Bump V1.1 branch #2
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…est back to 1.1.x (#1361)
* feat: KFP multi user mode PR1 - enable multi user mode without istio authorization (#1342) * Add argo to stacks/generic * Pull pipelines manifest from upstream * Updated kfp * Minio v3 manifests * Rename minio configmap * Add generic minio install * Generate new test data * Mysql kustomize v3 manifest - generic install * Add mysql gcp pd install * Generate test data * Pipelines kustomize v3 manifests * Add kfp ui virtual service * Add metadata deployment to stacks/generic * Use common cluster domain * Deploy metadata writer * Add kfp cache server * Update test data * Enable KFP multi user mode without istio security * Fix persistence agent watch namespace * Fix namespace env for some deployments * Fix cluster roles and bindings * fix rename * Fix pipelines ui role * Updated kfp to rc2 * simplify pipeline v3 manifest using updated kfp rc2 manifest * Fix pipeline-install-config * remove redundant configmap * update tests * updated to kfp 1.0.0-rc.3 * Adapt to kfp 1.0rc3 refactoring * update test snapshots * fix pull kfp script to detect empty dir * fix example ref * update snapshot * fix gcp pd manifest * Update stacks ref * revert alice example to gcp stack * update snapshot * fix profile controller iam binding * Update kfp profile controller can be configured to different images and istio sidecar * add missing viewer controller cluster roles * Use python3 for sync.py * Revert gcp stack back to use non multi user kfp * revert unintended changes * revert upstream changes * Use kubeflow userid header and prefix config for KFP servers (#1365) * feat: KFP multi user mode PR2 - secure KFP with istio mTLS and authz (#1368) * Add argo to stacks/generic * Pull pipelines manifest from upstream * Updated kfp * Minio v3 manifests * Rename minio configmap * Add generic minio install * Generate new test data * Mysql kustomize v3 manifest - generic install * Add mysql gcp pd install * Generate test data * Pipelines kustomize v3 manifests * Add kfp ui virtual service * Add metadata deployment to stacks/generic * Use common cluster domain * Deploy metadata writer * Add kfp cache server * Update test data * Enable KFP multi user mode without istio security * Fix persistence agent watch namespace * Fix namespace env for some deployments * Fix cluster roles and bindings * fix rename * Fix pipelines ui role * Updated kfp to rc2 * simplify pipeline v3 manifest using updated kfp rc2 manifest * Fix pipeline-install-config * remove redundant configmap * update tests * updated to kfp 1.0.0-rc.3 * Adapt to kfp 1.0rc3 refactoring * update test snapshots * fix pull kfp script to detect empty dir * fix example ref * update snapshot * fix gcp pd manifest * Update stacks ref * revert alice example to gcp stack * update snapshot * fix profile controller iam binding * Update kfp profile controller can be configured to different images and istio sidecar * add missing viewer controller cluster roles * Use python3 for sync.py * Revert gcp stack back to use non multi user kfp * revert unintended changes * revert upstream changes * Secure kfp multi user mode with istio authorization * patch minio to disable istio sidecar injection * fix cache server istio authz * enable istio sidecar for profiles deploy * enable istio sidecar for centraldashboard * Do not protect profile controller with istio * Allow admission webhook traffic to cache-server * revert gcp stack back to pipeline generic * Reuse minio generic install as base for gcp-pd and ibm * update snapshot * refactor: pipelines profile controller should get minio access keys from the secret (#1372) * refactor: pipelines profile controller should get minio access keys from the secret * do not print secrets in log * feat: Use KFP multi user mode for GCP (#1373) * refactor: pipelines profile controller should get minio access keys from the secret * do not print secrets in log * use kfp multi user mode for gcp stacks * update snapshot * feat: Add application and common labels to KFP and various fixes (#1374) * Add common labels to kfp components * Add KFP application * update snapshot * Use json format for json patch, because yaml will look like a resource and fail tests * Remove part of label * update snapshots * Fix profile controller deployment version * update snapshot * Fix userid-header for gcp * update snapshot * Fix b64encode exception * update snapshot * update snapshot
* Disable sidecar for activator and autoscaler * Fix tests
…on label from Kubeflow namespace on v1.1-branch (#1388)
* Fix for Seldon custom namespace installs of kubeflow (#1375) * Allow namespace install and update to 1.2.1 * remove duplicate vars * update for 1.2.1 and automation * update version * Update tests and change validate to allows CRDs with status * Revert CRD status exception and remove status from Seldon CRD (#1389)
…#1381: knative shouldn't be part of GCP stack kustomization Cherry pick of #1376 #1381 on v1.1-branch. #1376: Add knative and kfserving to GCP stack #1381: knative shouldn't be part of GCP stack kustomization (#1385) * Add knative and kfserving to GCP stack * Related to: GoogleCloudPlatform/kubeflow-distribution#74 Fix common labels for knative and kfserving. * There were typos and they were including labels that by convention we currently don't want in common labels. * knative shouldn't be part of GCP stack kustomization * related to GoogleCloudPlatform/kubeflow-distribution#74 * knative needs to be installed in its own namespace so we don't want to make it part of the kubeflow namespace kustomization package * We will have to install it separately in the blueprint.
