From 8f614aeb2a095b900fef59cbc9d171f897e3fe10 Mon Sep 17 00:00:00 2001 From: ntorba605 Date: Thu, 10 Dec 2020 15:42:09 -0500 Subject: [PATCH] Updates to allow for a namespace override of selon-core-operator install --- .../templates/_helpers.tpl | 11 +++ .../certificate_seldon-serving-cert.yaml | 8 +- .../clusterrole_seldon-manager-role.yaml | 2 +- .../clusterrole_seldon-manager-sas-role.yaml | 2 +- ...lusterrole_seldon-spartakus-volunteer.yaml | 2 +- .../clusterrole_seldon-webhook-role.yaml | 2 +- ...olebinding_seldon-manager-rolebinding.yaml | 6 +- ...inding_seldon-manager-sas-rolebinding.yaml | 6 +- ...olebinding_seldon-spartakus-volunteer.yaml | 4 +- ...olebinding_seldon-webhook-rolebinding.yaml | 6 +- .../templates/configmap_seldon-config.yaml | 2 +- ...deployments.machinelearning.seldon.io.yaml | 2 +- ...deployments.machinelearning.seldon.io.yaml | 2 +- .../deployment_seldon-controller-manager.yaml | 4 +- .../issuer_seldon-selfsigned-issuer.yaml | 2 +- .../role_seldon-leader-election-role.yaml | 2 +- .../templates/role_seldon1-manager-role.yaml | 2 +- .../role_seldon1-manager-sas-role.yaml | 2 +- ...ng_seldon-leader-election-rolebinding.yaml | 4 +- ...lebinding_seldon1-manager-rolebinding.yaml | 4 +- ...nding_seldon1-manager-sas-rolebinding.yaml | 4 +- .../service_seldon-webhook-service.yaml | 2 +- .../serviceaccount_seldon-manager.yaml | 2 +- .../templates/webhook.yaml | 90 +++++++++---------- helm-charts/seldon-core-operator/values.yaml | 3 + operator/helm/split_resources.py | 44 ++++----- 26 files changed, 119 insertions(+), 101 deletions(-) diff --git a/helm-charts/seldon-core-operator/templates/_helpers.tpl b/helm-charts/seldon-core-operator/templates/_helpers.tpl index 835d8510cf..d18919c6dc 100644 --- a/helm-charts/seldon-core-operator/templates/_helpers.tpl +++ b/helm-charts/seldon-core-operator/templates/_helpers.tpl @@ -31,6 +31,17 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create chart namespace based on override value. +*/}} +{{- define "seldon.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} + {{/* Create the name of the service account to use */}} diff --git a/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml b/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml index 6934e6c31c..f7202d0314 100644 --- a/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml +++ b/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml @@ -8,12 +8,12 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: seldon-serving-cert - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' spec: - commonName: '{{- printf "seldon-webhook-service.%s.svc" .Release.Namespace -}}' + commonName: '{{- printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) -}}' dnsNames: - - '{{- printf "seldon-webhook-service.%s.svc.cluster.local" .Release.Namespace -}}' - - '{{- printf "seldon-webhook-service.%s.svc" .Release.Namespace -}}' + - '{{- printf "seldon-webhook-service.%s.svc.cluster.local" (include "seldon.namespace" .) -}}' + - '{{- printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) -}}' issuerRef: kind: Issuer name: seldon-selfsigned-issuer diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml index c56bc529c2..241361aa07 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-manager-role-{{ .Release.Namespace }} + name: seldon-manager-role-{{ include "seldon.namespace" . }} rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml index ce796412cf..8e81e452ad 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml @@ -10,7 +10,7 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-manager-sas-role-{{ .Release.Namespace }} + name: seldon-manager-sas-role-{{ include "seldon.namespace" . }} rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml index 515df01eac..37fbd6382e 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: seldon-spartakus-volunteer-{{ .Release.Namespace }} + name: seldon-spartakus-volunteer-{{ include "seldon.namespace" . }} rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml index ebe5e85ef8..5a58e68d85 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-webhook-role-{{ .Release.Namespace }} + name: seldon-webhook-role-{{ include "seldon.namespace" . }} rules: - apiGroups: - admissionregistration.k8s.io diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml index a1d838ec40..6b21ac88f3 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml @@ -8,14 +8,14 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-manager-rolebinding-{{ .Release.Namespace }} + name: seldon-manager-rolebinding-{{ include "seldon.