenerator: - name: pipeline-minio-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/minio/installs/gcp-pd/kustomization.yaml b/kustomize/minio/installs/gcp-pd/kustomization.yaml new file mode 100644 index 0000000..743848a --- /dev/null +++ b/kustomize/minio/installs/gcp-pd/kustomization.yaml @@ -0,0 +1,31 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../generic +- persistent-volume.yaml +patchesStrategicMerge: +- persistent-volume-claim.yaml +configMapGenerator: +- name: pipeline-minio-install-config + envs: + - params.env +vars: +- name: kfpMinioPd + objref: + kind: ConfigMap + name: pipeline-minio-install-config + apiVersion: v1 + fieldref: + fieldpath: data.minioPd +- name: kfpMinioPvName + objref: + kind: ConfigMap + name: pipeline-minio-install-config + apiVersion: v1 + fieldref: + fieldpath: data.minioPvName +configurations: +- params.yaml diff --git a/kustomize/minio/installs/gcp-pd/params.env b/kustomize/minio/installs/gcp-pd/params.env new file mode 100644 index 0000000..01ef555 --- /dev/null +++ b/kustomize/minio/installs/gcp-pd/params.env @@ -0,0 +1,2 @@ +minioPd=dls-kf-storage-artifact-store +minioPvName=minio-pv diff --git a/kustomize/minio/installs/gcp-pd/params.yaml b/kustomize/minio/installs/gcp-pd/params.yaml new file mode 100644 index 0000000..1ab95da --- /dev/null +++ b/kustomize/minio/installs/gcp-pd/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/gcePersistentDisk/pdName + kind: PersistentVolume +- path: metadata/name + kind: PersistentVolume +- path: spec/volumeName + kind: PersistentVolumeClaim diff --git a/kustomize/minio/installs/gcp-pd/persistent-volume-claim.yaml b/kustomize/minio/installs/gcp-pd/persistent-volume-claim.yaml new file mode 100644 index 0000000..9199ac3 --- /dev/null +++ b/kustomize/minio/installs/gcp-pd/persistent-volume-claim.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + volumeName: $(kfpMinioPvName) + storageClassName: "" diff --git a/kustomize/minio/installs/gcp-pd/persistent-volume.yaml b/kustomize/minio/installs/gcp-pd/persistent-volume.yaml new file mode 100644 index 0000000..6d03736 --- /dev/null +++ b/kustomize/minio/installs/gcp-pd/persistent-volume.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: $(kfpMinioPvName) +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + gcePersistentDisk: + pdName: $(kfpMinioPd) + fsType: ext4 diff --git a/kustomize/minio/installs/generic/deployment-patch.yaml b/kustomize/minio/installs/generic/deployment-patch.yaml new file mode 100644 index 0000000..82da8c5 --- /dev/null +++ b/kustomize/minio/installs/generic/deployment-patch.yaml @@ -0,0 +1,9 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +spec: + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" diff --git a/kustomize/minio/installs/generic/kustomization.yaml b/kustomize/minio/installs/generic/kustomization.yaml new file mode 100644 index 0000000..6498ca3 --- /dev/null +++ b/kustomize/minio/installs/generic/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../../../upstream/env/platform-agnostic/minio/ +- ../../overlays/application/application.yaml +patchesStrategicMerge: +- deployment-patch.yaml diff --git a/kustomize/minio/installs/ibm/OWNERS b/kustomize/minio/installs/ibm/OWNERS new file mode 100644 index 0000000..0e5c85d --- /dev/null +++ b/kustomize/minio/installs/ibm/OWNERS @@ -0,0 +1,4 @@ +approvers: +- adrian555 +- animeshsingh +- tomcli diff --git a/kustomize/minio/installs/ibm/deployment-patch.yaml b/kustomize/minio/installs/ibm/deployment-patch.yaml new file mode 100644 index 0000000..6cb7f3e --- /dev/null +++ b/kustomize/minio/installs/ibm/deployment-patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio +spec: + template: + spec: + volumes: + - name: data + persistentVolumeClaim: + claimName: $(minioPvcName) diff --git a/kustomize/minio/installs/ibm/kustomization.yaml b/kustomize/minio/installs/ibm/kustomization.yaml new file mode 100644 index 0000000..11d5f7e --- /dev/null +++ b/kustomize/minio/installs/ibm/kustomization.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app.kubernetes.io/component: minio + app.kubernetes.io/name: minio +resources: +- ../generic +- persistent-volume-claim.yaml +patchesStrategicMerge: +- deployment-patch.yaml +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: pipeline-minio-parameters + envs: + - params.env +vars: +- name: minioPvcName + objref: + kind: ConfigMap + name: pipeline-minio-parameters + apiVersion: v1 + fieldref: + fieldpath: data.minioPvcName +images: +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z + newName: minio/minio +configurations: +- params.yaml diff --git a/kustomize/minio/installs/ibm/params.env b/kustomize/minio/installs/ibm/params.env new file mode 100644 index 0000000..6fcd0ee --- /dev/null +++ b/kustomize/minio/installs/ibm/params.env @@ -0,0 +1 @@ +minioPvcName= diff --git a/kustomize/minio/installs/ibm/params.yaml b/kustomize/minio/installs/ibm/params.yaml new file mode 100644 index 0000000..3c35663 --- /dev/null +++ b/kustomize/minio/installs/ibm/params.yaml @@ -0,0 +1,5 @@ +varReference: +- path: spec/template/spec/volumes/persistentVolumeClaim/claimName + kind: Deployment +- path: metadata/name + kind: PersistentVolumeClaim diff --git a/kustomize/minio/installs/ibm/persistent-volume-claim.yaml b/kustomize/minio/installs/ibm/persistent-volume-claim.yaml new file mode 100644 index 0000000..4b4cf71 --- /dev/null +++ b/kustomize/minio/installs/ibm/persistent-volume-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: $(minioPvcName) +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/kustomize/minio/kustomization.yaml b/kustomize/minio/kustomization.yaml index 234a533..aaef902 100644 --- a/kustomize/minio/kustomization.yaml +++ b/kustomize/minio/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/minio/overlays/application/application.yaml b/kustomize/minio/overlays/application/application.yaml index 8940b33..1ed386f 100644 --- a/kustomize/minio/overlays/application/application.yaml +++ b/kustomize/minio/overlays/application/application.yaml @@ -24,8 +24,4 @@ spec: selector: matchLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 diff --git a/kustomize/minio/overlays/application/kustomization.yaml b/kustomize/minio/overlays/application/kustomization.yaml index 0148466..d592946 100644 --- a/kustomize/minio/overlays/application/kustomization.yaml +++ b/kustomize/minio/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: minio - app.kubernetes.io/instance: minio-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: minio - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/minio/overlays/minioPd/kustomization.yaml b/kustomize/minio/overlays/minioPd/kustomization.yaml index e4c0d3a..cad9960 100644 --- a/kustomize/minio/overlays/minioPd/kustomization.yaml +++ b/kustomize/minio/overlays/minioPd/kustomization.yaml @@ -9,7 +9,8 @@ patchesStrategicMerge: configMapGenerator: - name: pipeline-minio-parameters behavior: merge - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/mysql/base/deployment.yaml b/kustomize/mysql/base/deployment.yaml index 185b12f..34c222c 100644 --- a/kustomize/mysql/base/deployment.yaml +++ b/kustomize/mysql/base/deployment.yaml @@ -6,6 +6,9 @@ spec: strategy: type: Recreate template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: mysql diff --git a/kustomize/mysql/base/kustomization.yaml b/kustomize/mysql/base/kustomization.yaml index 5133fdd..c74cef8 100644 --- a/kustomize/mysql/base/kustomization.yaml +++ b/kustomize/mysql/base/kustomization.yaml @@ -8,7 +8,8 @@ resources: - persistent-volume-claim.yaml configMapGenerator: - name: pipeline-mysql-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/mysql/installs/gcp-pd/kustomization.yaml b/kustomize/mysql/installs/gcp-pd/kustomization.yaml new file mode 100644 index 0000000..b442b73 --- /dev/null +++ b/kustomize/mysql/installs/gcp-pd/kustomization.yaml @@ -0,0 +1,38 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../../../upstream/env/platform-agnostic/mysql +- ../../overlays/application/application.yaml +- persistent-volume.yaml +patchesStrategicMerge: +- persistent-volume-claim.yaml +images: +- name: gcr.io/ml-pipeline/mysql + newTag: '5.6' + newName: gcr.io/ml-pipeline/mysql +configMapGenerator: +- name: pipeline-mysql-install-config + envs: + - params.env +vars: +- name: kfpMysqlPd + objref: + kind: ConfigMap + name: pipeline-mysql-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPd +- name: kfpMysqlPvName + objref: + kind: ConfigMap + name: pipeline-mysql-install-config + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPvName +configurations: +- params.yaml + diff --git a/kustomize/mysql/installs/gcp-pd/params.env b/kustomize/mysql/installs/gcp-pd/params.env new file mode 100644 index 0000000..eb050bd --- /dev/null +++ b/kustomize/mysql/installs/gcp-pd/params.env @@ -0,0 +1,2 @@ +mysqlPd=dls-kf-storage-metadata-store +mysqlPvName=mysql-pv diff --git a/kustomize/mysql/installs/gcp-pd/params.yaml b/kustomize/mysql/installs/gcp-pd/params.yaml new file mode 100644 index 0000000..1ab95da --- /dev/null +++ b/kustomize/mysql/installs/gcp-pd/params.yaml @@ -0,0 +1,7 @@ +varReference: +- path: spec/gcePersistentDisk/pdName + kind: PersistentVolume +- path: metadata/name + kind: PersistentVolume +- path: spec/volumeName + kind: PersistentVolumeClaim diff --git a/kustomize/mysql/installs/gcp-pd/persistent-volume-claim.yaml b/kustomize/mysql/installs/gcp-pd/persistent-volume-claim.yaml new file mode 100644 index 0000000..edbd969 --- /dev/null +++ b/kustomize/mysql/installs/gcp-pd/persistent-volume-claim.