…ile refactoring #1398: Convert v1 to v2 setters & substituions in gcp Cherry pick of #1393 #1398 on v1.1-branch. #1393: Check in expected kpt output for Kptfile refactoring #1398: Convert v1 to v2 setters & substituions in gcp (#1401) * Check in expected kpt output for Kptfile refactoring * Per GoogleCloudPlatform/kubeflow-distribution#89 we need to get rid of the legacy partial setters and move to using a KptFile and substitutions. * In preparation for that we want to check in a set of test data that is the result of running our kpt cfg set with a given set of values * This test data will be used to verify that the refactoring to use a KptFile doesn't change the output. * After adding the KptFile we can simply regenerate the testdata and then look at the diff to ensure there are no unexpected changes. * Convert v1 to v2 setters & substituions in gcp * The latest version of kpt started choking on gcp/v2 because we were still using the old style setters and substitutions. * This PR creates a kptfile to use the new setter and substitutions. * hack/create_kptfile.py contains a script to generate lot of the setters and substitutions. * kf-vm-sa.yaml shouldn't specify the namespace; this will get set in an overlay * Move workload identity bindings for kf-admin KSA from kubeflow/instance in gcp blueprints repo into this repository. related to gcp-blueprints#89 * Fix image mirror substitution. * Create a KptFile for stacks. * Add conversion for stacks. * Add KptFile for stacks/gcp
…1378) * image gcr.io/kubeflow-images-public/centraldashboard:v1.1.0-g35d7484a * Image built from kubeflow/kubeflow@35d7484a
…nv variable Cherry pick of #1335 on v1.1-branch. #1335: added support for registration flow env variable (#1370) * added support for registration flow env variable adding expected test changes * Revert "Merge branch 'v1.1-branch' into automated-cherry-pick-of-#1335-upstream-v1.1-branch" This reverts commit cfe177f. Co-authored-by: Luis <maganaluis92@gmail.com>
* Migrate AWS manifests to v3 pattern (#1396) * Migrate AWS manifest to v3 pattern * Clean up tests files * Add istio namespace to istio ingress * Update KFP pipeline test case for aws stack * AWS Kfdef changes using v3 stacks (#1410) * Changes needed for V3 change on AWS * Adopt AWS ECR image for jupyter-web-app components and generate all tests against manifest V3 changes * Adopt Cognito change against V3 * Adopt change for multi-user KFP * Update tests
…stop using namespace #1437: Fix cloudresourcemanager service; missing ApiVersion. Cherry pick of #1432 #1437 on v1.1-branch. #1432: Fix management blueprint kptfile and stop using namespace #1437: Fix cloudresourcemanager service; missing ApiVersion. (#1439) * Fix management blueprint kptfile and stop using namespace mode for CNRM. * The management blueprint should have its own KptFile * Prior to this PR there was only a KptFile at gcp/ * This doesn't work because for the management cluster we only pull the package gcp/v2/management * Related to GoogleCloudPlatform/kubeflow-distribution#102 * Related to GoogleCloudPlatform/kubeflow-distribution#93 * For CNRM Switch to workload identity and stop using namespace mode for CNRM; GoogleCloudPlatform/kubeflow-distribution#13 * Using namespace mode is just extra complexity because we have to install a separate copy of the CNRM controller for every project. * The only reason to do really do that is if you want to use different GCP service accounts to manage different projects. Typically that's not what we do. * With workload identity we have 1 namespace per project but they all use the same GCP SA so the GCP sa can just be authorized to access multiple projects or a folder as needed. * Update the resources to the v1beta1 spec for use with AnthosCLI * It looks like anthoscli requires a NodePool resource * With the v1beta1 specs we need to add the annotation gke.cluster.io = "bootstrap://" so that anthoscli is able to probably group the resources. * Move cnrm-install iam and services into kustomize packages * This way we can hydrate them like we do other manifests * Fix the setters and substitutions for CNRM to make them unique per name * This way we could potentially have multiple management clusters per project which if nothing else will be useful for testing. * Add workload identity pool to the management cluster. * Management nodepool should set workloadMetadataConfig so that we run the workload identity servers. * Fix. * Fix cloudresourcemanager service; missing ApiVersion. Related to: GoogleCloudPlatform/kubeflow-distribution#102
