Skip to content

Commit

Permalink
Create a management cluster for GCP blueprints and other test infra. (k…
Browse files Browse the repository at this point in the history 
…ubeflow#645)

* Management cluster is a cluster running Cloud Config connector which
  can be used to create GCP resources.

* This PR checks in the config for cluster kf-ci-management.
  We also setup a namespace to administer resources in project
  kubeflow-ci-deployment

Fix kubeflow#644
  • Loading branch information
@jlewi
jlewi authored Apr 29, 2020
1 parent 1298c97 commit 027b1a1
Show file tree
Hide file tree
Showing 129 changed files with 37,114 additions and 0 deletions.
7 changes: 7 additions & 0 deletions test-infra/management/.build/cluster/cnrm.cloud.google.com_v1alpha1_cloudservice_gke.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: cnrm.cloud.google.com/v1alpha1
kind: CloudService
metadata:
name: gke
namespace: kubeflow-ci
spec:
service: container.googleapis.com
16 changes: 16 additions & 0 deletions ...d/cluster/container.cnrm.cloud.google.com_v1alpha2_containercluster_kf-ci-management.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: container.cnrm.cloud.google.com/v1alpha2
kind: ContainerCluster
metadata:
clusterName: kubeflow-ci/us-central1/kf-ci-management
name: kf-ci-management
namespace: kubeflow-ci
spec:
clusterTelemetry:
type: enabled
ipAllocationPolicy:
useIpAliases: true
location: us-central1
releaseChannel:
channel: RAPID
workloadIdentity:
identityNamespace: default
29 changes: 29 additions & 0 deletions ...ter/container.cnrm.cloud.google.com_v1alpha2_containernodepool_kf-ci-management-pool.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: container.cnrm.cloud.google.com/v1alpha2
kind: ContainerNodePool
metadata:
clusterName: kubeflow-ci/us-central1/kf-ci-management
name: kf-ci-management-pool
namespace: kubeflow-ci
spec:
autoscaling:
maxNodeCount: 3
minNodeCount: 1
clusterRef:
name: kf-ci-management
management:
autoRepair: true
autoUpgrade: true
nodeConfig:
diskSizeGb: 100
diskType: pd-standard
machineType: n1-standard-4
metadata:
disable-legacy-endpoints: "true"
oauthScopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring
- https://www.googleapis.com/auth/servicecontrol
- https://www.googleapis.com/auth/service.management.readonly
- https://www.googleapis.com/auth/trace.append
preemptible: false
6 changes: 6 additions & 0 deletions ...ent/.build/cluster/identity.cnrm.cloud.google.com_v1alpha2_identitynamespace_default.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: identity.cnrm.cloud.google.com/v1alpha2
kind: IdentityNamespace
metadata:
name: default
namespace: kubeflow-ci
spec: {}
272 changes: 272 additions & 0 deletions ...finition_accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,272 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cnrm.cloud.google.com/version: 1.7.1
creationTimestamp: null
labels:
cnrm.cloud.google.com/managed-by-kcc: "true"
cnrm.cloud.google.com/system: "true"
cnrm.cloud.google.com/tf2crd: "true"
name: accesscontextmanageraccesslevels.accesscontextmanager.cnrm.cloud.google.com
spec:
group: accesscontextmanager.cnrm.cloud.google.com
names:
categories:
- gcp
kind: AccessContextManagerAccessLevel
plural: accesscontextmanageraccesslevels
shortNames:
- gcpaccesscontextmanageraccesslevel
- gcpaccesscontextmanageraccesslevels
singular: accesscontextmanageraccesslevel
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'apiVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
accessPolicyRef:
oneOf:
- not:
required:
- external
required:
- name
- not:
anyOf:
- required:
- name
- required:
- namespace
required:
- external
properties:
external:
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
type: object
basic:
description: A set of predefined conditions for the access level and
a combining function.
properties:
combiningFunction:
description: |-
How the conditions list should be combined to determine if a request
is granted this AccessLevel. If AND is used, each Condition in
conditions must be satisfied for the AccessLevel to be applied. If
OR is used, at least one Condition in conditions must be satisfied
for the AccessLevel to be applied. Defaults to AND if unspecified.
type: string
conditions:
description: A set of requirements for the AccessLevel to be granted.
items:
properties:
devicePolicy:
description: |-
Device specific restrictions, all restrictions must hold for
the Condition to be true. If not specified, all devices are
allowed.
properties:
allowedDeviceManagementLevels:
description: |-
A list of allowed device management levels.
An empty list allows all management levels.
items:
type: string
type: array
allowedEncryptionStatuses:
description: |-
A list of allowed encryptions statuses.
An empty list allows all statuses.
items:
type: string
type: array
osConstraints:
description: |-
A list of allowed OS versions.
An empty list allows all types and all versions.
items:
properties:
minimumVersion:
description: |-
The minimum allowed OS version. If not set, any version
of this OS satisfies the constraint.
Format: "major.minor.patch" such as "10.5.301", "9.2.1".
type: string
osType:
description: The operating system type of the device.
type: string
required:
- osType
type: object
type: array
requireAdminApproval:
description: Whether the device needs to be approved by
the customer admin.
type: boolean
requireCorpOwned:
description: Whether the device needs to be corp owned.
type: boolean
requireScreenLock:
description: |-
Whether or not screenlock is required for the DevicePolicy
to be true. Defaults to false.
type: boolean
type: object
ipSubnetworks:
description: |-
A list of CIDR block IP subnetwork specification. May be IPv4
or IPv6.
Note that for a CIDR IP address block, the specified IP address
portion must be properly truncated (i.e. all the host bits must
be zero) or the input is considered malformed. For example,
"192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly,
for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32"
is not. The originating IP of a request must be in one of the
listed subnets in order for this Condition to be true.
If empty, all IP addresses are allowed.
items:
type: string
type: array
members:
items:
properties:
group:
type: string
serviceAccountRef:
oneOf:
- not:
required:
- external
required:
- name
- not:
anyOf:
- required:
- name
- required:
- namespace
required:
- external
properties:
external:
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
type: object
user:
type: string
type: object
type: array
negate:
description: |-
Whether to negate the Condition. If true, the Condition becomes
a NAND over its non-empty fields, each field must be false for
the Condition overall to be satisfied. Defaults to false.
type: boolean
requiredAccessLevels:
items:
oneOf:
- not:
required:
- external
required:
- name
- not:
anyOf:
- required:
- name
- required:
- namespace
required:
- external
properties:
external:
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
type: object
type: array
type: object
type: array
required:
- conditions
type: object
description:
description: Description of the AccessLevel and its use. Does not affect
behavior.
type: string
title:
description: Human readable title. Must be unique within the Policy.
type: string
required:
- accessPolicyRef
- title
type: object
status:
properties:
conditions:
description: Conditions represents the latest available observation
of the resource's current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
type: string
message:
description: Human-readable message indicating details about last
transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
type: string
status:
description: Status is the status of the condition. Can be True,
False, Unknown.
type: string
type:
description: Type is the type of the condition.
type: string
type: object
type: array
type: object
required:
- spec
type: object
version: v1beta1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Loading

0 comments on commit 027b1a1

Please sign in to comment.