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: seldon-manager-role-{{ .Release.Namespace }} + name: seldon-manager-role-{{ include "seldon.namespace" . }} subjects: - kind: ServiceAccount name: '{{ .Values.serviceAccount.name }}' - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml index bc5fc9f002..dc98314033 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml @@ -9,15 +9,15 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-manager-sas-rolebinding-{{ .Release.Namespace }} + name: seldon-manager-sas-rolebinding-{{ include "seldon.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: seldon-manager-sas-role-{{ .Release.Namespace }} + name: seldon-manager-sas-role-{{ include "seldon.namespace" . }} subjects: - kind: ServiceAccount name: seldon-manager - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} {{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml index 2cab82adf0..97d3bcfd11 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: seldon-spartakus-volunteer-{{ .Release.Namespace }} + name: seldon-spartakus-volunteer-{{ include "seldon.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: seldon-spartakus-volunteer-{{ .Release.Namespace }} + name: seldon-spartakus-volunteer-{{ include "seldon.namespace" . }} subjects: - kind: ServiceAccount name: seldon-spartakus-volunteer diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-webhook-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-webhook-rolebinding.yaml index 5600a21a63..042467aa31 100644 --- a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-webhook-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-webhook-rolebinding.yaml @@ -8,14 +8,14 @@ metadata: app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-webhook-rolebinding-{{ .Release.Namespace }} + name: seldon-webhook-rolebinding-{{ include "seldon.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: seldon-webhook-role-{{ .Release.Namespace }} + name: seldon-webhook-role-{{ include "seldon.namespace" . }} subjects: - kind: ServiceAccount name: seldon-manager - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml b/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml index 504328ad0b..5b21c6335f 100644 --- a/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml +++ b/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml @@ -14,5 +14,5 @@ metadata: app.kubernetes.io/version: '{{ .Chart.Version }}' control-plane: seldon-controller-manager name: seldon-config - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml b/helm-charts/seldon-core-operator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml index bb19c0363e..fbc6f2574b 100644 --- a/helm-charts/seldon-core-operator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml +++ b/helm-charts/seldon-core-operator/templates/customresourcedefinition_seldondeployments.machinelearning.seldon.io.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/seldon-serving-cert' + cert-manager.io/inject-ca-from: '{{ include "seldon.namespace" . }}/seldon-serving-cert' controller-gen.kubebuilder.io/version: v0.2.9 creationTimestamp: null labels: diff --git a/helm-charts/seldon-core-operator/templates/customresourcedefinition_v1_seldondeployments.machinelearning.seldon.io.yaml b/helm-charts/seldon-core-operator/templates/customresourcedefinition_v1_seldondeployments.machinelearning.seldon.io.yaml index 8e43baf790..29b91304da 100644 --- a/helm-charts/seldon-core-operator/templates/customresourcedefinition_v1_seldondeployments.machinelearning.seldon.io.yaml +++ b/helm-charts/seldon-core-operator/templates/customresourcedefinition_v1_seldondeployments.machinelearning.seldon.io.