From ce5e1783bfe102fdd8016aebf3096f4a64850e0f Mon Sep 17 00:00:00 2001 From: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Tue, 28 Sep 2021 12:52:11 +0200 Subject: [PATCH 1/2] Update composite-controller.yaml --- .../pipelines-profile-controller/composite-controller.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml b/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml index c363defc28f..fb1e6af7370 100644 --- a/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml +++ b/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml @@ -38,6 +38,10 @@ spec: resource: authorizationpolicies updateStrategy: method: InPlace + - apiVersion: kubeflow.org/v1alpha1 + resource: poddefaults + updateStrategy: + method: InPlace hooks: sync: webhook: From af30a68f56d4b12d0c55a0dd0d1c1192d9d8c88c Mon Sep 17 00:00:00 2001 From: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Tue, 28 Sep 2021 12:56:21 +0200 Subject: [PATCH 2/2] Update sync.py --- .../pipelines-profile-controller/sync.py | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/sync.py b/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/sync.py index 1c995cffbbb..35702740020 100644 --- a/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/sync.py +++ b/manifests/kustomize/base/installs/multi-user/pipelines-profile-controller/sync.py @@ -129,6 +129,7 @@ def sync(self, parent, children): # Compute status based on observed state. desired_status = { "kubeflow-pipelines-ready": + len(children["PodDefault.kubeflow.org/v1alpha1"]) == 1 and len(children["Secret.v1"]) == 1 and len(children["ConfigMap.v1"]) == desired_configmap_count and len(children["Deployment.apps/v1"]) == 2 and @@ -339,6 +340,51 @@ def sync(self, parent, children): } } }, + { + "apiVersion": "kubeflow.org/v1alpha1", + "kind": "PodDefault", + "metadata": { + "name": "access-ml-pipeline", + "namespace": namespace + }, + "spec": { + "desc": "Allow access to Kubeflow Pipelines", + "selector": { + "matchLabels": { + "access-ml-pipeline": "true" + } + }, + "volumes": [ + { + "name": "volume-kf-pipeline-token", + "projected": { + "sources": [ + { + "serviceAccountToken": { + "path": "token", + "expirationSeconds": 7200, + "audience": "pipelines.kubeflow.org" + } + } + ] + } + } + ], + "volumeMounts": [ + { + "mountPath": "/var/run/secrets/kubeflow/pipelines", + "name": "volume-kf-pipeline-token", + "readOnly": True + } + ], + "env": [ + { + "name": "KF_PIPELINES_SA_TOKEN_PATH", + "value": "/var/run/secrets/kubeflow/pipelines/token" + } + ] + } + } ] print('Received request:\n', json.dumps(parent, indent=2, sort_keys=True)) print('Desired resources except secrets:\n', json.dumps(desired_resources, indent=2, sort_keys=True))