From 2beed9f07cc43f3e4b7a5053cf49936590605dcd Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 12:45:33 -0700 Subject: [PATCH 01/13] restructure --- .../kustomize/env/dev/kustomization.yaml | 29 + .../dev}/namespace.yaml | 0 .../namespaced/kustomizeconfig/namespace.yaml | 6 + ...ine-persistenceagent-deployment-patch.yaml | 0 ...ne-scheduledworkflow-deployment-patch.yaml | 0 .../ml-pipeline-ui-deployment-patch.yaml | 0 ...-pipeline-viewer-crd-deployment-patch.yaml | 0 .../kustomize/env/namespaced/namespace.yaml | 6 + .../workflow-controller-configmap.yaml | 0 manifests/kustomize/namespaced-install.yaml | 917 ------------------ .../kustomize/namespaced-install/README.md | 2 - .../namespaced-install/kustomization.yaml | 29 - .../namespaced-install/namespace.yaml | 4 - 13 files changed, 41 insertions(+), 952 deletions(-) create mode 100644 manifests/kustomize/env/dev/kustomization.yaml rename manifests/kustomize/{namespaced-install/kustomizeconfig => env/dev}/namespace.yaml (100%) create mode 100644 manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml rename manifests/kustomize/{namespaced-install => env/namespaced}/ml-pipeline-persistenceagent-deployment-patch.yaml (100%) rename manifests/kustomize/{namespaced-install => env/namespaced}/ml-pipeline-scheduledworkflow-deployment-patch.yaml (100%) rename manifests/kustomize/{namespaced-install => env/namespaced}/ml-pipeline-ui-deployment-patch.yaml (100%) rename manifests/kustomize/{namespaced-install => env/namespaced}/ml-pipeline-viewer-crd-deployment-patch.yaml (100%) create mode 100644 manifests/kustomize/env/namespaced/namespace.yaml rename manifests/kustomize/{namespaced-install => env/namespaced}/workflow-controller-configmap.yaml (100%) delete mode 100644 manifests/kustomize/namespaced-install/README.md delete mode 100644 manifests/kustomize/namespaced-install/kustomization.yaml delete mode 100644 manifests/kustomize/namespaced-install/namespace.yaml diff --git a/manifests/kustomize/env/dev/kustomization.yaml b/manifests/kustomize/env/dev/kustomization.yaml new file mode 100644 index 00000000000..ad4d4fe0e97 --- /dev/null +++ b/manifests/kustomize/env/dev/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../../base + +resources: +- namespace.yaml + +namespace: kubeflow + +patchesStrategicMerge: +- ../namespaced/workflow-controller-configmap.yaml +- ../namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml +- ../namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml +- ../namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml +- ../namespaced/ml-pipeline-ui-deployment-patch.yaml + +vars: + - name: NAMESPACE + objref: + kind: Deployment + apiVersion: apps/v1beta2 + name: workflow-controller + fieldref: + fieldpath: metadata.namespace + +configurations: +- ../namespaced/kustomizeconfig/namespace.yaml diff --git a/manifests/kustomize/namespaced-install/kustomizeconfig/namespace.yaml b/manifests/kustomize/env/dev/namespace.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/kustomizeconfig/namespace.yaml rename to manifests/kustomize/env/dev/namespace.yaml diff --git a/manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml b/manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml new file mode 100644 index 00000000000..2a5ae3d6456 --- /dev/null +++ b/manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml @@ -0,0 +1,6 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: metadata/name + kind: Namespace \ No newline at end of file diff --git a/manifests/kustomize/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml b/manifests/kustomize/env/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml rename to manifests/kustomize/env/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml diff --git a/manifests/kustomize/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml b/manifests/kustomize/env/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml rename to manifests/kustomize/env/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml diff --git a/manifests/kustomize/namespaced-install/ml-pipeline-ui-deployment-patch.yaml b/manifests/kustomize/env/namespaced/ml-pipeline-ui-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/ml-pipeline-ui-deployment-patch.yaml rename to manifests/kustomize/env/namespaced/ml-pipeline-ui-deployment-patch.yaml diff --git a/manifests/kustomize/namespaced-install/ml-pipeline-viewer-crd-deployment-patch.yaml b/manifests/kustomize/env/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/ml-pipeline-viewer-crd-deployment-patch.yaml rename to manifests/kustomize/env/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml diff --git a/manifests/kustomize/env/namespaced/namespace.yaml b/manifests/kustomize/env/namespaced/namespace.yaml new file mode 100644 index 00000000000..2a5ae3d6456 --- /dev/null +++ b/manifests/kustomize/env/namespaced/namespace.yaml @@ -0,0 +1,6 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: metadata/name + kind: Namespace \ No newline at end of file diff --git a/manifests/kustomize/namespaced-install/workflow-controller-configmap.yaml b/manifests/kustomize/env/namespaced/workflow-controller-configmap.yaml similarity index 100% rename from manifests/kustomize/namespaced-install/workflow-controller-configmap.yaml rename to manifests/kustomize/env/namespaced/workflow-controller-configmap.yaml diff --git a/manifests/kustomize/namespaced-install.yaml b/manifests/kustomize/namespaced-install.yaml index 93e585cee4b..e69de29bb2d 100644 --- a/manifests/kustomize/namespaced-install.yaml +++ b/manifests/kustomize/namespaced-install.yaml @@ -1,917 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: kubeflow ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: scheduledworkflows.kubeflow.org -spec: - group: kubeflow.org - names: - kind: ScheduledWorkflow - listKind: ScheduledWorkflowList - plural: scheduledworkflows - shortNames: - - swf - singular: scheduledworkflow - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - ksonnet.io/component: pipeline - name: viewers.kubeflow.org -spec: - group: kubeflow.org - names: - kind: Viewer - listKind: ViewerList - plural: viewers - shortNames: - - vi - singular: viewer - scope: Namespaced - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: workflows.argoproj.io -spec: - group: argoproj.io - names: - kind: Workflow - plural: workflows - shortNames: - - wf - scope: Namespaced - version: v1alpha1 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: argo - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-persistenceagent - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-scheduledworkflow - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-ui - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline-viewer-crd-service-account - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ml-pipeline - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pipeline-runner - namespace: kubeflow ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: proxy-agent-runner - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: argo-role - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - - workflows/finalizers - verbs: - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ml-pipeline-persistenceagent-role - namespace: kubeflow -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline-scheduledworkflow-role - name: ml-pipeline-scheduledworkflow-role - namespace: kubeflow -rules: -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - pods - - pods/log - verbs: - - create - - get - - list -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: ml-pipeline-viewer-controller-role - namespace: kubeflow -rules: -- apiGroups: - - '*' - resources: - - deployments - - services - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - viewers - verbs: - - create - - get - - list - - watch - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: ml-pipeline - name: ml-pipeline - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - delete -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - - list - - watch - - update - - patch - - delete -- apiGroups: - - kubeflow.org - resources: - - scheduledworkflows - verbs: - - create - - get - - list - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: pipeline-runner - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - verbs: - - '*' -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get -- apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - - services - verbs: - - '*' -- apiGroups: - - "" - - apps - - extensions - resources: - - deployments - - replicasets - verbs: - - '*' -- apiGroups: - - kubeflow.org - resources: - - '*' - verbs: - - '*' -- apiGroups: - - batch - resources: - - jobs - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: proxy-agent-runner - name: proxy-agent-runner - namespace: kubeflow -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: argo-binding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: argo-role -subjects: -- kind: ServiceAccount - name: argo - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-persistenceagent-binding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-persistenceagent-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-persistenceagent - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-scheduledworkflow-binding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-scheduledworkflow-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-scheduledworkflow - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-ui -subjects: -- kind: ServiceAccount - name: ml-pipeline-ui - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ml-pipeline-viewer-crd-binding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline-viewer-controller-role -subjects: -- kind: ServiceAccount - name: ml-pipeline-viewer-crd-service-account - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: ml-pipeline - name: ml-pipeline - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ml-pipeline -subjects: -- kind: ServiceAccount - name: ml-pipeline - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: pipeline-runner-binding - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pipeline-runner -subjects: -- kind: ServiceAccount - name: pipeline-runner - namespace: kubeflow ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: proxy-agent-runner - name: proxy-agent-runner - namespace: kubeflow -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: proxy-agent-runner -subjects: -- kind: ServiceAccount - name: proxy-agent-runner - namespace: kubeflow ---- -apiVersion: v1 -data: - config: | - { - namespace: kubeflow, - executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0, - artifactRepository: - { - s3: { - bucket: mlpipeline, - keyPrefix: artifacts, - endpoint: minio-service.kubeflow:9000, - insecure: true, - accessKeySecret: { - name: mlpipeline-minio-artifact, - key: accesskey - }, - secretKeySecret: { - name: mlpipeline-minio-artifact, - key: secretkey - } - } - } - } -kind: ConfigMap -metadata: - name: workflow-controller-configmap - namespace: kubeflow ---- -apiVersion: v1 -data: - accesskey: bWluaW8= - secretkey: bWluaW8xMjM= -kind: Secret -metadata: - name: mlpipeline-minio-artifact - namespace: kubeflow -type: Opaque ---- -apiVersion: v1 -kind: Service -metadata: - name: minio-service - namespace: kubeflow -spec: - ports: - - port: 9000 - protocol: TCP - targetPort: 9000 - selector: - app: minio ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui - namespace: kubeflow -spec: - ports: - - port: 80 - targetPort: 3000 - selector: - app: ml-pipeline-ui ---- -apiVersion: v1 -kind: Service -metadata: - name: ml-pipeline - namespace: kubeflow -spec: - ports: - - name: http - port: 8888 - protocol: TCP - targetPort: 8888 - - name: grpc - port: 8887 - protocol: TCP - targetPort: 8887 - selector: - app: ml-pipeline ---- -apiVersion: v1 -kind: Service -metadata: - name: mysql - namespace: kubeflow -spec: - ports: - - port: 3306 - selector: - app: mysql ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: minio - namespace: kubeflow -spec: - selector: - matchLabels: - app: minio - strategy: - type: Recreate - template: - metadata: - labels: - app: minio - spec: - containers: - - args: - - server - - /data - env: - - name: MINIO_ACCESS_KEY - value: minio - - name: MINIO_SECRET_KEY - value: minio123 - image: gcr.io/ml-pipeline/minio:RELEASE.2018-02-09T22-40-05Z - name: minio - ports: - - containerPort: 9000 - volumeMounts: - - mountPath: /data - name: data - subPath: minio - volumes: - - name: data - persistentVolumeClaim: - claimName: minio-pvc ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: ml-pipeline-persistenceagent - name: ml-pipeline-persistenceagent - namespace: kubeflow -spec: - selector: - matchLabels: - app: ml-pipeline-persistenceagent - template: - metadata: - labels: - app: ml-pipeline-persistenceagent - spec: - containers: - - env: - - name: NAMESPACE - value: kubeflow - image: gcr.io/ml-pipeline/persistenceagent:0.1.26 - imagePullPolicy: IfNotPresent - name: ml-pipeline-persistenceagent - serviceAccountName: ml-pipeline-persistenceagent ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: ml-pipeline-scheduledworkflow - name: ml-pipeline-scheduledworkflow - namespace: kubeflow -spec: - selector: - matchLabels: - app: ml-pipeline-scheduledworkflow - template: - metadata: - labels: - app: ml-pipeline-scheduledworkflow - spec: - containers: - - env: - - name: NAMESPACE - value: kubeflow - image: gcr.io/ml-pipeline/scheduledworkflow:0.1.26 - imagePullPolicy: IfNotPresent - name: ml-pipeline-scheduledworkflow - serviceAccountName: ml-pipeline-scheduledworkflow ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: ml-pipeline-ui - name: ml-pipeline-ui - namespace: kubeflow -spec: - selector: - matchLabels: - app: ml-pipeline-ui - template: - metadata: - labels: - app: ml-pipeline-ui - spec: - containers: - - env: - - name: MINIO_NAMESPACE - value: kubeflow - image: gcr.io/ml-pipeline/frontend:0.1.26 - imagePullPolicy: IfNotPresent - name: ml-pipeline-ui - ports: - - containerPort: 3000 - serviceAccountName: ml-pipeline-ui ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: ml-pipeline-viewer-crd - name: ml-pipeline-viewer-crd - namespace: kubeflow -spec: - selector: - matchLabels: - app: ml-pipeline-viewer-crd - template: - metadata: - labels: - app: ml-pipeline-viewer-crd - spec: - containers: - - env: - - name: NAMESPACE - value: kubeflow - - name: MAX_NUM_VIEWERS - value: "50" - image: gcr.io/ml-pipeline/viewer-crd-controller:0.1.26 - imagePullPolicy: Always - name: ml-pipeline-viewer-crd - serviceAccountName: ml-pipeline-viewer-crd-service-account ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: ml-pipeline - name: ml-pipeline - namespace: kubeflow -spec: - selector: - matchLabels: - app: ml-pipeline - template: - metadata: - labels: - app: ml-pipeline - spec: - containers: - - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/api-server:0.1.26 - imagePullPolicy: IfNotPresent - name: ml-pipeline-api-server - ports: - - containerPort: 8888 - - containerPort: 8887 - serviceAccountName: ml-pipeline ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: mysql - namespace: kubeflow -spec: - selector: - matchLabels: - app: mysql - strategy: - type: Recreate - template: - metadata: - labels: - app: mysql - spec: - containers: - - env: - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: "true" - image: gcr.io/ml-pipeline/mysql:5.6 - name: mysql - ports: - - containerPort: 3306 - name: mysql - volumeMounts: - - mountPath: /var/lib/mysql - name: mysql-persistent-storage - volumes: - - name: mysql-persistent-storage - persistentVolumeClaim: - claimName: mysql-pv-claim ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: proxy-agent - name: proxy-agent - namespace: kubeflow -spec: - selector: - matchLabels: - app: proxy-agent - template: - metadata: - labels: - app: proxy-agent - spec: - containers: - - image: gcr.io/ml-pipeline/inverse-proxy-agent:0.1.26 - imagePullPolicy: IfNotPresent - name: proxy-agent - serviceAccountName: proxy-agent-runner ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - labels: - app: workflow-controller - name: workflow-controller - namespace: kubeflow -spec: - progressDeadlineSeconds: 600 - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: workflow-controller - strategy: - rollingUpdate: - maxSurge: 25% - maxUnavailable: 25% - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - app: workflow-controller - spec: - containers: - - args: - - --configmap - - workflow-controller-configmap - - --executor-image - - gcr.io/ml-pipeline/argoexec:v2.3.0 - command: - - workflow-controller - env: - - name: ARGO_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: gcr.io/ml-pipeline/workflow-controller:v2.3.0 - imagePullPolicy: IfNotPresent - name: workflow-controller - resources: {} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: argo - serviceAccountName: argo - terminationGracePeriodSeconds: 30 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: minio-pvc - namespace: kubeflow -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mysql-pv-claim - namespace: kubeflow -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 20Gi diff --git a/manifests/kustomize/namespaced-install/README.md b/manifests/kustomize/namespaced-install/README.md deleted file mode 100644 index 87e84672f24..00000000000 --- a/manifests/kustomize/namespaced-install/README.md +++ /dev/null @@ -1,2 +0,0 @@ -This directory shows how to deploy to a non-default namespace. -To deploy to your own namespace, replace `kubeflow`. \ No newline at end of file diff --git a/manifests/kustomize/namespaced-install/kustomization.yaml b/manifests/kustomize/namespaced-install/kustomization.yaml deleted file mode 100644 index db6f2a8c408..00000000000 --- a/manifests/kustomize/namespaced-install/kustomization.