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + storageClassName: "" + volumeName: $(kfpMysqlPvName) diff --git a/kustomize/mysql/installs/gcp-pd/persistent-volume.yaml b/kustomize/mysql/installs/gcp-pd/persistent-volume.yaml new file mode 100644 index 0000000..fc40606 --- /dev/null +++ b/kustomize/mysql/installs/gcp-pd/persistent-volume.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: $(kfpMysqlPvName) +spec: + capacity: + storage: 20Gi + accessModes: + - ReadWriteOnce + gcePersistentDisk: + pdName: $(kfpMysqlPd) + fsType: ext4 diff --git a/kustomize/mysql/installs/generic/kustomization.yaml b/kustomize/mysql/installs/generic/kustomization.yaml new file mode 100644 index 0000000..e596802 --- /dev/null +++ b/kustomize/mysql/installs/generic/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../../../upstream/env/platform-agnostic/mysql +- ../../overlays/application/application.yaml +images: +- name: gcr.io/ml-pipeline/mysql + newTag: '5.6' + newName: gcr.io/ml-pipeline/mysql diff --git a/kustomize/mysql/installs/ibm/OWNERS b/kustomize/mysql/installs/ibm/OWNERS new file mode 100644 index 0000000..0e5c85d --- /dev/null +++ b/kustomize/mysql/installs/ibm/OWNERS @@ -0,0 +1,4 @@ +approvers: +- adrian555 +- animeshsingh +- tomcli diff --git a/kustomize/mysql/installs/ibm/deployment-patch.yaml b/kustomize/mysql/installs/ibm/deployment-patch.yaml new file mode 100644 index 0000000..2d6e28b --- /dev/null +++ b/kustomize/mysql/installs/ibm/deployment-patch.yaml @@ -0,0 +1,11 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mysql +spec: + template: + spec: + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: $(mysqlPvcName) diff --git a/kustomize/mysql/installs/ibm/kustomization.yaml b/kustomize/mysql/installs/ibm/kustomization.yaml new file mode 100644 index 0000000..784bb1e --- /dev/null +++ b/kustomize/mysql/installs/ibm/kustomization.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + app: mysql + app.kubernetes.io/component: mysql + app.kubernetes.io/name: mysql +resources: +- ../generic +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: pipeline-mysql-parameters + envs: + - params.env +vars: +- name: mysqlPvcName + objref: + kind: ConfigMap + name: pipeline-mysql-parameters + apiVersion: v1 + fieldref: + fieldpath: data.mysqlPvcName +images: +- name: mysql + newTag: '5.6' + newName: mysql +configurations: +- params.yaml +patchesStrategicMerge: +- deployment-patch.yaml diff --git a/kustomize/mysql/installs/ibm/params.env b/kustomize/mysql/installs/ibm/params.env new file mode 100644 index 0000000..f17d371 --- /dev/null +++ b/kustomize/mysql/installs/ibm/params.env @@ -0,0 +1 @@ +mysqlPvcName= diff --git a/kustomize/mysql/installs/ibm/params.yaml b/kustomize/mysql/installs/ibm/params.yaml new file mode 100644 index 0000000..5f19982 --- /dev/null +++ b/kustomize/mysql/installs/ibm/params.yaml @@ -0,0 +1,5 @@ +varReference: +- path: spec/template/spec/volumes/persistentVolumeClaim/claimName + kind: Deployment +- path: metadata/name + kind: PersistentVolumeClaim \ No newline at end of file diff --git a/kustomize/mysql/kustomization.yaml b/kustomize/mysql/kustomization.yaml index 6f0028d..e498157 100644 --- a/kustomize/mysql/kustomization.yaml +++ b/kustomize/mysql/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/mysql/overlays/application/application.yaml b/kustomize/mysql/overlays/application/application.yaml index fc2f482..a3b7612 100644 --- a/kustomize/mysql/overlays/application/application.yaml +++ b/kustomize/mysql/overlays/application/application.yaml @@ -24,8 +24,4 @@ spec: selector: matchLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 diff --git a/kustomize/mysql/overlays/application/kustomization.yaml b/kustomize/mysql/overlays/application/kustomization.yaml index 3df02b0..b8183de 100644 --- a/kustomize/mysql/overlays/application/kustomization.yaml +++ b/kustomize/mysql/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: mysql - app.kubernetes.io/instance: mysql-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: mysql - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/mysql/overlays/mysqlPd/kustomization.yaml b/kustomize/mysql/overlays/mysqlPd/kustomization.yaml index b0989f7..c935fa2 100644 --- a/kustomize/mysql/overlays/mysqlPd/kustomization.yaml +++ b/kustomize/mysql/overlays/mysqlPd/kustomization.yaml @@ -9,7 +9,8 @@ patchesStrategicMerge: configMapGenerator: - name: pipeline-mysql-parameters behavior: merge - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/notebook-controller/base/crd.yaml b/kustomize/notebook-controller/base/crd.yaml index e4f6d54..b6556bd 100644 --- a/kustomize/notebook-controller/base/crd.yaml +++ b/kustomize/notebook-controller/base/crd.yaml @@ -62,10 +62,3 @@ spec: required: - conditions type: object -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/kustomize/notebook-controller/base/deployment.yaml b/kustomize/notebook-controller/base/deployment.yaml index d60c5eb..af3e902 100644 --- a/kustomize/notebook-controller/base/deployment.yaml +++ b/kustomize/notebook-controller/base/deployment.yaml @@ -4,23 +4,15 @@ metadata: name: deployment spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: manager image: gcr.io/kubeflow-images-public/notebook-controller:v20190614-v0-160-g386f2749-e3b0c4 command: - /manager - env: - - name: USE_ISTIO - value: "false" - - name: POD_LABELS - value: $(POD_LABELS) - - name: ENABLE_CULLING - value: "true" - - name: IDLE_TIME - value: "1440" - - name: CULLING_CHECK_PERIOD - value: "1" imagePullPolicy: Always livenessProbe: httpGet: diff --git a/kustomize/notebook-controller/base/deployment_patch.yaml b/kustomize/notebook-controller/base/deployment_patch.yaml new file mode 100644 index 0000000..45f500e --- /dev/null +++ b/kustomize/notebook-controller/base/deployment_patch.yaml @@ -0,0 +1,23 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: manager + env: + # We use a patch to set the USE_ISTIO because in other patches + # we want to set it to a configMapRef and so if we include the value + # in the base when we do the merge we end up with 2 fields setting the value. + - name: USE_ISTIO + value: "false" + - name: POD_LABELS + value: $(POD_LABELS) + - name: ENABLE_CULLING + value: "true" + - name: IDLE_TIME + value: "1440" + - name: CULLING_CHECK_PERIOD + value: "1" diff --git a/kustomize/notebook-controller/base/kustomization.yaml b/kustomize/notebook-controller/base/kustomization.yaml index 8cd507f..e0977d7 100644 --- a/kustomize/notebook-controller/base/kustomization.yaml +++ b/kustomize/notebook-controller/base/kustomization.yaml @@ -1,3 +1,5 @@ +# TODO(https://github.com/kubeflow/manifests/issues/1052): Cleanup this up +# once kustomize_v3 migration is done. apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: @@ -9,13 +11,15 @@ resources: - service.yaml namePrefix: notebook-controller- namespace: kubeflow +patchesStrategicMerge: +- deployment_patch.yaml commonLabels: app: notebook-controller kustomize.component: notebook-controller images: - name: gcr.io/kubeflow-images-public/notebook-controller newName: gcr.io/kubeflow-images-public/notebook-controller - newTag: v1.0.0-gcd65ce25 + newTag: vmaster-gf39279c0 configMapGenerator: - envs: - params.env @@ -23,13 +27,6 @@ configMapGenerator: generatorOptions: disableNameSuffixHash: true vars: -- fieldref: - fieldPath: data.POD_LABELS - name: POD_LABELS - objref: - apiVersion: v1 - kind: ConfigMap - name: parameters - fieldref: fieldPath: data.USE_ISTIO name: USE_ISTIO diff --git a/kustomize/notebook-controller/base_v3/deployment_patch.yaml b/kustomize/notebook-controller/base_v3/deployment_patch.yaml new file mode 100644 index 0000000..e1ea7a6 --- /dev/null +++ b/kustomize/notebook-controller/base_v3/deployment_patch.