-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the Tekton CD pipeline for profile controller run on KF release …
…cluster (#4568) * Get rid of the PVC used to pass the image digest file between the build and update manifests step * Creating a PVC just creates operational complexity * We combine the build and update manifests step into one task. We can then use /workspace (a pod volume) to pass data like the image digest file between the steps * Update pipelineRun to work with version 0.9 of Tekton * Field serviceAccount has been renamed serviceAccountName * TaskRun no longer supports outputImageDir so we remove it; we will have to use Tekton to pass the image digest file * Remove the namespace.yaml and secrets.yaml from the kustomize package * The secrets should be created out of band and not checked in * So the behavior should be to deploy the kustomize package in a namespace that already exists with the appropriate secrets * Checking in secrets is confusing * If we check in dummy secrets then users will get confused about whether the secrets are valid or not * Furthermore, the file secrets.yaml is an invitation to end up checking the secrets into source control. * Configure some values to use gcr.io/kubeflow-images-public * Disable ISTIO sidecar in the pipelines * For kaniko we don't need the secret to be named a certain way we just need to set GOOGLE_APPLICATION_CREDENTIALS to point to the correct value * We change kaniko to use the user-gcp-sa secret that Kubeflow creates * We shouldn't need an image pull secret since kubeflow-images-public is public * GOOGLE_APPLICATION_CREDENTIALS should be used for pushing images * Change the name of the secret containing ssh credentials for kubeflow-bot to kubeflow-bot-github-ssh * rebuild-manifests.sh should use /workspace to get the image digest rather than the PVC. * Simplify rebuild-manifests.ssh * Tekton will mount the .ssh information in /tekton/home/.ssh so we just need to create a symbolic link to /root/.ssh * The image digest file should be fetched from /workspace and not some PVC. * Set GITHUB_TOKEN environment variable using secrets so that we don't need to use kubectl get to fetch it * We need to make the clone of kubeflow/manifests a non-shallow clone before we can push changes to the remote repo * I was able to successfully run the profile controller workflow and create a PR kubeflow/manifests#669 Next steps: * This PR only updated the profile controller * We need to refactor how the PipelineRun's are laid out * I think we may want the PipelineRun's to be separate from the reused resurces like Task * rebuil-manifests.sh should only regenerate tests for changed files * The created PRs don't satisfy the Kubeflow CLA check. Related to: kubeflow/testing#450
- Loading branch information
1 parent
5c7ecd8
commit 19c0dd6
Showing
12 changed files
with
169 additions
and
177 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.