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -bases: -- ../base - -resources: -- namespace.yaml - -namespace: kubeflow - -patchesStrategicMerge: -- workflow-controller-configmap.yaml -- ml-pipeline-persistenceagent-deployment-patch.yaml -- ml-pipeline-scheduledworkflow-deployment-patch.yaml -- ml-pipeline-viewer-crd-deployment-patch.yaml -- ml-pipeline-ui-deployment-patch.yaml - -vars: - - name: NAMESPACE - objref: - kind: Deployment - apiVersion: apps/v1beta2 - name: workflow-controller - fieldref: - fieldpath: metadata.namespace - -configurations: -- kustomizeconfig/namespace.yaml diff --git a/manifests/kustomize/namespaced-install/namespace.yaml b/manifests/kustomize/namespaced-install/namespace.yaml deleted file mode 100644 index 3cd514d2e1e..00000000000 --- a/manifests/kustomize/namespaced-install/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: $(NAMESPACE) \ No newline at end of file From d4e98ee3db4c944afecdbfe2018299f290caea88 Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 13:08:24 -0700 Subject: [PATCH 02/13] working example --- .../kustomize/env/dev/kustomization.yaml | 26 +---------------- .../kustomize/env/namespaced/namespace.yaml | 6 ---- .../kustomize/namespaced/kustomization.yaml | 29 +++++++++++++++++++ .../namespaced/kustomizeconfig/namespace.yaml | 0 ...ine-persistenceagent-deployment-patch.yaml | 0 ...ne-scheduledworkflow-deployment-patch.yaml | 0 .../ml-pipeline-ui-deployment-patch.yaml | 0 ...-pipeline-viewer-crd-deployment-patch.yaml | 0 manifests/kustomize/namespaced/namespace.yaml | 4 +++ .../workflow-controller-configmap.yaml | 0 10 files changed, 34 insertions(+), 31 deletions(-) delete mode 100644 manifests/kustomize/env/namespaced/namespace.yaml create mode 100644 manifests/kustomize/namespaced/kustomization.yaml rename manifests/kustomize/{env => }/namespaced/kustomizeconfig/namespace.yaml (100%) rename manifests/kustomize/{env => }/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml (100%) rename manifests/kustomize/{env => }/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml (100%) rename manifests/kustomize/{env => }/namespaced/ml-pipeline-ui-deployment-patch.yaml (100%) rename manifests/kustomize/{env => }/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml (100%) create mode 100644 manifests/kustomize/namespaced/namespace.yaml rename manifests/kustomize/{env => }/namespaced/workflow-controller-configmap.yaml (100%) diff --git a/manifests/kustomize/env/dev/kustomization.yaml b/manifests/kustomize/env/dev/kustomization.yaml index ad4d4fe0e97..c30afc0f6fa 100644 --- a/manifests/kustomize/env/dev/kustomization.yaml +++ b/manifests/kustomize/env/dev/kustomization.yaml @@ -2,28 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization bases: -- ../../base - -resources: -- namespace.yaml - -namespace: kubeflow - -patchesStrategicMerge: -- ../namespaced/workflow-controller-configmap.yaml -- ../namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml -- ../namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml -- ../namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml -- ../namespaced/ml-pipeline-ui-deployment-patch.yaml - -vars: - - name: NAMESPACE - objref: - kind: Deployment - apiVersion: apps/v1beta2 - name: workflow-controller - fieldref: - fieldpath: metadata.namespace - -configurations: -- ../namespaced/kustomizeconfig/namespace.yaml + - ../../namespaced diff --git a/manifests/kustomize/env/namespaced/namespace.yaml b/manifests/kustomize/env/namespaced/namespace.yaml deleted file mode 100644 index 2a5ae3d6456..00000000000 --- a/manifests/kustomize/env/namespaced/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Allow Kustomize var to replace following fields. -varReference: -- path: data/config - kind: ConfigMap -- path: metadata/name - kind: Namespace \ No newline at end of file diff --git a/manifests/kustomize/namespaced/kustomization.yaml b/manifests/kustomize/namespaced/kustomization.yaml new file mode 100644 index 00000000000..5ee8c9205fe --- /dev/null +++ b/manifests/kustomize/namespaced/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../base + +resources: +- namespace.yaml + +namespace: kubeflow + +patchesStrategicMerge: +- workflow-controller-configmap.yaml +- ml-pipeline-persistenceagent-deployment-patch.yaml +- ml-pipeline-scheduledworkflow-deployment-patch.yaml +- ml-pipeline-viewer-crd-deployment-patch.yaml +- ml-pipeline-ui-deployment-patch.yaml + +vars: + - name: NAMESPACE + objref: + kind: Deployment + apiVersion: apps/v1beta2 + name: workflow-controller + fieldref: + fieldpath: metadata.namespace + +configurations: +- kustomizeconfig/namespace.yaml diff --git a/manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml b/manifests/kustomize/namespaced/kustomizeconfig/namespace.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/kustomizeconfig/namespace.yaml rename to manifests/kustomize/namespaced/kustomizeconfig/namespace.yaml diff --git a/manifests/kustomize/env/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml rename to manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml diff --git a/manifests/kustomize/env/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml rename to manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml diff --git a/manifests/kustomize/env/namespaced/ml-pipeline-ui-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/ml-pipeline-ui-deployment-patch.yaml rename to manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml diff --git a/manifests/kustomize/env/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml rename to manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml diff --git a/manifests/kustomize/namespaced/namespace.yaml b/manifests/kustomize/namespaced/namespace.yaml new file mode 100644 index 00000000000..3cd514d2e1e --- /dev/null +++ b/manifests/kustomize/namespaced/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: $(NAMESPACE) \ No newline at end of file diff --git a/manifests/kustomize/env/namespaced/workflow-controller-configmap.yaml b/manifests/kustomize/namespaced/workflow-controller-configmap.yaml similarity index 100% rename from manifests/kustomize/env/namespaced/workflow-controller-configmap.yaml rename to manifests/kustomize/namespaced/workflow-controller-configmap.yaml From be36a09c2d63cb0b2f9b73ed10f9ef61cc0ba5b1 Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 13:13:26 -0700 Subject: [PATCH 03/13] working example --- manifests/kustomize/env/dev/namespace.yaml | 6 - manifests/kustomize/namespaced-install.yaml | 917 ++++++++++++++++++ .../kustomize/namespaced/kustomization.yaml | 2 +- 3 files changed, 918 insertions(+), 7 deletions(-) delete mode 100644 manifests/kustomize/env/dev/namespace.yaml diff --git a/manifests/kustomize/env/dev/namespace.yaml b/manifests/kustomize/env/dev/namespace.yaml deleted file mode 100644 index 2a5ae3d6456..00000000000 --- a/manifests/kustomize/env/dev/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Allow Kustomize var to replace following fields. -varReference: -- path: data/config - kind: ConfigMap -- path: metadata/name - kind: Namespace \ No newline at end of file diff --git a/manifests/kustomize/namespaced-install.yaml b/manifests/kustomize/namespaced-install.yaml index e69de29bb2d..93e585cee4b 100644 --- a/manifests/kustomize/namespaced-install.yaml +++ b/manifests/kustomize/namespaced-install.yaml @@ -0,0 +1,917 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + ksonnet.io/component: pipeline + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + plural: workflows + shortNames: + - wf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: proxy-agent-runner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: proxy-agent-runner + name: proxy-agent-runner + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: proxy-agent-runner +subjects: +- kind: ServiceAccount + name: proxy-agent-runner + namespace: kubeflow +--- +apiVersion: v1 +data: + config: | + { + namespace: kubeflow, + executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: kubeflow +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui +--- +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + selector: + app: mysql +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: gcr.io/ml-pipeline/minio:RELEASE.2018-02-09T22-40-05Z + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + value: kubeflow + image: gcr.io/ml-pipeline/persistenceagent:0.1.26 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + value: kubeflow + image: gcr.io/ml-pipeline/scheduledworkflow:0.1.26 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - env: + - name: MINIO_NAMESPACE + value: kubeflow + image: gcr.io/ml-pipeline/frontend:0.1.26 + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + serviceAccountName: ml-pipeline-ui +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - env: + - name: NAMESPACE + value: kubeflow + - name: MAX_NUM_VIEWERS + value: "50" + image: gcr.io/ml-pipeline/viewer-crd-controller:0.1.26 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/api-server:0.1.26 + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + - containerPort: 8887 + serviceAccountName: ml-pipeline +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: proxy-agent + name: proxy-agent + namespace: kubeflow +spec: + selector: + matchLabels: + app: proxy-agent + template: + metadata: + labels: + app: proxy-agent + spec: + containers: + - image: gcr.io/ml-pipeline/inverse-proxy-agent:0.1.26 + imagePullPolicy: IfNotPresent + name: proxy-agent + serviceAccountName: proxy-agent-runner +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v2.3.0 + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/workflow-controller:v2.3.