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: manager + env: + - name: USE_ISTIO + valueFrom: + configMapKeyRef: + name: notebook-controller-config + key: USE_ISTIO + - name: ISTIO_GATEWAY + valueFrom: + configMapKeyRef: + name: notebook-controller-config + key: ISTIO_GATEWAY + \ No newline at end of file diff --git a/kustomize/notebook-controller/base_v3/kustomization.yaml b/kustomize/notebook-controller/base_v3/kustomization.yaml new file mode 100644 index 0000000..b522d7b --- /dev/null +++ b/kustomize/notebook-controller/base_v3/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app: notebook-controller + app.kubernetes.io/component: notebook-controller + app.kubernetes.io/name: notebook-controller + kustomize.component: notebook-controller +configMapGenerator: +- literals: + - USE_ISTIO=true + - ISTIO_GATEWAY=kubeflow/kubeflow-gateway + name: notebook-controller-config +images: +- name: gcr.io/kubeflow-images-public/notebook-controller + newName: gcr.io/kubeflow-images-public/notebook-controller + newTag: vmaster-gf39279c0 +kind: Kustomization +namePrefix: notebook-controller- +namespace: kubeflow +patchesStrategicMerge: +- deployment_patch.yaml +resources: +- ../base/cluster-role-binding.yaml +- ../base/cluster-role.yaml +- ../base/crd.yaml +- ../base/deployment.yaml +- ../base/service-account.yaml +- ../base/service.yaml +- ../overlays/application/application.yaml diff --git a/kustomize/notebook-controller/kustomization.yaml b/kustomize/notebook-controller/kustomization.yaml index f6794ca..297d8cf 100644 --- a/kustomize/notebook-controller/kustomization.yaml +++ b/kustomize/notebook-controller/kustomization.yaml @@ -3,14 +3,9 @@ bases: - base commonLabels: app.kubernetes.io/component: notebook-controller - app.kubernetes.io/instance: notebook-controller-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: notebook-controller - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 configMapGenerator: - behavior: merge - env: overlays/istio/params.env name: parameters generatorOptions: disableNameSuffixHash: true diff --git a/kustomize/notebook-controller/overlays/application/kustomization.yaml b/kustomize/notebook-controller/overlays/application/kustomization.yaml index 7c2a99d..de54847 100644 --- a/kustomize/notebook-controller/overlays/application/kustomization.yaml +++ b/kustomize/notebook-controller/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: notebook-controller - app.kubernetes.io/instance: notebook-controller-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: notebook-controller - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: notebook-controller +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/notebook-controller/overlays/istio/kustomization.yaml b/kustomize/notebook-controller/overlays/istio/kustomization.yaml index 7184bcd..2362506 100644 --- a/kustomize/notebook-controller/overlays/istio/kustomization.yaml +++ b/kustomize/notebook-controller/overlays/istio/kustomization.yaml @@ -7,6 +7,7 @@ patchesStrategicMerge: configMapGenerator: - name: parameters behavior: merge - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true diff --git a/kustomize/oidc-authservice/base/kustomization.yaml b/kustomize/oidc-authservice/base/kustomization.yaml index d687359..7cb5da3 100644 --- a/kustomize/oidc-authservice/base/kustomization.yaml +++ b/kustomize/oidc-authservice/base/kustomization.yaml @@ -11,7 +11,8 @@ namespace: istio-system configMapGenerator: - name: oidc-authservice-parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true diff --git a/kustomize/oidc-authservice/kustomization.yaml b/kustomize/oidc-authservice/kustomization.yaml index 3997627..eb0ce1d 100644 --- a/kustomize/oidc-authservice/kustomization.yaml +++ b/kustomize/oidc-authservice/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: oidc-authservice - app.kubernetes.io/instance: oidc-authservice-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: oidc-authservice - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: istio-system resources: diff --git a/kustomize/oidc-authservice/overlays/application/application.yaml b/kustomize/oidc-authservice/overlays/application/application.yaml index f7841b6..1f33ffc 100644 --- a/kustomize/oidc-authservice/overlays/application/application.yaml +++ b/kustomize/oidc-authservice/overlays/application/application.yaml @@ -7,11 +7,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: oidc-authservice - app.kubernetes.io/instance: oidc-authservice-v1.0.0 + app.kubernetes.io/instance: oidc-authservice-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: oidc-authservice app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: apps kind: StatefulSet diff --git a/kustomize/oidc-authservice/overlays/application/kustomization.yaml b/kustomize/oidc-authservice/overlays/application/kustomization.yaml index 97b1ef9..fbe3825 100644 --- a/kustomize/oidc-authservice/overlays/application/kustomization.yaml +++ b/kustomize/oidc-authservice/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: oidc-authservice - app.kubernetes.io/instance: oidc-authservice-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: oidc-authservice - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 \ No newline at end of file + app.kubernetes.io/name: oidc-authservice +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/persistent-agent/base/deployment.yaml b/kustomize/persistent-agent/base/deployment.yaml index 1e7aaaa..7c2e012 100644 --- a/kustomize/persistent-agent/base/deployment.yaml +++ b/kustomize/persistent-agent/base/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: persistenceagent spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: ml-pipeline-persistenceagent diff --git a/kustomize/persistent-agent/kustomization.yaml b/kustomize/persistent-agent/kustomization.yaml index 18e8ada..738b34f 100644 --- a/kustomize/persistent-agent/kustomization.yaml +++ b/kustomize/persistent-agent/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/persistent-agent/overlays/application/kustomization.yaml b/kustomize/persistent-agent/overlays/application/kustomization.yaml index 5bc6b75..56f3285 100644 --- a/kustomize/persistent-agent/overlays/application/kustomization.yaml +++ b/kustomize/persistent-agent/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: persistent-agent - app.kubernetes.io/instance: persistent-agent-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: persistent-agent - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/pipeline-visualization-service/base/deployment.yaml b/kustomize/pipeline-visualization-service/base/deployment.yaml index 8df3056..a48dc84 100644 --- a/kustomize/pipeline-visualization-service/base/deployment.yaml +++ b/kustomize/pipeline-visualization-service/base/deployment.yaml @@ -12,6 +12,8 @@ spec: metadata: labels: app: ml-pipeline-visualizationserver + annotations: + sidecar.istio.io/inject: "false" spec: containers: - image: gcr.io/ml-pipeline/visualization-server diff --git a/kustomize/pipeline-visualization-service/base/kustomization.yaml b/kustomize/pipeline-visualization-service/base/kustomization.yaml index 5c149c2..d947a9c 100644 --- a/kustomize/pipeline-visualization-service/base/kustomization.yaml +++ b/kustomize/pipeline-visualization-service/base/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -nameprefix: ml-pipeline- commonLabels: app: ml-pipeline-visualizationserver resources: diff --git a/kustomize/pipeline-visualization-service/kustomization.yaml b/kustomize/pipeline-visualization-service/kustomization.yaml index ef7a343..f46fe2e 100644 --- a/kustomize/pipeline-visualization-service/kustomization.yaml +++ b/kustomize/pipeline-visualization-service/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/pipeline-visualization-service/overlays/application/kustomization.yaml b/kustomize/pipeline-visualization-service/overlays/application/kustomization.yaml index 45b0be5..ee88118 100644 --- a/kustomize/pipeline-visualization-service/overlays/application/kustomization.yaml +++ b/kustomize/pipeline-visualization-service/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipeline-visualization-service - app.kubernetes.io/instance: pipeline-visualization-service-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipeline-visualization-service - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/pipelines-runner/base/cluster-role.yaml b/kustomize/pipelines-runner/base/cluster-role.yaml index ddc21aa..2e84bbb 100644 --- a/kustomize/pipelines-runner/base/cluster-role.yaml +++ b/kustomize/pipelines-runner/base/cluster-role.yaml @@ -84,4 +84,10 @@ rules: resources: - virtualservices verbs: - - '*' \ No newline at end of file + - '*' +- apiGroups: + - "sparkoperator.k8s.io" + resources: + - sparkapplications + verbs: + - '*' diff --git a/kustomize/pipelines-runner/kustomization.yaml b/kustomize/pipelines-runner/kustomization.yaml index 431a8b4..498ce30 100644 --- a/kustomize/pipelines-runner/kustomization.yaml +++ b/kustomize/pipelines-runner/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/pipelines-runner/overlays/application/kustomization.yaml b/kustomize/pipelines-runner/overlays/application/kustomization.yaml index ec7c361..0a36610 100644 --- a/kustomize/pipelines-runner/overlays/application/kustomization.yaml +++ b/kustomize/pipelines-runner/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-runner - app.kubernetes.io/instance: pipelines-runner-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-runner - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/pipelines-ui/base/deployment.yaml b/kustomize/pipelines-ui/base/deployment.yaml index eea45ac..4e5ef15 100644 --- a/kustomize/pipelines-ui/base/deployment.yaml +++ b/kustomize/pipelines-ui/base/deployment.yaml @@ -12,6 +12,8 @@ spec: metadata: labels: app: ml-pipeline-ui + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: ml-pipeline-ui diff --git a/kustomize/pipelines-ui/base/kustomization.yaml b/kustomize/pipelines-ui/base/kustomization.yaml index b50d0be..cd65ac8 100644 --- a/kustomize/pipelines-ui/base/kustomization.yaml +++ b/kustomize/pipelines-ui/base/kustomization.yaml @@ -9,7 +9,8 @@ resources: - service.yaml configMapGenerator: - name: ui-parameters - env: params.env + envs: + - params.env images: - name: gcr.io/ml-pipeline/frontend newTag: 0.2.5 @@ -43,5 +44,3 @@ vars: apiVersion: v1 fieldref: fieldpath: metadata.name -configurations: -- params.yaml diff --git a/kustomize/pipelines-ui/base/params.yaml b/kustomize/pipelines-ui/base/params.yaml deleted file mode 100644 index c8de9ba..0000000 --- a/kustomize/pipelines-ui/base/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: metadata/annotations/getambassador.io\/config - kind: Service diff --git a/kustomize/pipelines-ui/base/service.yaml b/kustomize/pipelines-ui/base/service.yaml index 8887a5c..e1d92e3 100644 --- a/kustomize/pipelines-ui/base/service.yaml +++ b/kustomize/pipelines-ui/base/service.yaml @@ -3,17 +3,6 @@ apiVersion: v1 kind: Service metadata: name: ml-pipeline-ui - annotations: - getambassador.io/config: |- - --- - apiVersion: ambassador/v0 - kind: Mapping - name: pipelineui-mapping - prefix: /pipeline - rewrite: /pipeline - timeout_ms: 300000 - service: $(service).$(ui-namespace) - use_websocket: true labels: app: ml-pipeline-ui spec: @@ -27,17 +16,6 @@ apiVersion: v1 kind: Service metadata: name: ml-pipeline-tensorboard-ui - annotations: - getambassador.io/config: |- - --- - apiVersion: ambassador/v0 - kind: Mapping - name: pipeline-tensorboard-ui-mapping - prefix: /data - rewrite: /data - timeout_ms: 300000 - service: $(service).$(ui-namespace) - use_websocket: true labels: app: ml-pipeline-tensorboard-ui spec: diff --git a/kustomize/pipelines-ui/kustomization.yaml b/kustomize/pipelines-ui/kustomization.yaml index e562de3..2fef0c8 100644 --- a/kustomize/pipelines-ui/kustomization.yaml +++ b/kustomize/pipelines-ui/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 configurations: - overlays/istio/params.yaml kind: Kustomization diff --git a/kustomize/pipelines-ui/overlays/application/kustomization.yaml b/kustomize/pipelines-ui/overlays/application/kustomization.yaml index 31d5ed5..6a37470 100644 --- a/kustomize/pipelines-ui/overlays/application/kustomization.yaml +++ b/kustomize/pipelines-ui/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-ui - app.kubernetes.io/instance: pipelines-ui-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-ui - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/pipelines-ui/overlays/gcp/deployment.yaml b/kustomize/pipelines-ui/overlays/gcp/deployment.yaml index ebbe162..5e12e76 100644 --- a/kustomize/pipelines-ui/overlays/gcp/deployment.yaml +++ b/kustomize/pipelines-ui/overlays/gcp/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: ml-pipeline-ui spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: volumes: - name: gcp-sa-token diff --git a/kustomize/pipelines-viewer/base/deployment.yaml b/kustomize/pipelines-viewer/base/deployment.yaml index bad9bdf..6115812 100644 --- a/kustomize/pipelines-viewer/base/deployment.yaml +++ b/kustomize/pipelines-viewer/base/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: controller-deployment spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - env: diff --git a/kustomize/pipelines-viewer/kustomization.yaml b/kustomize/pipelines-viewer/kustomization.yaml index 80888c6..612da8c 100644 --- a/kustomize/pipelines-viewer/kustomization.yaml +++ b/kustomize/pipelines-viewer/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/pipelines-viewer/overlays/application/kustomization.yaml b/kustomize/pipelines-viewer/overlays/application/kustomization.yaml index f23f317..9c95c91 100644 --- a/kustomize/pipelines-viewer/overlays/application/kustomization.yaml +++ b/kustomize/pipelines-viewer/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: pipelines-viewer - app.kubernetes.io/instance: pipelines-viewer-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pipelines-viewer - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/profiles/base/crd.yaml b/kustomize/profiles/base/crd.yaml index 44e4142..5df4fbb 100644 --- a/kustomize/profiles/base/crd.yaml +++ b/kustomize/profiles/base/crd.yaml @@ -154,9 +154,3 @@ spec: - name: v1beta1 served: true storage: false -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] \ No newline at end of file diff --git a/kustomize/profiles/base/deployment.yaml b/kustomize/profiles/base/deployment.yaml index 78500bc..824e7cf 100644 --- a/kustomize/profiles/base/deployment.yaml +++ b/kustomize/profiles/base/deployment.yaml @@ -5,6 +5,9 @@ metadata: spec: replicas: 1 template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - command: @@ -25,6 +28,10 @@ spec: port: 8080 initialDelaySeconds: 30 periodSeconds: 30 + ports: + - containerPort: 8080 + name: manager-http + protocol: TCP - command: - /access-management args: @@ -43,6 +50,10 @@ spec: port: 8081 initialDelaySeconds: 30 periodSeconds: 30 + ports: + - containerPort: 8081 + name: kfam-http + protocol: TCP serviceAccountName: controller-service-account imagePullSecrets: - name: k8scc01covidacr-registry-connection diff --git a/kustomize/profiles/base/kustomization.yaml b/kustomize/profiles/base/kustomization.yaml index 3c1b4a6..2f7dbb8 100644 --- a/kustomize/profiles/base/kustomization.yaml +++ b/kustomize/profiles/base/kustomization.yaml @@ -1,3 +1,7 @@ +# TODO(jlewi): This kustomization.yaml is deprecated. We want the +# base_v3 version. This version uses a bunch of problematic patterns e.g. +# i) Using vars to do command line substitution +# ii) Not using a configmap to make application and global config available apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: @@ -20,7 +24,7 @@ images: newTag: latest - name: gcr.io/kubeflow-images-public/profile-controller newName: gcr.io/kubeflow-images-public/profile-controller - newTag: v1.0.0-ge50a8531 + newTag: vmaster-ga49f658f vars: - fieldref: fieldPath: data.admin diff --git a/kustomize/profiles/base_v3/deployment_patch.yaml b/kustomize/profiles/base_v3/deployment_patch.yaml new file mode 100644 index 0000000..372fab2 --- /dev/null +++ b/kustomize/profiles/base_v3/deployment_patch.