From e250647618bd36ccd1771ac0dfdec21c1bcefc1e Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Mon, 23 Oct 2023 16:44:02 -0400 Subject: [PATCH 01/20] Deploy Argo Infrastructure --- Makefile | 15 + .../clusterrole.argo-aggregate-to-admin.yaml | 34 ++ .../clusterrole.argo-aggregate-to-edit.yaml | 32 ++ .../clusterrole.argo-aggregate-to-view.yaml | 27 + .../argo/clusterrole.argo-cluster-role.yaml | 106 ++++ .../clusterrole.argo-server-cluster-role.yaml | 66 +++ .../argo/clusterrolebinding.argo-binding.yaml | 13 + ...lusterrolebinding.argo-server-binding.yaml | 13 + ...nfigmap.workflow-controller-configmap.yaml | 6 + config/argo/crd.applications.yaml | 531 ++++++++++++++++++ config/argo/crd.clusterworkflowtemplates.yaml | 38 ++ config/argo/crd.cronworkflows.yaml | 42 ++ config/argo/crd.scheduledworkflows.yaml | 41 ++ config/argo/crd.viewers.yaml | 36 ++ config/argo/crd.workfloweventbinding.yaml | 37 ++ config/argo/crd.workflows.yaml | 52 ++ config/argo/crd.workflowtaskresult.yaml | 427 ++++++++++++++ config/argo/crd.workflowtaskset.yaml | 43 ++ config/argo/crd.workflowtemplate.yaml | 37 ++ config/argo/deployment.argo-server.yaml | 49 ++ .../argo/deployment.workflow-controller.yaml | 58 ++ config/argo/kustomization.yaml | 39 ++ config/argo/priorityclass.yaml | 10 + config/argo/role.argo.yaml | 21 + config/argo/rolebinding.argo-binding.yaml | 14 + config/argo/service.argo-server.yaml | 13 + config/argo/serviceaccount.argo-server.yaml | 6 + config/argo/serviceaccount.argo.yaml | 6 + .../make-argodeploy/kustomization.yaml | 5 + 29 files changed, 1817 insertions(+) create mode 100644 config/argo/clusterrole.argo-aggregate-to-admin.yaml create mode 100644 config/argo/clusterrole.argo-aggregate-to-edit.yaml create mode 100644 config/argo/clusterrole.argo-aggregate-to-view.yaml create mode 100644 config/argo/clusterrole.argo-cluster-role.yaml create mode 100644 config/argo/clusterrole.argo-server-cluster-role.yaml create mode 100644 config/argo/clusterrolebinding.argo-binding.yaml create mode 100644 config/argo/clusterrolebinding.argo-server-binding.yaml create mode 100644 config/argo/configmap.workflow-controller-configmap.yaml create mode 100644 config/argo/crd.applications.yaml create mode 100644 config/argo/crd.clusterworkflowtemplates.yaml create mode 100644 config/argo/crd.cronworkflows.yaml create mode 100644 config/argo/crd.scheduledworkflows.yaml create mode 100644 config/argo/crd.viewers.yaml create mode 100644 config/argo/crd.workfloweventbinding.yaml create mode 100644 config/argo/crd.workflows.yaml create mode 100644 config/argo/crd.workflowtaskresult.yaml create mode 100644 config/argo/crd.workflowtaskset.yaml create mode 100644 config/argo/crd.workflowtemplate.yaml create mode 100644 config/argo/deployment.argo-server.yaml create mode 100644 config/argo/deployment.workflow-controller.yaml create mode 100644 config/argo/kustomization.yaml create mode 100644 config/argo/priorityclass.yaml create mode 100644 config/argo/role.argo.yaml create mode 100644 config/argo/rolebinding.argo-binding.yaml create mode 100644 config/argo/service.argo-server.yaml create mode 100644 config/argo/serviceaccount.argo-server.yaml create mode 100644 config/argo/serviceaccount.argo.yaml create mode 100644 config/overlays/make-argodeploy/kustomization.yaml diff --git a/Makefile b/Makefile index c1497854a..4dcc3f02b 100644 --- a/Makefile +++ b/Makefile @@ -54,6 +54,8 @@ ENVTEST_K8S_VERSION = 1.25.0 OPERATOR_NS ?= odh-applications # Namespace to deploy v2 infrastructure V2INFRA_NS ?= openshift-pipelines +# Namespace to deploy argo infrastructure +ARGO_NS ?= argo # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -173,6 +175,19 @@ v2undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/con && $(KUSTOMIZE) edit set namespace ${V2INFRA_NS} $(KUSTOMIZE) build config/overlays/make-v2deploy | kubectl delete --ignore-not-found=$(ignore-not-found) -f - +.PHONY: argodeploy +argodeploy: manifests kustomize + cd config/overlays/make-argodeploy \ + && $(KUSTOMIZE) edit set namespace ${ARGO_NS} + $(KUSTOMIZE) build config/overlays/make-argodeploy | kubectl apply -f - + +.PHONY: argoundeploy +argoundeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + cd config/overlays/make-argodeploy \ + && $(KUSTOMIZE) edit set namespace ${ARGO_NS} + $(KUSTOMIZE) build config/overlays/make-argodeploy | kubectl delete --ignore-not-found=$(ignore-not-found) -f - + + ##@ Build Dependencies ## Location to install dependencies to diff --git a/config/argo/clusterrole.argo-aggregate-to-admin.yaml b/config/argo/clusterrole.argo-aggregate-to-admin.yaml new file mode 100644 index 000000000..f978dca0c --- /dev/null +++ b/config/argo/clusterrole.argo-aggregate-to-admin.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: argo-aggregate-to-admin +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch \ No newline at end of file diff --git a/config/argo/clusterrole.argo-aggregate-to-edit.yaml b/config/argo/clusterrole.argo-aggregate-to-edit.yaml new file mode 100644 index 000000000..4797d0a1b --- /dev/null +++ b/config/argo/clusterrole.argo-aggregate-to-edit.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: argo-aggregate-to-edit +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch \ No newline at end of file diff --git a/config/argo/clusterrole.argo-aggregate-to-view.yaml b/config/argo/clusterrole.argo-aggregate-to-view.yaml new file mode 100644 index 000000000..318097cf0 --- /dev/null +++ b/config/argo/clusterrole.argo-aggregate-to-view.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: argo-aggregate-to-view +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workfloweventbindings + - workfloweventbindings/finalizers + - workflowtemplates + - workflowtemplates/finalizers + - cronworkflows + - cronworkflows/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + - workflowtaskresults + - workflowtaskresults/finalizers + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/config/argo/clusterrole.argo-cluster-role.yaml b/config/argo/clusterrole.argo-cluster-role.yaml new file mode 100644 index 000000000..8e7410107 --- /dev/null +++ b/config/argo/clusterrole.argo-cluster-role.yaml @@ -0,0 +1,106 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-cluster-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + - workflowartifactgctasks + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + - clusterworkflowtemplates + - clusterworkflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete \ No newline at end of file diff --git a/config/argo/clusterrole.argo-server-cluster-role.yaml b/config/argo/clusterrole.argo-server-cluster-role.yaml new file mode 100644 index 000000000..699c36c41 --- /dev/null +++ b/config/argo/clusterrole.argo-server-cluster-role.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: argo-server-cluster-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + verbs: + - get + - list + - watch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - watch + - create + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - eventsources + - sensors + - workflows + - workfloweventbindings + - workflowtemplates + - cronworkflows + - clusterworkflowtemplates + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/config/argo/clusterrolebinding.argo-binding.yaml b/config/argo/clusterrolebinding.argo-binding.yaml new file mode 100644 index 000000000..05a9369b2 --- /dev/null +++ b/config/argo/clusterrolebinding.argo-binding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-cluster-role +subjects: +- kind: ServiceAccount + name: argo + namespace: argo \ No newline at end of file diff --git a/config/argo/clusterrolebinding.argo-server-binding.yaml b/config/argo/clusterrolebinding.argo-server-binding.yaml new file mode 100644 index 000000000..81f664337 --- /dev/null +++ b/config/argo/clusterrolebinding.argo-server-binding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: argo-server-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: argo-server-cluster-role +subjects: +- kind: ServiceAccount + name: argo-server + namespace: argo \ No newline at end of file diff --git a/config/argo/configmap.workflow-controller-configmap.yaml b/config/argo/configmap.workflow-controller-configmap.yaml new file mode 100644 index 000000000..86379fcbe --- /dev/null +++ b/config/argo/configmap.workflow-controller-configmap.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: argo \ No newline at end of file diff --git a/config/argo/crd.applications.yaml b/config/argo/crd.applications.yaml new file mode 100644 index 000000000..b2a459f03 --- /dev/null +++ b/config/argo/crd.applications.yaml @@ -0,0 +1,531 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/application/pull/2 + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + labels: + controller-tools.k8s.io: "1.0" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + categories: + - all + kind: Application + listKind: ApplicationList + plural: applications + shortNames: + - app + singular: application + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The type of the application + jsonPath: .spec.descriptor.type + name: Type + type: string + - description: The creation date + jsonPath: .spec.descriptor.version + name: Version + type: string + - description: The application object owns the matched resources + jsonPath: .spec.addOwnerRef + name: Owner + type: boolean + - description: Numbers of components ready + jsonPath: .status.componentsReady + name: Ready + type: string + - description: The creation date + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Application is the Schema for the applications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ApplicationSpec defines the specification for an Application. + properties: + addOwnerRef: + description: AddOwnerRef objects - flag to indicate if we need to + add OwnerRefs to matching objects Matching is done by using Selector + to query all ComponentGroupKinds + type: boolean + assemblyPhase: + description: AssemblyPhase represents the current phase of the application's + assembly. An empty value is equivalent to "Succeeded". + type: string + componentKinds: + description: ComponentGroupKinds is a list of Kinds for Application's + components (e.g. Deployments, Pods, Services, CRDs). It can be used + in conjunction with the Application's Selector to list or watch + the Applications components. + items: + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types + properties: + group: + type: string + kind: + type: string + required: + - group + - kind + type: object + type: array + descriptor: + description: Descriptor regroups information and metadata about an + application. + properties: + description: + description: Description is a brief string description of the + Application. + type: string + icons: + description: Icons is an optional list of icons for an application. + Icon information includes the source, size, and mime type. + items: + description: ImageSpec contains information about an image used + as an icon. + properties: + size: + description: (optional) The size of the image in pixels + (e.g., 25x25). + type: string + src: + description: The source for image represented as either + an absolute URL to the image or a Data URL containing + the image. Data URLs are defined in RFC 2397. + type: string + type: + description: (optional) The mine type of the image (e.g., + "image/png"). + type: string + required: + - src + type: object + type: array + keywords: + description: Keywords is an optional list of key words associated + with the application (e.g. MySQL, RDBMS, database). + items: + type: string + type: array + links: + description: Links are a list of descriptive URLs intended to + be used to surface additional documentation, dashboards, etc. + items: + description: Link contains information about an URL to surface + documentation, dashboards, etc. + properties: + description: + description: Description is human readable content explaining + the purpose of the link. + type: string + url: + description: Url typically points at a website