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/manifests/kustomize/namespaced/kustomization.yaml b/manifests/kustomize/namespaced/kustomization.yaml index 5ee8c9205fe..c28ca7e1fd4 100644 --- a/manifests/kustomize/namespaced/kustomization.yaml +++ b/manifests/kustomize/namespaced/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization bases: - - ../../base + - ../base resources: - namespace.yaml From 4c62abdc6117b13cdde413b9768df8fe66bbf8f2 Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 13:15:08 -0700 Subject: [PATCH 04/13] move mysql --- manifests/kustomize/base/kustomization.yaml | 3 --- manifests/kustomize/env/dev/kustomization.yaml | 5 +++++ .../kustomize/{base => env/dev}/mysql/kustomization.yaml | 0 .../kustomize/{base => env/dev}/mysql/mysql-deployment.yaml | 0 .../kustomize/{base => env/dev}/mysql/mysql-pv-claim.yaml | 0 .../kustomize/{base => env/dev}/mysql/mysql-service.yaml | 0 6 files changed, 5 insertions(+), 3 deletions(-) rename manifests/kustomize/{base => env/dev}/mysql/kustomization.yaml (100%) rename manifests/kustomize/{base => env/dev}/mysql/mysql-deployment.yaml (100%) rename manifests/kustomize/{base => env/dev}/mysql/mysql-pv-claim.yaml (100%) rename manifests/kustomize/{base => env/dev}/mysql/mysql-service.yaml (100%) diff --git a/manifests/kustomize/base/kustomization.yaml b/manifests/kustomize/base/kustomization.yaml index adae06469f0..8f8d3b2c113 100644 --- a/manifests/kustomize/base/kustomization.yaml +++ b/manifests/kustomize/base/kustomization.yaml @@ -5,7 +5,6 @@ bases: - argo - crds - minio -- mysql - pipeline - proxy @@ -14,8 +13,6 @@ images: newTag: v2.3.0 - name: minio/minio newTag: RELEASE.2018-02-09T22-40-05Z -- name: mysql - newTag: "5.6" - name: gcr.io/ml-pipeline/api-server newTag: 0.1.26 - name: gcr.io/ml-pipeline/persistenceagent diff --git a/manifests/kustomize/env/dev/kustomization.yaml b/manifests/kustomize/env/dev/kustomization.yaml index c30afc0f6fa..a32cdc17aed 100644 --- a/manifests/kustomize/env/dev/kustomization.yaml +++ b/manifests/kustomize/env/dev/kustomization.yaml @@ -3,3 +3,8 @@ kind: Kustomization bases: - ../../namespaced + - mysql + +images: + - name: mysql + newTag: "5.6" \ No newline at end of file diff --git a/manifests/kustomize/base/mysql/kustomization.yaml b/manifests/kustomize/env/dev/mysql/kustomization.yaml similarity index 100% rename from manifests/kustomize/base/mysql/kustomization.yaml rename to manifests/kustomize/env/dev/mysql/kustomization.yaml diff --git a/manifests/kustomize/base/mysql/mysql-deployment.yaml b/manifests/kustomize/env/dev/mysql/mysql-deployment.yaml similarity index 100% rename from manifests/kustomize/base/mysql/mysql-deployment.yaml rename to manifests/kustomize/env/dev/mysql/mysql-deployment.yaml diff --git a/manifests/kustomize/base/mysql/mysql-pv-claim.yaml b/manifests/kustomize/env/dev/mysql/mysql-pv-claim.yaml similarity index 100% rename from manifests/kustomize/base/mysql/mysql-pv-claim.yaml rename to manifests/kustomize/env/dev/mysql/mysql-pv-claim.yaml diff --git a/manifests/kustomize/base/mysql/mysql-service.yaml b/manifests/kustomize/env/dev/mysql/mysql-service.yaml similarity index 100% rename from manifests/kustomize/base/mysql/mysql-service.yaml rename to manifests/kustomize/env/dev/mysql/mysql-service.yaml From b3bafa6bf6f0d7d640049af7d7db7504b61a3e28 Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 13:23:27 -0700 Subject: [PATCH 05/13] moving minio and mysql out --- manifests/kustomize/base/argo/kustomization.yaml | 1 + .../base/{minio => argo}/minio-artifact-secret.yaml | 0 manifests/kustomize/base/kustomization.yaml | 3 --- manifests/kustomize/env/dev/kustomization.yaml | 7 ++++++- .../kustomize/{base => env/dev}/minio/kustomization.yaml | 1 - .../{base => env/dev}/minio/minio-deployment.yaml | 0 manifests/kustomize/{base => env/dev}/minio/minio-pvc.yaml | 0 .../kustomize/{base => env/dev}/minio/minio-service.yaml | 0 manifests/kustomize/namespaced/kustomization.yaml | 2 -- 9 files changed, 7 insertions(+), 7 deletions(-) rename manifests/kustomize/base/{minio => argo}/minio-artifact-secret.yaml (100%) rename manifests/kustomize/{base => env/dev}/minio/kustomization.yaml (82%) rename manifests/kustomize/{base => env/dev}/minio/minio-deployment.yaml (100%) rename manifests/kustomize/{base => env/dev}/minio/minio-pvc.yaml (100%) rename manifests/kustomize/{base => env/dev}/minio/minio-service.yaml (100%) diff --git a/manifests/kustomize/base/argo/kustomization.yaml b/manifests/kustomize/base/argo/kustomization.yaml index 890cb4cb396..1a00e577709 100644 --- a/manifests/kustomize/base/argo/kustomization.yaml +++ b/manifests/kustomize/base/argo/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- minio-artifact-secret.yaml - workflow-controller-configmap.yaml - workflow-controller-deployment.yaml - workflow-controller-role.yaml diff --git a/manifests/kustomize/base/minio/minio-artifact-secret.yaml b/manifests/kustomize/base/argo/minio-artifact-secret.yaml similarity index 100% rename from manifests/kustomize/base/minio/minio-artifact-secret.yaml rename to manifests/kustomize/base/argo/minio-artifact-secret.yaml diff --git a/manifests/kustomize/base/kustomization.yaml b/manifests/kustomize/base/kustomization.yaml index 8f8d3b2c113..7eee4ac34f2 100644 --- a/manifests/kustomize/base/kustomization.yaml +++ b/manifests/kustomize/base/kustomization.yaml @@ -4,15 +4,12 @@ kind: Kustomization bases: - argo - crds -- minio - pipeline - proxy images: - name: argoproj/workflow-controller newTag: v2.3.0 -- name: minio/minio - newTag: RELEASE.2018-02-09T22-40-05Z - name: gcr.io/ml-pipeline/api-server newTag: 0.1.26 - name: gcr.io/ml-pipeline/persistenceagent diff --git a/manifests/kustomize/env/dev/kustomization.yaml b/manifests/kustomize/env/dev/kustomization.yaml index a32cdc17aed..993e85d9275 100644 --- a/manifests/kustomize/env/dev/kustomization.yaml +++ b/manifests/kustomize/env/dev/kustomization.yaml @@ -3,8 +3,13 @@ kind: Kustomization bases: - ../../namespaced + - minio - mysql +namespace: kubeflow + images: - name: mysql - newTag: "5.6" \ No newline at end of file + newTag: "5.6" + - name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z \ No newline at end of file diff --git a/manifests/kustomize/base/minio/kustomization.yaml b/manifests/kustomize/env/dev/minio/kustomization.yaml similarity index 82% rename from manifests/kustomize/base/minio/kustomization.yaml rename to manifests/kustomize/env/dev/minio/kustomization.yaml index 731cc557d4c..8ed66b30347 100644 --- a/manifests/kustomize/base/minio/kustomization.yaml +++ b/manifests/kustomize/env/dev/minio/kustomization.yaml @@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- minio-artifact-secret.yaml - minio-deployment.yaml - minio-pvc.yaml - minio-service.yaml diff --git a/manifests/kustomize/base/minio/minio-deployment.yaml b/manifests/kustomize/env/dev/minio/minio-deployment.yaml similarity index 100% rename from manifests/kustomize/base/minio/minio-deployment.yaml rename to manifests/kustomize/env/dev/minio/minio-deployment.yaml diff --git a/manifests/kustomize/base/minio/minio-pvc.yaml b/manifests/kustomize/env/dev/minio/minio-pvc.yaml similarity index 100% rename from manifests/kustomize/base/minio/minio-pvc.yaml rename to manifests/kustomize/env/dev/minio/minio-pvc.yaml diff --git a/manifests/kustomize/base/minio/minio-service.yaml b/manifests/kustomize/env/dev/minio/minio-service.yaml similarity index 100% rename from manifests/kustomize/base/minio/minio-service.yaml rename to manifests/kustomize/env/dev/minio/minio-service.yaml diff --git a/manifests/kustomize/namespaced/kustomization.yaml b/manifests/kustomize/namespaced/kustomization.yaml index c28ca7e1fd4..7f04d68c127 100644 --- a/manifests/kustomize/namespaced/kustomization.yaml +++ b/manifests/kustomize/namespaced/kustomization.yaml @@ -7,8 +7,6 @@ bases: resources: - namespace.yaml -namespace: kubeflow - patchesStrategicMerge: - workflow-controller-configmap.yaml - ml-pipeline-persistenceagent-deployment-patch.yaml From 96af91ec20b6ccd5592e5b8d54cbd74ebf6b9bf7 Mon Sep 17 00:00:00 2001 From: IronPan Date: Tue, 20 Aug 2019 14:53:06 -0700 Subject: [PATCH 06/13] add gcp --- .../kustomize/env/dev/kustomization.yaml | 1 + .../env/dev/minio/minio-deployment.yaml | 2 +- .../kustomize/env/gcp/kustomization.yaml | 16 +++++++ .../env/gcp/minio/kustomization.yaml | 6 +++ .../minio/minio-gcs-gateway-deployment.yaml | 44 ++++++++++++++++++ .../gcp/minio/minio-gcs-gateway-service.yaml | 11 +++++ .../gcp/mysql/cloudsql-proxy-deployment.yaml | 46 +++++++++++++++++++ .../env/gcp/mysql/kustomization.yaml | 6 +++ .../env/gcp/mysql/mysql-service.yaml | 10 ++++ 9 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 manifests/kustomize/env/gcp/kustomization.yaml create mode 100644 