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/seldon-serving-cert' + cert-manager.io/inject-ca-from: '{{ include "seldon.namespace" . }}/seldon-serving-cert' controller-gen.kubebuilder.io/version: v0.2.5 creationTimestamp: null name: seldondeployments.machinelearning.seldon.io diff --git a/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml b/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml index b8757262c0..9d447f5acc 100644 --- a/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml +++ b/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/version: '{{ .Chart.Version }}' control-plane: seldon-controller-manager name: seldon-controller-manager - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' spec: replicas: 1 selector: @@ -35,7 +35,7 @@ spec: - --enable-leader-election - --webhook-port={{ .Values.webhook.port }} - --create-resources=$(MANAGER_CREATE_RESOURCES) - - '{{- if .Values.singleNamespace }}--namespace={{ .Release.Namespace }}{{- end }}' + - '{{- if .Values.singleNamespace }}--namespace={{ include "seldon.namespace" . }}{{- end }}' command: - /manager env: diff --git a/helm-charts/seldon-core-operator/templates/issuer_seldon-selfsigned-issuer.yaml b/helm-charts/seldon-core-operator/templates/issuer_seldon-selfsigned-issuer.yaml index 3dfbd7fa46..4fcbe9a201 100644 --- a/helm-charts/seldon-core-operator/templates/issuer_seldon-selfsigned-issuer.yaml +++ b/helm-charts/seldon-core-operator/templates/issuer_seldon-selfsigned-issuer.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: seldon-selfsigned-issuer - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' spec: selfSigned: {} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/role_seldon-leader-election-role.yaml b/helm-charts/seldon-core-operator/templates/role_seldon-leader-election-role.yaml index a312c56542..ce173d3353 100644 --- a/helm-charts/seldon-core-operator/templates/role_seldon-leader-election-role.yaml +++ b/helm-charts/seldon-core-operator/templates/role_seldon-leader-election-role.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: seldon-leader-election-role - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/role_seldon1-manager-role.yaml b/helm-charts/seldon-core-operator/templates/role_seldon1-manager-role.yaml index 57941e8f94..29db5c9c3b 100644 --- a/helm-charts/seldon-core-operator/templates/role_seldon1-manager-role.yaml +++ b/helm-charts/seldon-core-operator/templates/role_seldon1-manager-role.yaml @@ -5,7 +5,7 @@ kind: Role metadata: creationTimestamp: null name: seldon1-manager-role - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/role_seldon1-manager-sas-role.yaml b/helm-charts/seldon-core-operator/templates/role_seldon1-manager-sas-role.yaml index 4fa506d86e..708f31edba 100644 --- a/helm-charts/seldon-core-operator/templates/role_seldon1-manager-sas-role.yaml +++ b/helm-charts/seldon-core-operator/templates/role_seldon1-manager-sas-role.yaml @@ -6,7 +6,7 @@ kind: Role metadata: creationTimestamp: null name: seldon1-manager-sas-role - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' rules: - apiGroups: - '' diff --git a/helm-charts/seldon-core-operator/templates/rolebinding_seldon-leader-election-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/rolebinding_seldon-leader-election-rolebinding.yaml index 4f77fabb70..1b92eb5c7f 100644 --- a/helm-charts/seldon-core-operator/templates/rolebinding_seldon-leader-election-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/rolebinding_seldon-leader-election-rolebinding.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: seldon-leader-election-rolebinding - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -16,5 +16,5 @@ roleRef: subjects: - kind: ServiceAccount name: seldon-manager - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-rolebinding.yaml index 1f429e0be9..3385a83dfa 100644 --- a/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: seldon1-manager-rolebinding - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -12,6 +12,6 @@ roleRef: subjects: - kind: ServiceAccount name: '{{ .Values.serviceAccount.name }}' - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-sas-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-sas-rolebinding.yaml index 1042af7e72..0fb4296c3f 100644 --- a/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-sas-rolebinding.yaml +++ b/helm-charts/seldon-core-operator/templates/rolebinding_seldon1-manager-sas-rolebinding.