address. + type: string + type: object + type: array + maintainers: + description: Maintainers is an optional list of maintainers of + the application. The maintainers in this list maintain the the + source code, images, and package for the application. + items: + description: ContactData contains information about an individual + or organization. + properties: + email: + description: Email is the email address. + type: string + name: + description: Name is the descriptive name. + type: string + url: + description: Url could typically be a website address. + type: string + type: object + type: array + notes: + description: Notes contain a human readable snippets intended + as a quick start for the users of the Application. CommonMark + markdown syntax may be used for rich text representation. + type: string + owners: + description: Owners is an optional list of the owners of the installed + application. The owners of the application should be contacted + in the event of a planned or unplanned disruption affecting + the application. + items: + description: ContactData contains information about an individual + or organization. + properties: + email: + description: Email is the email address. + type: string + name: + description: Name is the descriptive name. + type: string + url: + description: Url could typically be a website address. + type: string + type: object + type: array + type: + description: Type is the type of the application (e.g. WordPress, + MySQL, Cassandra). + type: string + version: + description: Version is an optional version indicator for the + Application. + type: string + type: object + info: + description: Info contains human readable key,value pairs for the + Application. + items: + description: InfoItem is a human readable key,value pair containing + important information about how to access the Application. + properties: + name: + description: Name is a human readable title for this piece of + information. + type: string + type: + description: Type of the value for this InfoItem. + type: string + value: + description: Value is human readable content. + type: string + valueFrom: + description: ValueFrom defines a reference to derive the value + from another source. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + key: + description: The key to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + ingressRef: + description: Select an Ingress. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + host: + description: The optional host to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + path: + description: The optional HTTP path. + type: string + protocol: + description: Protocol for the ingress + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + secretKeyRef: + description: Selects a key of a Secret. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + key: + description: The key to select. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + serviceRef: + description: Select a Service. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a + valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container + that triggered the event) or if no container name + is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to + have some well-defined way of referencing a part of + an object. TODO: this design is not final and this + field is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + path: + description: The optional HTTP path. + type: string + port: + description: The optional port to select. + format: int32 + type: integer + protocol: + description: Protocol for the service + type: string + resourceVersion: + description: 'Specific resourceVersion to which this + reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: + description: Type of source. + type: string + type: object + type: object + type: array + selector: + description: 'Selector is a label query over kinds that created by + the application. It must match the component objects'' labels. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: ApplicationStatus defines controller's the observed state + of Application + properties: + components: + description: Object status array for all matching objects + items: + description: ObjectStatus is a generic status holder for objects + properties: + group: + description: Object group + type: string + kind: + description: Kind of object + type: string + link: + description: Link to object + type: string + name: + description: Name of object + type: string + status: + description: 'Status. Values: InProgress, Ready, Unknown' + type: string + type: object + type: array + componentsReady: + description: 'ComponentsReady: status of the components in the format + ready/total' + type: string + conditions: + description: Conditions represents the latest state of the object + items: + description: Condition describes the state of an object at a certain + point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + lastUpdateTime: + description: Last time the condition was probed + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the most recent generation observed. + It corresponds to the Object's generation, which is updated on mutation + by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/argo/crd.clusterworkflowtemplates.yaml b/config/argo/crd.clusterworkflowtemplates.yaml new file mode 100644 index 000000000..cce533e63 --- /dev/null +++ b/config/argo/crd.clusterworkflowtemplates.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|clusterworkflowtemplates.argoproj.io + name: clusterworkflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: ClusterWorkflowTemplate + listKind: ClusterWorkflowTemplateList + plural: clusterworkflowtemplates + shortNames: + - clusterwftmpl + - cwft + singular: clusterworkflowtemplate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/config/argo/crd.cronworkflows.yaml b/config/argo/crd.cronworkflows.yaml new file mode 100644 index 000000000..7c2b6dc2d --- /dev/null +++ b/config/argo/crd.cronworkflows.yaml @@ -0,0 +1,42 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|cronworkflows.argoproj.io + name: cronworkflows.argoproj.io +spec: + group: argoproj.io + names: + kind: CronWorkflow + listKind: CronWorkflowList + plural: cronworkflows + shortNames: + - cwf + - cronwf + singular: cronworkflow + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/config/argo/crd.scheduledworkflows.yaml b/config/argo/crd.scheduledworkflows.yaml new file mode 100644 index 000000000..9bac8cef0 --- /dev/null +++ b/config/argo/crd.scheduledworkflows.yaml @@ -0,0 +1,41 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + kubeflow/crd-install: "true" + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - status + type: object + served: true + storage: true diff --git a/config/argo/crd.viewers.yaml b/config/argo/crd.viewers.yaml new file mode 100644 index 000000000..2e58965a1 --- /dev/null +++ b/config/argo/crd.viewers.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + kubeflow/crd-install: "true" + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + served: true + storage: true diff --git a/config/argo/crd.workfloweventbinding.yaml b/config/argo/crd.workfloweventbinding.yaml new file mode 100644 index 000000000..d73961473 --- /dev/null +++ b/config/argo/crd.workfloweventbinding.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|workfloweventbindings.argoproj.io + name: workfloweventbindings.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowEventBinding + listKind: WorkflowEventBindingList + plural: workfloweventbindings + shortNames: + - wfeb + singular: workfloweventbinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/config/argo/crd.workflows.yaml b/config/argo/crd.workflows.yaml new file mode 100644 index 000000000..c955e45d4 --- /dev/null +++ b/config/argo/crd.workflows.yaml @@ -0,0 +1,52 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|workflows.argoproj.io + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + listKind: WorkflowList + plural: workflows + shortNames: + - wf + singular: workflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Status of the workflow + jsonPath: .status.phase + name: Status + type: string + - description: When the workflow was started + format: date-time + jsonPath: .status.startedAt + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: {} diff --git a/config/argo/crd.workflowtaskresult.yaml b/config/argo/crd.workflowtaskresult.yaml new file mode 100644 index 000000000..8ca13dc1f --- /dev/null +++ b/config/argo/crd.workflowtaskresult.yaml @@ -0,0 +1,427 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|workflowtaskresults.argoproj.io + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true diff --git a/config/argo/crd.workflowtaskset.yaml b/config/argo/crd.workflowtaskset.yaml new file mode 100644 index 000000000..4d69da345 --- /dev/null +++ b/config/argo/crd.workflowtaskset.yaml @@ -0,0 +1,43 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|workflowtasksets.argoproj.io + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/argo/crd.workflowtemplate.yaml b/config/argo/crd.workflowtemplate.yaml new file mode 100644 index 000000000..0e60798a8 --- /dev/null +++ b/config/argo/crd.workflowtemplate.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apiextensions.k8s.io|CustomResourceDefinition|default|workflowtemplates.argoproj.io + name: workflowtemplates.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTemplate + listKind: WorkflowTemplateList + plural: workflowtemplates + shortNames: + - wftmpl + singular: workflowtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/config/argo/deployment.argo-server.yaml b/config/argo/deployment.argo-server.yaml new file mode 100644 index 000000000..b12e7c88b --- /dev/null +++ b/config/argo/deployment.argo-server.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: argo-server + namespace: argo +spec: + selector: + matchLabels: + app: argo-server + template: + metadata: + labels: + app: argo-server + spec: + containers: + - args: + - server + env: [] + image: quay.io/argoproj/argocli:v3.4.12 + name: argo-server + ports: + - containerPort: 2746 + name: web + readinessProbe: + httpGet: + path: / + port: 2746 + scheme: HTTPS + initialDelaySeconds: 10 + periodSeconds: 20 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsNonRoot: true + serviceAccountName: argo-server + volumes: + - emptyDir: {} + name: tmp \ No newline at end of file diff --git a/config/argo/deployment.workflow-controller.yaml b/config/argo/deployment.workflow-controller.yaml new file mode 100644 index 000000000..1d5a056bf --- /dev/null +++ b/config/argo/deployment.workflow-controller.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workflow-controller + namespace: argo +spec: + selector: + matchLabels: + app: workflow-controller + template: + metadata: + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - gcr.io/ml-pipeline/argoexec:v3.3.10-license-compliance + - --namespaced + command: + - workflow-controller + env: + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + # image: quay.io/argoproj/workflow-controller:v3.4.12 + image: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6060 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + name: workflow-controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 6060 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: workflow-controller + securityContext: + runAsNonRoot: true + serviceAccountName: argo \ No newline at end of file diff --git a/config/argo/kustomization.yaml b/config/argo/kustomization.yaml new file mode 100644 index 000000000..6b09a4e74 --- /dev/null +++ b/config/argo/kustomization.yaml @@ -0,0 +1,39 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: argo +resources: +# Deploy Argo Controller and Server +# TODO: Only deploy server (not WC?) +# - https://github.com/argoproj/argo-workflows/releases/download/v3.4.12/install.yaml + +# The following manifests are used in ALL Executors +- clusterrole.argo-aggregate-to-admin.yaml +- clusterrole.argo-aggregate-to-edit.yaml +- clusterrole.argo-aggregate-to-view.yaml +- clusterrole.argo-cluster-role.yaml +- clusterrole.argo-server-cluster-role.yaml +- clusterrolebinding.argo-binding.yaml +- clusterrolebinding.argo-server-binding.yaml +- configmap.workflow-controller-configmap.yaml +- deployment.argo-server.yaml +# - deployment.workflow-controller.yaml +- priorityclass.yaml +- role.argo.yaml +- rolebinding.argo-binding.yaml +- service.argo-server.yaml +- serviceaccount.argo-server.yaml +- serviceaccount.argo.yaml + +# CRDs only needed for PNS executors +- crd.applications.yaml +- crd.clusterworkflowtemplates.yaml +- crd.cronworkflows.yaml +- crd.scheduledworkflows.yaml +- crd.viewers.yaml +- crd.workfloweventbinding.yaml +- crd.workflows.yaml +- crd.workflowtaskresult.yaml +- crd.workflowtaskset.yaml +- crd.workflowtemplate.yaml + + diff --git a/config/argo/priorityclass.yaml b/config/argo/priorityclass.yaml new file mode 100644 index 000000000..e792f398d --- /dev/null +++ b/config/argo/priorityclass.