manifests/kustomize/env/gcp/minio/kustomization.yaml create mode 100644 manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml create mode 100644 manifests/kustomize/env/gcp/minio/minio-gcs-gateway-service.yaml create mode 100644 manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml create mode 100644 manifests/kustomize/env/gcp/mysql/kustomization.yaml create mode 100644 manifests/kustomize/env/gcp/mysql/mysql-service.yaml diff --git a/manifests/kustomize/env/dev/kustomization.yaml b/manifests/kustomize/env/dev/kustomization.yaml index 993e85d9275..339b4a6c8f8 100644 --- a/manifests/kustomize/env/dev/kustomization.yaml +++ b/manifests/kustomize/env/dev/kustomization.yaml @@ -6,6 +6,7 @@ bases: - minio - mysql +# Replace with your namespace namespace: kubeflow images: diff --git a/manifests/kustomize/env/dev/minio/minio-deployment.yaml b/manifests/kustomize/env/dev/minio/minio-deployment.yaml index f7e93c22f36..a7a33eaff47 100644 --- a/manifests/kustomize/env/dev/minio/minio-deployment.yaml +++ b/manifests/kustomize/env/dev/minio/minio-deployment.yaml @@ -22,7 +22,7 @@ spec: value: minio - name: MINIO_SECRET_KEY value: minio123 - image: gcr.io/ml-pipeline/minio:RELEASE.2018-02-09T22-40-05Z + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z name: minio ports: - containerPort: 9000 diff --git a/manifests/kustomize/env/gcp/kustomization.yaml b/manifests/kustomize/env/gcp/kustomization.yaml new file mode 100644 index 00000000000..326ae84a68c --- /dev/null +++ b/manifests/kustomize/env/gcp/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../namespaced + - minio + - mysql + +# Replace with your namespace +namespace: kubeflow2 + +images: + - name: gcr.io/cloudsql-docker/gce-proxy + newTag: "1.14" + - name: minio/minio + newTag: RELEASE.2019-08-14T20-37-41Z \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/minio/kustomization.yaml b/manifests/kustomize/env/gcp/minio/kustomization.yaml new file mode 100644 index 00000000000..db573c477db --- /dev/null +++ b/manifests/kustomize/env/gcp/minio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- minio-gcs-gateway-deployment.yaml +- minio-gcs-gateway-service.yaml \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml new file mode 100644 index 00000000000..42856932b86 --- /dev/null +++ b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + # This name uniquely identifies the Deployment + name: minio-deployment +spec: + strategy: + type: Recreate + template: + metadata: + labels: + # Label is used as selector in the service. + app: minio + spec: + containers: + - name: minio + # Pulls the default Minio image from Docker Hub + image: minio/minio:RELEASE.2019-08-14T20-37-41Z + args: + - gateway + - gcs + - yang-experiment-6 + env: + # MinIO access key and secret key + - name: MINIO_ACCESS_KEY + value: "minio" + - name: MINIO_SECRET_KEY + value: "minio123" + # Google Cloud Service uses this variable + - name: GOOGLE_APPLICATION_CREDENTIALS + value: "/etc/credentials/application_default_credentials.json" + ports: + - containerPort: 9000 + # Mount the volume into the pod + volumeMounts: + - name: gcp-sa-token + mountPath: "/etc/credentials" + readOnly: true + # Refer to the secret created earlier + volumes: + - name: gcp-sa-token + secret: + # Name of the Secret created earlier + secretName: user-gcp-sa \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-service.yaml b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-service.yaml new file mode 100644 index 00000000000..7dd18174965 --- /dev/null +++ b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + selector: + app: minio \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml new file mode 100644 index 00000000000..2787d26b147 --- /dev/null +++ b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: cloudsqlproxy +spec: + replicas: 1 + template: + metadata: + labels: + app: cloudsqlproxy + spec: + containers: + # Make sure to specify image tag in production + # Check out the newest version in release page + # https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases + - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + # 'Always' if imageTag is 'latest', else set to 'IfNotPresent' + imagePullPolicy: Always + name: cloudsqlproxy + command: ["/cloud_sql_proxy", + "-dir=/cloudsql", + "-instances=yang-experiment-6:us-central1:kfp-test=tcp:0.0.0.0:3306", + "-credential_file=/credentials/application_default_credentials.json", + "term_timeout=10s"] + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections + lifecycle: + preStop: + exec: + # (optional) add a preStop hook so that termination is delayed + # this is required if your server still require new connections (e.g., connection pools) + command: ['sleep', '10'] + ports: + - name: port-database1 + containerPort: 3306 + volumeMounts: + - mountPath: /cloudsql + name: cloudsql + - mountPath: /credentials + name: gcp-sa-token + volumes: + - name: cloudsql + emptyDir: + - name: gcp-sa-token + secret: + secretName: user-gcp-sa \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/mysql/kustomization.yaml b/manifests/kustomize/env/gcp/mysql/kustomization.yaml new file mode 100644 index 00000000000..704e59c336c --- /dev/null +++ b/manifests/kustomize/env/gcp/mysql/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- cloudsql-proxy-deployment.yaml +- mysql-service.yaml \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/mysql/mysql-service.yaml b/manifests/kustomize/env/gcp/mysql/mysql-service.yaml new file mode 100644 index 00000000000..79f6e46116d --- /dev/null +++ b/manifests/kustomize/env/gcp/mysql/mysql-service.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + targetPort: port-database1 + selector: + app: cloudsqlproxy From abc1cc571316891540fb63d4f5dfccc6d145c9db Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 09:56:15 -0700 Subject: [PATCH 07/13] add files --- backend/src/apiserver/client_manager.go | 6 ++++++ manifests/kustomize/README.md | 9 +++------ manifests/kustomize/env/gcp/.gitignore | 2 ++ manifests/kustomize/env/gcp/kustomization.yaml | 14 ++++++++++++-- .../gcp/minio/minio-gcs-gateway-deployment.yaml | 9 +-------- .../ml-pipeline-apiserver-deployment-patch.yaml | 16 ++++++++++++++++ .../env/gcp/mysql/cloudsql-proxy-deployment.yaml | 10 +++------- 7 files changed, 43 insertions(+), 23 deletions(-) create mode 100644 manifests/kustomize/env/gcp/.gitignore create mode 100644 manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml diff --git a/backend/src/apiserver/client_manager.go b/backend/src/apiserver/client_manager.go index c45e8b72c1d..76086b2d8c7 100644 --- a/backend/src/apiserver/client_manager.go +++ b/backend/src/apiserver/client_manager.go @@ -220,6 +220,12 @@ func initDBClient(initConnectionTimeout time.Duration) *storage.DB { if response.Error != nil { glog.Fatalf("Failed to initialize the databases.") } + + response = db.Model(&model.ResourceReference{}).ModifyColumn("Payload", "longtext") + if response.Error != nil { + glog.Fatalf("Failed to update the resource reference payload type. Error: %s", response.Error) + } + response = db.Model(&model.RunMetric{}). AddForeignKey("RunUUID", "run_details(UUID)", "CASCADE" /* onDelete */, "CASCADE" /* update */) if response.Error != nil { diff --git a/manifests/kustomize/README.md b/manifests/kustomize/README.md index 2db18c1a68f..5ccc60c8851 100644 --- a/manifests/kustomize/README.md +++ b/manifests/kustomize/README.md @@ -29,15 +29,12 @@ To get latest kubectl, visit [here](https://kubernetes.io/docs/tasks/tools/insta ## Change deploy namespace To deploy Kubeflow Pipelines in namespace FOO, -- Edit [kustomization.yaml](namespaced-install/kustomization.yaml) namespace section to FOO +- Edit [kustomization.yaml](env/dev/kustomization.yaml) namespace section to FOO - Then run ``` -kubectl kustomize . | kubectl apply -f - +kubectl kustomize env/dev | kubectl apply -f - ``` -## Reinstall with existing data -TODO - ## Disable the public endpoint By default, the deployment install an [invert proxy agent](https://github.com/google/inverting-proxy) that exposes a public URL. If you want to skip installing it, - Comment out the proxy component in the [kustomization.yaml](base/kustomization.yaml). @@ -62,7 +59,7 @@ kubectl delete -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE Or if you deploy through kustomize ``` -kubectl kustomize . | kubectl delete -f - +kubectl kustomize env/dev | kubectl delete -f - ``` # FAQ If sample code requires a "user-gcp-sa" secret, you could create one by diff --git a/manifests/kustomize/env/gcp/.gitignore b/manifests/kustomize/env/gcp/.gitignore new file mode 100644 index 00000000000..44acf8f2d0f --- /dev/null +++ b/manifests/kustomize/env/gcp/.gitignore @@ -0,0 +1,2 @@ +# Ignore the GCP service account ADC file +application_default_credentials.json \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/kustomization.yaml b/manifests/kustomize/env/gcp/kustomization.yaml index 326ae84a68c..5345ff2852f 100644 --- a/manifests/kustomize/env/gcp/kustomization.yaml +++ b/manifests/kustomize/env/gcp/kustomization.yaml @@ -7,10 +7,20 @@ bases: - mysql # Replace with your namespace -namespace: kubeflow2 +namespace: kubeflow + +patchesStrategicMerge: + - ml-pipeline-apiserver-deployment-patch.yaml images: - name: gcr.io/cloudsql-docker/gce-proxy newTag: "1.14" - name: minio/minio - newTag: RELEASE.2019-08-14T20-37-41Z \ No newline at end of file + newTag: RELEASE.2019-08-14T20-37-41Z + +secretGenerator: + - name: user-gcp-sa + files: + # Create a service account key and stored as application_default_credentials.json in the same folder. + # https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys + - application_default_credentials.json \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml index 42856932b86..67711e43f3f 100644 --- a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml +++ b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml @@ -1,7 +1,6 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: - # This name uniquely identifies the Deployment name: minio-deployment spec: strategy: @@ -9,36 +8,30 @@ spec: template: metadata: labels: - # Label is used as selector in the service. app: minio spec: containers: - name: minio - # Pulls the default Minio image from Docker Hub image: minio/minio:RELEASE.2019-08-14T20-37-41Z args: - gateway - gcs + # Replace this with your own GCP project - yang-experiment-6 env: - # MinIO access key and secret key - name: MINIO_ACCESS_KEY value: "minio" - name: MINIO_SECRET_KEY value: "minio123" - # Google Cloud Service uses this variable - name: GOOGLE_APPLICATION_CREDENTIALS value: "/etc/credentials/application_default_credentials.json" ports: - containerPort: 9000 - # Mount the volume into the pod volumeMounts: - name: gcp-sa-token mountPath: "/etc/credentials" readOnly: true - # Refer to the secret created earlier volumes: - name: gcp-sa-token secret: - # Name of the Secret created earlier secretName: user-gcp-sa \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml b/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml new file mode 100644 index 00000000000..1400971e350 --- /dev/null +++ b/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml @@ -0,0 +1,16 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: OBJECTSTORECONFIG_BUCKETNAME + # Replace with your own bucket name + value: 'yang-experiment-6-mlpipeline' + - name: DBCONFIG_PASSWORD + # Replace with your own CloudSQL password + value: '123' diff --git a/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml index 2787d26b147..d0a5bec0ccd 100644 --- a/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml +++ b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml @@ -10,20 +10,16 @@ spec: app: cloudsqlproxy spec: containers: - # Make sure to specify image tag in production - # Check out the newest version in release page - # https://github.com/GoogleCloudPlatform/cloudsql-proxy/releases - image: gcr.io/cloudsql-docker/gce-proxy:1.14 - # 'Always' if imageTag is 'latest', else set to 'IfNotPresent' - imagePullPolicy: Always name: cloudsqlproxy command: ["/cloud_sql_proxy", "-dir=/cloudsql", + # Replace with your own CloudSQL instance ID "-instances=yang-experiment-6:us-central1:kfp-test=tcp:0.0.0.0:3306", "-credential_file=/credentials/application_default_credentials.json", "term_timeout=10s"] - # set term_timeout if require graceful handling of shutdown - # NOTE: proxy will stop accepting new connections; only wait on existing connections + # set term_timeout if require graceful handling of shutdown + # NOTE: proxy will stop accepting new connections; only wait on existing connections lifecycle: preStop: exec: From 391b6ec6e0f5d1da0e8ce9469fc453a9d9df6e6b Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 11:21:59 -0700 Subject: [PATCH 08/13] fix test --- test/manifests/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/manifests/kustomization.yaml b/test/manifests/kustomization.yaml index d785bf95edf..bc55ef3361c 100644 --- a/test/manifests/kustomization.yaml +++ b/test/manifests/kustomization.yaml @@ -4,4 +4,4 @@ kind: Kustomization # Actual image overrides will be added in test scripts. images: [] resources: -- ../../manifests/kustomize/namespaced-install +- ../../manifests/kustomize/env/dev From 3cbb1189210fc47ce631df099d6b3809d51f5608 Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 15:28:47 -0700 Subject: [PATCH 09/13] extract parameters to single place --- .../env/gcp/gcp-configurations-patch.yaml | 33 +++++++++++++++++++ .../kustomize/env/gcp/kustomization.yaml | 4 +-- .../minio/minio-gcs-gateway-deployment.yaml | 11 ++++--- ...l-pipeline-apiserver-deployment-patch.yaml | 16 --------- .../gcp/mysql/cloudsql-proxy-deployment.yaml | 14 ++++++-- 5 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 manifests/kustomize/env/gcp/gcp-configurations-patch.yaml delete mode 100644 manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml diff --git a/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml b/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml new file mode 100644 index 00000000000..4953f77d75e --- /dev/null +++ b/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: ml-pipeline +spec: + template: + spec: + containers: + - name: ml-pipeline-api-server + env: + - name: OBJECTSTORECONFIG_BUCKETNAME + # E.g. foobar. Don't add gs:// prefix. + value: '' + - name: DBCONFIG_PASSWORD + value: '' +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: cloudsqlproxy +spec: + template: + spec: + containers: + - name: cloudsqlproxy + env: + - name: GCP_PROJECT + value: '' + - name: CLOUDSQL_ZONE + # E.g. us-central1 + value: '' + - name: CLOUDSQL_INSTANCE_NAME + value: '' \ No newline at end of file diff --git a/manifests/kustomize/env/gcp/kustomization.yaml b/manifests/kustomize/env/gcp/kustomization.yaml index 5345ff2852f..eb9d06c5529 100644 --- a/manifests/kustomize/env/gcp/kustomization.yaml +++ b/manifests/kustomize/env/gcp/kustomization.yaml @@ -10,12 +10,12 @@ bases: namespace: kubeflow patchesStrategicMerge: - - ml-pipeline-apiserver-deployment-patch.yaml + - gcp-configurations-patch.yaml images: - name: gcr.io/cloudsql-docker/gce-proxy newTag: "1.14" - - name: minio/minio + - name: gcr.io/ml-pipeline/minio newTag: RELEASE.2019-08-14T20-37-41Z secretGenerator: diff --git a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml index 67711e43f3f..28866484ec2 100644 --- a/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml +++ b/manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml @@ -1,8 +1,11 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta2 kind: Deployment metadata: - name: minio-deployment + name: minio spec: + selector: + matchLabels: + app: minio strategy: type: Recreate template: @@ -12,12 +15,10 @@ spec: spec: containers: - name: minio - image: minio/minio:RELEASE.2019-08-14T20-37-41Z + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z args: - gateway - gcs - # Replace this with your own GCP project - - yang-experiment-6 env: - name: MINIO_ACCESS_KEY value: "minio" diff --git a/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml b/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml deleted file mode 100644 index 1400971e350..00000000000 --- a/manifests/kustomize/env/gcp/ml-pipeline-apiserver-deployment-patch.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ml-pipeline -spec: - template: - spec: - containers: - - name: ml-pipeline-api-server - env: - - name: OBJECTSTORECONFIG_BUCKETNAME - # Replace with your own bucket name - value: 'yang-experiment-6-mlpipeline' - - name: DBCONFIG_PASSWORD - # Replace with your own CloudSQL password - value: '123' diff --git a/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml index d0a5bec0ccd..dfd3854e720 100644 --- a/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml +++ b/manifests/kustomize/env/gcp/mysql/cloudsql-proxy-deployment.yaml @@ -1,8 +1,11 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta2 kind: Deployment metadata: name: cloudsqlproxy spec: + selector: + matchLabels: + app: cloudsqlproxy replicas: 1 template: metadata: @@ -12,10 +15,17 @@ spec: containers: - image: gcr.io/cloudsql-docker/gce-proxy:1.14 name: cloudsqlproxy + env: + - name: GCP_PROJECT + value: "" + - name: CLOUDSQL_ZONE + value: "" + - name: CLOUDSQL_INSTANCE_NAME + value: "" command: ["/cloud_sql_proxy", "-dir=/cloudsql", # Replace with your own CloudSQL instance ID - "-instances=yang-experiment-6:us-central1:kfp-test=tcp:0.0.0.0:3306", + "-instances=$(GCP_PROJECT):$(CLOUDSQL_ZONE):$(CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", "-credential_file=/credentials/application_default_credentials.json", "term_timeout=10s"] # set term_timeout if require graceful handling of shutdown From c2a078466ec08ef53392de883267237f6fe8d01d Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 16:07:21 -0700 Subject: [PATCH 10/13] update --- manifests/kustomize/README.md | 19 ++++++++++++------ ...-pipeline-persistenceagent-deployment.yaml | 7 ++++++- ...pipeline-scheduledworkflow-deployment.yaml | 5 +++++ .../pipeline/ml-pipeline-ui-deployment.yaml | 5 +++++ .../ml-pipeline-viewer-crd-deployment.yaml | 4 ++++ manifests/kustomize/env/gcp/README.md | 13 ++++++++++++ .../env/gcp/gcp-configurations-patch.yaml | 3 ++- manifests/kustomize/namespaced-install.yaml | 20 +++++++++++++------ .../kustomize/namespaced/kustomization.yaml | 4 ---- ...ine-persistenceagent-deployment-patch.yaml | 12 ----------- ...ne-scheduledworkflow-deployment-patch.yaml | 12 ----------- .../ml-pipeline-ui-deployment-patch.yaml | 12 ----------- ...-pipeline-viewer-crd-deployment-patch.yaml | 12 ----------- 13 files changed, 62 insertions(+), 66 deletions(-) create mode 100644 manifests/kustomize/env/gcp/README.md delete mode 100644 manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml delete mode 100644 manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml delete mode 100644 manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml delete mode 100644 manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml diff --git a/manifests/kustomize/README.md b/manifests/kustomize/README.md index 5ccc60c8851..32de0143faf 100644 --- a/manifests/kustomize/README.md +++ b/manifests/kustomize/README.md @@ -3,23 +3,22 @@ This folder contains Kubeflow Pipelines Kustomize manifests for a light weight d # TL;DR -If you want to skip any customization, you can deploy Kubeflow Pipelines by running +Deploy latest version of Kubeflow Pipelines ``` export PIPELINE_VERSION=master kubectl apply -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/kustomize/namespaced-install.yaml ``` -You might lack the permission to create role and command might partially fail. If so, bind your account as cluster admin and rerun the same command. -(Or role creator in your namespace) +If you get permission error, run ``` kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] ``` -When deployment is complete, you can access Kubeflow Pipelines UI by an IAM controlled public endpoint, which can be found by +Get the public endpoint when deployment is finished. ``` kubectl describe configmap inverse-proxy-config -n kubeflow ``` -and check the Hostname section. The endpoint should have format like **1234567-dot-datalab-vm-us-west1.googleusercontent.com** +Check the Hostname section. The endpoint should have format like **1234567-dot-datalab-vm-us-west1.googleusercontent.com** # Customization Customization can be done through Kustomize [Overlay](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/glossary.md#overlay). @@ -27,12 +26,17 @@ Customization can be done through Kustomize [Overlay](https://github.com/kuberne Note - The instruction below assume you installed kubectl v1.14.0 or later, which has native support of kustomize. To get latest kubectl, visit [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +## Deploy on GCP with CloudSQL and GCS +See [here](env/gcp/README.md) for more details. + ## Change deploy namespace To deploy Kubeflow Pipelines in namespace FOO, -- Edit [kustomization.yaml](env/dev/kustomization.yaml) namespace section to FOO +- Edit [dev/kustomization.yaml](env/dev/kustomization.yaml) or [gcp/kustomization.yaml](env/gcp/kustomization.yaml) namespace section to FOO - Then run ``` kubectl kustomize env/dev | kubectl apply -f - +# or +kubectl kustomize env/gcp | kubectl apply -f - ``` ## Disable the public endpoint @@ -60,7 +64,10 @@ kubectl delete -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE Or if you deploy through kustomize ``` kubectl kustomize env/dev | kubectl delete -f - +# or +kubectl kustomize env/gcp | kubectl delete -f - ``` + # FAQ If sample code requires a "user-gcp-sa" secret, you could create one by - First download the GCE VM service account token following this [instruction](https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_3_create_service_account_credentials) diff --git a/manifests/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/manifests/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml index ef267e141d1..a6341f30220 100644 --- a/manifests/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml +++ b/manifests/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -14,7 +14,12 @@ spec: app: ml-pipeline-persistenceagent spec: containers: - - image: gcr.io/ml-pipeline/persistenceagent:0.1.15 + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/persistenceagent:0.1.15 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent serviceAccountName: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/manifests/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/manifests/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml index acb7a0b1ef4..f896bd2beee 100644 --- a/manifests/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml +++ b/manifests/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -17,4 +17,9 @@ spec: - image: gcr.io/ml-pipeline/scheduledworkflow:0.1.15 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace serviceAccountName: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/manifests/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml b/manifests/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml index 2078073c033..d198883bd3a 100644 --- a/manifests/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml +++ b/manifests/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -19,4 +19,9 @@ spec: name: ml-pipeline-ui ports: - containerPort: 3000 + env: + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace serviceAccountName: ml-pipeline-ui \ No newline at end of file diff --git a/manifests/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/manifests/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml index 3163d0dee87..6a0d4787543 100644 --- a/manifests/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml +++ b/manifests/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -20,4 +20,8 @@ spec: env: - name: MAX_NUM_VIEWERS value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace serviceAccountName: ml-pipeline-viewer-crd-service-account diff --git a/manifests/kustomize/env/gcp/README.md b/manifests/kustomize/env/gcp/README.md new file mode 100644 index 00000000000..343a192705a --- /dev/null +++ b/manifests/kustomize/env/gcp/README.md @@ -0,0 +1,13 @@ +# TL;DR +1. Download the GCP service account token to same folder. [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) +``` +gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com +``` +2. Create or use an existing CloudSQL instance. [Document](https://cloud.google.com/sql/docs/mysql/quickstart). The service account should have access to the CloudSQL instance. +3. Fill in gcp-configurations-patch.yaml with the CloudSQL and GCS information. + +# Why Cloud SQL and GCS +Kubeflow Pipelines keeps its metadata in mysql and artifacts in S3 compatible object storage. +When deploying on GCP, you could choose to use CloudSQL and GCS for persisting the data. +This provides better reliability and performance, as well as things like data backups, for production environments. diff --git a/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml b/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml index 4953f77d75e..22092944b1b 100644 --- a/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml +++ b/manifests/kustomize/env/gcp/gcp-configurations-patch.yaml @@ -9,7 +9,8 @@ spec: - name: ml-pipeline-api-server env: - name: OBJECTSTORECONFIG_BUCKETNAME - # E.g. foobar. Don't add gs:// prefix. + # Don't add gs:// prefix. + # If bucket doesn't exist, the deployment will create one. value: '' - name: DBCONFIG_PASSWORD value: '' diff --git a/manifests/kustomize/namespaced-install.yaml b/manifests/kustomize/namespaced-install.yaml index 93e585cee4b..2f8d7e095c9 100644 --- a/manifests/kustomize/namespaced-install.yaml +++ b/manifests/kustomize/namespaced-install.yaml @@ -637,7 +637,7 @@ spec: value: minio - name: MINIO_SECRET_KEY value: minio123 - image: gcr.io/ml-pipeline/minio:RELEASE.2018-02-09T22-40-05Z + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z name: minio ports: - containerPort: 9000 @@ -669,7 +669,9 @@ spec: containers: - env: - name: NAMESPACE - value: kubeflow + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/persistenceagent:0.1.26 imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent @@ -694,7 +696,9 @@ spec: containers: - env: - name: NAMESPACE - value: kubeflow + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/scheduledworkflow:0.1.26 imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow @@ -719,7 +723,9 @@ spec: containers: - env: - name: MINIO_NAMESPACE - value: kubeflow + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/frontend:0.1.26 imagePullPolicy: IfNotPresent name: ml-pipeline-ui @@ -745,10 +751,12 @@ spec: spec: containers: - env: - - name: NAMESPACE - value: kubeflow - name: MAX_NUM_VIEWERS value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace image: gcr.io/ml-pipeline/viewer-crd-controller:0.1.26 imagePullPolicy: Always name: ml-pipeline-viewer-crd diff --git a/manifests/kustomize/namespaced/kustomization.yaml b/manifests/kustomize/namespaced/kustomization.yaml index 7f04d68c127..1bd947898d1 100644 --- a/manifests/kustomize/namespaced/kustomization.yaml +++ b/manifests/kustomize/namespaced/kustomization.yaml @@ -9,10 +9,6 @@ resources: patchesStrategicMerge: - workflow-controller-configmap.yaml -- ml-pipeline-persistenceagent-deployment-patch.yaml -- ml-pipeline-scheduledworkflow-deployment-patch.yaml -- ml-pipeline-viewer-crd-deployment-patch.yaml -- ml-pipeline-ui-deployment-patch.yaml vars: - name: NAMESPACE diff --git a/manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml deleted file mode 100644 index de706660723..00000000000 --- a/manifests/kustomize/namespaced/ml-pipeline-persistenceagent-deployment-patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ml-pipeline-persistenceagent -spec: - template: - spec: - containers: - - name: ml-pipeline-persistenceagent - env: - - name: NAMESPACE - value: $(NAMESPACE) diff --git a/manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml deleted file mode 100644 index 6837ff171c6..00000000000 --- a/manifests/kustomize/namespaced/ml-pipeline-scheduledworkflow-deployment-patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ml-pipeline-scheduledworkflow -spec: - template: - spec: - containers: - - name: ml-pipeline-scheduledworkflow - env: - - name: NAMESPACE - value: $(NAMESPACE) diff --git a/manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml deleted file mode 100644 index 52adfebdb86..00000000000 --- a/manifests/kustomize/namespaced/ml-pipeline-ui-deployment-patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ml-pipeline-ui -spec: - template: - spec: - containers: - - name: ml-pipeline-ui - env: - - name: MINIO_NAMESPACE - value: $(NAMESPACE) diff --git a/manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml b/manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml deleted file mode 100644 index 848134f1fbc..00000000000 --- a/manifests/kustomize/namespaced/ml-pipeline-viewer-crd-deployment-patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: ml-pipeline-viewer-crd -spec: - template: - spec: - containers: - - name: ml-pipeline-viewer-crd - env: - - name: NAMESPACE - value: $(NAMESPACE) From b4c37f1ab38fd687bb1724c6949999885667a738 Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 16:26:11 -0700 Subject: [PATCH 11/13] update readme --- manifests/kustomize/README.md | 41 ++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/manifests/kustomize/README.md b/manifests/kustomize/README.md index 3197d30d2a9..c05b9537916 100644 --- a/manifests/kustomize/README.md +++ b/manifests/kustomize/README.md @@ -1,7 +1,8 @@ +# Install Kubeflow Pipelines This folder contains Kubeflow Pipelines Kustomize manifests for a light weight deployment. You can follow the instruction and deploy Kubeflow Pipelines in an existing cluster. -# TL;DR +## TL;DR Deploy latest version of Kubeflow Pipelines ``` @@ -9,27 +10,21 @@ export PIPELINE_VERSION=0.1.26 kubectl apply -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/kustomize/namespaced-install.yaml ``` -If you get permission error, run +Then open the Pipeline main page ``` -kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] -``` - -Get the public endpoint when deployment is finished. +open http://$(kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com) ``` -kubectl describe configmap inverse-proxy-config -n kubeflow -``` -Check the Hostname section. The endpoint should have format like **1234567-dot-datalab-vm-us-west1.googleusercontent.com** -# Customization +## Customization Customization can be done through Kustomize [Overlay](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/glossary.md#overlay). Note - The instruction below assume you installed kubectl v1.14.0 or later, which has native support of kustomize. To get latest kubectl, visit [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -## Deploy on GCP with CloudSQL and GCS +### Deploy on GCP with CloudSQL and GCS See [here](env/gcp/README.md) for more details. -## Change deploy namespace +### Change deploy namespace To deploy Kubeflow Pipelines in namespace FOO, - Edit [dev/kustomization.yaml](env/dev/kustomization.yaml) or [gcp/kustomization.yaml](env/gcp/kustomization.yaml) namespace section to FOO - Then run @@ -39,7 +34,7 @@ kubectl kustomize env/dev | kubectl apply -f - kubectl kustomize env/gcp | kubectl apply -f - ``` -## Disable the public endpoint +### Disable the public endpoint By default, the deployment install an [invert proxy agent](https://github.com/google/inverting-proxy) that exposes a public URL. If you want to skip installing it, - Comment out the proxy component in the [kustomization.yaml](base/kustomization.yaml). - Then run @@ -55,7 +50,7 @@ and open http://localhost:8080/ -# Uninstall +## Uninstall You can uninstall Kubeflow Pipelines by running ``` kubectl delete -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/kustomize/namespaced-install.yaml @@ -68,10 +63,22 @@ kubectl kustomize env/dev | kubectl delete -f - kubectl kustomize env/gcp | kubectl delete -f - ``` -# FAQ +## Troubleshooting + +### Permission error installing Kubeflow Pipelines to a cluster +Run +``` +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +### Samples requires "user-gcp-sa" secret If sample code requires a "user-gcp-sa" secret, you could create one by -- First download the GCE VM service account token following this [instruction](https://cloud.google.com/kubernetes-engine/docs/tutorials/authenticating-to-cloud-platform#step_3_create_service_account_credentials) +- First download the GCE VM service account token [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) +``` +gcloud iam service-accounts keys create application_default_credentials.json \ + --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com +``` - Run ``` -kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=[your-token-file].json +kubectl create secret -n [your-namespace] generic user-gcp-sa --from-file=user-gcp-sa.json=application_default_credentials.json ``` From b01e9132ede4d9fd77ca225fa969932d4967f104 Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 16:31:56 -0700 Subject: [PATCH 12/13] update readme --- manifests/kustomize/env/gcp/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/kustomize/env/gcp/README.md b/manifests/kustomize/env/gcp/README.md index 343a192705a..99f7a1c83d4 100644 --- a/manifests/kustomize/env/gcp/README.md +++ b/manifests/kustomize/env/gcp/README.md @@ -1,13 +1,13 @@ # TL;DR -1. Download the GCP service account token to same folder. [Document](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) +1. To access the GCP services, the application needs a GCP service account token. Download the token to the current folder manifests/kustomize/env/gcp. [Reference](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating_service_account_keys) ``` gcloud iam service-accounts keys create application_default_credentials.json \ --iam-account [SA-NAME]@[PROJECT-ID].iam.gserviceaccount.com ``` -2. Create or use an existing CloudSQL instance. [Document](https://cloud.google.com/sql/docs/mysql/quickstart). The service account should have access to the CloudSQL instance. -3. Fill in gcp-configurations-patch.yaml with the CloudSQL and GCS information. +2. [Create](https://cloud.google.com/sql/docs/mysql/quickstart) or use an existing CloudSQL instance. The service account should have the access to the CloudSQL instance. +3. Fill in gcp-configurations-patch.yaml with your CloudSQL and GCS configuration. # Why Cloud SQL and GCS -Kubeflow Pipelines keeps its metadata in mysql and artifacts in S3 compatible object storage. -When deploying on GCP, you could choose to use CloudSQL and GCS for persisting the data. -This provides better reliability and performance, as well as things like data backups, for production environments. +Kubeflow Pipelines keeps its metadata in mysql database and artifacts in S3 compatible object storage. +Using CloudSQL and GCS for persisting the data provides better reliability and performance, as well as things like data backups, and usage monitoring. +This is the recommended setup especially for production environments. From a83fc1d770f0e9201e8c3f7ca752ae2a85c5e852 Mon Sep 17 00:00:00 2001 From: IronPan Date: Wed, 21 Aug 2019 16:52:46 -0700 Subject: [PATCH 13/13] address pr comment --- manifests/kustomize/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/manifests/kustomize/README.md b/manifests/kustomize/README.md index c05b9537916..3595f90a459 100644 --- a/manifests/kustomize/README.md +++ b/manifests/kustomize/README.md @@ -10,9 +10,9 @@ export PIPELINE_VERSION=0.1.26 kubectl apply -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/kustomize/namespaced-install.yaml ``` -Then open the Pipeline main page +Then get the Pipeline URL ``` -open http://$(kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com) +kubectl describe configmap inverse-proxy-config -n kubeflow | grep googleusercontent.com ``` ## Customization @@ -53,6 +53,7 @@ and open http://localhost:8080/ ## Uninstall You can uninstall Kubeflow Pipelines by running ``` +export PIPELINE_VERSION=0.1.26 kubectl delete -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/kustomize/namespaced-install.yaml ```