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: seldon1-manager-sas-rolebinding - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -13,7 +13,7 @@ roleRef: subjects: - kind: ServiceAccount name: '{{ .Values.serviceAccount.name }}' - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} {{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml b/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml index 7cbbc7f766..d44849621c 100644 --- a/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml +++ b/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' spec: ports: - port: 443 diff --git a/helm-charts/seldon-core-operator/templates/serviceaccount_seldon-manager.yaml b/helm-charts/seldon-core-operator/templates/serviceaccount_seldon-manager.yaml index 65582da31f..daa90e4b1e 100644 --- a/helm-charts/seldon-core-operator/templates/serviceaccount_seldon-manager.yaml +++ b/helm-charts/seldon-core-operator/templates/serviceaccount_seldon-manager.yaml @@ -8,5 +8,5 @@ metadata: app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' name: '{{ .Values.serviceAccount.name }}' - namespace: '{{ .Release.Namespace }}' + namespace: '{{ include "seldon.namespace" . }}' {{- end }} diff --git a/helm-charts/seldon-core-operator/templates/webhook.yaml b/helm-charts/seldon-core-operator/templates/webhook.yaml index 6b63bc3cd5..f011f4a031 100644 --- a/helm-charts/seldon-core-operator/templates/webhook.yaml +++ b/helm-charts/seldon-core-operator/templates/webhook.yaml @@ -1,30 +1,44 @@ {{- if not .Values.managerCreateResources }} -{{- $altNames := list ( printf "seldon-webhook-service.%s" .Release.Namespace ) ( printf "seldon-webhook-service.%s.svc" .Release.Namespace ) -}} +{{- $altNames := list ( printf "seldon-webhook-service.%s" (include "seldon.namespace" .) ) ( printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) ) -}} {{- $ca := genCA "custom-metrics-ca" 365 -}} {{- $cert := genSignedCert "seldon-webhook-service" nil $altNames 365 $ca -}} --- +{{- if not .Values.certManager.enabled -}} +apiVersion: v1 +data: + ca.crt: '{{ $ca.Cert | b64enc }}' + tls.crt: '{{ $cert.Cert | b64enc }}' + tls.key: '{{ $cert.Key | b64enc }}' +kind: Secret +metadata: + name: seldon-webhook-server-cert + namespace: '{{ include "seldon.namespace" . }}' +type: kubernetes.io/tls +{{- end }} +--- + apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration +kind: ValidatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/seldon-serving-cert' + cert-manager.io/inject-ca-from: '{{ include "seldon.namespace" . }}/seldon-serving-cert' creationTimestamp: null labels: app: seldon app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-mutating-webhook-configuration-{{ .Release.Namespace }} + name: seldon-validating-webhook-configuration-{{ include "seldon.namespace" . }} webhooks: - clientConfig: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-machinelearning-seldon-io-v1-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /validate-machinelearning-seldon-io-v1-seldondeployment failurePolicy: Fail - name: v1.mseldondeployment.kb.io + name: v1.vseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -40,7 +54,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -72,10 +86,10 @@ webhooks: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-machinelearning-seldon-io-v1alpha2-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /validate-machinelearning-seldon-io-v1alpha2-seldondeployment failurePolicy: Fail - name: v1alpha2.mseldondeployment.kb.io + name: v1alpha2.vseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -91,7 +105,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -123,10 +137,10 @@ webhooks: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-machinelearning-seldon-io-v1alpha3-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /validate-machinelearning-seldon-io-v1alpha3-seldondeployment failurePolicy: Fail - name: v1alpha3.mseldondeployment.kb.io + name: v1alpha3.vseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -142,7 +156,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -173,26 +187,26 @@ webhooks: --- apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration +kind: MutatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/seldon-serving-cert' + cert-manager.io/inject-ca-from: '{{ include "seldon.namespace" . }}/seldon-serving-cert' creationTimestamp: null labels: app: seldon