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - command: + - /manager + - -userid-header + - $(USERID_HEADER) + - -userid-prefix + - $(USERID_PREFIX) + - -workload-identity + - $(WORKLOAD_IDENTITY) + args: [] + name: manager + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix + - name: WORKLOAD_IDENTITY + valueFrom: + configMapKeyRef: + name: profiles-config + key: gcp-sa + - command: + - /access-management + - -cluster-admin + - $(CLUSTER_ADMIN) + - -userid-prefix + - $(USERID_PREFIX) + args: [] + name: kfam + env: + - name: USERID_HEADER + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-header + - name: USERID_PREFIX + valueFrom: + configMapKeyRef: + name: kubeflow-config + key: userid-prefix + - name: CLUSTER_ADMIN + valueFrom: + configMapKeyRef: + name: profiles-config + key: admin + imagePullSecrets: + - name: k8scc01covidacr-registry-connection diff --git a/kustomize/profiles/base_v3/kustomization.yaml b/kustomize/profiles/base_v3/kustomization.yaml new file mode 100644 index 0000000..1b94223 --- /dev/null +++ b/kustomize/profiles/base_v3/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namePrefix: profiles- +commonLabels: + kustomize.component: profiles +images: +- name: gcr.io/kubeflow-images-public/kfam + newName: k8scc01covidacr.azurecr.io/kfam + newTag: latest +- name: gcr.io/kubeflow-images-public/profile-controller + newName: gcr.io/kubeflow-images-public/profile-controller + newTag: vmaster-g34aa47c2 +resources: +- ../base/cluster-role-binding.yaml +- ../base/crd.yaml +- ../base/deployment.yaml +- ../base/service.yaml +- ../base/service-account.yaml +- ../overlays/istio/virtual-service.yaml +- ../overlays/application/application.yaml +patchesStrategicMerge: +- deployment_patch.yaml +configMapGenerator: +# We need the name to be unique without the suffix because the original name is what +# gets used with patches +- name: profiles-config + literals: + - admin= + - gcp-sa= diff --git a/kustomize/profiles/kustomization.yaml b/kustomize/profiles/kustomization.yaml index 417467e..5962e2b 100644 --- a/kustomize/profiles/kustomization.yaml +++ b/kustomize/profiles/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: profiles - app.kubernetes.io/instance: profiles-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: profiles - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 configurations: - overlays/istio/params.yaml kind: Kustomization diff --git a/kustomize/profiles/overlays/application/kustomization.yaml b/kustomize/profiles/overlays/application/kustomization.yaml index 24e9f12..41d8e15 100644 --- a/kustomize/profiles/overlays/application/kustomization.yaml +++ b/kustomize/profiles/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: profiles - app.kubernetes.io/instance: profiles-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: profiles - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: profiles +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/profiles/overlays/debug/kustomization.yaml b/kustomize/profiles/overlays/debug/kustomization.yaml index f333a72..3f438d7 100644 --- a/kustomize/profiles/overlays/debug/kustomization.yaml +++ b/kustomize/profiles/overlays/debug/kustomization.yaml @@ -6,7 +6,8 @@ patchesStrategicMerge: - deployment.yaml configMapGenerator: - name: parameters - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: diff --git a/kustomize/pytorch-job-crds/kustomization.yaml b/kustomize/pytorch-job-crds/kustomization.yaml index 2d5d170..94fb416 100644 --- a/kustomize/pytorch-job-crds/kustomization.yaml +++ b/kustomize/pytorch-job-crds/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pytorch - app.kubernetes.io/instance: pytorch-job-crds-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pytorch-job-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/pytorch-job-crds/overlays/application/application.yaml b/kustomize/pytorch-job-crds/overlays/application/application.yaml index f0536a4..4946a1c 100644 --- a/kustomize/pytorch-job-crds/overlays/application/application.yaml +++ b/kustomize/pytorch-job-crds/overlays/application/application.yaml @@ -6,8 +6,8 @@ spec: selector: matchLabels: app.kubernetes.io/name: pytorch-job-crds - app.kubernetes.io/instance: pytorch-job-crds-v1.0.0 - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/instance: pytorch-job-crds-v0.7.0 + app.kubernetes.io/version: v0.7.0 app.kubernetes.io/component: pytorch app.kubernetes.io/part-of: kubeflow app.kubernetes.io/managed-by: kfctl diff --git a/kustomize/pytorch-job-crds/overlays/application/kustomization.yaml b/kustomize/pytorch-job-crds/overlays/application/kustomization.yaml index 3ab66f7..8647a23 100644 --- a/kustomize/pytorch-job-crds/overlays/application/kustomization.yaml +++ b/kustomize/pytorch-job-crds/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: pytorch-job-crds - app.kubernetes.io/instance: pytorch-job-crds-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: pytorch - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: pytorch-job-crds +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/pytorch-operator/base/cluster-role.yaml b/kustomize/pytorch-operator/base/cluster-role.yaml index 1676c31..d1a9f7f 100644 --- a/kustomize/pytorch-operator/base/cluster-role.yaml +++ b/kustomize/pytorch-operator/base/cluster-role.yaml @@ -10,6 +10,7 @@ rules: resources: - pytorchjobs - pytorchjobs/status + - pytorchjobs/finalizers verbs: - '*' - apiGroups: @@ -56,6 +57,7 @@ rules: resources: - pytorchjobs - pytorchjobs/status + - pytorchjobs/finalizers verbs: - get - list @@ -80,6 +82,7 @@ rules: resources: - pytorchjobs - pytorchjobs/status + - pytorchjobs/finalizers verbs: - get - list diff --git a/kustomize/pytorch-operator/base/deployment.yaml b/kustomize/pytorch-operator/base/deployment.yaml index 65ec3a2..4e1f6a8 100644 --- a/kustomize/pytorch-operator/base/deployment.yaml +++ b/kustomize/pytorch-operator/base/deployment.yaml @@ -11,6 +11,8 @@ spec: metadata: labels: name: pytorch-operator + annotations: + sidecar.istio.io/inject: "false" spec: containers: - command: diff --git a/kustomize/pytorch-operator/base/kustomization.yaml b/kustomize/pytorch-operator/base/kustomization.yaml index f66d016..1991676 100644 --- a/kustomize/pytorch-operator/base/kustomization.yaml +++ b/kustomize/pytorch-operator/base/kustomization.yaml @@ -12,4 +12,4 @@ commonLabels: images: - name: gcr.io/kubeflow-images-public/pytorch-operator newName: gcr.io/kubeflow-images-public/pytorch-operator - newTag: v1.0.0-g047cf0f + newTag: vmaster-gd596e904 diff --git a/kustomize/pytorch-operator/kustomization.yaml b/kustomize/pytorch-operator/kustomization.yaml index d98587e..0a82e6e 100644 --- a/kustomize/pytorch-operator/kustomization.yaml +++ b/kustomize/pytorch-operator/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: pytorch - app.kubernetes.io/instance: pytorch-operator-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: pytorch-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/pytorch-operator/overlays/application/application.yaml b/kustomize/pytorch-operator/overlays/application/application.yaml index 37fe87f..c2eb602 100644 --- a/kustomize/pytorch-operator/overlays/application/application.yaml +++ b/kustomize/pytorch-operator/overlays/application/application.yaml @@ -6,8 +6,8 @@ spec: selector: matchLabels: app.kubernetes.io/name: pytorch-operator - app.kubernetes.io/instance: pytorch-operator-v1.0.0 - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/instance: pytorch-operator-v0.7.0 + app.kubernetes.io/version: v0.7.0 app.kubernetes.io/component: pytorch app.kubernetes.io/part-of: kubeflow app.kubernetes.io/managed-by: kfctl diff --git a/kustomize/pytorch-operator/overlays/application/kustomization.yaml b/kustomize/pytorch-operator/overlays/application/kustomization.yaml index e506470..3cfee77 100644 --- a/kustomize/pytorch-operator/overlays/application/kustomization.yaml +++ b/kustomize/pytorch-operator/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: pytorch-operator - app.kubernetes.io/instance: pytorch-operator-v1.0.0 - app.kubernetes.io/version: v1.0.0 app.kubernetes.io/component: pytorch - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/managed-by: kfctl + app.kubernetes.io/name: pytorch-operator +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/scheduledworkflow/base/deployment.yaml b/kustomize/scheduledworkflow/base/deployment.yaml index 1664f8a..5dcd152 100644 --- a/kustomize/scheduledworkflow/base/deployment.yaml +++ b/kustomize/scheduledworkflow/base/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: ml-pipeline-scheduledworkflow spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - name: ml-pipeline-scheduledworkflow diff --git a/kustomize/scheduledworkflow/kustomization.yaml b/kustomize/scheduledworkflow/kustomization.yaml index 7ffd8ac..28a1c49 100644 --- a/kustomize/scheduledworkflow/kustomization.yaml +++ b/kustomize/scheduledworkflow/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/scheduledworkflow/overlays/application/kustomization.yaml b/kustomize/scheduledworkflow/overlays/application/kustomization.yaml index ed9a8a2..63b8d97 100644 --- a/kustomize/scheduledworkflow/overlays/application/kustomization.yaml +++ b/kustomize/scheduledworkflow/overlays/application/kustomization.yaml @@ -3,11 +3,7 @@ bases: - ../../base commonLabels: app.kubernetes.io/component: scheduledworkflow - app.kubernetes.io/instance: scheduledworkflow-0.2.5 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: scheduledworkflow - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: 0.2.5 kind: Kustomization resources: - application.yaml diff --git a/kustomize/seldon-core-operator/base/kustomizeconfig.yaml b/kustomize/seldon-core-operator/base/kustomizeconfig.yaml index 4a7446a..5faf431 100644 --- a/kustomize/seldon-core-operator/base/kustomizeconfig.yaml +++ b/kustomize/seldon-core-operator/base/kustomizeconfig.yaml @@ -6,3 +6,4 @@ varReference: - kind: Certificate group: cert-manager.io path: spec/dnsNames + diff --git a/kustomize/seldon-core-operator/kustomization.yaml b/kustomize/seldon-core-operator/kustomization.yaml index aa1e214..6d518d2 100644 --- a/kustomize/seldon-core-operator/kustomization.yaml +++ b/kustomize/seldon-core-operator/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: seldon - app.kubernetes.io/instance: seldon-1.15 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: seldon-core-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: "1.15" kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/seldon-core-operator/overlays/application/kustomization.yaml b/kustomize/seldon-core-operator/overlays/application/kustomization.yaml index 905ed60..fc84361 100644 --- a/kustomize/seldon-core-operator/overlays/application/kustomization.yaml +++ b/kustomize/seldon-core-operator/overlays/application/kustomization.yaml @@ -7,3 +7,4 @@ commonLabels: kind: Kustomization resources: - application.yaml + diff --git a/kustomize/spark-operator/base/Kube-descriptor.yaml b/kustomize/spark-operator/base/Kube-descriptor.yaml index 19d4000..7174eff 100644 --- a/kustomize/spark-operator/base/Kube-descriptor.yaml +++ b/kustomize/spark-operator/base/Kube-descriptor.