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + annotations: + internal.kpt.dev/upstream-identifier: scheduling.k8s.io|PriorityClass|default|workflow-controller + labels: + application-crd-id: kubeflow-pipelines + name: workflow-controller +value: 1000000 diff --git a/config/argo/role.argo.yaml b/config/argo/role.argo.yaml new file mode 100644 index 000000000..d58c221b6 --- /dev/null +++ b/config/argo/role.argo.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role + namespace: argo +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get \ No newline at end of file diff --git a/config/argo/rolebinding.argo-binding.yaml b/config/argo/rolebinding.argo-binding.yaml new file mode 100644 index 000000000..fe64852d9 --- /dev/null +++ b/config/argo/rolebinding.argo-binding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding + namespace: argo +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo + namespace: argo \ No newline at end of file diff --git a/config/argo/service.argo-server.yaml b/config/argo/service.argo-server.yaml new file mode 100644 index 000000000..b9affd5da --- /dev/null +++ b/config/argo/service.argo-server.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: argo-server + namespace: argo +spec: + ports: + - name: web + port: 2746 + targetPort: 2746 + selector: + app: argo-server \ No newline at end of file diff --git a/config/argo/serviceaccount.argo-server.yaml b/config/argo/serviceaccount.argo-server.yaml new file mode 100644 index 000000000..27556a207 --- /dev/null +++ b/config/argo/serviceaccount.argo-server.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-server + namespace: argo \ No newline at end of file diff --git a/config/argo/serviceaccount.argo.yaml b/config/argo/serviceaccount.argo.yaml new file mode 100644 index 000000000..2de7bc6d0 --- /dev/null +++ b/config/argo/serviceaccount.argo.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo + namespace: argo \ No newline at end of file diff --git a/config/overlays/make-argodeploy/kustomization.yaml b/config/overlays/make-argodeploy/kustomization.yaml new file mode 100644 index 000000000..526685e3c --- /dev/null +++ b/config/overlays/make-argodeploy/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: argo +resources: +- ../../argo From f2e9e99a9f45f1a08bb59acb0934ba0ceda8abb8 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Mon, 23 Oct 2023 18:03:40 -0400 Subject: [PATCH 02/20] Add WorkflowController DSPA Item --- api/v1alpha1/dspipeline_types.go | 10 ++ api/v1alpha1/zz_generated.deepcopy.go | 20 +++ config/base/kustomization.yaml | 7 + config/base/params.env | 1 + config/configmaps/files/config.yaml | 1 + ...b.io_datasciencepipelinesapplications.yaml | 11 ++ .../workflow-controller/configmap.yaml.tmpl | 42 ++++++ .../workflow-controller/deployment.yaml.tmpl | 71 ++++++++++ .../workflow-controller/role.yaml.tmpl | 131 ++++++++++++++++++ .../workflow-controller/rolebinding.yaml.tmpl | 20 +++ .../internal/workflow-controller/sa.yaml.tmpl | 12 ++ .../workflow-controller/service.yaml.tmpl | 26 ++++ config/manager/manager.yaml | 2 + controllers/dspipeline_controller.go | 5 + controllers/dspipeline_params.go | 1 + controllers/workflow_controller.go | 44 ++++++ controllers/workflow_controller_test.go | 121 ++++++++++++++++ 17 files changed, 525 insertions(+) create mode 100644 config/internal/workflow-controller/configmap.yaml.tmpl create mode 100644 config/internal/workflow-controller/deployment.yaml.tmpl create mode 100644 config/internal/workflow-controller/role.yaml.tmpl create mode 100644 config/internal/workflow-controller/rolebinding.yaml.tmpl create mode 100644 config/internal/workflow-controller/sa.yaml.tmpl create mode 100644 config/internal/workflow-controller/service.yaml.tmpl create mode 100644 controllers/workflow_controller.go create mode 100644 controllers/workflow_controller_test.go diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index c4c6d7ac4..c162df06f 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -51,6 +51,9 @@ type DSPASpec struct { // +kubebuilder:validation:Optional // +kubebuilder:default:="v1" DSPVersion string `json:"dspVersion,omitempty"` + // DS Pipelines Argo Workflow Controller Configuration. + // +kubebuilder:default:={deploy: false} + *WorkflowController `json:"workflowController,omitempty"` } type APIServer struct { @@ -293,6 +296,13 @@ type VisualizationServer struct { Image string `json:"image,omitempty"` } +type WorkflowController struct { + // +kubebuilder:default:=true + // +kubebuilder:validation:Optional + Deploy bool `json:"deploy"` + Image string `json:"image,omitempty"` +} + // ResourceRequirements structures compute resource requirements. // Replaces ResourceRequirements from corev1 which also includes optional storage field. // We handle storage field separately, and should not include it as a subfield for Resources. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 5239c76f2..db7974ddf 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -149,6 +149,11 @@ func (in *DSPASpec) DeepCopyInto(out *DSPASpec) { *out = new(VisualizationServer) **out = **in } + if in.WorkflowController != nil { + in, out := &in.WorkflowController, &out.WorkflowController + *out = new(WorkflowController) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DSPASpec. @@ -606,6 +611,21 @@ func (in *VisualizationServer) DeepCopy() *VisualizationServer { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WorkflowController) DeepCopyInto(out *WorkflowController) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkflowController. +func (in *WorkflowController) DeepCopy() *WorkflowController { + if in == nil { + return nil + } + out := new(WorkflowController) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Writer) DeepCopyInto(out *Writer) { *out = *in diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index a7c950c50..5518e7580 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -211,5 +211,12 @@ vars: apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_MLMDWRITER + - name: IMAGESV2_WORKFLOWCONTROLLER + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_WORKFLOWCONTROLLER configurations: - params.yaml diff --git a/config/base/params.env b/config/base/params.env index 01485c299..3350afc9a 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -21,6 +21,7 @@ IMAGESV2_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 IMAGESV2_MLMDWRITER=gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 IMAGESV2_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 IMAGESV2_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 +IMAGESV2_WORKFLOWCONTROLLER=gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance ZAP_LOG_LEVEL=info MAX_CONCURRENT_RECONCILES=10 DSPO_HEALTHCHECK_DATABASE_CONNECTIONTIMEOUT=15s diff --git a/config/configmaps/files/config.yaml b/config/configmaps/files/config.yaml index 13775132b..230bc0c0d 100644 --- a/config/configmaps/files/config.yaml +++ b/config/configmaps/files/config.yaml @@ -22,6 +22,7 @@ ImagesV2: MlmdEnvoy: $(IMAGESV2_MLMDENVOY) MlmdGRPC: $(IMAGESV2_MLMDGRPC) MlmdWriter: $(IMAGESV2_MLMDWRITER) + WorkflowController: $(IMAGESV2_WORKFLOWCONTROLLER) DSPO: HealthCheck: Database: diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index 4972a5c9c..66171d9d0 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -760,6 +760,17 @@ spec: image: type: string type: object + workflowController: + default: + deploy: false + description: DS Pipelines Argo Workflow Controller Configuration. + properties: + deploy: + default: true + type: boolean + image: + type: string + type: object required: - objectStorage type: object diff --git a/config/internal/workflow-controller/configmap.yaml.tmpl b/config/internal/workflow-controller/configmap.yaml.tmpl new file mode 100644 index 000000000..45fdb2d70 --- /dev/null +++ b/config/internal/workflow-controller/configmap.yaml.tmpl @@ -0,0 +1,42 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + internal.kpt.dev/upstream-identifier: '|ConfigMap|default|workflow-controller-configmap' + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-{{.Name}} + namespace: {{.Namespace}} +data: + artifactRepository: | + archiveLogs: {{.APIServer.ArchiveLogs}} + s3: + endpoint: "{{.ObjectStorageConnection.Endpoint}}" + bucket: "{{.ObjectStorageConnection.Bucket}}" + # keyFormat is a format pattern to define how artifacts will be organized in a bucket. + # It can reference workflow metadata variables such as workflow.namespace, workflow.name, + # pod.name. Can also use strftime formating of workflow.creationTimestamp so that workflow + # artifacts can be organized by date. If omitted, will use `\{\{workflow.name\}\}/\{\{pod.name\}\}`, + # which has potential for have collisions, because names do not guarantee they are unique + # over the lifetime of the cluster. + # Refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/names/. + # + # The following format looks like: + # artifacts/my-workflow-abc123/2018/08/23/my-workflow-abc123-1234567890 + # Adding date into the path greatly reduces the chance of \{\{pod.name\}\} collision. + # keyFormat: "artifacts/\{\{workflow.name\}\}/\{\{workflow.creationTimestamp.Y\}\}/\{\{workflow.creationTimestamp.m\}\}/\{\{workflow.creationTimestamp.d\}\}/\{\{pod.name\}\}" # TODO + # insecure will disable TLS. Primarily used for minio installs not configured with TLS + insecure: {{.ObjectStorageConnection.Secure}} + accessKeySecret: + name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" + key: "{{.ObjectStorageConnection.CredentialsSecret.AccessKey}}" + secretKeySecret: + name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" + key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" + containerRuntimeExecutor: emissary # TODO + executor: | + imagePullPolicy: IfNotPresent # TODO + diff --git a/config/internal/workflow-controller/deployment.yaml.tmpl b/config/internal/workflow-controller/deployment.yaml.tmpl new file mode 100644 index 000000000..b921e46ac --- /dev/null +++ b/config/internal/workflow-controller/deployment.yaml.tmpl @@ -0,0 +1,71 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + internal.kpt.dev/upstream-identifier: apps|Deployment|default|workflow-controller + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-{{.Name}} + namespace: {{.Namespace}} +spec: + selector: + matchLabels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + template: + metadata: + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + spec: + containers: + - args: + - --configmap + - ds-pipeline-workflow-controller-{{.Name}} + - --executor-image + - gcr.io/ml-pipeline/argoexec:v3.3.10-license-compliance + - --namespaced + command: + - workflow-controller + env: + - name: LEADER_ELECTION_IDENTITY + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + image: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 6060 + initialDelaySeconds: 90 + periodSeconds: 60 + timeoutSeconds: 30 + name: ds-pipeline-workflow-controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 6060 + resources: + requests: + cpu: 100m + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + nodeSelector: + kubernetes.io/os: linux + priorityClassName: ds-pipelines-workflow-controller-priorityclass + securityContext: + runAsNonRoot: true + serviceAccountName: ds-pipeline-workflow-controller-{{.Name}} diff --git a/config/internal/workflow-controller/role.yaml.tmpl b/config/internal/workflow-controller/role.yaml.tmpl new file mode 100644 index 000000000..42b944ac8 --- /dev/null +++ b/config/internal/workflow-controller/role.yaml.tmpl @@ -0,0 +1,131 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + internal.kpt.dev/upstream-identifier: rbac.authorization.k8s.io|Role|default|argo-role + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-role-{{.Name}} + namespace: {{.Namespace}} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete diff --git a/config/internal/workflow-controller/rolebinding.yaml.tmpl b/config/internal/workflow-controller/rolebinding.yaml.tmpl new file mode 100644 index 000000000..dbafe5730 --- /dev/null +++ b/config/internal/workflow-controller/rolebinding.yaml.tmpl @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + internal.kpt.dev/upstream-identifier: rbac.authorization.k8s.io|RoleBinding|default|argo-binding + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-rolebinding-{{.Name}} + namespace: {{.Namespace}} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ds-pipeline-workflow-controller-role-{{.Name}} +subjects: +- kind: ServiceAccount + name: ds-pipeline-workflow-controller-{{.Name}} + namespace: {{.Namespace}} diff --git a/config/internal/workflow-controller/sa.yaml.tmpl b/config/internal/workflow-controller/sa.yaml.tmpl new file mode 100644 index 000000000..4ec448294 --- /dev/null +++ b/config/internal/workflow-controller/sa.yaml.tmpl @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + internal.kpt.dev/upstream-identifier: '|ServiceAccount|default|argo' + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-{{.Name}} + namespace: {{.Namespace}} diff --git a/config/internal/workflow-controller/service.yaml.tmpl b/config/internal/workflow-controller/service.yaml.tmpl new file mode 100644 index 000000000..17ef787c0 --- /dev/null +++ b/config/internal/workflow-controller/service.yaml.tmpl @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + internal.kpt.dev/upstream-identifier: '|Service|default|workflow-controller-metrics' + workflows.argoproj.io/description: | + This service is deprecated. It will be removed in v3.4. + + https://github.com/argoproj/argo-workflows/issues/8441 + labels: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} + name: ds-pipeline-workflow-controller-metrics-{{.Name}} + namespace: {{.Namespace}} +spec: + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: ds-pipeline-workflow-controller-{{.Name}} + component: data-science-pipelines + dspa: {{.Name}} diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 358588a2e..cfa8273e8 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -80,6 +80,8 @@ spec: value: $(IMAGESV2_MLMDGRPC) - name: IMAGESV2_MLMDWRITER value: $(IMAGESV2_MLMDWRITER) + - name: IMAGESV2_WORKFLOWCONTROLLER + value: $(IMAGESV2_WORKFLOWCONTROLLER) - name: ZAP_LOG_LEVEL value: $(ZAP_LOG_LEVEL) - name: MAX_CONCURRENT_RECONCILES diff --git a/controllers/dspipeline_controller.go b/controllers/dspipeline_controller.go index 4dea82896..f5e37c263 100644 --- a/controllers/dspipeline_controller.go +++ b/controllers/dspipeline_controller.go @@ -288,6 +288,11 @@ func (r *DSPAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl. return ctrl.Result{}, err } + err = r.ReconcileWorkflowController(dspa, params) + if err != nil { + return ctrl.Result{}, err + } + } log.Info("Updating CR status") diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 79b8bfb00..15f8a8685 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -57,6 +57,7 @@ type DSPAParams struct { MLMD *dspa.MLMD CRDViewer *dspa.CRDViewer VisualizationServer *dspa.VisualizationServer + WorkflowController *dspa.WorkflowController DBConnection ObjectStorageConnection } diff --git a/controllers/workflow_controller.go b/controllers/workflow_controller.go new file mode 100644 index 000000000..eccbe0b20 --- /dev/null +++ b/controllers/workflow_controller.go @@ -0,0 +1,44 @@ +/* +Copyright 2023. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controllers + +import ( + dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" +) + +var workflowControllerTemplatesDir = "workflow-controller" + +func (r *DSPAReconciler) ReconcileWorkflowController(dsp *dspav1alpha1.DataSciencePipelinesApplication, + params *DSPAParams) error { + + log := r.Log.WithValues("namespace", dsp.Namespace).WithValues("dspa_name", dsp.Name) + + if !dsp.Spec.WorkflowController.Deploy { + log.Info("Skipping Application of Visualization Server Resources") + return nil + } + + log.Info("Applying Visualization Server Resources") + + err := r.ApplyDir(dsp, params, workflowControllerTemplatesDir) + if err != nil { + return err + } + + log.Info("Finished applying Visualization Server Resources") + return nil +} diff --git a/controllers/workflow_controller_test.go b/controllers/workflow_controller_test.go new file mode 100644 index 000000000..31a4df87d --- /dev/null +++ b/controllers/workflow_controller_test.go @@ -0,0 +1,121 @@ +//go:build test_all || test_unit + +/* + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controllers + +import ( + "testing" + + dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" +) + +func TestDeployWorkflowController(t *testing.T) { + testNamespace := "testnamespace" + testDSPAName := "testdspa" + expectedWorkflowControllerName := "ds-pipeline-workflow-controller-testdspa" + + // Construct DSPASpec with deployed Visualization Server + dspa := &dspav1alpha1.DataSciencePipelinesApplication{ + Spec: dspav1alpha1.DSPASpec{ + APIServer: &dspav1alpha1.APIServer{ + ArchiveLogs: true, + }, + WorkflowController: &dspav1alpha1.WorkflowController{ + Deploy: true, + }, + Database: &dspav1alpha1.Database{ + DisableHealthCheck: false, + MariaDB: &dspav1alpha1.MariaDB{ + Deploy: true, + }, + }, + ObjectStorage: &dspav1alpha1.ObjectStorage{ + DisableHealthCheck: false, + Minio: &dspav1alpha1.Minio{ + Deploy: false, + Image: "someimage", + }, + }, + }, + } + + // Enrich DSPA with name+namespace + dspa.Namespace = testNamespace + dspa.Name = testDSPAName + + // Create Context, Fake Controller and Params + ctx, params, reconciler := CreateNewTestObjects() + err := params.ExtractParams(ctx, dspa, reconciler.Client, reconciler.Log) + assert.Nil(t, err) + + // Ensure Visualization Server Deployment doesn't yet exist + deployment := &appsv1.Deployment{} + created, err := reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) + assert.False(t, created) + assert.Nil(t, err) + + // Run test reconciliation + err = reconciler.ReconcileWorkflowController(dspa, params) + assert.Nil(t, err) + + // Ensure Visualization Server Deployment now exists + deployment = &appsv1.Deployment{} + created, err = reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) + assert.True(t, created) + assert.Nil(t, err) + +} + +func TestDontDeployWorkflowController(t *testing.T) { + testNamespace := "testnamespace" + testDSPAName := "testdspa" + expectedWorkflowControllerName := "ds-pipeline-workflow-controller-testdspa" + + // Construct DSPASpec with non-deployed Visualization Server + dspa := &dspav1alpha1.DataSciencePipelinesApplication{ + Spec: dspav1alpha1.DSPASpec{ + WorkflowController: &dspav1alpha1.WorkflowController{ + Deploy: false, + }, + }, + } + + // Enrich DSPA with name+namespace + dspa.Name = testDSPAName + dspa.Namespace = testNamespace + + // Create Context, Fake Controller and Params + ctx, params, reconciler := CreateNewTestObjects() + + // Ensure Visualization Server Deployment doesn't yet exist + deployment := &appsv1.Deployment{} + created, err := reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) + assert.False(t, created) + assert.Nil(t, err) + + // Run test reconciliation + err = reconciler.ReconcileWorkflowController(dspa, params) + assert.Nil(t, err) + + // Ensure Visualization Server Deployment still doesn't exist + deployment = &appsv1.Deployment{} + created, err = reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) + assert.False(t, created) + assert.Nil(t, err) +} From f25076315932896a520b7be65f21d00842d78394 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Thu, 26 Oct 2023 15:09:03 -0400 Subject: [PATCH 03/20] Env and Manifest adjustments for ArgoWf backend engine --- config/argo/priorityclass.yaml | 2 +- .../apiserver/default/deployment.yaml.tmpl | 33 +++++ .../default/service.ml-pipeline.yaml.tmpl | 28 ++++ .../internal/common/default/policy.yaml.tmpl | 62 +-------- .../default/service.minioservice.yaml.tmpl | 17 +++ .../metadata-grpc.configmap.yaml.tmpl | 10 ++ ...etadata-grpc.ml-pipeline.service.yaml.tmpl | 17 +++ .../persistence-agent/deployment.yaml.tmpl | 19 ++- config/rbac/argo_role.yaml | 125 ++++++++++++++++++ config/rbac/argo_role_binding.yaml | 14 ++ config/rbac/kustomization.yaml | 3 + 11 files changed, 265 insertions(+), 65 deletions(-) create mode 100644 config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl create mode 100644 config/internal/minio/default/service.minioservice.yaml.tmpl create mode 100644 config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl create mode 100644 config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl create mode 100644 config/rbac/argo_role.yaml create mode 100644 config/rbac/argo_role_binding.yaml diff --git a/config/argo/priorityclass.yaml b/config/argo/priorityclass.yaml index e792f398d..fd2d371f4 100644 --- a/config/argo/priorityclass.yaml +++ b/config/argo/priorityclass.yaml @@ -6,5 +6,5 @@ metadata: internal.kpt.dev/upstream-identifier: scheduling.k8s.io|PriorityClass|default|workflow-controller labels: application-crd-id: kubeflow-pipelines - name: workflow-controller + name: ds-pipelines-workflow-controller-priorityclass value: 1000000 diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index f6140b951..a8a6a8e59 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -22,8 +22,14 @@ spec: spec: containers: - env: + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" - name: POD_NAMESPACE value: "{{.Namespace}}" + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: "{{.ObjectStorageConnection.Bucket}}" - name: DBCONFIG_USER value: "{{.DBConnection.Username}}" - name: DBCONFIG_PASSWORD @@ -78,6 +84,31 @@ spec: value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" - name: DBCONFIG_CONMAXLIFETIMESEC value: "{{.APIServer.DBConfigConMaxLifetimeSec}}" + - name: DB_DRIVER_NAME + value: mysql + - name: DBCONFIG_MYSQLCONFIG_USER + value: "{{.DBConnection.Username}}" + - name: DBCONFIG_MYSQLCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: "{{.DBConnection.CredentialsSecret.Key}}" + name: "{{.DBConnection.CredentialsSecret.Name}}" + - name: DBCONFIG_MYSQLCONFIG_DBNAME + value: "{{.DBConnection.DBName}}" + - name: DBCONFIG_MYSQLCONFIG_HOST + value: "{{.DBConnection.Host}}" + - name: DBCONFIG_MYSQLCONFIG_PORT + value: "{{.DBConnection.Port}}" + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: "{{.ObjectStorageConnection.CredentialsSecret.AccessKey}}" + name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" + name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST value: "ds-pipeline-visualizationserver" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT @@ -122,6 +153,8 @@ spec: value: ds-pipeline-{{.Name}}.{{.Namespace}}.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: Workflow image: {{.APIServer.Image}} imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl b/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl new file mode 100644 index 000000000..919bf4cae --- /dev/null +++ b/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: {{.Namespace}} + annotations: + service.alpha.openshift.io/serving-cert-secret-name: ds-pipelines-proxy-tls-{{.Name}} + labels: + app: ds-pipeline-{{.Name}} + component: data-science-pipelines +spec: + ports: + - name: oauth + port: 8443 + protocol: TCP + targetPort: oauth + - name: http + port: 8888 + protocol: TCP + targetPort: http + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ds-pipeline-{{.Name}} + component: data-science-pipelines + diff --git a/config/internal/common/default/policy.yaml.tmpl b/config/internal/common/default/policy.yaml.tmpl index 8ec9aff82..c1bd56ffc 100644 --- a/config/internal/common/default/policy.yaml.tmpl +++ b/config/internal/common/default/policy.yaml.tmpl @@ -11,71 +11,11 @@ spec: policyTypes: - Ingress ingress: - # Match all sources for oauth endpoint - ports: - protocol: TCP port: 8443 - # We only allow DSPA components to communicate - # by bypassing oauth proxy, all external - # traffic should go through oauth proxy - - from: - - namespaceSelector: - matchLabels: - name: openshift-user-workload-monitoring - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: redhat-ods-monitoring - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift-pipelines - - podSelector: - matchLabels: - app.kubernetes.io/managed-by: tekton-pipelines - pipelines.kubeflow.org/v2_component: 'true' - - podSelector: - matchLabels: - app: mariadb-{{.Name}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: minio-{{.Name}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: ds-pipeline-ui-{{.Name}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: {{.PersistentAgentDefaultResourceName}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: {{.ScheduledWorkflowDefaultResourceName}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: ds-pipeline-metadata-envoy-{{.Name}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: ds-pipeline-metadata-grpc-{{.Name}} - component: data-science-pipelines - - podSelector: - matchLabels: - app: ds-pipeline-metadata-writer-{{.Name}} - component: data-science-pipelines - ports: + - ports: - protocol: TCP port: 8888 - protocol: TCP port: 8887 - - ports: - - protocol: TCP - port: 8080 - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: data-science-pipelines-operator-driver - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: openshift-pipelines diff --git a/config/internal/minio/default/service.minioservice.yaml.tmpl b/config/internal/minio/default/service.minioservice.yaml.tmpl new file mode 100644 index 000000000..a4b905296 --- /dev/null +++ b/config/internal/minio/default/service.minioservice.yaml.tmpl @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: {{.Namespace}} + labels: + app: minio-{{.Name}} + component: data-science-pipelines +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio-{{.Name}} + component: data-science-pipelines diff --git a/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl new file mode 100644 index 000000000..a92d8133b --- /dev/null +++ b/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: metadata-grpc-configmap + namespace: {{.Namespace}} + labels: + component: metadata-grpc-server +data: + METADATA_GRPC_SERVICE_HOST: "ds-pipeline-metadata-grpc-{{.Name}}.{{.Namespace}}.svc.cluster.local" + METADATA_GRPC_SERVICE_PORT: "8080" \ No newline at end of file diff --git a/config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl new file mode 100644 index 000000000..aa1823fb6 --- /dev/null +++ b/config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: metadata-grpc-service + namespace: {{.Namespace}} + labels: + app: ds-pipeline-metadata-grpc-{{.Name}} + component: data-science-pipelines +spec: + ports: + - name: grpc-api + port: {{.MLMD.GRPC.Port}} + protocol: TCP + selector: + app: ds-pipeline-metadata-grpc-{{.Name}} + component: data-science-pipelines + type: ClusterIP diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index 281e544cd..f4f77d839 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -34,8 +34,8 @@ spec: value: kubeflow-userid - name: KUBEFLOW_USERID_PREFIX value: "" - - name: EXECUTIONTYPE - value: PipelineRun + #- name: EXECUTIONTYPE + # value: PipelineRun image: "{{.PersistenceAgent.Image}}" imagePullPolicy: IfNotPresent name: ds-pipeline-persistenceagent @@ -85,4 +85,17 @@ spec: memory: {{.PersistenceAgent.Resources.Limits.Memory}} {{ end }} {{ end }} - serviceAccountName: {{.PersistentAgentDefaultResourceName}} + volumeMounts: + - mountPath: /var/run/secrets/kubeflow/tokens/persistenceagent-sa-token + name: persistenceagent-sa-token + subPath: ds-pipeline-persistenceagent-{{.Name}}-token + + serviceAccountName: ds-pipeline-persistenceagent-{{.Name}} + volumes: + - name: persistenceagent-sa-token + projected: + sources: + - serviceAccountToken: + audience: pipelines.kubeflow.org + expirationSeconds: 3600 + path: ds-pipeline-persistenceagent-{{.Name}}-token diff --git a/config/rbac/argo_role.yaml b/config/rbac/argo_role.yaml new file mode 100644 index 000000000..cdabe2b46 --- /dev/null +++ b/config/rbac/argo_role.yaml @@ -0,0 +1,125 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-argo-role +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/finalizers + verbs: + - create + - update + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete + - create +- apiGroups: + - argoproj.io + resources: + - workflowtemplates + - workflowtemplates/finalizers + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - cronworkflows + - cronworkflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - get + - delete diff --git a/config/rbac/argo_role_binding.yaml b/config/rbac/argo_role_binding.yaml new file mode 100644 index 000000000..3de651627 --- /dev/null +++ b/config/rbac/argo_role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: data-science-pipelines-operator + name: manager-argo-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-argo-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: datasciencepipelinesapplications-controller diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ec0220afb..fe94772a8 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,3 +9,6 @@ resources: - role_binding.yaml - role.yaml - service_account.yaml +- aggregate_dspa_role.yaml +- argo_role.yaml +- argo_role_binding.yaml From 91c6968b242c61d6292d24312e0c2ab9cc4e8159 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 15:13:47 -0400 Subject: [PATCH 04/20] Add EngineDriver field for DSPA --- api/v1alpha1/dspipeline_types.go | 3 +++ ...ations.opendatahub.io_datasciencepipelinesapplications.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index c162df06f..9e5cefcba 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -51,6 +51,9 @@ type DSPASpec struct { // +kubebuilder:validation:Optional // +kubebuilder:default:="v1" DSPVersion string `json:"dspVersion,omitempty"` + // +kubebuilder:validation:Optional + // +kubebuilder:default:="tekton" + EngineDriver string `json:"engineDriver,omitempty"` // DS Pipelines Argo Workflow Controller Configuration. // +kubebuilder:default:={deploy: false} *WorkflowController `json:"workflowController,omitempty"` diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index 66171d9d0..73defd443 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -300,6 +300,9 @@ spec: dspVersion: default: v1 type: string + engineDriver: + default: tekton + type: string mlmd: default: deploy: true From 407ecddef0acbdf8e3a9cd07d8338033776cf863 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 15:52:25 -0400 Subject: [PATCH 05/20] Add V2 Argo Images --- config/base/kustomization.yaml | 134 +++++++++++++++--- config/base/params.env | 31 ++-- config/configmaps/files/config.yaml | 36 +++-- .../visualizationserver/deployment.yaml.tmpl | 2 +- .../workflow-controller/deployment.yaml.tmpl | 2 +- config/manager/manager.yaml | 64 ++++++--- controllers/config/defaults.go | 33 +++-- controllers/dspipeline_params.go | 20 +-- kfdef/kfdef.yaml | 46 ++++-- 9 files changed, 280 insertions(+), 88 deletions(-) diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 5518e7580..cdab43931 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -148,75 +148,173 @@ vars: apiVersion: v1 fieldref: fieldpath: data.DSPO_REQUEUE_TIME - - name: IMAGESV2_APISERVER + - name: IMAGESV2_ARGO_APISERVER objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_APISERVER - - name: IMAGESV2_ARTIFACT + fieldpath: data.IMAGESV2_ARGO_APISERVER + - name: IMAGESV2_ARGO_ARTIFACT objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_ARTIFACT - - name: IMAGESV2_CACHE + fieldpath: data.IMAGESV2_ARGO_ARTIFACT + - name: IMAGESV2_ARGO_PERSISTENTAGENT objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_CACHE - - name: IMAGESV2_MOVERESULTSIMAGE + fieldpath: data.IMAGESV2_ARGO_PERSISTENTAGENT + - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_MOVERESULTSIMAGE - - name: IMAGESV2_PERSISTENTAGENT + fieldpath: data.IMAGESV2_ARGO_SCHEDULEDWORKFLOW + - name: IMAGESV2_ARGO_CACHE + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_CACHE + - name: IMAGESV2_ARGO_MOVERESULTSIMAGE + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_MOVERESULTSIMAGE + - name: IMAGESV2_ARGO_PERSISTENTAGENT objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_PERSISTENTAGENT - - name: IMAGESV2_SCHEDULEDWORKFLOW + - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_SCHEDULEDWORKFLOW - - name: IMAGESV2_MLMDENVOY + - name: IMAGESV2_ARGO_MLMDENVOY + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_MLMDENVOY + - name: IMAGESV2_ARGO_MLMDGRPC + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_MLMDGRPC + - name: IMAGESV2_ARGO_MLMDWRITER + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_MLMDWRITER + - name: IMAGESV2_ARGO_VISUALIZATIONSERVER + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_VISUALIZATIONSERVER + - name: IMAGESV2_ARGO_WORKFLOWCONTROLLER + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_ARGO_WORKFLOWCONTROLLER + - name: IMAGESV2_TEKTON_APISERVER + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_APISERVER + - name: IMAGESV2_TEKTON_ARTIFACT + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_ARTIFACT + - name: IMAGESV2_TEKTON_PERSISTENTAGENT + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_PERSISTENTAGENT + - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_SCHEDULEDWORKFLOW + - name: IMAGESV2_TEKTON_CACHE + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_CACHE + - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_MOVERESULTSIMAGE + - name: IMAGESV2_TEKTON_MLMDENVOY + objref: + kind: ConfigMap + name: dspo-parameters + apiVersion: v1 + fieldref: + fieldpath: data.IMAGESV2_TEKTON_MLMDENVOY + - name: IMAGESV2_TEKTON_MLMDGRPC objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_MLMDENVOY - - name: IMAGESV2_MLMDGRPC + fieldpath: data.IMAGESV2_TEKTON_MLMDGRPC + - name: IMAGESV2_TEKTON_MLMDWRITER objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_MLMDGRPC - - name: IMAGESV2_MLMDWRITER + fieldpath: data.IMAGESV2_TEKTON_MLMDWRITER + - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_MLMDWRITER - - name: IMAGESV2_WORKFLOWCONTROLLER + fieldpath: data.IMAGESV2_TEKTON_VISUALIZATIONSERVER + - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_WORKFLOWCONTROLLER + fieldpath: data.IMAGESV2_TEKTON_WORKFLOWCONTROLLER configurations: - params.yaml diff --git a/config/base/params.env b/config/base/params.env index 3350afc9a..56d190d3d 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -12,16 +12,27 @@ IMAGES_MARIADB=registry.redhat.io/rhel8/mariadb-103:1 IMAGES_OAUTHPROXY=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33 IMAGES_CRDVIEWER=gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-rc.2 IMAGES_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 -IMAGESV2_APISERVER=quay.io/rmartine/apiserver:v2 -IMAGESV2_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:main -IMAGESV2_PERSISTENTAGENT=quay.io/rmartine/persistenceagent-dev:6b8723529 -IMAGESV2_SCHEDULEDWORKFLOW=quay.io/rmartine/swf-dev:6b8723529 -IMAGESV2_MLMDENVOY=gcr.io/ml-pipeline/metadata-envoy:2.0.0-rc.2 -IMAGESV2_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 -IMAGESV2_MLMDWRITER=gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 -IMAGESV2_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 -IMAGESV2_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 -IMAGESV2_WORKFLOWCONTROLLER=gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance +IMAGESV2_ARGO_APISERVER=gcr.io/ml-pipeline/api-server:2.0.2 +IMAGESV2_ARGO_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:main +IMAGESV2_ARGO_PERSISTENTAGENT=gcr.io/ml-pipeline/persistenceagent:2.0.2 +IMAGESV2_ARGO_SCHEDULEDWORKFLOW=gcr.io/ml-pipeline/scheduledworkflow:2.0.2 +IMAGESV2_ARGO_MLMDENVOY=gcr.io/ml-pipeline/metadata-envoy:2.0.2 +IMAGESV2_ARGO_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.14.0 +IMAGESV2_ARGO_MLMDWRITER=gcr.io/ml-pipeline/metadata-writer:2.0.2 +IMAGESV2_ARGO_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 +IMAGESV2_ARGO_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 +IMAGESV2_ARGO_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.2 +IMAGESV2_ARGO_WORKFLOWCONTROLLER=gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance +IMAGESV2_TEKTON_APISERVER=quay.io/rmartine/apiserver:v2 +IMAGESV2_TEKTON_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:main +IMAGESV2_TEKTON_PERSISTENTAGENT=quay.io/rmartine/persistenceagent-dev:6b8723529 +IMAGESV2_TEKTON_SCHEDULEDWORKFLOW=quay.io/rmartine/swf-dev:6b8723529 +IMAGESV2_TEKTON_MLMDENVOY=gcr.io/ml-pipeline/metadata-envoy:2.0.0-rc.2 +IMAGESV2_TEKTON_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 +IMAGESV2_TEKTON_MLMDWRITER=gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 +IMAGESV2_TEKTON_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 +IMAGESV2_TEKTON_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 +IMAGESV2_TEKTON_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 ZAP_LOG_LEVEL=info MAX_CONCURRENT_RECONCILES=10 DSPO_HEALTHCHECK_DATABASE_CONNECTIONTIMEOUT=15s diff --git a/config/configmaps/files/config.yaml b/config/configmaps/files/config.yaml index 230bc0c0d..dc5d0ef6f 100644 --- a/config/configmaps/files/config.yaml +++ b/config/configmaps/files/config.yaml @@ -13,16 +13,32 @@ Images: CRDViewer: $(IMAGES_CRDVIEWER) VisualizationServer: $(IMAGES_VISUALIZATIONSERVER) ImagesV2: - ApiServer: $(IMAGESV2_APISERVER) - Artifact: $(IMAGESV2_ARTIFACT) - Cache: $(IMAGESV2_CACHE) - MoveResultsImage: $(IMAGESV2_MOVERESULTSIMAGE) - PersistentAgent: $(IMAGESV2_PERSISTENTAGENT) - ScheduledWorkflow: $(IMAGESV2_SCHEDULEDWORKFLOW) - MlmdEnvoy: $(IMAGESV2_MLMDENVOY) - MlmdGRPC: $(IMAGESV2_MLMDGRPC) - MlmdWriter: $(IMAGESV2_MLMDWRITER) - WorkflowController: $(IMAGESV2_WORKFLOWCONTROLLER) + Argo: + ApiServer: $(IMAGESV2_ARGO_APISERVER) + Artifact: $(IMAGESV2_ARGO_ARTIFACT) + Cache: $(IMAGESV2_ARGO_CACHE) + MoveResultsImage: $(IMAGESV2_ARGO_MOVERESULTSIMAGE) + PersistentAgent: $(IMAGESV2_ARGO_PERSISTENTAGENT) + ScheduledWorkflow: $(IMAGESV2_ARGO_SCHEDULEDWORKFLOW) + MlmdEnvoy: $(IMAGESV2_ARGO_MLMDENVOY) + MlmdGRPC: $(IMAGESV2_ARGO_MLMDGRPC) + MlmdWriter: $(IMAGESV2_ARGO_MLMDWRITER) + VisualizationServer: $(IMAGES_ARGO_VISUALIZATIONSERVER) + WorkflowController: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) + Tekton: + ApiServer: $(IMAGESV2_TEKTON_APISERVER) + Artifact: $(IMAGESV2_TEKTON_ARTIFACT) + Cache: $(IMAGESV2_TEKTON_CACHE) + MoveResultsImage: $(IMAGESV2_TEKTON_MOVERESULTSIMAGE) + PersistentAgent: $(IMAGESV2_TEKTON_PERSISTENTAGENT) + ScheduledWorkflow: $(IMAGESV2_TEKTON_SCHEDULEDWORKFLOW) + MlmdEnvoy: $(IMAGESV2_TEKTON_MLMDENVOY) + MlmdGRPC: $(IMAGESV2_TEKTON_MLMDGRPC) + MlmdWriter: $(IMAGESV2_TEKTON_MLMDWRITER) + VisualizationServer: $(IMAGES_TEKTON_VISUALIZATIONSERVER) + # WorkflowController is an argo-only component + # Using argo image here only for fault tolerance, but should handle this in code. + WorkflowController: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) DSPO: HealthCheck: Database: diff --git a/config/internal/visualizationserver/deployment.yaml.tmpl b/config/internal/visualizationserver/deployment.yaml.tmpl index 26abdeedc..46524439b 100644 --- a/config/internal/visualizationserver/deployment.yaml.tmpl +++ b/config/internal/visualizationserver/deployment.yaml.tmpl @@ -23,7 +23,7 @@ spec: dspa: {{.Name}} spec: containers: - - image: gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 + - image: gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 # TODO imagePullPolicy: IfNotPresent livenessProbe: exec: diff --git a/config/internal/workflow-controller/deployment.yaml.tmpl b/config/internal/workflow-controller/deployment.yaml.tmpl index b921e46ac..1ae3a1c7f 100644 --- a/config/internal/workflow-controller/deployment.yaml.tmpl +++ b/config/internal/workflow-controller/deployment.yaml.tmpl @@ -38,7 +38,7 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.name - image: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance + image: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance # TODO livenessProbe: failureThreshold: 3 httpGet: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index cfa8273e8..7e2dcca65 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -62,26 +62,50 @@ spec: value: $(IMAGES_CRDVIEWER) - name: IMAGES_VISUALIZATIONSERVER value: $(IMAGES_VISUALIZATIONSERVER) - - name: IMAGESV2_APISERVER - value: $(IMAGESV2_APISERVER) - - name: IMAGESV2_ARTIFACT - value: $(IMAGESV2_ARTIFACT) - - name: IMAGESV2_PERSISTENTAGENT - value: $(IMAGESV2_PERSISTENTAGENT) - - name: IMAGESV2_SCHEDULEDWORKFLOW - value: $(IMAGESV2_SCHEDULEDWORKFLOW) - - name: IMAGESV2_CACHE - value: $(IMAGESV2_CACHE) - - name: IMAGESV2_MOVERESULTSIMAGE - value: $(IMAGESV2_MOVERESULTSIMAGE) - - name: IMAGESV2_MLMDENVOY - value: $(IMAGESV2_MLMDENVOY) - - name: IMAGESV2_MLMDGRPC - value: $(IMAGESV2_MLMDGRPC) - - name: IMAGESV2_MLMDWRITER - value: $(IMAGESV2_MLMDWRITER) - - name: IMAGESV2_WORKFLOWCONTROLLER - value: $(IMAGESV2_WORKFLOWCONTROLLER) + - name: IMAGESV2_ARGO_APISERVER + value: $(IMAGESV2_ARGO_APISERVER) + - name: IMAGESV2_ARGO_ARTIFACT + value: $(IMAGESV2_ARGO_ARTIFACT) + - name: IMAGESV2_ARGO_PERSISTENTAGENT + value: $(IMAGESV2_ARGO_PERSISTENTAGENT) + - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW + value: $(IMAGESV2_ARGO_SCHEDULEDWORKFLOW) + - name: IMAGESV2_ARGO_CACHE + value: $(IMAGESV2_ARGO_CACHE) + - name: IMAGESV2_ARGO_MOVERESULTSIMAGE + value: $(IMAGESV2_ARGO_MOVERESULTSIMAGE) + - name: IMAGESV2_ARGO_MLMDENVOY + value: $(IMAGESV2_ARGO_MLMDENVOY) + - name: IMAGESV2_ARGO_MLMDGRPC + value: $(IMAGESV2_ARGO_MLMDGRPC) + - name: IMAGESV2_ARGO_MLMDWRITER + value: $(IMAGESV2_ARGO_MLMDWRITER) + - name: IMAGESV2_ARGO_VISUALIZATIONSERVER + value: $(IMAGESV2_ARGO_VISUALIZATIONSERVER) + - name: IMAGESV2_ARGO_WORKFLOWCONTROLLER + value: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) + - name: IMAGESV2_TEKTON_APISERVER + value: $(IMAGESV2_TEKTON_APISERVER) + - name: IMAGESV2_TEKTON_ARTIFACT + value: $(IMAGESV2_TEKTON_ARTIFACT) + - name: IMAGESV2_TEKTON_PERSISTENTAGENT + value: $(IMAGESV2_TEKTON_PERSISTENTAGENT) + - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW + value: $(IMAGESV2_TEKTON_SCHEDULEDWORKFLOW) + - name: IMAGESV2_TEKTON_CACHE + value: $(IMAGESV2_TEKTON_CACHE) + - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE + value: $(IMAGESV2_TEKTON_MOVERESULTSIMAGE) + - name: IMAGESV2_TEKTON_MLMDENVOY + value: $(IMAGESV2_TEKTON_MLMDENVOY) + - name: IMAGESV2_TEKTON_MLMDGRPC + value: $(IMAGESV2_TEKTON_MLMDGRPC) + - name: IMAGESV2_TEKTON_MLMDWRITER + value: $(IMAGESV2_TEKTON_MLMDWRITER) + - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER + value: $(IMAGESV2_TEKTON_VISUALIZATIONSERVER) + - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER + value: $(IMAGESV2_TEKTON_WORKFLOWCONTROLLER) - name: ZAP_LOG_LEVEL value: $(ZAP_LOG_LEVEL) - name: MAX_CONCURRENT_RECONCILES diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go index 6d6f0d827..5c5bf238b 100644 --- a/controllers/config/defaults.go +++ b/controllers/config/defaults.go @@ -76,17 +76,30 @@ const ( RequeueTimeConfigName = "DSPO.RequeueTime" ) -// DSPV2 Image Paths +// DSPV2-Argo Image Paths const ( - APIServerImagePathV2 = "ImagesV2.ApiServer" - APIServerArtifactImagePathV2 = "ImagesV2.Artifact" - APIServerCacheImagePathV2 = "ImagesV2.Cache" - APIServerMoveResultsImagePathV2 = "ImagesV2.MoveResultsImage" - PersistenceAgentImagePathV2 = "ImagesV2.PersistentAgent" - ScheduledWorkflowImagePathV2 = "ImagesV2.ScheduledWorkflow" - MlmdEnvoyImagePathV2 = "ImagesV2.MlmdEnvoy" - MlmdGRPCImagePathV2 = "ImagesV2.MlmdGRPC" - MlmdWriterImagePathV2 = "ImagesV2.MlmdWriter" + APIServerImagePathV2Argo = "ImagesV2.Argo.ApiServer" + APIServerArtifactImagePathV2Argo = "ImagesV2.Argo.Artifact" + APIServerCacheImagePathV2Argo = "ImagesV2.Argo.Cache" + APIServerMoveResultsImagePathV2Argo = "ImagesV2.Argo.MoveResultsImage" + PersistenceAgentImagePathV2Argo = "ImagesV2.Argo.PersistentAgent" + ScheduledWorkflowImagePathV2Argo = "ImagesV2.Argo.ScheduledWorkflow" + MlmdEnvoyImagePathV2Argo = "ImagesV2.Argo.MlmdEnvoy" + MlmdGRPCImagePathV2Argo = "ImagesV2.Argo.MlmdGRPC" + MlmdWriterImagePathV2Argo = "ImagesV2.Argo.MlmdWriter" +) + +// DSPV2-Tekton Image Paths +const ( + APIServerImagePathV2Tekton = "ImagesV2.Tekton.ApiServer" + APIServerArtifactImagePathV2Tekton = "ImagesV2.Tekton.Artifact" + APIServerCacheImagePathV2Tekton = "ImagesV2.Tekton.Cache" + APIServerMoveResultsImagePathV2Tekton = "ImagesV2.Tekton.MoveResultsImage" + PersistenceAgentImagePathV2Tekton = "ImagesV2.Tekton.PersistentAgent" + ScheduledWorkflowImagePathV2Tekton = "ImagesV2.Tekton.ScheduledWorkflow" + MlmdEnvoyImagePathV2Tekton = "ImagesV2.Tekton.MlmdEnvoy" + MlmdGRPCImagePathV2Tekton = "ImagesV2.Tekton.MlmdGRPC" + MlmdWriterImagePathV2Tekton = "ImagesV2.Tekton.MlmdWriter" ) // DSPA Status Condition Types diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 15f8a8685..366641299 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -368,9 +368,9 @@ func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelin MlmdGRPCImagePath := config.MlmdGRPCImagePath MlmdWriterImagePath := config.MlmdWriterImagePath if p.UsingV2Pipelines(dsp) { - MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2 - MlmdGRPCImagePath = config.MlmdGRPCImagePathV2 - MlmdWriterImagePath = config.MlmdWriterImagePathV2 + MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Tekton + MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Tekton + MlmdWriterImagePath = config.MlmdWriterImagePathV2Tekton } if p.MLMD.Envoy == nil { p.MLMD.Envoy = &dspa.Envoy{ @@ -445,10 +445,10 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip APIServerCacheImagePath := config.APIServerCacheImagePath APIServerMoveResultsImagePath := config.APIServerMoveResultsImagePath if pipelinesV2Images { - APIServerImagePath = config.APIServerImagePathV2 - APIServerArtifactImagePath = config.APIServerArtifactImagePathV2 - APIServerCacheImagePath = config.APIServerCacheImagePathV2 - APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2 + APIServerImagePath = config.APIServerImagePathV2Tekton + APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Tekton + APIServerCacheImagePath = config.APIServerCacheImagePathV2Tekton + APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Tekton } serverImageFromConfig := config.GetStringConfigWithDefault(APIServerImagePath, config.DefaultImageValue) @@ -486,7 +486,7 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip if p.PersistenceAgent != nil { PersistenceAgentImagePath := config.PersistenceAgentImagePath if pipelinesV2Images { - PersistenceAgentImagePath = config.PersistenceAgentImagePathV2 + PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Tekton } persistenceAgentImageFromConfig := config.GetStringConfigWithDefault(PersistenceAgentImagePath, config.DefaultImageValue) setStringDefault(persistenceAgentImageFromConfig, &p.PersistenceAgent.Image) @@ -495,7 +495,7 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip if p.ScheduledWorkflow != nil { ScheduledWorkflowImagePath := config.ScheduledWorkflowImagePath if pipelinesV2Images { - ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2 + ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Tekton } scheduledWorkflowImageFromConfig := config.GetStringConfigWithDefault(ScheduledWorkflowImagePath, config.DefaultImageValue) setStringDefault(scheduledWorkflowImageFromConfig, &p.ScheduledWorkflow.Image) @@ -510,6 +510,8 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip setResourcesDefault(config.MlPipelineUIResourceRequirements, &p.MlPipelineUI.Resources) } + // TODO (gfrasca): believe we need to set default VisualizationServer and WorkflowController Images here + err := p.SetupMLMD(ctx, dsp, client, log) if err != nil { return err diff --git a/kfdef/kfdef.yaml b/kfdef/kfdef.yaml index 22157c3b9..289afee13 100644 --- a/kfdef/kfdef.yaml +++ b/kfdef/kfdef.yaml @@ -34,24 +34,52 @@ spec: value: gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-rc.2 - name: IMAGES_VISUALIZATIONSERVER value: gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 - - name: IMAGESV2_APISERVER + - name: IMAGESV2_ARGO_APISERVER + value: gcr.io/ml-pipeline/api-server:2.0.2 + - name: IMAGESV2_ARGO_ARTIFACT + value: quay.io/opendatahub/ds-pipelines-artifact-manager:main + - name: IMAGESV2_ARGO_PERSISTENTAGENT + value: gcr.io/ml-pipeline/persistenceagent:2.0.2 + - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW + value: gcr.io/ml-pipeline/scheduledworkflow:2.0.2 + - name: IMAGESV2_ARGO_CACHE + value: registry.access.redhat.com/ubi8/ubi-minimal:8.7 + - name: IMAGESV2_ARGO_CRDVIEWER + value: gcr.io/ml-pipeline/viewer-crd-controller:2.0.2 + - name: IMAGESV2_ARGO_MOVERESULTSIMAGE + value: registry.access.redhat.com/ubi8/ubi-micro:8.7 + - name: IMAGESV2_ARGO_MLMDENVOY + value: gcr.io/ml-pipeline/metadata-envoy:2.0.2 + - name: IMAGESV2_ARGO_MLMDGRPC + value: gcr.io/tfx-oss-public/ml_metadata_store_server:1.14.0 + - name: IMAGESV2_ARGO_MLMDWRITER + value: gcr.io/ml-pipeline/metadata-writer:2.0.2 + - name: IMAGESV2_ARGO_VISUALIZATIONSERVER + value: gcr.io/ml-pipeline/visualization-server:2.0.2 + - name: IMAGESV2_ARGO_WORKFLOWCONTROLLER + value: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance + - name: IMAGESV2_TEKTON_APISERVER value: quay.io/rmartine/apiserver:v2 - - name: IMAGESV2_ARTIFACT + - name: IMAGESV2_TEKTON_ARTIFACT value: quay.io/opendatahub/ds-pipelines-artifact-manager:main - - name: IMAGESV2_PERSISTENTAGENT + - name: IMAGESV2_TEKTON_PERSISTENTAGENT value: quay.io/rmartine/persistenceagent-dev:6b8723529 - - name: IMAGESV2_SCHEDULEDWORKFLOW + - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW value: quay.io/rmartine/swf-dev:6b8723529 - - name: IMAGESV2_CACHE + - name: IMAGESV2_TEKTON_CACHE value: registry.access.redhat.com/ubi8/ubi-minimal:8.7 - - name: IMAGESV2_MOVERESULTSIMAGE + - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE value: registry.access.redhat.com/ubi8/ubi-micro:8.7 - - name: IMAGESV2_MLMDENVOY + - name: IMAGESV2_TEKTON_MLMDENVOY value: gcr.io/ml-pipeline/metadata-envoy:2.0.0-rc.2 - - name: IMAGESV2_MLMDGRPC + - name: IMAGESV2_TEKTON_MLMDGRPC value: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 - - name: IMAGESV2_MLMDWRITER + - name: IMAGESV2_TEKTON_MLMDWRITER value: gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 + - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER + value: gcr.io/ml-pipeline/visualization-server:2.0.2 + - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER + value: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance repoRef: name: manifests From 5d37266dd564c6ca58d63703450616302108a0ef Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 16:07:37 -0400 Subject: [PATCH 06/20] Update Images based on EngineDriver specified in DSPA --- controllers/dspipeline_params.go | 55 ++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 9 deletions(-) diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 366641299..fa8511e0e 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -87,6 +87,14 @@ func (p *DSPAParams) UsingV2Pipelines(dsp *dspa.DataSciencePipelinesApplication) return dsp.Spec.DSPVersion == "v2" } +func (p *DSPAParams) UsingArgoEngineDriver(dsp *dspa.DataSciencePipelinesApplication) bool { + return dsp.Spec.EngineDriver == "argo" +} + +func (p *DSPAParams) UsingTektonEngineDriver(dsp *dspa.DataSciencePipelinesApplication) bool { + return dsp.Spec.DSPVersion == "tekton" +} + // UsingExternalDB will return true if an external Database is specified in the CR, otherwise false. func (p *DSPAParams) UsingExternalDB(dsp *dspa.DataSciencePipelinesApplication) bool { if dsp.Spec.Database != nil && dsp.Spec.Database.ExternalDB != nil { @@ -368,9 +376,17 @@ func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelin MlmdGRPCImagePath := config.MlmdGRPCImagePath MlmdWriterImagePath := config.MlmdWriterImagePath if p.UsingV2Pipelines(dsp) { - MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Tekton - MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Tekton - MlmdWriterImagePath = config.MlmdWriterImagePathV2Tekton + if p.UsingArgoEngineDriver(dsp) { + MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Argo + MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Argo + MlmdWriterImagePath = config.MlmdWriterImagePathV2Argo + } else if p.UsingTektonEngineDriver(dsp) { + MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Tekton + MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Tekton + MlmdWriterImagePath = config.MlmdWriterImagePathV2Tekton + } else { + return fmt.Errorf(fmt.Sprintf("Illegal Engine Driver (%s) specified, cannot continue.", dsp.Spec.EngineDriver)) + } } if p.MLMD.Envoy == nil { p.MLMD.Envoy = &dspa.Envoy{ @@ -438,6 +454,11 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip p.PiplinesCABundleMountPath = config.PiplinesCABundleMountPath pipelinesV2Images := p.UsingV2Pipelines(dsp) + usingArgoEngine := p.UsingArgoEngineDriver(dsp) + usingTektonEngine := p.UsingTektonEngineDriver(dsp) + // if !usingArgoEngine && !usingTektonEngine { + // return fmt.Errorf(fmt.Sprintf("Illegal Engine Driver (%s) specified, cannot continue.", dsp.Spec.EngineDriver)) + // } if p.APIServer != nil { APIServerImagePath := config.APIServerImagePath @@ -445,10 +466,17 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip APIServerCacheImagePath := config.APIServerCacheImagePath APIServerMoveResultsImagePath := config.APIServerMoveResultsImagePath if pipelinesV2Images { - APIServerImagePath = config.APIServerImagePathV2Tekton - APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Tekton - APIServerCacheImagePath = config.APIServerCacheImagePathV2Tekton - APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Tekton + if usingArgoEngine { + APIServerImagePath = config.APIServerImagePathV2Argo + APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Argo + APIServerCacheImagePath = config.APIServerCacheImagePathV2Argo + APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Argo + } else if usingTektonEngine { + APIServerImagePath = config.APIServerImagePathV2Tekton + APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Tekton + APIServerCacheImagePath = config.APIServerCacheImagePathV2Tekton + APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Tekton + } } serverImageFromConfig := config.GetStringConfigWithDefault(APIServerImagePath, config.DefaultImageValue) @@ -486,7 +514,11 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip if p.PersistenceAgent != nil { PersistenceAgentImagePath := config.PersistenceAgentImagePath if pipelinesV2Images { - PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Tekton + if usingArgoEngine { + PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Argo + } else if usingTektonEngine { + PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Tekton + } } persistenceAgentImageFromConfig := config.GetStringConfigWithDefault(PersistenceAgentImagePath, config.DefaultImageValue) setStringDefault(persistenceAgentImageFromConfig, &p.PersistenceAgent.Image) @@ -495,7 +527,12 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip if p.ScheduledWorkflow != nil { ScheduledWorkflowImagePath := config.ScheduledWorkflowImagePath if pipelinesV2Images { - ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Tekton + if usingArgoEngine { + ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Argo + + } else if usingTektonEngine { + ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Tekton + } } scheduledWorkflowImageFromConfig := config.GetStringConfigWithDefault(ScheduledWorkflowImagePath, config.DefaultImageValue) setStringDefault(scheduledWorkflowImageFromConfig, &p.ScheduledWorkflow.Image) From 5bc68fdade357bc62375b793169956c8d6165727 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 16:20:43 -0400 Subject: [PATCH 07/20] Handle dynamically deploying NetworkPolicy based on EngineDriver --- .../common/{default => argo}/policy.yaml.tmpl | 0 .../internal/common/tekton/policy.yaml.tmpl | 81 +++++++++++++++++++ controllers/common.go | 12 +++ controllers/common_test.go | 1 + controllers/dspipeline_params.go | 4 +- 5 files changed, 95 insertions(+), 3 deletions(-) rename config/internal/common/{default => argo}/policy.yaml.tmpl (100%) create mode 100644 config/internal/common/tekton/policy.yaml.tmpl diff --git a/config/internal/common/default/policy.yaml.tmpl b/config/internal/common/argo/policy.yaml.tmpl similarity index 100% rename from config/internal/common/default/policy.yaml.tmpl rename to config/internal/common/argo/policy.yaml.tmpl diff --git a/config/internal/common/tekton/policy.yaml.tmpl b/config/internal/common/tekton/policy.yaml.tmpl new file mode 100644 index 000000000..892868cba --- /dev/null +++ b/config/internal/common/tekton/policy.yaml.tmpl @@ -0,0 +1,81 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: ds-pipelines-{{.Name}} + namespace: {{.Namespace}} +spec: + podSelector: + matchLabels: + app: ds-pipeline-{{.Name}} + component: data-science-pipelines + policyTypes: + - Ingress + ingress: + # Match all sources for oauth endpoint + - ports: + - protocol: TCP + port: 8443 + # We only allow DSPA components to communicate + # by bypassing oauth proxy, all external + # traffic should go through oauth proxy + - from: + - namespaceSelector: + matchLabels: + name: openshift-user-workload-monitoring + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: redhat-ods-monitoring + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: openshift-pipelines + - podSelector: + matchLabels: + app.kubernetes.io/managed-by: tekton-pipelines + pipelines.kubeflow.org/v2_component: 'true' + - podSelector: + matchLabels: + app: mariadb-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: minio-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-ui-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-persistenceagent-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-scheduledworkflow-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-metadata-envoy-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-metadata-grpc-{{.Name}} + component: data-science-pipelines + - podSelector: + matchLabels: + app: ds-pipeline-metadata-writer-{{.Name}} + component: data-science-pipelines + ports: + - protocol: TCP + port: 8888 + - protocol: TCP + port: 8887 + - ports: + - protocol: TCP + port: 8080 + from: + - podSelector: + matchLabels: + app.kubernetes.io/name: data-science-pipelines-operator-driver + namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: openshift-pipelines diff --git a/controllers/common.go b/controllers/common.go index b68787b6f..fa55f2c00 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -20,6 +20,8 @@ import ( ) var commonTemplatesDir = "common/default" +var argoOnlyCommonTemplatesDir = "common/argo" +var tektonOnlyCommonTemplatesDir = "common/argo" const commonCusterRolebindingTemplate = "common/no-owner/clusterrolebinding.yaml.tmpl" @@ -32,6 +34,16 @@ func (r *DSPAReconciler) ReconcileCommon(dsp *dspav1alpha1.DataSciencePipelinesA return err } + log.Info("Applying Engine-Specific Common Resources") + if params.UsingArgoEngineDriver(dsp) { + err = r.ApplyDir(dsp, params, argoOnlyCommonTemplatesDir) + } else if params.UsingTektonEngineDriver(dsp) { + err = r.ApplyDir(dsp, params, tektonOnlyCommonTemplatesDir) + } + if err != nil { + return err + } + err = r.ApplyWithoutOwner(params, commonCusterRolebindingTemplate) if err != nil { return err diff --git a/controllers/common_test.go