-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade 1.4: Kubeflow #88
Comments
I am currently trying to rebase on the 1.4.1 branch, only to notice, there is no 1.4.1 branch.... According to documentation there is a 1.4.1 release, yet I cannot find it on GitHub. There is the v1.4.0 release There is a v1.4-branch which last commit is October 8th 2021 A v1.4-rc-1 branch last commit Sept 14th 2021 So what is 'release 1.4.1'? It's actually the MANIFEST release So is that only a fix on the manifest, and the code is ok with version 1.4? If so, the tag I would assume is the right one to pull from. |
Decide for the configmap what to follow: VS upstream : https://github.com/kubeflow/kubeflow/blob/master/components/centraldashboard/config/centraldashboard-config.yaml VS upstream manifest: https://github.com/kubeflow/manifests/blob/master/apps/centraldashboard/upstream/base/configmap.yaml VS our 1.3 configmap: https://github.com/StatCan/kubeflow/blob/stc-master/components/centraldashboard/config/centraldashboard-config.yaml Take a look at upstring commit |
Look into removing double Update: Double |
The branch has been created https://github.com/StatCan/kubeflow/tree/feat-upgrade-1.4.0 |
Fixing the vulnerabilities: While fixing them using
|
The vulnerabilities are actually creating a second issue. Once fixed, the A way to avoid this, while keeping the vulnerability fix is to run This being said, 'fixing' the vulnerabilities, somehow breaks the code. One of the likely culprits is this error that seems to appear after the fix:
|
For completeness, I've included the output from trying to build When trying to build
|
Building
|
Fixing the security vulnerabilities with
And the second call:
|
Once the vulnerabilities are taken care of, building (
|
When we look at the difference in packages, once fixed by
|
|
|
The 4 critical bugs are:
|
WE are going to check, for the critical vulnerabilities, if we can patch them up directly. And this way filter out the issues URL-PARSE https://nvd.nist.gov/vuln/detail/CVE-2022-0691 MINIMIST: CVE-2021-44906 |
For CVE-2022-1650: Exposure of Sensitive Information in eventsource
And for CVE-2021-31597: Improper Certificate Validation in xmlhttprequest-ssl
CVE-2020-28502: Arbitrary Code Injection
|
Success with installing
Installing
|
As of right now, the tests cannot be run for us. Therefore the ticket will be considered closed until such a time arrives. @bryanpaget is in contact with upstream about this. See ticket 6592 in upstream (not referenced to avoid link) |
Note, the branch 1.4 will not be closed until ready to deploy in at least dev. |
/kind feature
Why you need this feature:
[Is your feature request related to a problem? Please describe in details]
This issue is a child of StatCan/aaw#1203 and technically an epic in itself.
Describe the solution you'd like:
Upgrade Kubeflow central-dashboard to 1.4.
Our customization includes:
We are mostly using CWA and central dashboard components our of the entire platform. Even then, CWA will be new.
Points of importance:
✅ Looks okay, might not break anything. May have to pay attention to internationalization.
✅ Looks okay, might not break anything. May have to pay attention to internationalization.
✅ Looks okay, just some CSS, might not break anything.
✅ Looks okay, just some CSS. May have to pay attention to internationalization.
Anything else you would like to add:
Based on the way we did 1.3, this is the recommended way:
How we rebase to the v1.4
1.Go on stc-master of kubeflow kubeflow
2. Get the code from upstream,
git remote add upstream https://github.com/kubeflow/kubeflow.git
3.
git remote -v
should now show 4 choices.4. Create the branch v1.4
5. git rebase upstream/v1.4-branch
6. Fix merge conflicts,
7. Create a PR with tag auto build
8. Use the image that was pushed to acr in the dev environment
git remote add upstream https://github.com/kubeflow/kubeflow.git
(add upstream as remote)git remote –v
(list current configured remote)git checkout stc-master
git checkout –b <new-branch-name>
git fetch upstream
git commit -m <commit message>
git push --set-upstream origin <new-branch-name>
NOTE
There is some discussion upstream on issue 6332 about changing the central-dashboard from polymer to angular, which I do hope will happen, but currently does not seem to have been done. This will affect us greatly for obvious reason.
Local testing of Kubeflow
To simulate having a namespace.
Be carefull NOT to be connected to prod.
kubectl port-forward -n kubeflow deployment/profiles-deployment 8081:8081
For connection to the a cluster,
USERID_HEADER=kubeflow-userid USERID_PREFIX= KF_USER_ID=[name@cloud.statcan.ca OR equivalent if kidn user] npm run dev
The text was updated successfully, but these errors were encountered: