diff --git a/README.md b/README.md new file mode 100644 index 00000000..2ab2d16a --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# Helm Charts +Helm Charts for V3IO Components + +# Usage + +``` +$ helm repo add mlrunce-stable https://mlrun.github.io/ce/helm-charts/stable + +``` diff --git a/charts/mlrun-ce/Chart.yaml b/charts/mlrun-ce/Chart.yaml new file mode 100644 index 00000000..21096080 --- /dev/null +++ b/charts/mlrun-ce/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +version: 0.0.1 +name: mlrun-ce +description: MLRUn Open Source Stack +home: https://iguazio.com +icon: https://www.iguazio.com/wp-content/uploads/2019/10/Iguazio-Logo.png +sources: [] +maintainers: + - name: Adam Melnick + email: adamm@iguazio.com + - name: Eliyahu Noach + email: eliyahun@iguazio.com diff --git a/charts/mlrun-ce/README.md b/charts/mlrun-ce/README.md new file mode 100644 index 00000000..00ea7549 --- /dev/null +++ b/charts/mlrun-ce/README.md @@ -0,0 +1,160 @@ +# MLRun CE: MLRun Open Source CE for MLOps + +This Helm charts bundles open source software stack for advanced ML operations + +## Chart Details + +The Open source MLRun ce chart includes the following stack: + +* Nuclio - https://github.com/nuclio/nuclio +* MLRun - https://github.com/mlrun/mlrun +* Jupyter - https://github.com/jupyter/notebook (+MLRun integrated) +* MPI Operator - https://github.com/kubeflow/mpi-operator +* Minio - https://github.com/minio/minio/tree/master/helm/minio +* Spark Operator - https://github.com/GoogleCloudPlatform/spark-on-k8s-operator +* Pipelines - https://github.com/kubeflow/pipelines +* Prometheus stack - https://github.com/prometheus-community/helm-charts + +## Prerequisites + +- Helm >=3.6 installed from [here](https://helm.sh/docs/intro/install/) + +- Preprovisioned Kubernetes StorageClass + +> In case your Kubernetes flavor is not shipped with a default StorageClass, you may use [local-path by Rancher](https://github.com/rancher/local-path-provisioner) +> 1. Install it via [this link](https://github.com/rancher/local-path-provisioner#installation) +> 2. Set as default by executing `kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'` + + +## Installing the Chart + +Create a namespace for the deployed components: +```bash +kubectl create namespace mlrun +``` + +Add the v3io-stable helm chart repo +```bash +helm repo add v3io-stable https://v3io.github.io/helm-charts/stable +``` + +To work with the open source MLRun stack, you must an accessible docker-registry. The registry's URL and credentials +are consumed by the applications via a pre-created secret + +To create a secret with your docker-registry details: + +```bash +kubectl --namespace mlrun create secret docker-registry registry-credentials \ + --docker-username \ + --docker-password \ + --docker-server \ + --docker-email +``` + +To install the chart with the release name `my-mlrun` use the following command, +note the reference to the pre-created `registry-credentials` secret in `global.registry.secretName`, +and a `global.registry.url` with an appropriate registry URL which can be authenticated by this secret: + +```bash +helm --namespace mlrun \ + install my-mlrun \ + --wait \ + --set global.registry.url= \ + --set global.registry.secretName=registry-credentials \ + v3io-stable/mlrun-ce +``` + +## Installing MLRun-ce on minikube + +The Open source MLRun ce uses node ports for simplicity. If your kubernetes cluster is running inside a VM, +as is the case when using minikube, the kubernetes services exposed over node ports would not be available on +your local interface, but instead, on the virtual machine's interface. +To accommodate for this, use the `global.externalHostAddress` value on the chart. For example, if you're using +the ce inside a minikube cluster, add `--set global.externalHostAddress=$(minikube ip)` to the helm install command. + +## Advanced Chart Configuration + +Configurable values are documented in the `values.yaml`, and the `values.yaml` of all sub charts. +Override those [in the normal methods](https://helm.sh/docs/chart_template_guide/values_files/). + +To use the full version, override the helm install command using `-f override-full.yaml` + + +### Usage + +Your applications are now available in your local browser: +- jupyter-notebook - http://nodeipaddress:30040 +- nuclio - http://nodeipaddress:30050 +- mlrun UI - http://nodeipaddress:30060 +- mlrun API (external) - http://nodeipaddress:30070 +- minio API - http://nodeipaddress:30080 +- minio UI - http://nodeipaddress:30090 +- pipeline UI - http://nodeipaddress:30100 +- grafana UI - http://nodeipaddress:30110 + + +> **Note:** +> The above links assume your Kubernetes cluster is exposed on localhost. +> If that's not the case, the different components will be available on `externalHostAddress` + +### Start Working + +- Open Jupyter Notebook on [**jupyter-notebook UI**](http://localhost:30040) and run the code in +[**examples/mlrun_basics.ipynb**](https://github.com/mlrun/mlrun/blob/master/examples/mlrun_basics.ipynb) notebook. + +> **Note:** +> - You can change the ports by providing values to the helm install command. +> - You can add and configure a k8s ingress-controller for better security and control over external access. + + +## Uninstalling the Chart +```bash +helm --namespace mlrun uninstall my-mlrun +``` + +#### Note on terminating pods and hanging resources +It is important to note that this chart generates several persistent volume claims and also provisions an NFS +provisioning server, to provide the user with persistency (via pvc) out of the box. +Because of the persistency of PV/PVC resources, after installing this chart, PVs and PVCs will be created, +And upon uninstallation, any hanging / terminating pods will hold the PVCs and PVs respectively, as those +Prevent their safe removal. +Because pods stuck in terminating state seem to be a never-ending plague in k8s, please note this, +And don't forget to clean the remaining PVCs and PVs + +Handing stuck-at-terminating pods: +```bash +kubectl --namespace mlrun delete pod --force --grace-period=0 +``` + +Reclaim dangling persistency resources: + +| WARNING: This will result in data loss! | +| --- | + +```bash +# To list PVCs +$ kubectl --namespace mlrun get pvc +... + +# To remove a PVC +$ kubectl --namespace mlrun delete pvc +... + +# To list PVs +$ kubectl --namespace mlrun get pv +... + +# To remove a PVC +$ kubectl --namespace mlrun delete pvc + +# Remove hostpath(s) used for mlrun (and possibly nfs). Those will be created, by default under /tmp, and will contain +# your release name, e.g.: +$ rm -rf my-mlrun-mlrun-ce-mlrun +... +``` + +### Using Kubeflow Pipelines + +MLRun enables you to run your functions while saving outputs and artifacts in a way that is visible to Kubeflow Pipelines. +If you wish to use this capability you will need to install Kubeflow on your cluster. +Refer to the [**Kubeflow documentation**](https://www.kubeflow.org/docs/started/getting-started/) for more information. diff --git a/charts/mlrun-ce/override-full.yaml b/charts/mlrun-ce/override-full.yaml new file mode 100644 index 00000000..398be203 --- /dev/null +++ b/charts/mlrun-ce/override-full.yaml @@ -0,0 +1,154 @@ +global: + + # External host/ip to reach the k8s node. This might take various values if k8s is run in a VM or a cloud env + externalHostAddress: localhost + registry: + url: mustprovide + secretName: secretNameofcontainerregistrymustprovide + +mlrun: + # set the type of filesystem to use: filesystem, s3 + storage: filesystem + api: + fullnameOverride: mlrun-api + persistence: + enabled: true + annotations: + helm.sh/resource-policy: "keep" + extraEnv: + - name: MLRUN_SPARK_OPERATOR_VERSION + value: spark-3 + - name: MLRUN_STORAGE__AUTO_MOUNT_TYPE + value: s3 + - name: MLRUN_STORAGE__AUTO_MOUNT_PARAMS + value: "aws_access_key=minio,aws_secret_key=minio123,endpoint_url=http://minio.mlrun.svc.cluster.local:9000" + - name: MLRUN_HTTPDB__PROJECTS__FOLLOWERS + value: nuclio + - name: S3_ENDPOINT_URL + value: http://minio.mlrun.svc.cluster.local:9000 + - name: AWS_SECRET_ACCESS_KEY + value: minio123 + - name: AWS_ACCESS_KEY_ID + value: minio + - name: MLRUN_HTTPDB__REAL_PATH + value: s3:// + - name: MLRUN_ARTIFACT_PATH + value: s3://mlrun/ + - name: MLRUN_SPARK_APP_IMAGE + value: gcr.io/iguazio/spark-app + - name: MLRUN_SPARK_APP_IMAGE_TAG + value: v3.2.1-mlk + - name: MLRUN_KFP_URL + value: http://ml-pipeline.mlrun.svc.cluster.local:8888 + db: + persistence: + enabled: true + annotations: + helm.sh/resource-policy: "keep" + +jupyterNotebook: + persistence: + enabled: true + annotations: + helm.sh/resource-policy: "keep" + +minio: + enabled: true + rootUser: minio + rootPassword: minio123 + mode: distributed + replicas: 4 + resources: + requests: + memory: 0.5Gi + persistence: + enabled: true + size: 1Gi + +spark-operator: + enabled: true + fullnameOverride: spark-operator + webhook: + enable: true + +pipelines: + enabled: true + name: pipelines + persistence: + enabled: true + existingClaim: + storageClass: + accessMode: "ReadWriteOnce" + size: "20Gi" + annotations: + helm.sh/resource-policy: "keep" + db: + username: root + minio: + enabled: true + accessKey: "minio" + secretKey: "minio123" + endpoint: "minio.mlrun.svc.cluster.local" + endpointPort: "9000" + bucket: "mlrun" + images: + argoexec: + repository: gcr.io/ml-pipeline/argoexec + tag: v3.3.8-license-compliance + workflowController: + repository: gcr.io/ml-pipeline/workflow-controller + tag: v3.3.8-license-compliance + apiServer: + repository: gcr.io/ml-pipeline/api-server + tag: 1.8.3 + persistenceagent: + repository: gcr.io/ml-pipeline/persistenceagent + tag: 1.8.3 + scheduledworkflow: + repository: gcr.io/ml-pipeline/scheduledworkflow + tag: 1.8.3 + ui: + repository: gcr.io/ml-pipeline/frontend + tag: 1.8.3 + viewerCrdController: + repository: gcr.io/ml-pipeline/viewer-crd-controller + tag: 1.8.3 + visualizationServer: + repository: gcr.io/ml-pipeline/visualization-server + tag: 1.8.3 + metadata: + container: + repository: gcr.io/tfx-oss-public/ml_metadata_store_server + tag: 1.5.0 + metadataEnvoy: + repository: gcr.io/ml-pipeline/metadata-envoy + tag: 1.8.3 + metadataWriter: + repository: gcr.io/ml-pipeline/metadata-writer + tag: 1.8.3 + mysql: + repository: mysql + tag: 5.7-debian + cacheImage: + repository: gcr.io/google-containers/busybox + tag: latest + +kube-prometheus-stack: + fullnameOverride: monitoring + enabled: true + alertmanager: + enabled: false + grafana: + adminUser: "admin" + adminPassword: "admin-passw123" + fullnameOverride: grafana + enabled: true + service: + type: NodePort + nodePort: 30110 + prometheus: + enabled: true + kube-state-metrics: + fullnameOverride: state-metrics + prometheus-node-exporter: + fullnameOverride: node-exporter diff --git a/charts/mlrun-ce/requirements.lock b/charts/mlrun-ce/requirements.lock new file mode 100644 index 00000000..ad57b470 --- /dev/null +++ b/charts/mlrun-ce/requirements.lock @@ -0,0 +1,21 @@ +dependencies: +- name: nuclio + repository: https://nuclio.github.io/nuclio/charts + version: 0.14.0 +- name: mlrun + repository: https://v3io.github.io/helm-charts/stable + version: 0.9.1 +- name: mpi-operator + repository: https://v3io.github.io/helm-charts/stable + version: 0.6.0 +- name: minio + repository: https://charts.min.io/ + version: 4.0.2 +- name: spark-operator + repository: https://googlecloudplatform.github.io/spark-on-k8s-operator + version: 1.1.25 +- name: kube-prometheus-stack + repository: https://prometheus-community.github.io/helm-charts + version: 39.6.0 +digest: sha256:1f19304db4f4a2e772fb7401e33ac98aea8f93a2b6c85d788a538af9706dda92 +generated: "2022-08-14T11:48:43.2664916+03:00" diff --git a/charts/mlrun-ce/requirements.yaml b/charts/mlrun-ce/requirements.yaml new file mode 100644 index 00000000..9bb011ca --- /dev/null +++ b/charts/mlrun-ce/requirements.yaml @@ -0,0 +1,23 @@ +dependencies: +- name: nuclio + version: "0.14.0" + repository: "https://nuclio.github.io/nuclio/charts" +- name: mlrun + version: "0.9.1" + repository: "https://v3io.github.io/helm-charts/stable" +- name: mpi-operator + version: "0.6.0" + repository: "https://v3io.github.io/helm-charts/stable" +- name: minio + repository: "https://charts.min.io/" + version: "4.0.2" + condition: minio.enabled +- name: spark-operator + repository: "https://googlecloudplatform.github.io/spark-on-k8s-operator" + version: "1.1.25" + condition: spark-operator.enabled +- name: kube-prometheus-stack + repository: "https://prometheus-community.github.io/helm-charts" + version: "39.6.0" + condition: kube-prometheus-stack.enabled + diff --git a/charts/mlrun-ce/templates/NOTES.txt b/charts/mlrun-ce/templates/NOTES.txt new file mode 100644 index 00000000..2870aa55 --- /dev/null +++ b/charts/mlrun-ce/templates/NOTES.txt @@ -0,0 +1,46 @@ +You're up and running ! + +1. Jupyter UI is available at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.jupyterNotebook.service.nodePort }} + +2. Nuclio UI is available at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.global.nuclio.dashboard.nodePort }} + +3. MLRun UI is available at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.mlrun.ui.service.nodePort }} + +4. MLRun API is exposed externally at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.mlrun.api.service.nodePort }} + +{{- if .Values.minio.enabled }} + +5. Minio API is exposed externally at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.minio.service.nodePort }} + +6. Minio UI is available at: + http://{{ .Values.global.externalHostAddress }}:{{ .Values.minio.consoleService.nodePort }} + + Credentials: + username: {{ .Values.minio.rootUser }} + password: {{ .Values.minio.rootPassword }} + +{{- end }} + +{{- if .Values.pipelines.enabled }} + +7. Pipelines UI is available at: + http://{{ .Values.global.externalHostAddress }}:30100 +{{- end }} + +{{- if index .Values "kube-prometheus-stack" "enabled" }} + +8. Grafana UI is available at: + http://{{ .Values.global.externalHostAddress }}:30110 + + Credentials: + username: {{ (index .Values "kube-prometheus-stack" "grafana" "adminUser") }} + password: {{ (index .Values "kube-prometheus-stack" "grafana" "adminPassword") }} +{{- end }} + + +Happy MLOPSing !!! :] diff --git a/charts/mlrun-ce/templates/_helpers.tpl b/charts/mlrun-ce/templates/_helpers.tpl new file mode 100644 index 00000000..73bf083f --- /dev/null +++ b/charts/mlrun-ce/templates/_helpers.tpl @@ -0,0 +1,205 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create fully qualified names. +*/}} +{{- define "mlrun-ce.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "mlrun-ce.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := (include "mlrun-ce.name" .) -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mlrun-ce.shared-persistency-pvc.fullname" -}} +{{- if (index .Values.mlrun.api.extraPersistentVolumeMounts 0).existingClaim -}} +{{- (index .Values.mlrun.api.extraPersistentVolumeMounts 0).existingClaim -}} +{{- else -}} +{{- printf "%s-shared-pvc" (include "mlrun-ce.fullname" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Copied over from mlrun chart to duplicate the logic without constraining the values +*/}} +{{- define "mlrun-ce.jupyter.fullname" -}} +{{- if .Values.jupyterNotebook.fullnameOverride -}} +{{- .Values.jupyterNotebook.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.jupyterNotebook.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mlrun-ce.jupyter.mlrunUIURL" -}} +{{- if .Values.jupyterNotebook.mlrunUIURL -}} +{{- .Values.jupyterNotebook.mlrunUIURL -}} +{{- else -}} +{{- printf "http://%s:%s" .Values.global.externalHostAddress (.Values.mlrun.ui.service.nodePort | toString) -}} +{{- end -}} +{{- end -}} + + +{{/* +Copied over from mlrun chart to duplicate the logic without constraining the values +*/}} +{{- define "mlrun-ce.mlrun.api.fullname" -}} +{{- if .Values.mlrun.api.fullnameOverride -}} +{{- .Values.mlrun.api.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.mlrun.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.mlrun.api.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.mlrun.api.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Copied over from mlrun chart to duplicate the logic without constraining the values +*/}} + +{{- define "mlrun-ce.mlrun.db.fullname" -}} +{{- if .Values.mlrun.db.fullnameOverride -}} +{{- .Values.mlrun.db.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.mlrun.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.mlrun.db.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.mlrun.db.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Copied over from mlrun chart to duplicate the logic without constraining the values +*/}} +{{- define "mlrun-ce.mlrun.ui.fullname" -}} +{{- if .Values.mlrun.ui.fullnameOverride -}} +{{- .Values.mlrun.ui.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.mlrun.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.mlrun.ui.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.mlrun.ui.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mlrun-ce.mlrun.api.port" -}} +{{- .Values.mlrun.api.service.port | int -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mlrun-ce.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Mlrun DB labels +*/}} +{{- define "mlrun-ce.mlrun.db.labels" -}} +{{ include "mlrun-ce.common.labels" . }} +{{ include "mlrun-ce.mlrun.db.selectorLabels" . }} +{{- end -}} + +{{/* +Mlrun DB selector labels +*/}} +{{- define "mlrun-ce.mlrun.db.selectorLabels" -}} +{{ include "mlrun-ce.common.selectorLabels" . }} +app.kubernetes.io/component: {{ .Values.mlrun.db.name | quote }} +{{- end -}} + +{{/* +Mlrun API labels +*/}} +{{- define "mlrun-ce.mlrun.api.labels" -}} +{{ include "mlrun-ce.common.labels" . }} +{{ include "mlrun-ce.mlrun.api.selectorLabels" . }} +{{- end -}} + + +{{/* +Mlrun API selector labels +*/}} +{{- define "mlrun-ce.mlrun.api.selectorLabels" -}} +{{ include "mlrun-ce.common.selectorLabels" . }} +app.kubernetes.io/component: {{ .Values.mlrun.api.name | quote }} +{{- end -}} + + +{{/* +Common labels +*/}} +{{- define "mlrun-ce.common.labels" -}} +helm.sh/chart: {{ include "mlrun-ce.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Common selector labels +*/}} +{{- define "mlrun-ce.common.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mlrun-ce.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Jupyter selector labels +*/}} +{{- define "mlrun-ce.jupyter.selectorLabels" -}} +{{ include "mlrun-ce.common.selectorLabels" . }} +app.kubernetes.io/component: {{ .Values.jupyterNotebook.name | quote }} +{{- end -}} + +{{/* +Jupyter labels +*/}} +{{- define "mlrun-ce.jupyter.labels" -}} +{{ include "mlrun-ce.common.labels" . }} +{{ include "mlrun-ce.jupyter.selectorLabels" . }} +{{- end -}} + + + + +{{/* +Pipelines selector labels +*/}} +{{- define "mlrun-ce.pipelines.selectorLabels" -}} +{{ include "mlrun-ce.common.selectorLabels" . }} +app.kubernetes.io/component: {{ .Values.pipelines.name | quote }} +{{- end -}} + +{{/* +Pipelines labels +*/}} +{{- define "mlrun-ce.pipelines.labels" -}} +{{ include "mlrun-ce.common.labels" . }} +{{ include "mlrun-ce.pipelines.selectorLabels" . }} +{{- end -}} + diff --git a/charts/mlrun-ce/templates/jupyter-notebook/deployment.yaml b/charts/mlrun-ce/templates/jupyter-notebook/deployment.yaml new file mode 100644 index 00000000..fe1e7b64 --- /dev/null +++ b/charts/mlrun-ce/templates/jupyter-notebook/deployment.yaml @@ -0,0 +1,83 @@ +{{- if .Values.jupyterNotebook.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mlrun-ce.jupyter.fullname" . }} + labels: + {{- include "mlrun-ce.jupyter.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "mlrun-ce.jupyter.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "mlrun-ce.jupyter.selectorLabels" . | nindent 8 }} + spec: +{{- if .Values.jupyterNotebook.awsInstall }} + serviceAccount: {{ .Values.jupyterNotebook.serviceAccount }} +{{- end }} + securityContext: + runAsUser: 1000 + runAsGroup: 100 + fsGroup: 100 + initContainers: + - name: init-chown-data + # jupyter default NB user: uid=1000(jovyan) gid=100(users) groups=100(users) + command: ["chown", "-R", "1000:100", "/home/jovyan/data"] + image: busybox:1.35 + imagePullPolicy: IfNotPresent + securityContext: + runAsUser: 0 + volumeMounts: + - mountPath: /home/jovyan/data + name: notebooks + containers: + - name: jupyter-notebook + image: "{{ .Values.jupyterNotebook.image.repository }}:{{ .Values.jupyterNotebook.image.tag }}" + imagePullPolicy: {{ .Values.jupyterNotebook.image.pullPolicy }} + env: + - name: MLRUN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: JUPYTER_ENABLE_LAB + value: "yes" + - name: MLRUN_DBPATH + value: {{ printf "http://%s:%s" (include "mlrun-ce.mlrun.api.fullname" .) (include "mlrun-ce.mlrun.api.port" .) }} + - name: MLRUN_UI_URL + value: {{ template "mlrun-ce.jupyter.mlrunUIURL" . }} + - name: MLRUN_MPIJOB_CRD_VERSION + value: {{ index .Values "mpi-operator" "crd" "version" }} +{{- if .Values.jupyterNotebook.persistence.enabled }} + - name: MLRUN_PVC_MOUNT + value: {{ printf "%s:/home/jovyan/data" (include "mlrun-ce.jupyter.fullname" .) }} +{{- end }} + - name: CHOWN_HOME + value: "yes" + - name: CHOWN_HOME_OPTS + value: "-R" + {{- if .Values.jupyterNotebook.extraEnv }} + {{ toYaml .Values.jupyterNotebook.extraEnv | nindent 8 }} + {{- end }} + volumeMounts: + - mountPath: /home/jovyan/data + name: notebooks + ports: + - containerPort: 8888 + name: http + command: [ "start-notebook.sh" ] + args: + - --ip="0.0.0.0" + - --port=8888 + - --NotebookApp.token='' + - --NotebookApp.password='' + - --NotebookApp.default_url="/lab" + volumes: + - name: notebooks + persistentVolumeClaim: +{{- if .Values.jupyterNotebook.persistence.enabled }} + claimName: {{ template "mlrun-ce.jupyter.fullname" . }} +{{- end }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/jupyter-notebook/ingress.yaml b/charts/mlrun-ce/templates/jupyter-notebook/ingress.yaml new file mode 100644 index 00000000..b25658e4 --- /dev/null +++ b/charts/mlrun-ce/templates/jupyter-notebook/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.jupyterNotebook.enabled -}} +{{- if .Values.jupyterNotebook.ingress.enabled -}} +{{- $fullName := include "mlrun-ce.jupyter.fullname" . -}} +{{- $svcPort := .Values.jupyterNotebook.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "mlrun-ce.jupyter.labels" . | nindent 4 }} + {{- with .Values.jupyterNotebook.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.jupyterNotebook.ingress.tls }} + tls: + {{- range .Values.jupyterNotebook.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.jupyterNotebook.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/mlrun-ce/templates/jupyter-notebook/service.yaml b/charts/mlrun-ce/templates/jupyter-notebook/service.yaml new file mode 100644 index 00000000..46509b3a --- /dev/null +++ b/charts/mlrun-ce/templates/jupyter-notebook/service.yaml @@ -0,0 +1,40 @@ +{{- if .Values.jupyterNotebook.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mlrun-ce.jupyter.fullname" . }} + labels: + {{- include "mlrun-ce.jupyter.labels" . | nindent 4 }} +spec: +{{- if (or (eq .Values.jupyterNotebook.service.type "ClusterIP") (empty .Values.jupyterNotebook.service.type)) }} + type: ClusterIP + {{- if .Values.jupyterNotebook.service.clusterIP }} + clusterIP: {{ .Values.jupyterNotebook.service.clusterIP }} + {{end}} +{{- else if eq .Values.jupyterNotebook.service.type "LoadBalancer" }} + type: {{ .Values.jupyterNotebook.service.type }} + {{- if .Values.jupyterNotebook.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.jupyterNotebook.service.loadBalancerIP }} + {{- end }} + {{- if .Values.jupyterNotebook.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.jupyterNotebook.service.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.jupyterNotebook.service.type }} +{{- end }} +{{- if .Values.jupyterNotebook.service.externalIPs }} + externalIPs: +{{ toYaml .Values.jupyterNotebook.service.externalIPs | indent 4 }} +{{- end }} + ports: + - name: http + port: {{ .Values.jupyterNotebook.service.port }} + protocol: TCP + targetPort: http +{{ if (and (eq .Values.jupyterNotebook.service.type "NodePort") (not (empty .Values.jupyterNotebook.service.nodePort))) }} + nodePort: {{.Values.jupyterNotebook.service.nodePort}} +{{ end }} + selector: + {{- include "mlrun-ce.jupyter.selectorLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/persistency/jupyter-pvc.yaml b/charts/mlrun-ce/templates/persistency/jupyter-pvc.yaml new file mode 100644 index 00000000..082720b6 --- /dev/null +++ b/charts/mlrun-ce/templates/persistency/jupyter-pvc.yaml @@ -0,0 +1,25 @@ +{{- if .Values.jupyterNotebook.persistence.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "mlrun-ce.jupyter.fullname" . }} + labels: + {{- include "mlrun-ce.jupyter.labels" . | nindent 4 }} +{{- with .Values.jupyterNotebook.persistence.annotations }} + annotations: {{ toYaml . | nindent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.jupyterNotebook.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.jupyterNotebook.persistence.size | quote }} +{{- if .Values.jupyterNotebook.persistence.storageClass }} +{{- if (eq "-" .Values.jupyterNotebook.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.jupyterNotebook.persistency.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} + diff --git a/charts/mlrun-ce/templates/persistency/mlrun-api-pvc.yaml b/charts/mlrun-ce/templates/persistency/mlrun-api-pvc.yaml new file mode 100644 index 00000000..00746965 --- /dev/null +++ b/charts/mlrun-ce/templates/persistency/mlrun-api-pvc.yaml @@ -0,0 +1,25 @@ +{{- if .Values.mlrun.api.persistence.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.mlrun.api.volumes.storageOverride.persistentVolumeClaim.claimName }} + labels: + {{- include "mlrun-ce.mlrun.api.labels" . | nindent 4 }} +{{- with .Values.mlrun.api.persistence.annotations }} + annotations: {{ toYaml . | nindent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.mlrun.api.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.mlrun.api.persistence.size | quote }} +{{- if .Values.mlrun.api.persistence.storageClass }} +{{- if (eq "-" .Values.mlrun.api.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.mlrun.api.persistency.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} + diff --git a/charts/mlrun-ce/templates/persistency/mlrun-db-pvc.yaml b/charts/mlrun-ce/templates/persistency/mlrun-db-pvc.yaml new file mode 100644 index 00000000..97a93ef5 --- /dev/null +++ b/charts/mlrun-ce/templates/persistency/mlrun-db-pvc.yaml @@ -0,0 +1,25 @@ +{{- if and (.Values.mlrun.db.persistence.enabled) (eq "mysql" .Values.mlrun.httpDB.dbType) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.mlrun.db.volumes.storageOverride.persistentVolumeClaim.claimName }} + labels: + {{- include "mlrun-ce.mlrun.db.labels" . | nindent 4 }} +{{- with .Values.mlrun.db.persistence.annotations }} + annotations: {{ toYaml . | nindent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.mlrun.db.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.mlrun.db.persistence.size | quote }} +{{- if .Values.mlrun.db.persistence.storageClass }} +{{- if (eq "-" .Values.mlrun.db.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.mlrun.db.persistency.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} + diff --git a/charts/mlrun-ce/templates/persistency/s3-auth-secret.yaml b/charts/mlrun-ce/templates/persistency/s3-auth-secret.yaml new file mode 100644 index 00000000..6f9c8eab --- /dev/null +++ b/charts/mlrun-ce/templates/persistency/s3-auth-secret.yaml @@ -0,0 +1,20 @@ +{{- if eq .Values.mlrun.storage "s3" -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mlrun-ce.mlrun.api.fullname" . }}-s3-secret + labels: + app: {{ template "mlrun-ce.mlrun.api.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + {{- if and .Values.secrets.s3.secretKey .Values.secrets.s3.accessKey }} + s3AccessKey: {{ .Values.secrets.s3.accessKey | b64enc | quote }} + s3SecretKey: {{ .Values.secrets.s3.secretKey | b64enc | quote }} + {{- end }} + +{{- end -}} + + diff --git a/charts/mlrun-ce/templates/pipelines/configmaps/kfp-launcher.yaml b/charts/mlrun-ce/templates/pipelines/configmaps/kfp-launcher.yaml new file mode 100644 index 00000000..de7ca443 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/configmaps/kfp-launcher.yaml @@ -0,0 +1,11 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + defaultPipelineRoot: "" +kind: ConfigMap +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: kfp-launcher +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/configmaps/metadata-grpc-configmap.yaml b/charts/mlrun-ce/templates/pipelines/configmaps/metadata-grpc-configmap.yaml new file mode 100644 index 00000000..0c5823f8 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/configmaps/metadata-grpc-configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-configmap +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/configmaps/ml-pipeline-ui-configmap.yaml b/charts/mlrun-ce/templates/pipelines/configmaps/ml-pipeline-ui-configmap.yaml new file mode 100644 index 00000000..aa3cfc89 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/configmaps/ml-pipeline-ui-configmap.yaml @@ -0,0 +1,39 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "containers": [ + { + "env": [ + { + "name": "AWS_ACCESS_KEY_ID", + "valueFrom": { + "secretKeyRef": { + "name": "mlpipeline-minio-artifact", + "key": "accesskey" + } + } + }, + { + "name": "AWS_SECRET_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "name": "mlpipeline-minio-artifact", + "key": "secretkey" + } + } + } + ] + } + ] + } + } +kind: ConfigMap +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui-configmap +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/configmaps/pipeline-install-config.yaml b/charts/mlrun-ce/templates/pipelines/configmaps/pipeline-install-config.yaml new file mode 100644 index 00000000..8c9950b6 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/configmaps/pipeline-install-config.yaml @@ -0,0 +1,33 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + minioServiceHost: "{{ .Values.pipelines.minio.endpoint }}" + minioServicePort: "{{ .Values.pipelines.minio.endpointPort }}" + ConMaxLifeTime: 120s + appName: pipeline + appVersion: 1.8.3 + autoUpdatePipelineDefaultVersion: "false" + bucketName: "{{ .Values.pipelines.minio.bucket }}" + cacheDb: cachedb + cacheImage: {{ .Values.pipelines.images.cacheImage.repository }}:{{ .Values.pipelines.images.cacheImage.tag }} + cacheNodeRestrictions: "false" + cronScheduleTimezone: UTC + dbHost: mysql + dbPort: "3306" + defaultPipelineRoot: "" + mlmdDb: metadb + pipelineDb: mlpipeline + warning: | + 1. Do not use kubectl to edit this configmap, because some values are used + during kustomize build. Instead, change the configmap and apply the entire + kustomize manifests again. + 2. After updating the configmap, some deployments may need to be restarted + until the changes take effect. A quick way to restart all deployments in a + namespace: `kubectl rollout restart deployment -n `. +kind: ConfigMap +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-install-config +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/configmaps/workflow-controller-configmap.yaml b/charts/mlrun-ce/templates/pipelines/configmaps/workflow-controller-configmap.yaml new file mode 100644 index 00000000..5058fa96 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/configmaps/workflow-controller-configmap.yaml @@ -0,0 +1,31 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + artifactRepository: | + archiveLogs: true + s3: + endpoint: "{{ .Values.pipelines.minio.endpoint }}:{{ .Values.pipelines.minio.endpointPort }}" + bucket: "{{ .Values.pipelines.minio.bucket }}" + insecure: true + accessKeySecret: + name: mlpipeline-minio-artifact + key: accesskey + secretKeySecret: + name: mlpipeline-minio-artifact + key: secretkey + containerRuntimeExecutor: emissary + executor: | + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 0.01 + memory: 32Mi + limits: + cpu: 0.5 + memory: 512Mi +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: workflow-controller-configmap +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/applications.app.k8s.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/applications.app.k8s.io.yaml new file mode 100644 index 00000000..89dd9e06 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/applications.app.k8s.io.yaml @@ -0,0 +1,529 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/application/pull/2 + controller-gen.kubebuilder.io/version: v0.4.0 + generation: 1 + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + conversion: + strategy: None + group: app.k8s.io + names: + categories: + - all + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The type of the application + jsonPath: .spec.descriptor.type + name: Type + type: string + - description: The creation date + jsonPath: .spec.descriptor.version + name: Version + type: string + - description: The application object owns the matched resources + jsonPath: .spec.addOwnerRef + name: Owner + type: boolean + - description: Numbers of components ready + jsonPath: .status.componentsReady + name: Ready + type: string + - description: The creation date + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Application is the Schema for the applications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApplicationSpec defines the specification for an Application. + properties: + addOwnerRef: + description: AddOwnerRef objects - flag to indicate if we need to + add OwnerRefs to matching objects Matching is done by using Selector + to query all ComponentGroupKinds + type: boolean + assemblyPhase: + description: AssemblyPhase represents the current phase of the application's + assembly. An empty value is equivalent to "Succeeded". + type: string + componentKinds: + description: ComponentGroupKinds is a list of Kinds for Application's + components (e.g. Deployments, Pods, Services, CRDs). It can be used + in conjunction with the Application's Selector to list or watch + the Applications components. + items: + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + descriptor: + description: Descriptor regroups information and metadata about an + application. + properties: + description: + description: Description is a brief string description of the + Application. + type: string + icons: + description: Icons is an optional list of icons for an application. + Icon information includes the source, size, and mime type. + items: + description: ImageSpec contains information about an image used + as an icon. + properties: + size: + description: (optional) The size of the image in pixels + (e.g., 25x25). + type: string + src: + description: The source for image represented as either + an absolute URL to the image or a Data URL containing + the image. Data URLs are defined in RFC 2397. + type: string + type: + description: (optional) The mine type of the image (e.g., + "image/png"). + type: string + required: + - src + type: object + type: array + keywords: + description: Keywords is an optional list of key words associated + with the application (e.g. MySQL, RDBMS, database). + items: + type: string + type: array + links: + description: Links are a list of descriptive URLs intended to + be used to surface additional documentation, dashboards, etc. + items: + description: Link contains information about an URL to surface + documentation, dashboards, etc. + properties: + description: + description: Description is human readable content explaining + the purpose of the link. + type: string + url: + description: Url typically points at a website address. + type: string + type: object + type: array + maintainers: + description: Maintainers is an optional list of maintainers of + the application. The maintainers in this list maintain the the + source code, images, and package for the application. + items: + description: ContactData contains information about an individual + or organization. + properties: + email: + description: Email is the email address. + type: string + name: + description: Name is the descriptive name. + type: string + url: + description: Url could typically be a website address. + type: string + type: object + type: array + notes: + description: Notes contain a human readable snippets intended + as a quick start for the users of the Application. CommonMark + markdown syntax may be used for rich text representation. + type: string + owners: + description: Owners is an optional list of the owners of the installed + application. The owners of the application should be contacted + in the event of a planned or unplanned disruption affecting + the application. + items: + description: ContactData contains information about an individual + or organization. + properties: + email: + description: Email is the email address. + type: string + name: + description: Name is the descriptive name. + type: string + url: + description: Url could typically be a website address. + type: string + type: object + type: array + type: + description: Type is the type of the application (e.g. WordPress, + MySQL, Cassandra). + type: string + version: + description: Version is an optional version indicator for the + Application. + type: string + type: object + info: + description: Info contains human readable key,value pairs for the + Application. + items: + description: InfoItem is a human readable key,value pair containing + important information about how to access the Application. + properties: + name: + description: Name is a human readable title for this piece of + information. + type: string + type: + description: Type of the value for this InfoItem. + type: string + value: + description: Value is human readable content. + type: string + valueFrom: + description: ValueFrom defines a reference to derive the value + from another source. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + key: + description: The key to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + ingressRef: + description: Select an Ingress. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + host: + description: The optional host to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + path: + description: The optional HTTP path. + type: string + protocol: + description: Protocol for the ingress + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + secretKeyRef: + description: Selects a key of a Secret. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + key: + description: The key to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + serviceRef: + description: Select a Service. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + path: + description: The optional HTTP path. + type: string + port: + description: The optional port to select. + format: int32 + type: integer + protocol: + description: Protocol for the service + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: + description: Type of source. + type: string + type: object + type: object + type: array + selector: + description: 'Selector is a label query over kinds that created by + the application. It must match the component objects'' labels. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: ApplicationStatus defines controller's the observed state + of Application + properties: + components: + description: Object status array for all matching objects + items: + description: ObjectStatus is a generic status holder for objects + properties: + group: + description: Object group + type: string + kind: + description: Kind of object + type: string + link: + description: Link to object + type: string + name: + description: Name of object + type: string + status: + description: 'Status. Values: InProgress, Ready, Unknown' + type: string + type: object + type: array + componentsReady: + description: 'ComponentsReady: status of the components in the format + ready/total' + type: string + conditions: + description: Conditions represents the latest state of the object + items: + description: Condition describes the state of an object at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: Last time the condition was probed + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the most recent generation observed. + It corresponds to the Object's generation, which is updated on mutation + by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/clusterworkflowtemplates.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/clusterworkflowtemplates.argoproj.io.yaml new file mode 100644 index 00000000..8e95372a --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/clusterworkflowtemplates.argoproj.io.yaml @@ -0,0 +1,42 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + generation: 1 + name: clusterworkflowtemplates.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/cronworkflows.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/cronworkflows.argoproj.io.yaml new file mode 100644 index 00000000..250de2e2 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/cronworkflows.argoproj.io.yaml @@ -0,0 +1,46 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: cronworkflows.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/scheduledworkflows.kubeflow.org.yaml b/charts/mlrun-ce/templates/pipelines/crd/scheduledworkflows.kubeflow.org.yaml new file mode 100644 index 00000000..74b7bcda --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/scheduledworkflows.kubeflow.org.yaml @@ -0,0 +1,45 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: scheduledworkflows.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - status + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/viewers.kubeflow.org.yaml b/charts/mlrun-ce/templates/pipelines/crd/viewers.kubeflow.org.yaml new file mode 100644 index 00000000..9e961d08 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/viewers.kubeflow.org.yaml @@ -0,0 +1,40 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: viewers.kubeflow.org +spec: + conversion: + strategy: None + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/workfloweventbindings.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/workfloweventbindings.argoproj.io.yaml new file mode 100644 index 00000000..58021831 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/workfloweventbindings.argoproj.io.yaml @@ -0,0 +1,41 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: workfloweventbindings.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/workflows.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/workflows.argoproj.io.yaml new file mode 100644 index 00000000..c0c81ff0 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/workflows.argoproj.io.yaml @@ -0,0 +1,56 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: workflows.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/workflowtaskresults.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/workflowtaskresults.argoproj.io.yaml new file mode 100644 index 00000000..b014d333 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/workflowtaskresults.argoproj.io.yaml @@ -0,0 +1,431 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: workflowtaskresults.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/workflowtasksets.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/workflowtasksets.argoproj.io.yaml new file mode 100644 index 00000000..d4e74cec --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/workflowtasksets.argoproj.io.yaml @@ -0,0 +1,47 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: workflowtasksets.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/crd/workflowtemplates.argoproj.io.yaml b/charts/mlrun-ce/templates/pipelines/crd/workflowtemplates.argoproj.io.yaml new file mode 100644 index 00000000..3a43bfa4 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/crd/workflowtemplates.argoproj.io.yaml @@ -0,0 +1,41 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +# generation: 1 + name: workflowtemplates.argoproj.io +spec: + conversion: + strategy: None + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/metadata-envoy-deployment.yaml b/charts/mlrun-ce/templates/pipelines/deployments/metadata-envoy-deployment.yaml new file mode 100644 index 00000000..638a6c53 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/metadata-envoy-deployment.yaml @@ -0,0 +1,53 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + name: metadata-envoy-deployment +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + creationTimestamp: null + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + spec: + containers: + - image: {{ .Values.pipelines.images.metadataEnvoy.repository }}:{{ .Values.pipelines.images.metadataEnvoy.tag }} + imagePullPolicy: IfNotPresent + name: container + ports: + - containerPort: 9090 + name: md-envoy + protocol: TCP + - containerPort: 9901 + name: envoy-admin + protocol: TCP + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/metadata-grpc-deployment.yaml b/charts/mlrun-ce/templates/pipelines/deployments/metadata-grpc-deployment.yaml new file mode 100644 index 00000000..2bb2b5f6 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/metadata-grpc-deployment.yaml @@ -0,0 +1,102 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-deployment +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + spec: + containers: + - args: + - --grpc_port=8080 + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_host=$(MYSQL_HOST) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(DBCONFIG_USER) + - --mysql_config_password=$(DBCONFIG_PASSWORD) + - --enable_database_upgrade=true + command: + - /bin/metadata_store_server + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + key: mlmdDb + name: pipeline-install-config + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + image: {{ .Values.pipelines.images.metadata.container.repository }}:{{ .Values.pipelines.images.metadata.container.tag }} + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: grpc-api + protocol: TCP + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: metadata-grpc-server + serviceAccountName: metadata-grpc-server + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/metadata-writer.yaml b/charts/mlrun-ce/templates/pipelines/deployments/metadata-writer.yaml new file mode 100644 index 00000000..dbadb69e --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/metadata-writer.yaml @@ -0,0 +1,52 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + name: metadata-writer +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.pipelines.images.metadataWriter.repository }}:{{ .Values.pipelines.images.metadataWriter.tag }} + imagePullPolicy: IfNotPresent + name: main + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: kubeflow-pipelines-metadata-writer + serviceAccountName: kubeflow-pipelines-metadata-writer + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-persistenceagent.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-persistenceagent.yaml new file mode 100644 index 00000000..8ac315ec --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-persistenceagent.yaml @@ -0,0 +1,61 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + - name: NUM_WORKERS + value: "2" + image: {{ .Values.pipelines.images.persistenceagent.repository }}:{{ .Values.pipelines.images.persistenceagent.tag }} + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + resources: + requests: + cpu: 120m + memory: 500Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-scheduledworkflow.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 00000000..6fc02556 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,59 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CRON_SCHEDULE_TIMEZONE + valueFrom: + configMapKeyRef: + key: cronScheduleTimezone + name: pipeline-install-config + image: {{ .Values.pipelines.images.scheduledworkflow.repository }}:{{ .Values.pipelines.images.scheduledworkflow.tag }} + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-ui.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-ui.yaml new file mode 100644 index 00000000..ff8a0801 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-ui.yaml @@ -0,0 +1,115 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_HOST + value: "{{ .Values.pipelines.minio.endpoint }}" + - name: MINIO_PORT + value: "{{ .Values.pipelines.minio.endpointPort }}" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: {{ .Values.pipelines.images.ui.repository }}:{{ .Values.pipelines.images.ui.tag }} + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + protocol: TCP + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + requests: + cpu: 10m + memory: 70Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline-ui + serviceAccountName: ml-pipeline-ui + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + defaultMode: 420 + name: ml-pipeline-ui-configmap + name: config-volume +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-viewer-crd.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-viewer-crd.yaml new file mode 100644 index 00000000..8474633b --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-viewer-crd.yaml @@ -0,0 +1,55 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: {{ .Values.pipelines.images.viewerCrdController.repository }}:{{ .Values.pipelines.images.viewerCrdController.tag }} + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline-viewer-crd-service-account + serviceAccountName: ml-pipeline-viewer-crd-service-account + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-visualizationserver.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-visualizationserver.yaml new file mode 100644 index 00000000..ae242106 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline-visualizationserver.yaml @@ -0,0 +1,83 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + spec: + containers: + - image: {{ .Values.pipelines.images.visualizationServer.repository }}:{{ .Values.pipelines.images.visualizationServer.tag }} + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + protocol: TCP + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + requests: + cpu: 30m + memory: 500Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline-visualizationserver + serviceAccountName: ml-pipeline-visualizationserver + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline.yaml b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline.yaml new file mode 100644 index 00000000..23baacf5 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/ml-pipeline.yaml @@ -0,0 +1,151 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + creationTimestamp: null + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + valueFrom: + configMapKeyRef: + key: autoUpdatePipelineDefaultVersion + name: pipeline-install-config + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_HOST + valueFrom: + configMapKeyRef: + name: pipeline-install-config + key: minioServiceHost + - name: OBJECTSTORECONFIG_PORT + value: "9000" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + - name: DBCONFIG_CONMAXLIFETIME + valueFrom: + configMapKeyRef: + key: ConMaxLifeTime + name: pipeline-install-config + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: {{ .Values.pipelines.images.apiServer.repository }}:{{ .Values.pipelines.images.apiServer.tag }} + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + protocol: TCP + - containerPort: 8887 + name: grpc + protocol: TCP + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + failureThreshold: 3 + initialDelaySeconds: 3 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: + requests: + cpu: 250m + memory: 500Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: ml-pipeline + serviceAccountName: ml-pipeline + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/mysql.yaml b/charts/mlrun-ce/templates/pipelines/deployments/mysql.yaml new file mode 100644 index 00000000..dbea5d81 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/mysql.yaml @@ -0,0 +1,64 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + app: mysql + application-crd-id: kubeflow-pipelines + name: mysql +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: mysql + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + creationTimestamp: null + labels: + app: mysql + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --ignore-db-dir=lost+found + - --datadir + - /var/lib/mysql + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: {{ .Values.pipelines.images.mysql.repository }}:{{ .Values.pipelines.images.mysql.tag }} + imagePullPolicy: IfNotPresent + name: mysql + ports: + - containerPort: 3306 + name: mysql + protocol: TCP + resources: + requests: + cpu: 100m + memory: 800Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: mysql + serviceAccountName: mysql + terminationGracePeriodSeconds: 30 + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/deployments/workflow-controller.yaml b/charts/mlrun-ce/templates/pipelines/deployments/workflow-controller.yaml new file mode 100644 index 00000000..d5b24fc2 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/deployments/workflow-controller.yaml @@ -0,0 +1,89 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + deployment.kubernetes.io/revision: "1" + generation: 1 + labels: + application-crd-id: kubeflow-pipelines + name: workflow-controller +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + application-crd-id: kubeflow-pipelines + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - {{ .Values.pipelines.images.argoexec.repository }}:{{ .Values.pipelines.images.argoexec.tag }} + - --namespaced + command: + - workflow-controller + env: + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: {{ .Values.pipelines.images.workflowController.repository }}:{{ .Values.pipelines.images.workflowController.tag }} + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6060 + scheme: HTTP + initialDelaySeconds: 90 + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 30 + name: workflow-controller + ports: + - containerPort: 9090 + name: metrics + protocol: TCP + - containerPort: 6060 + protocol: TCP + resources: + requests: + cpu: 100m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + priorityClassName: workflow-controller + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + runAsNonRoot: true + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/persistentvolumeclaims/mysql-pv-claim.yaml b/charts/mlrun-ce/templates/pipelines/persistentvolumeclaims/mysql-pv-claim.yaml new file mode 100644 index 00000000..63fe4750 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/persistentvolumeclaims/mysql-pv-claim.yaml @@ -0,0 +1,25 @@ +{{- if .Values.pipelines.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: "mysql-pv-claim" + labels: + {{- include "mlrun-ce.pipelines.labels" . | nindent 4 }} + application-crd-id: kubeflow-pipelines +{{- with .Values.pipelines.persistence.annotations }} + annotations: {{ toYaml . | nindent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.pipelines.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.pipelines.persistence.size | quote }} +{{- if .Values.pipelines.persistence.storageClass }} +{{- if (eq "-" .Values.pipelines.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.pipelines.persistency.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/priorityclass.scheduling.k8s.io/workflow-controller.yaml b/charts/mlrun-ce/templates/pipelines/priorityclass.scheduling.k8s.io/workflow-controller.yaml new file mode 100644 index 00000000..d1d5b972 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/priorityclass.scheduling.k8s.io/workflow-controller.yaml @@ -0,0 +1,11 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + annotations: + generation: 1 + labels: + application-crd-id: kubeflow-pipelines + name: workflow-controller +preemptionPolicy: PreemptLowerPriority +value: 1000000 + diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/argo-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/argo-binding.yaml new file mode 100644 index 00000000..ead91fab --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/argo-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/kubeflow-pipelines-metadata-writer-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/kubeflow-pipelines-metadata-writer-binding.yaml new file mode 100644 index 00000000..f7b91427 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/kubeflow-pipelines-metadata-writer-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-persistenceagent-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-persistenceagent-binding.yaml new file mode 100644 index 00000000..e0984465 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-persistenceagent-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-scheduledworkflow-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-scheduledworkflow-binding.yaml new file mode 100644 index 00000000..5e44d6fb --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-scheduledworkflow-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-ui.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-ui.yaml new file mode 100644 index 00000000..f8611049 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-ui.yaml @@ -0,0 +1,18 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-viewer-crd-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-viewer-crd-binding.yaml new file mode 100644 index 00000000..a07a59d6 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline-viewer-crd-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline.yaml new file mode 100644 index 00000000..82fdafb1 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/ml-pipeline.yaml @@ -0,0 +1,18 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/rolebindings/pipeline-runner-binding.yaml b/charts/mlrun-ce/templates/pipelines/rolebindings/pipeline-runner-binding.yaml new file mode 100644 index 00000000..53299634 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/rolebindings/pipeline-runner-binding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/argo-role.yaml b/charts/mlrun-ce/templates/pipelines/roles/argo-role.yaml new file mode 100644 index 00000000..76cf9d84 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/argo-role.yaml @@ -0,0 +1,128 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: argo-role +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/kubeflow-pipelines-metadata-writer-role.yaml b/charts/mlrun-ce/templates/pipelines/roles/kubeflow-pipelines-metadata-writer-role.yaml new file mode 100644 index 00000000..8d870a4e --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/kubeflow-pipelines-metadata-writer-role.yaml @@ -0,0 +1,37 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + app: kubeflow-pipelines-metadata-writer-role + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-persistenceagent-role.yaml b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 00000000..305ee138 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-scheduledworkflow-role.yaml b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 00000000..c8f60201 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,43 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + app: ml-pipeline-scheduledworkflow-role + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + - scheduledworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-ui.yaml b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-ui.yaml new file mode 100644 index 00000000..36336234 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-ui.yaml @@ -0,0 +1,48 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-viewer-controller-role.yaml b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-viewer-controller-role.yaml new file mode 100644 index 00000000..97adac65 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline-viewer-controller-role.yaml @@ -0,0 +1,36 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + - viewers/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline.yaml b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline.yaml new file mode 100644 index 00000000..017dcf46 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/ml-pipeline.yaml @@ -0,0 +1,55 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/roles/pipeline-runner.yaml b/charts/mlrun-ce/templates/pipelines/roles/pipeline-runner.yaml new file mode 100644 index 00000000..04c668ee --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/roles/pipeline-runner.yaml @@ -0,0 +1,85 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/secrets/mlpipeline-minio-artifact.yaml b/charts/mlrun-ce/templates/pipelines/secrets/mlpipeline-minio-artifact.yaml new file mode 100644 index 00000000..0fc8a151 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/secrets/mlpipeline-minio-artifact.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + accesskey: {{ .Values.pipelines.minio.accessKey | b64enc | quote }} + secretkey: {{ .Values.pipelines.minio.secretKey | b64enc | quote }} +kind: Secret +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: mlpipeline-minio-artifact +type: Opaque +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/secrets/mysql-secret.yaml b/charts/mlrun-ce/templates/pipelines/secrets/mysql-secret.yaml new file mode 100644 index 00000000..f737c8fa --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/secrets/mysql-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +data: + password: "" + username: {{ .Values.pipelines.db.username | b64enc | quote }} +kind: Secret +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: mysql-secret +type: Opaque +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/argo.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/argo.yaml new file mode 100644 index 00000000..366764c9 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/argo.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: argo +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-container-builder.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-container-builder.yaml new file mode 100644 index 00000000..9507fac7 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-container-builder.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-container-builder +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-metadata-writer.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-metadata-writer.yaml new file mode 100644 index 00000000..b4a35c28 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-metadata-writer.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-viewer.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-viewer.yaml new file mode 100644 index 00000000..30917877 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/kubeflow-pipelines-viewer.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-viewer +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/metadata-grpc-server.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/metadata-grpc-server.yaml new file mode 100644 index 00000000..05f5cda6 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/metadata-grpc-server.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: metadata-grpc-server +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-persistenceagent.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-persistenceagent.yaml new file mode 100644 index 00000000..eff870a4 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-persistenceagent.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-scheduledworkflow.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-scheduledworkflow.yaml new file mode 100644 index 00000000..178994b1 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-scheduledworkflow.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-ui.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-ui.yaml new file mode 100644 index 00000000..4b0604dd --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-ui.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-viewer-crd-service-account.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-viewer-crd-service-account.yaml new file mode 100644 index 00000000..e547d031 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-viewer-crd-service-account.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-service-account +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-visualizationserver.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-visualizationserver.yaml new file mode 100644 index 00000000..fa37547f --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline-visualizationserver.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline.yaml new file mode 100644 index 00000000..b8a96da2 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/ml-pipeline.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/mysql.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/mysql.yaml new file mode 100644 index 00000000..73c0e81c --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/mysql.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: mysql +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/serviceaccounts/pipeline-runner.yaml b/charts/mlrun-ce/templates/pipelines/serviceaccounts/pipeline-runner.yaml new file mode 100644 index 00000000..e8dff97d --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/serviceaccounts/pipeline-runner.yaml @@ -0,0 +1,9 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/metadata-envoy-service.yaml b/charts/mlrun-ce/templates/pipelines/services/metadata-envoy-service.yaml new file mode 100644 index 00000000..de1f4168 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/metadata-envoy-service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app: metadata-envoy + application-crd-id: kubeflow-pipelines + name: metadata-envoy-service +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/metadata-grpc-service.yaml b/charts/mlrun-ce/templates/pipelines/services/metadata-grpc-service.yaml new file mode 100644 index 00000000..f9c8fdb2 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/metadata-grpc-service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app: metadata + application-crd-id: kubeflow-pipelines + name: metadata-grpc-service +spec: + ports: + - name: grpc-api + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-ui.yaml b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-ui.yaml new file mode 100644 index 00000000..68dd652c --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-ui.yaml @@ -0,0 +1,22 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + nodePort: 30100 + selector: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + sessionAffinity: None + type: NodePort +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-visualizationserver.yaml b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-visualizationserver.yaml new file mode 100644 index 00000000..102a233f --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline-visualizationserver.yaml @@ -0,0 +1,20 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/ml-pipeline.yaml b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline.yaml new file mode 100644 index 00000000..19b98ed7 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/ml-pipeline.yaml @@ -0,0 +1,27 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8888" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/mysql.yaml b/charts/mlrun-ce/templates/pipelines/services/mysql.yaml new file mode 100644 index 00000000..90b78f12 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/mysql.yaml @@ -0,0 +1,19 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + labels: + application-crd-id: kubeflow-pipelines + name: mysql +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + application-crd-id: kubeflow-pipelines + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/templates/pipelines/services/workflow-controller-metrics.yaml b/charts/mlrun-ce/templates/pipelines/services/workflow-controller-metrics.yaml new file mode 100644 index 00000000..af4dd421 --- /dev/null +++ b/charts/mlrun-ce/templates/pipelines/services/workflow-controller-metrics.yaml @@ -0,0 +1,25 @@ +{{- if .Values.pipelines.enabled -}} +apiVersion: v1 +kind: Service +metadata: + annotations: + workflows.argoproj.io/description: | + This service is deprecated. It will be removed in v3.4. + + https://github.com/argoproj/argo-workflows/issues/8441 + labels: + app: workflow-controller + application-crd-id: kubeflow-pipelines + name: workflow-controller-metrics +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: workflow-controller + application-crd-id: kubeflow-pipelines + sessionAffinity: None + type: ClusterIP +{{- end -}} diff --git a/charts/mlrun-ce/values.yaml b/charts/mlrun-ce/values.yaml new file mode 100644 index 00000000..9853235f --- /dev/null +++ b/charts/mlrun-ce/values.yaml @@ -0,0 +1,251 @@ + +# We use global values scope to multiplex the docker-registry details to both mlrun and nuclio +global: + + # External host/ip to reach the k8s node. This might take various values if k8s is run in a VM or a cloud env + externalHostAddress: localhost + registry: + url: mustprovide + secretName: + nuclio: + dashboard: + nodePort: 30050 + +nuclio: + + # coupled with mlrun.nuclio.dashboardName template in mlrun chart + fullnameOverride: nuclio + controller: + enabled: true + image: + tag: 1.9.0-amd64 + dashboard: + enabled: true + + # nodePort - taken from global.nuclio.dashboard.nodePort for re-usability + image: + tag: 1.9.0-amd64 + + # k8s has deprecated docker support since v1.20 + containerBuilderKind: kaniko + autoscaler: + enabled: false + dlx: + enabled: false + rbac: + create: true + crdAccessMode: cluster + crd: + create: true + platform: + logger: + sinks: + myStdoutLoggerSink: + kind: stdout + attributes: + encoding: console + timeFieldName: time + timeFieldEncoding: iso8601 + system: + - level: debug + sink: myStdoutLoggerSink + functions: + - level: debug + sink: myStdoutLoggerSink + +mlrun: + + # set the type of filesystem to use: filesystem, s3 + storage: filesystem + secrets: + s3: + accessKey: "" + secretKey: "" + s3: + region: us-east-1 + regionEndpoint: s3.us-east-1.amazonaws.com + bucket: mlrun + encrypt: false + secure: true + fullnameOverride: mlrun + nuclio: + mode: enabled + rbac: + create: true + v3io: + enabled: false + api: + fullnameOverride: mlrun-api + image: + tag: 1.1.0-rc16 + service: + type: NodePort + nodePort: 30070 + volumes: + storageOverride: + persistentVolumeClaim: + claimName: mlrun-api-pvc + persistence: + enabled: true + existingClaim: + storageClass: + accessMode: "ReadWriteOnce" + size: "8Gi" + annotations: ~ + extraEnv: + - name: MLRUN_KFP_URL + value: http://ml-pipeline.mlrun.svc.cluster.local:8888 + - name: MLRUN_STORAGE__AUTO_MOUNT_TYPE + value: s3 + - name: MLRUN_STORAGE__AUTO_MOUNT_PARAMS + value: "aws_access_key=minio,aws_secret_key=minio123,endpoint_url=http://minio.mlrun.svc.cluster.local:9000" + - name: MLRUN_HTTPDB__PROJECTS__FOLLOWERS + value: nuclio + - name: S3_ENDPOINT_URL + value: http://minio.mlrun.svc.cluster.local:9000 + - name: AWS_SECRET_ACCESS_KEY + value: minio123 + - name: AWS_ACCESS_KEY_ID + value: minio + - name: MLRUN_HTTPDB__REAL_PATH + value: s3:// + - name: MLRUN_ARTIFACT_PATH + value: s3://mlrun/ + extraPersistentVolumeMounts: ~ + ui: + fullnameOverride: mlrun-ui + service: + type: NodePort + nodePort: 30060 + image: + tag: 1.1.0-rc16 + db: + name: db + fullnameOverride: mlrun-db + securityContext: + runAsUser: 999 + podSecurityContext: + runAsUser: 999 + fsGroup: 999 + volumes: + storageOverride: + persistentVolumeClaim: + claimName: mlrun-db-pvc + persistence: + enabled: true + existingClaim: + storageClass: + accessMode: "ReadWriteOnce" + size: "8Gi" + annotations: ~ + + httpDB: + dbType: mysql + dirPath: "/mlrun/db" + dsn: mysql+pymysql://root@mlrun-db:3306/mlrun + oldDsn: sqlite:////mlrun/db/mlrun.db?check_same_thread=false + +jupyterNotebook: + awsInstall: false + fullnameOverride: mlrun-jupyter + name: jupyter-notebook + enabled: true + service: + type: NodePort + nodePort: 30040 + port: 8888 + ingress: + enabled: false + annotations: { } + + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [ ] + tls: [ ] + + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + image: + repository: quay.io/mlrun/jupyter + + # TODO: 1.0.4 is broken right now. Bump to 1.0.4 when fixed or 1.0.5 when released. + tag: 1.1.0-rc16 + pullPolicy: IfNotPresent + + # use this to override mlrunUIURL, by default it will be auto-resolved to externalHostAddress and + # mlrun UI's node port + mlrunUIURL: + + extraEnv: + - name: MLRUN_ARTIFACT_PATH + value: s3://mlrun/ + - name: S3_ENDPOINT_URL + value: http://minio.mlrun.svc.cluster.local:9000 + - name: AWS_SECRET_ACCESS_KEY + value: minio123 + - name: AWS_ACCESS_KEY_ID + value: minio + - name: MLRUN_CE + value: "true" + + persistence: + enabled: true + existingClaim: + storageClass: + accessMode: "ReadWriteOnce" + size: "8Gi" + annotations: ~ + +mpi-operator: + fullnameOverride: mpi-operator + crd: + create: true + rbac: + clusterResources: + create: true + namespaced: + create: true + deployment: + create: true + +minio: + enabled: true + rootUser: minio + rootPassword: minio123 + mode: standalone + replicas: 1 + resources: + requests: + memory: 0.5Gi + service: + type: NodePort + port: 9000 + nodePort: 30080 + consoleService: + type: NodePort + port: 9001 + nodePort: 30090 + persistence: + enabled: true + size: 1Gi + fullnameOverride: minio + buckets: + - name: mlrun + policy: none + purge: false + +spark-operator: + enabled: false + +pipelines: + enabled: false + persistence: + enabled: false + annotations: ~ + +kube-prometheus-stack: + fullnameOverride: monitoring + enabled: false