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v1beta2-1.0.0-2.4.4 +appVersion: v1beta2-1.1.0-2.4.5 description: Spark operator based on https://github.com/GoogleCloudPlatform/spark-on-k8s-operator home: https://github.com/kubeflow/manifests/spark-operator keywords: diff --git a/kustomize/spark-operator/base/cr-clusterrole.yaml b/kustomize/spark-operator/base/cr-clusterrole.yaml index 3fe2993..aa94476 100644 --- a/kustomize/spark-operator/base/cr-clusterrole.yaml +++ b/kustomize/spark-operator/base/cr-clusterrole.yaml @@ -66,5 +66,7 @@ rules: resources: - sparkapplications - scheduledsparkapplications + - sparkapplications/status + - scheduledsparkapplications/status verbs: - '*' diff --git a/kustomize/spark-operator/base/crd-cleanup-job.yaml b/kustomize/spark-operator/base/crd-cleanup-job.yaml deleted file mode 100644 index 860e662..0000000 --- a/kustomize/spark-operator/base/crd-cleanup-job.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: crd-cleanup - namespace: default -spec: - template: - spec: - containers: - - command: - - /bin/sh - - -c - - 'curl -ik -X DELETE -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" - -H "Accept: application/json" -H "Content-Type: application/json" https://kubernetes.default.svc/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/sparkapplications.sparkoperator.k8s.io' - image: gcr.io/spark-operator/spark-operator:v1beta2-1.0.0-2.4.4 - imagePullPolicy: IfNotPresent - name: delete-sparkapp-crd - - command: - - /bin/sh - - -c - - 'curl -ik -X DELETE -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" - -H "Accept: application/json" -H "Content-Type: application/json" https://kubernetes.default.svc/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/scheduledsparkapplications.sparkoperator.k8s.io' - image: gcr.io/spark-operator/spark-operator:v1beta2-1.0.0-2.4.4 - imagePullPolicy: IfNotPresent - name: delete-scheduledsparkapp-crd - restartPolicy: OnFailure - serviceAccountName: operator-sa diff --git a/kustomize/spark-operator/base/deploy.yaml b/kustomize/spark-operator/base/deploy.yaml index 7178a43..3e28da5 100644 --- a/kustomize/spark-operator/base/deploy.yaml +++ b/kustomize/spark-operator/base/deploy.yaml @@ -7,7 +7,8 @@ spec: selector: matchLabels: app.kubernetes.io/name: sparkoperator - app.kubernetes.io/version: v1beta2-1.0.0-2.4.4 + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator strategy: type: Recreate template: @@ -16,11 +17,11 @@ spec: prometheus.io/path: /metrics prometheus.io/port: "10254" prometheus.io/scrape: "true" - initializers: - pending: [] + sidecar.istio.io/inject: "false" labels: app.kubernetes.io/name: sparkoperator - app.kubernetes.io/version: v1beta2-1.0.0-2.4.4 + app.kubernetes.io/version: v1beta2-1.1.0-2.4.5 + kustomize.component: spark-operator spec: containers: - args: @@ -35,7 +36,7 @@ spec: - -metrics-port=10254 - -metrics-endpoint=/metrics - -metrics-prefix= - image: gcr.io/spark-operator/spark-operator:v1beta2-1.0.0-2.4.4 + image: gcr.io/spark-operator/spark-operator:v1beta2-1.1.0-2.4.5 imagePullPolicy: IfNotPresent name: sparkoperator ports: diff --git a/kustomize/spark-operator/base/kustomization.yaml b/kustomize/spark-operator/base/kustomization.yaml index 2cf67cd..50eb16b 100644 --- a/kustomize/spark-operator/base/kustomization.yaml +++ b/kustomize/spark-operator/base/kustomization.yaml @@ -1,31 +1,21 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -# Labels to add to all resources and selectors. commonLabels: - kustomize.component: spark-operator - app.kubernetes.io/instance: spark-operator app.kubernetes.io/name: sparkoperator - -# Images modify the tags for images without -# creating patches. + kustomize.component: spark-operator images: - name: gcr.io/spark-operator/spark-operator - newTag: v1beta2-1.0.0-2.4.4 - -# Value of this field is prepended to the -# names of all resources newName: gcr.io/spark-operator/spark-operator + newTag: v1beta2-1.1.0-2.4.5 +kind: Kustomization namePrefix: spark-operator - -# List of resource files that kustomize reads, modifies -# and emits as a YAML string +namespace: kubeflow resources: - spark-sa.yaml - cr-clusterrole.yaml - crb.yaml -- crd-cleanup-job.yaml - deploy.yaml - operator-sa.yaml +- role.yaml +- rolebinding.yaml - sparkapplications.sparkoperator.k8s.io-crd.yaml - scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml diff --git a/kustomize/spark-operator/base/role.yaml b/kustomize/spark-operator/base/role.yaml new file mode 100644 index 0000000..b32b86e --- /dev/null +++ b/kustomize/spark-operator/base/role.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: spark-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - deletecollection + - patch + - update diff --git a/kustomize/spark-operator/base/rolebinding.yaml b/kustomize/spark-operator/base/rolebinding.yaml new file mode 100644 index 0000000..fc3ae1d --- /dev/null +++ b/kustomize/spark-operator/base/rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: spark-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: spark-role +subjects: +- kind: ServiceAccount + name: spark + diff --git a/kustomize/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml b/kustomize/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml index 1ad615a..7bcfba7 100644 --- a/kustomize/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml +++ b/kustomize/spark-operator/base/scheduledsparkapplications.sparkoperator.k8s.io-crd.yaml @@ -12,6 +12,8 @@ spec: - scheduledsparkapp singular: scheduledsparkapplication scope: Namespaced + subresources: + status: {} validation: openAPIV3Schema: properties: @@ -2542,9 +2544,3 @@ spec: - name: v1beta2 served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/spark-operator/base/spark-sa.yaml b/kustomize/spark-operator/base/spark-sa.yaml index 87f28ed..ebbc7df 100644 --- a/kustomize/spark-operator/base/spark-sa.yaml +++ b/kustomize/spark-operator/base/spark-sa.yaml @@ -1,4 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: spark-sa + name: spark + namespace: kubeflow diff --git a/kustomize/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml b/kustomize/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml index 0fbd52a..74065d6 100644 --- a/kustomize/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml +++ b/kustomize/spark-operator/base/sparkapplications.sparkoperator.k8s.io-crd.yaml @@ -12,6 +12,8 @@ spec: - sparkapp singular: sparkapplication scope: Namespaced + subresources: + status: {} validation: openAPIV3Schema: properties: @@ -2524,9 +2526,3 @@ spec: - name: v1beta2 served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/spark-operator/kustomization.yaml b/kustomize/spark-operator/kustomization.yaml index d601df2..445d411 100644 --- a/kustomize/spark-operator/kustomization.yaml +++ b/kustomize/spark-operator/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: spark-operator - app.kubernetes.io/instance: spark-operator-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: sparkoperator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/spark-operator/overlays/application/application.yaml b/kustomize/spark-operator/overlays/application/application.yaml index 3e4b74f..3c6d8c3 100644 --- a/kustomize/spark-operator/overlays/application/application.yaml +++ b/kustomize/spark-operator/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: sparkoperator - app.kubernetes.io/instance: spark-operator-v1.0.0 + app.kubernetes.io/instance: spark-operator-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: sppark-operator app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: Service diff --git a/kustomize/spark-operator/overlays/application/kustomization.yaml b/kustomize/spark-operator/overlays/application/kustomization.yaml index fcbedea..6a652dd 100644 --- a/kustomize/spark-operator/overlays/application/kustomization.yaml +++ b/kustomize/spark-operator/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: sparkoperator - app.kubernetes.io/instance: spark-operator-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: spark-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: sparkoperator +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/spartakus/base/deployment.yaml b/kustomize/spartakus/base/deployment.yaml index c1544eb..2616342 100644 --- a/kustomize/spartakus/base/deployment.yaml +++ b/kustomize/spartakus/base/deployment.yaml @@ -10,12 +10,20 @@ spec: metadata: labels: app: spartakus-volunteer + annotations: + sidecar.istio.io/inject: "false" spec: containers: - args: - volunteer - - --cluster-id=$(usageId) + - --cluster-id=$(USAGE_ID) - --database=https://stats-collector.kubeflow.org image: gcr.io/google_containers/spartakus-amd64:v1.1.0 name: volunteer + env: + - name: USAGE_ID + valueFrom: + configMapKeyRef: + name: spartakus-config + key: usageId serviceAccountName: spartakus diff --git a/kustomize/spartakus/base/kustomization.yaml b/kustomize/spartakus/base/kustomization.yaml index c6afd72..4087b8d 100644 --- a/kustomize/spartakus/base/kustomization.yaml +++ b/kustomize/spartakus/base/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow resources: - cluster-role-binding.yaml - cluster-role.yaml @@ -12,17 +13,10 @@ images: newName: gcr.io/google_containers/spartakus-amd64 newTag: v1.1.0 configMapGenerator: -- name: spartakus-parameters - env: params.env +- name: spartakus-config + envs: + - params.env generatorOptions: disableNameSuffixHash: true -vars: -- name: usageId - objref: - kind: ConfigMap - name: spartakus-parameters - apiVersion: v1 - fieldref: - fieldpath: data.usageId configurations: - params.yaml diff --git a/kustomize/spartakus/kustomization.yaml b/kustomize/spartakus/kustomization.yaml index 4195a98..48f523f 100644 --- a/kustomize/spartakus/kustomization.yaml +++ b/kustomize/spartakus/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: spartakus - app.kubernetes.io/instance: spartakus-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: spartakus - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/spartakus/overlays/application/application.yaml b/kustomize/spartakus/overlays/application/application.yaml index b3b9a79..4cf6095 100644 --- a/kustomize/spartakus/overlays/application/application.yaml +++ b/kustomize/spartakus/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: spartakus - app.kubernetes.io/instance: spartakus-v1.0.0 + app.kubernetes.io/instance: spartakus-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: spartakus app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: ConfigMap diff --git a/kustomize/spartakus/overlays/application/kustomization.yaml b/kustomize/spartakus/overlays/application/kustomization.yaml index 77d4afd..3c900d8 100644 --- a/kustomize/spartakus/overlays/application/kustomization.yaml +++ b/kustomize/spartakus/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: spartakus - app.kubernetes.io/instance: spartakus-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: spartakus - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: spartakus +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/tensorboard/base/deployment.yaml b/kustomize/tensorboard/base/deployment.yaml index ebafcbc..12a856d 100644 --- a/kustomize/tensorboard/base/deployment.yaml +++ b/kustomize/tensorboard/base/deployment.yaml @@ -10,6 +10,8 @@ spec: metadata: labels: app: tensorboard + annotations: + sidecar.istio.io/inject: "false" spec: containers: - args: diff --git a/kustomize/tensorboard/base/kustomization.yaml b/kustomize/tensorboard/base/kustomization.yaml index 3cff0b6..c5faefa 100644 --- a/kustomize/tensorboard/base/kustomization.yaml +++ b/kustomize/tensorboard/base/kustomization.yaml @@ -8,7 +8,8 @@ commonLabels: kustomize.component: tensorboard configMapGenerator: - name: parameters - env: params.env + envs: + - params.env vars: - name: namespace objref: diff --git a/kustomize/tf-job-crds/kustomization.yaml b/kustomize/tf-job-crds/kustomization.yaml index e5644c0..051c801 100644 --- a/kustomize/tf-job-crds/kustomization.yaml +++ b/kustomize/tf-job-crds/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: tfjob - app.kubernetes.io/instance: tf-job-crds-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: tf-job-crds - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/tf-job-crds/overlays/application/application.yaml b/kustomize/tf-job-crds/overlays/application/application.yaml index bcd77f4..fca72d2 100644 --- a/kustomize/tf-job-crds/overlays/application/application.yaml +++ b/kustomize/tf-job-crds/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: tf-job-crds - app.kubernetes.io/instance: tf-job-crds-v1.0.0 + app.kubernetes.io/instance: tf-job-crds-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: tfjob app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: Service diff --git a/kustomize/tf-job-crds/overlays/application/kustomization.yaml b/kustomize/tf-job-crds/overlays/application/kustomization.yaml index ea54226..ae51ba2 100644 --- a/kustomize/tf-job-crds/overlays/application/kustomization.yaml +++ b/kustomize/tf-job-crds/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: tf-job-crds - app.kubernetes.io/instance: tf-job-crds-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: tfjob - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: tf-job-crds +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/tf-job-operator/base/kustomization.yaml b/kustomize/tf-job-operator/base/kustomization.yaml index 4f8c0ed..3845ad2 100644 --- a/kustomize/tf-job-operator/base/kustomization.yaml +++ b/kustomize/tf-job-operator/base/kustomization.yaml @@ -12,4 +12,4 @@ commonLabels: images: - name: gcr.io/kubeflow-images-public/tf_operator newName: gcr.io/kubeflow-images-public/tf_operator - newTag: v1.0.0-g92389064 + newTag: vmaster-ga2ae7bff diff --git a/kustomize/tf-job-operator/kustomization.yaml b/kustomize/tf-job-operator/kustomization.yaml index fdb9eae..ffadde7 100644 --- a/kustomize/tf-job-operator/kustomization.yaml +++ b/kustomize/tf-job-operator/kustomization.yaml @@ -3,11 +3,7 @@ bases: - base commonLabels: app.kubernetes.io/component: tfjob - app.kubernetes.io/instance: tf-job-operator-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: tf-job-operator - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 kind: Kustomization namespace: kubeflow resources: diff --git a/kustomize/tf-job-operator/overlays/application/application.yaml b/kustomize/tf-job-operator/overlays/application/application.yaml index e873a6b..7ca46fb 100644 --- a/kustomize/tf-job-operator/overlays/application/application.yaml +++ b/kustomize/tf-job-operator/overlays/application/application.yaml @@ -6,11 +6,11 @@ spec: selector: matchLabels: app.kubernetes.io/name: tf-job-operator - app.kubernetes.io/instance: tf-job-operator-v1.0.0 + app.kubernetes.io/instance: tf-job-operator-v0.7.0 app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: tfjob app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/version: v0.7.0 componentKinds: - group: core kind: Service diff --git a/kustomize/tf-job-operator/overlays/application/kustomization.yaml b/kustomize/tf-job-operator/overlays/application/kustomization.yaml index 3f40055..418c718 100644 --- a/kustomize/tf-job-operator/overlays/application/kustomization.yaml +++ b/kustomize/tf-job-operator/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: tf-job-operator - app.kubernetes.io/instance: tf-job-operator-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: tfjob - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: tf-job-operator +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/webhook/base/deployment.yaml b/kustomize/webhook/base/deployment.yaml index fae67ec..2b0d28a 100644 --- a/kustomize/webhook/base/deployment.yaml +++ b/kustomize/webhook/base/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: deployment spec: template: + metadata: + annotations: + sidecar.istio.io/inject: "false" spec: containers: - image: gcr.io/kubeflow-images-public/admission-webhook:v20190520-v0-139-gcee39dbc-dirty-0d8f4c @@ -16,4 +19,4 @@ spec: - name: webhook-cert