…m_dex support #1355: add myself to kfdef/OWNERS #1428: add multi-user kfdef configurations Cherry pick of #1311 #1336 #1355 #1428 on v1.1-branch. #1311: KFServing Owners file #1336: kfctl_ibm_dex support #1355: add myself to kfdef/OWNERS #1428: add multi-user kfdef configurations (#1441) * KFServing Owners file * Update OWNERS * knative owners * Update OWNERS * Update OWNERS * Update OWNERS * Update OWNERS * Update OWNERS * Update OWNERS * kfctl_ibm_dex support * add dex config * fix * update default config * update dex-config.yaml * add support for kustomize fns * update docker image repo * update oidc-authservice * set default userid-header * update tests * add myself to kfdef/OWNERS * add multi-user kfdef configurations * replace env with envs * update multi-user * update with namespaces * different ClusterRbacConfig for dex and non-dex * add v1.1.0 ibm kfdef * update generated tests * update test expected data Co-authored-by: Animesh Singh <singhan@us.ibm.com>
…ry pick of #1445 on v1.1-branch. #1445: Pass userid-header param to kfam (#1448) Need `userid-header` param to use proper header when handling the API calls. Default header value: `x-goog-authenticated-user-email` would be used if this param doesn't present. It may only work on GCP. Therefore, we do need this param to be properly passed to kfam.
* Add Jeffwan to OWNERS files * Address code review feedbacks
* image gcr.io/kubeflow-images-public/kfam:v1.1.0-g9f3bfd00 * Image built from kubeflow/kubeflow@9f3bfd00
…#1308) * image gcr.io/kubeflow-images-public/profile-controller:v1.1.0-ga49f658f * Image built from kubeflow/kubeflow@a49f658f
#1422) * image gcr.io/kubeflow-images-public/notebook-controller:v1.1.0-gd3377cbd * Image built from kubeflow/kubeflow@d3377cbd
…1423) * image gcr.io/kubeflow-images-public/jupyter-web-app:v1.1.0-gd3377cbd * Image built from kubeflow/kubeflow@d3377cbd
* image gcr.io/kubeflow-images-public/kfam:v1.1.0-g9f3bfd00 * Image built from kubeflow/kubeflow@9f3bfd00
…1492) * fix: let KFP profile controller use KFP version from upstream * update snapshots * disable suffix hash to workaround a problem * update snapshots * stop using commonprefix to let configmapref work * update snapshots
* v1.1 istio dex components for kubernetes installation (#1494) * v1.1 istio dex components for kubernetes installation * Adds kfdef and creds correction * Test cases generated * v1.1.0 kfdef added (cherry picked from commit 6dcebbe) * v1.1 manifests for vanilla k8s (#1483) * v1.1 manifests for vanilla k8s * adds k8s_istio v3 kfdef * add tests (cherry picked from commit c429076) * Fix tests [Issue: kubeflow/kubeflow#5022] [See also: kubeflow/website#1984]
* kfdef for azure * kfdef for azure * Axure kfdef * argo version update * Owners * OWNERS * argo version * Tickle owners * Tickle owners
* Rename rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system:auth-delegator.yaml to rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system-auth-delegator.yaml * intial kdef * indentation * eof * eof * eof * eof * eof * adding istio to azure stack * indentation * update URI * Rename rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system-auth-delegator.yaml to rbac.authorization.k8s.io_v1_clusterrolebinding_custom-metrics:system:auth-delegator.yaml * placeholder for azure ad values
* Add readme file * Add Azure overlay for metadata * Add azure overlay and readme file * Changed the default metadata db name to be metadata-db * Remove duplicated file * Few edits when proofreading the readme.md * Adding db name to be optional * move the overlay to azure stack folder * using relative path for metadata folder
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue is resolved by this Pull Request:
Resolves #
Description of your changes:
Checklist:
cd manifests/testsmake generate-changed-onlymake test