app.kubernetes.io/instance: '{{ .Release.Name }}' app.kubernetes.io/name: '{{ include "seldon.name" . }}' app.kubernetes.io/version: '{{ .Chart.Version }}' - name: seldon-validating-webhook-configuration-{{ .Release.Namespace }} + name: seldon-mutating-webhook-configuration-{{ include "seldon.namespace" . }} webhooks: - clientConfig: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-machinelearning-seldon-io-v1-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /mutate-machinelearning-seldon-io-v1-seldondeployment failurePolicy: Fail - name: v1.vseldondeployment.kb.io + name: v1.mseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -208,7 +222,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -240,10 +254,10 @@ webhooks: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-machinelearning-seldon-io-v1alpha2-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /mutate-machinelearning-seldon-io-v1alpha2-seldondeployment failurePolicy: Fail - name: v1alpha2.vseldondeployment.kb.io + name: v1alpha2.mseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -259,7 +273,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -291,10 +305,10 @@ webhooks: caBundle: '{{ $ca.Cert | b64enc }}' service: name: seldon-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-machinelearning-seldon-io-v1alpha3-seldondeployment + namespace: '{{ include "seldon.namespace" . }}' + path: /mutate-machinelearning-seldon-io-v1alpha3-seldondeployment failurePolicy: Fail - name: v1alpha3.vseldondeployment.kb.io + name: v1alpha3.mseldondeployment.kb.io {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} {{- if not .Values.singleNamespace }} namespaceSelector: @@ -310,7 +324,7 @@ webhooks: {{- if .Values.singleNamespace }} namespaceSelector: matchLabels: - seldon.io/controller-id: {{ .Release.Namespace }} + seldon.io/controller-id: {{ include "seldon.namespace" . }} {{- end }} {{- if not .Values.kubeflow }} {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} @@ -338,19 +352,5 @@ webhooks: resources: - seldondeployments sideEffects: None ---- - -{{- if not .Values.certManager.enabled -}} -apiVersion: v1 -data: - ca.crt: '{{ $ca.Cert | b64enc }}' - tls.crt: '{{ $cert.Cert | b64enc }}' - tls.key: '{{ $cert.Key | b64enc }}' -kind: Secret -metadata: - name: seldon-webhook-server-cert - namespace: '{{ .Release.Namespace }}' -type: kubernetes.io/tls -{{- end }} {{- end }} diff --git a/helm-charts/seldon-core-operator/values.yaml b/helm-charts/seldon-core-operator/values.yaml index d6aebbeee7..1c14e9306a 100644 --- a/helm-charts/seldon-core-operator/values.yaml +++ b/helm-charts/seldon-core-operator/values.yaml @@ -1,6 +1,9 @@ # # Seldon Core Operator # Below are the default values when installing Seldon Core +# Defaults to .Release.Namespace +namespaceOverride: "seldon-system" + # ## Ingress Options # You are able to choose between Istio and Ambassador diff --git a/operator/helm/split_resources.py b/operator/helm/split_resources.py index 4579fd6cbc..d0cd3630fa 100644 --- a/operator/helm/split_resources.py +++ b/operator/helm/split_resources.py @@ -81,13 +81,17 @@ def helm_release(value: str): return "{{ .Release." + value + " }}" +def helm_namespace_override(): + return '{{ include "seldon.namespace" . }}' + + if __name__ == "__main__": exp = args.prefix + "*" files = glob.glob(exp) webhookData = HELM_CREATERESOURCES_IF_START webhookData = ( webhookData - + '{{- $altNames := list ( printf "seldon-webhook-service.%s" .Release.Namespace ) ( printf "seldon-webhook-service.%s.svc" .Release.Namespace ) -}}\n' + + '{{- $altNames := list ( printf "seldon-webhook-service.%s" (include "seldon.namespace" .) ) ( printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) ) -}}\n' ) webhookData = webhookData + '{{- $ca := genCA "custom-metrics-ca" 365 -}}\n' webhookData = ( @@ -139,7 +143,7 @@ def helm_release(value: str): res["metadata"]["namespace"] == "seldon-system" or res["metadata"]["namespace"] == "seldon1-system" ): - res["metadata"]["namespace"] = "{{ .Release.Namespace }}" + res["metadata"]["namespace"] = helm_namespace_override() # controller manager if kind == "deployment" and name == "seldon-controller-manager": @@ -200,7 +204,7 @@ def helm_release(value: str): argIdx ] = "--webhook-port=" + helm_value("webhook.port") res["spec"]["template"]["spec"]["containers"][0]["args"].append( - "{{- if .Values.singleNamespace }}--namespace={{ .Release.Namespace }}{{- end }}" + '{{- if .Values.singleNamespace }}--namespace={{ include "seldon.namespace" . }}{{- end }}' ) if kind == "configmap" and name == "seldon-config": @@ -216,32 +220,32 @@ def helm_release(value: str): if kind == "clusterrole": res["metadata"]["name"] = ( - res["metadata"]["name"] + "-" + helm_release("Namespace") + res["metadata"]["name"] + "-" + helm_namespace_override() ) # Update cluster role bindings if kind == "clusterrolebinding": res["metadata"]["name"] = ( - res["metadata"]["name"] + "-" + helm_release("Namespace") + res["metadata"]["name"] + "-" + helm_namespace_override() ) res["roleRef"]["name"] = ( - res["roleRef"]["name"] + "-" + helm_release("Namespace") + res["roleRef"]["name"] + "-" + helm_namespace_override() ) if name == "seldon-manager-rolebinding": res["subjects"][0]["name"] = helm_value("serviceAccount.name") - res["subjects"][0]["namespace"] = helm_release("Namespace") + res["subjects"][0]["namespace"] = helm_namespace_override() elif name != "seldon-spartakus-volunteer": - res["subjects"][0]["namespace"] = helm_release("Namespace") + res["subjects"][0]["namespace"] = helm_namespace_override() # Update role bindings if kind == "rolebinding": - res["subjects"][0]["namespace"] = helm_release("Namespace") + res["subjects"][0]["namespace"] = helm_namespace_override() if ( name == "seldon1-manager-rolebinding" or name == "seldon1-manager-sas-rolebinding" ): res["subjects"][0]["name"] = helm_value("serviceAccount.name") - res["subjects"][0]["namespace"] = helm_release("Namespace") + res["subjects"][0]["namespace"] = helm_namespace_override() # Update webhook certificates if name == "seldon-webhook-server-cert" and kind == "secret": @@ -254,41 +258,41 @@ def helm_release(value: str): or kind == "validatingwebhookconfiguration" ): res["metadata"]["name"] = ( - res["metadata"]["name"] + "-" + helm_release("Namespace") + res["metadata"]["name"] + "-" + helm_namespace_override() ) res["webhooks"][0]["clientConfig"][ "caBundle" ] = "{{ $ca.Cert | b64enc }}" res["webhooks"][0]["clientConfig"]["service"][ "namespace" - ] = helm_release("Namespace") + ] = helm_namespace_override() res["webhooks"][1]["clientConfig"][ "caBundle" ] = "{{ $ca.Cert | b64enc }}" res["webhooks"][1]["clientConfig"]["service"][ "namespace" - ] = helm_release("Namespace") + ] = helm_namespace_override() res["webhooks"][2]["clientConfig"][ "caBundle" ] = "{{ $ca.Cert | b64enc }}" res["webhooks"][2]["clientConfig"]["service"][ "namespace" - ] = helm_release("Namespace") + ] = helm_namespace_override() if "cert-manager.io/inject-ca-from" in res["metadata"]["annotations"]: res["metadata"]["annotations"]["cert-manager.io/inject-ca-from"] = ( - helm_release("Namespace") + "/seldon-serving-cert" + helm_namespace_override() + "/seldon-serving-cert" ) if kind == "certificate": res["spec"][ "commonName" - ] = '{{- printf "seldon-webhook-service.%s.svc" .Release.Namespace -}}' + ] = '{{- printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) -}}' res["spec"]["dnsNames"][ 0 - ] = '{{- printf "seldon-webhook-service.%s.svc.cluster.local" .Release.Namespace -}}' + ] = '{{- printf "seldon-webhook-service.%s.svc.cluster.local" (include "seldon.namespace" .) -}}' res["spec"]["dnsNames"][ 1 - ] = '{{- printf "seldon-webhook-service.%s.svc" .Release.Namespace -}}' + ] = '{{- printf "seldon-webhook-service.%s.svc" (include "seldon.namespace" .) -}}' if ( kind == "customresourcedefinition" @@ -299,7 +303,7 @@ def helm_release(value: str): res["spec"]["conversion"]["webhookClientConfig"]["caBundle"] = "==" if "cert-manager.io/inject-ca-from" in res["metadata"]["annotations"]: res["metadata"]["annotations"]["cert-manager.io/inject-ca-from"] = ( - helm_release("Namespace") + "/seldon-serving-cert" + helm_namespace_override() + "/seldon-serving-cert" ) # Update webhook service port @@ -456,7 +460,7 @@ def helm_release(value: str): # Write webhook related data in 1 file namespaceSelector = ( " namespaceSelector:\n matchLabels:\n seldon.io/controller-id: " - + helm_release("Namespace") + + helm_namespace_override() + "\n" ) objectSelector = (