secret: secretName: webhook-certs - serviceAccountName: service-account + serviceAccountName: service-account diff --git a/kustomize/webhook/base/kustomization.yaml b/kustomize/webhook/base/kustomization.yaml index ed71301..8af6b93 100644 --- a/kustomize/webhook/base/kustomization.yaml +++ b/kustomize/webhook/base/kustomization.yaml @@ -15,7 +15,7 @@ namePrefix: admission-webhook- images: - name: gcr.io/kubeflow-images-public/admission-webhook newName: gcr.io/kubeflow-images-public/admission-webhook - newTag: v1.0.0-gaf96e4e3 + newTag: vmaster-gaf96e4e3 namespace: kubeflow configMapGenerator: - envs: @@ -24,23 +24,29 @@ configMapGenerator: generatorOptions: disableNameSuffixHash: true vars: +# These vars are used to substitute in the namespace, service name and +# deployment name into the mutating WebHookConfiguration. +# Since its a CR kustomize isn't aware of those fields and won't +# transform them. +# We need the var names to be relatively unique so that when we +# compose with other applications they won't conflict. - fieldref: fieldPath: data.namespace - name: namespace + name: podDefaultsNamespace objref: apiVersion: v1 kind: ConfigMap name: admission-webhook-parameters - fieldref: fieldPath: metadata.name - name: serviceName + name: podDefaultsServiceName objref: apiVersion: v1 kind: Service name: service - fieldref: fieldPath: metadata.name - name: deploymentName + name: podDefaultsDeploymentName objref: apiVersion: apps/v1 kind: Deployment diff --git a/kustomize/webhook/base/mutating-webhook-configuration.yaml b/kustomize/webhook/base/mutating-webhook-configuration.yaml index 0893ab8..4c1b4c8 100644 --- a/kustomize/webhook/base/mutating-webhook-configuration.yaml +++ b/kustomize/webhook/base/mutating-webhook-configuration.yaml @@ -6,10 +6,13 @@ webhooks: - clientConfig: caBundle: "" service: - name: $(serviceName) - namespace: $(namespace) + name: $(podDefaultsServiceName) + namespace: $(podDefaultsNamespace) path: /apply-poddefault - name: $(deploymentName).kubeflow.org + name: $(podDefaultsDeploymentName).kubeflow.org + namespaceSelector: + matchLabels: + app.kubernetes.io/part-of: kubeflow-profile rules: - apiGroups: - "" diff --git a/kustomize/webhook/kustomization.yaml b/kustomize/webhook/kustomization.yaml index 7c2bd60..9fba28c 100644 --- a/kustomize/webhook/kustomization.yaml +++ b/kustomize/webhook/kustomization.yaml @@ -3,40 +3,8 @@ bases: - base commonLabels: app.kubernetes.io/component: webhook - app.kubernetes.io/instance: webhook-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 -configMapGenerator: -- behavior: merge - env: overlays/cert-manager/params.env - name: admission-webhook-parameters -configurations: -- overlays/cert-manager/params.yaml -generatorOptions: - disableNameSuffixHash: true kind: Kustomization namespace: kubeflow -patchesStrategicMerge: -- overlays/cert-manager/mutating-webhook-configuration.yaml -- overlays/cert-manager/deployment.yaml resources: -- overlays/cert-manager/certificate.yaml - overlays/application/application.yaml -vars: -- fieldref: - fieldPath: data.issuer - name: issuer - objref: - apiVersion: v1 - kind: ConfigMap - name: admission-webhook-parameters -- fieldref: - fieldPath: metadata.name - name: cert_name - objref: - group: cert-manager.io - kind: Certificate - name: admission-webhook-cert - version: v1alpha2 diff --git a/kustomize/webhook/overlays/application/application.yaml b/kustomize/webhook/overlays/application/application.yaml index 52c1431..fc31155 100644 --- a/kustomize/webhook/overlays/application/application.yaml +++ b/kustomize/webhook/overlays/application/application.yaml @@ -5,6 +5,9 @@ metadata: spec: selector: matchLabels: + # TODO(jlewi): We should probably rename the app to PodDefaults + # as that is what the admission controller is actually doing. + # webhook is generic and uninformative. app.kubernetes.io/name: webhook app.kubernetes.io/instance: webhook-v1.0.0 app.kubernetes.io/managed-by: kfctl diff --git a/kustomize/webhook/overlays/application/kustomization.yaml b/kustomize/webhook/overlays/application/kustomization.yaml index 4ca2b6c..c743543 100644 --- a/kustomize/webhook/overlays/application/kustomization.yaml +++ b/kustomize/webhook/overlays/application/kustomization.yaml @@ -1,13 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization bases: - ../../base -resources: -- application.yaml commonLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: webhook-v1.0.0 - app.kubernetes.io/managed-by: kfctl app.kubernetes.io/component: webhook - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/version: v1.0.0 + app.kubernetes.io/name: webhook +kind: Kustomization +resources: +- application.yaml diff --git a/kustomize/webhook/overlays/cert-manager/certificate.yaml b/kustomize/webhook/overlays/cert-manager/certificate.yaml index fde317d..7a969cb 100644 --- a/kustomize/webhook/overlays/cert-manager/certificate.yaml +++ b/kustomize/webhook/overlays/cert-manager/certificate.yaml @@ -4,11 +4,11 @@ metadata: name: admission-webhook-cert spec: isCA: true - commonName: $(serviceName).$(namespace).svc + commonName: $(podDefaultsServiceName).$(podDefaultsNamespace).svc dnsNames: - - $(serviceName).$(namespace).svc - - $(serviceName).$(namespace).svc.cluster.local + - $(podDefaultsServiceName).$(podDefaultsNamespace).svc + - $(podDefaultsServiceName).$(podDefaultsNamespace).svc.cluster.local issuerRef: kind: ClusterIssuer - name: $(issuer) + name: $(podDefaultsIssuer) secretName: webhook-certs \ No newline at end of file diff --git a/kustomize/webhook/overlays/cert-manager/kustomization.yaml b/kustomize/webhook/overlays/cert-manager/kustomization.yaml index 08d5bef..0fef20c 100644 --- a/kustomize/webhook/overlays/cert-manager/kustomization.yaml +++ b/kustomize/webhook/overlays/cert-manager/kustomization.yaml @@ -1,3 +1,9 @@ +# This overlay uses CertManager to provision a certificate for the +# PodDefaults admission controller. This is preferred over the old +# way of using "bootstrap" which was running a shell script to create +# the certificate. +# TODO(jlewi): We should eventually refactor the manifests to delete +# bootstrap and use certmanager by default. bases: - ../../base @@ -11,19 +17,26 @@ patchesStrategicMerge: configMapGenerator: - name: admission-webhook-parameters behavior: merge - env: params.env + envs: + - params.env generatorOptions: disableNameSuffixHash: true vars: -- name: issuer +# These vars are used to substitute in the namespace, service name and +# deployment name into the mutating WebHookConfiguration. +# Since its a CR kustomize isn't aware of those fields and won't +# transform them. +# We need the var names to be relatively unique so that when we +# compose with other applications they won't conflict. +- name: podDefaultsIssuer objref: kind: ConfigMap name: admission-webhook-parameters apiVersion: v1 fieldref: fieldpath: data.issuer -- name: cert_name +- name: podDefaultsCertName objref: kind: Certificate group: cert-manager.io diff --git a/kustomize/webhook/overlays/cert-manager/mutating-webhook-configuration.yaml b/kustomize/webhook/overlays/cert-manager/mutating-webhook-configuration.yaml index b5cc96c..de18f66 100644 --- a/kustomize/webhook/overlays/cert-manager/mutating-webhook-configuration.yaml +++ b/kustomize/webhook/overlays/cert-manager/mutating-webhook-configuration.yaml @@ -3,5 +3,5 @@ kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(namespace)/$(cert_name) + cert-manager.io/inject-ca-from: $(podDefaultsNamespace)/$(podDefaultsCertName) \ No newline at end of file diff --git a/kustomize/webhook/overlays/cert-manager/params.env b/kustomize/webhook/overlays/cert-manager/params.env index 063c6aa..9cb4f7f 100644 --- a/kustomize/webhook/overlays/cert-manager/params.env +++ b/kustomize/webhook/overlays/cert-manager/params.env @@ -1 +1 @@ -issuer=kubeflow-self-signing-issuer +issuer=kubeflow-self-signing-issuer \ No newline at end of file diff --git a/kustomize/webhook/v3/kustomization.yaml b/kustomize/webhook/v3/kustomization.yaml new file mode 100644 index 0000000..df26896 --- /dev/null +++ b/kustomize/webhook/v3/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +commonLabels: + app.kubernetes.io/component: poddefaults + app.kubernetes.io/name: poddefaults +kind: Kustomization +resources: +- ../overlays/cert-manager/ +- ../overlays/application/application.yaml diff --git a/patches/kubeflow.yml b/patches/kubeflow.yml index ffe6637..c086e5f 100644 --- a/patches/kubeflow.yml +++ b/patches/kubeflow.yml @@ -43,7 +43,10 @@ spec: - kubecost - kubeflow - minio + - minio-operator - minio-operator-ns + - minio-premium-tenant-1 + - minio-standard-tenant-1 - mlflow - monitoring - pachyderm