b/controllers/common_test.go index c0b411668..f9e2b3273 100644 --- a/controllers/common_test.go +++ b/controllers/common_test.go @@ -34,6 +34,7 @@ func TestDeployCommonPolicies(t *testing.T) { // Construct Basic DSPA Spec dspa := &dspav1alpha1.DataSciencePipelinesApplication{ Spec: dspav1alpha1.DSPASpec{ + EngineDriver: "tekton", Database: &dspav1alpha1.Database{ DisableHealthCheck: false, MariaDB: &dspav1alpha1.MariaDB{ diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index fa8511e0e..f06e1cfec 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -92,7 +92,7 @@ func (p *DSPAParams) UsingArgoEngineDriver(dsp *dspa.DataSciencePipelinesApplica } func (p *DSPAParams) UsingTektonEngineDriver(dsp *dspa.DataSciencePipelinesApplication) bool { - return dsp.Spec.DSPVersion == "tekton" + return dsp.Spec.EngineDriver == "tekton" } // UsingExternalDB will return true if an external Database is specified in the CR, otherwise false. @@ -384,8 +384,6 @@ func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelin MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Tekton MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Tekton MlmdWriterImagePath = config.MlmdWriterImagePathV2Tekton - } else { - return fmt.Errorf(fmt.Sprintf("Illegal Engine Driver (%s) specified, cannot continue.", dsp.Spec.EngineDriver)) } } if p.MLMD.Envoy == nil { From 776e669366af458384882ce120a889e5ee495a7d Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 16:26:44 -0400 Subject: [PATCH 08/20] Engine-Agnostic Manifests: PersistenceAgent --- .../internal/persistence-agent/deployment.yaml.tmpl | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index f4f77d839..b9e6debde 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -34,8 +34,12 @@ spec: value: kubeflow-userid - name: KUBEFLOW_USERID_PREFIX value: "" - #- name: EXECUTIONTYPE - # value: PipelineRun + - name: EXECUTIONTYPE + {{ if (eq .EngineDriver "tekton") }} + value: PipelineRun + {{ else }} + value: Workflow + {{ end }} image: "{{.PersistenceAgent.Image}}" imagePullPolicy: IfNotPresent name: ds-pipeline-persistenceagent @@ -85,12 +89,14 @@ spec: memory: {{.PersistenceAgent.Resources.Limits.Memory}} {{ end }} {{ end }} + {{ if (eq .EngineDriver "argo") }} volumeMounts: - mountPath: /var/run/secrets/kubeflow/tokens/persistenceagent-sa-token name: persistenceagent-sa-token subPath: ds-pipeline-persistenceagent-{{.Name}}-token - + {{ end }} serviceAccountName: ds-pipeline-persistenceagent-{{.Name}} + {{ if (eq .EngineDriver "argo") }} volumes: - name: persistenceagent-sa-token projected: @@ -99,3 +105,4 @@ spec: audience: pipelines.kubeflow.org expirationSeconds: 3600 path: ds-pipeline-persistenceagent-{{.Name}}-token + {{ end }} \ No newline at end of file From ae80f250fb4d336eba7dae2e2a1a772930a39a9c Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 1 Nov 2023 16:41:30 -0400 Subject: [PATCH 09/20] Engine-Agnostic Manifests: APIServer --- .../apiserver/default/deployment.yaml.tmpl | 97 +++++++++++++------ .../persistence-agent/deployment.yaml.tmpl | 6 +- controllers/common.go | 2 +- controllers/dspipeline_params.go | 3 + 4 files changed, 72 insertions(+), 36 deletions(-) diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index a8a6a8e59..4e5e498ad 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -22,14 +22,8 @@ spec: spec: containers: - env: - - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION - value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" - name: POD_NAMESPACE value: "{{.Namespace}}" - - name: OBJECTSTORECONFIG_SECURE - value: "false" - - name: OBJECTSTORECONFIG_BUCKETNAME - value: "{{.ObjectStorageConnection.Bucket}}" - name: DBCONFIG_USER value: "{{.DBConnection.Username}}" - name: DBCONFIG_PASSWORD @@ -43,6 +37,7 @@ spec: value: "{{.DBConnection.Host}}" - name: DBCONFIG_PORT value: "{{.DBConnection.Port}}" +<<<<<<< HEAD - name: ARTIFACT_BUCKET value: "{{.ObjectStorageConnection.Bucket}}" - name: ARTIFACT_ENDPOINT @@ -82,43 +77,25 @@ spec: value: "{{.APIServer.TerminateStatus}}" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" +======= +>>>>>>> 22b6380 (Engine-Agnostic Manifests: APIServer) - name: DBCONFIG_CONMAXLIFETIMESEC value: "{{.APIServer.DBConfigConMaxLifetimeSec}}" - - name: DB_DRIVER_NAME - value: mysql - - name: DBCONFIG_MYSQLCONFIG_USER - value: "{{.DBConnection.Username}}" - - name: DBCONFIG_MYSQLCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: "{{.DBConnection.CredentialsSecret.Key}}" - name: "{{.DBConnection.CredentialsSecret.Name}}" - - name: DBCONFIG_MYSQLCONFIG_DBNAME - value: "{{.DBConnection.DBName}}" - - name: DBCONFIG_MYSQLCONFIG_HOST - value: "{{.DBConnection.Host}}" - - name: DBCONFIG_MYSQLCONFIG_PORT - value: "{{.DBConnection.Port}}" - - name: OBJECTSTORECONFIG_ACCESSKEY - valueFrom: - secretKeyRef: - key: "{{.ObjectStorageConnection.CredentialsSecret.AccessKey}}" - name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" - - name: OBJECTSTORECONFIG_SECRETACCESSKEY - valueFrom: - secretKeyRef: - key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" - name: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST value: "ds-pipeline-visualizationserver" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT value: "8888" +<<<<<<< HEAD - name: OBJECTSTORECONFIG_CREDENTIALSSECRET value: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" - name: OBJECTSTORECONFIG_CREDENTIALSACCESSKEYKEY value: "{{.ObjectStorageConnection.CredentialsSecret.AccessKey}}" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" +======= + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-{{.Name}}" +>>>>>>> 22b6380 (Engine-Agnostic Manifests: APIServer) - name: OBJECTSTORECONFIG_BUCKETNAME value: "{{.ObjectStorageConnection.Bucket}}" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -141,6 +118,7 @@ spec: value: "{{.APIServer.CacheImage}}" - name: MOVERESULTS_IMAGE value: "{{.APIServer.MoveResultsImage}}" + ## Env Vars to only include if MLMD Deployed ## {{ if .MLMD.Deploy }} - name: METADATA_GRPC_SERVICE_SERVICE_HOST value: "ds-pipeline-metadata-grpc-{{.Name}}.{{.Namespace}}.svc.cluster.local" @@ -150,11 +128,66 @@ spec: {{ end }} {{ end }} - name: ML_PIPELINE_SERVICE_HOST - value: ds-pipeline-{{.Name}}.{{.Namespace}}.svc.cluster.local + value: "ds-pipeline-{{.Name}}.{{.Namespace}}.svc.cluster.local" - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + ## Values change based on Engine Driver ## - name: EXECUTIONTYPE + {{ if (eq .EngineDriver "tekton") }} + value: PipelineRun + {{ else }} value: Workflow + {{ end }} + ## Argo-Specific Env Vars ## + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + value: "{{.ObjectStorageConnection.Bucket}}" + - name: DB_DRIVER_NAME + value: mysql + - name: DBCONFIG_MYSQLCONFIG_USER + value: "{{.DBConnection.Username}}" + - name: DBCONFIG_MYSQLCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: "{{.DBConnection.CredentialsSecret.Key}}" + name: "{{.DBConnection.CredentialsSecret.Name}}" + - name: DBCONFIG_MYSQLCONFIG_DBNAME + value: "{{.DBConnection.DBName}}" + - name: DBCONFIG_MYSQLCONFIG_HOST + value: "{{.DBConnection.Host}}" + - name: DBCONFIG_MYSQLCONFIG_PORT + value: "{{.DBConnection.Port}}" + ## Tekton-Specific Env Vars ## + {{ if (eq .EngineDriver "tekton") }} + - name: ARTIFACT_BUCKET + value: "{{.ObjectStorageConnection.Bucket}}" + - name: ARTIFACT_ENDPOINT + value: "{{.ObjectStorageConnection.Endpoint}}" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "{{ .APIServer.ArtifactScriptConfigMap.Key }}" + name: "{{ .APIServer.ArtifactScriptConfigMap.Name }}" + - name: ARTIFACT_IMAGE + value: "{{.APIServer.ArtifactImage}}" + - name: ARCHIVE_LOGS + value: "{{.APIServer.ArchiveLogs}}" + - name: TRACK_ARTIFACTS + value: "{{.APIServer.TrackArtifacts}}" + - name: STRIP_EOF + value: "{{.APIServer.StripEOF}}" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "{{.APIServer.InjectDefaultScript}}" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "{{.APIServer.ApplyTektonCustomResource}}" + - name: TERMINATE_STATUS + value: "{{.APIServer.TerminateStatus}}" + {{ end }} image: {{.APIServer.Image}} imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index b9e6debde..02d56835b 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -35,7 +35,7 @@ spec: - name: KUBEFLOW_USERID_PREFIX value: "" - name: EXECUTIONTYPE - {{ if (eq .EngineDriver "tekton") }} + {{ if eq .EngineDriver "tekton" }} value: PipelineRun {{ else }} value: Workflow @@ -89,14 +89,14 @@ spec: memory: {{.PersistenceAgent.Resources.Limits.Memory}} {{ end }} {{ end }} - {{ if (eq .EngineDriver "argo") }} + {{ if eq .EngineDriver "argo" }} volumeMounts: - mountPath: /var/run/secrets/kubeflow/tokens/persistenceagent-sa-token name: persistenceagent-sa-token subPath: ds-pipeline-persistenceagent-{{.Name}}-token {{ end }} serviceAccountName: ds-pipeline-persistenceagent-{{.Name}} - {{ if (eq .EngineDriver "argo") }} + {{ if eq .EngineDriver "argo" }} volumes: - name: persistenceagent-sa-token projected: diff --git a/controllers/common.go b/controllers/common.go index fa55f2c00..1e9ea6753 100644 --- a/controllers/common.go +++ b/controllers/common.go @@ -21,7 +21,7 @@ import ( var commonTemplatesDir = "common/default" var argoOnlyCommonTemplatesDir = "common/argo" -var tektonOnlyCommonTemplatesDir = "common/argo" +var tektonOnlyCommonTemplatesDir = "common/tekton" const commonCusterRolebindingTemplate = "common/no-owner/clusterrolebinding.yaml.tmpl" diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index f06e1cfec..2c296e0b5 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -36,10 +36,12 @@ import ( ) type DSPAParams struct { +<<<<<<< HEAD Name string Namespace string Owner mf.Owner DSPVersion string + EngineDriver string APIServer *dspa.APIServer APIServerPiplinesCABundleMountPath string PiplinesCABundleMountPath string @@ -435,6 +437,7 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip p.Name = dsp.Name p.Namespace = dsp.Namespace p.DSPVersion = dsp.Spec.DSPVersion + p.EngineDriver = dsp.Spec.EngineDriver p.Owner = dsp p.APIServer = dsp.Spec.APIServer.DeepCopy() p.APIServerDefaultResourceName = apiServerDefaultResourceNamePrefix + dsp.Name From 85d2e0f37ea39bb2488392600483ad71f4f1548d Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 21 Nov 2023 11:29:11 -0500 Subject: [PATCH 10/20] Remove EngineDriver field --- Makefile | 12 --- api/v1alpha1/dspipeline_types.go | 3 - config/base/kustomization.yaml | 77 ---------------- config/base/params.env | 10 --- .../apiserver/default/deployment.yaml.tmpl | 43 +-------- .../persistence-agent/deployment.yaml.tmpl | 10 +-- config/manager/manager.yaml | 22 ----- .../overlays/make-deploy/kustomization.yaml | 2 +- config/v2/cache/clusterrolebinding.yaml | 12 --- config/v2/cache/kustomization.yaml | 4 - config/v2/cache/serviceaccount.yaml | 10 --- config/v2/driver/clusterrole.yaml | 63 ------------- config/v2/driver/clusterrolebinding.yaml | 17 ---- config/v2/driver/deployment.yaml | 69 --------------- config/v2/driver/kustomization.yaml | 8 -- config/v2/driver/role.yaml | 77 ---------------- config/v2/driver/rolebinding.yaml | 17 ---- config/v2/driver/service.yaml | 24 ----- config/v2/driver/serviceaccount.yaml | 10 --- .../clusterrolebinding.clusteraccess.yaml | 16 ---- .../clusterrolebinding.leaderelection.yaml | 16 ---- .../clusterrolebinding.tenantaccess.yaml | 16 ---- .../v2/exithandler/controller/deployment.yaml | 60 ------------- .../exithandler/controller/kustomization.yaml | 10 --- config/v2/exithandler/controller/role.yaml | 37 -------- .../exithandler/controller/rolebinding.yaml | 16 ---- .../controller/serviceaccount.yaml | 10 --- config/v2/exithandler/crd.yaml | 29 ------ config/v2/exithandler/kustomization.yaml | 5 -- .../webhook/clusterrole.clusteraccess.yaml | 88 ------------------- .../clusterrolebinding.clusteraccess.yaml | 16 ---- config/v2/exithandler/webhook/deployment.yaml | 71 --------------- .../webhook/mutatingwebhookconfig.yaml | 19 ---- config/v2/exithandler/webhook/role.yaml | 53 ----------- .../v2/exithandler/webhook/rolebinding.yaml | 16 ---- config/v2/exithandler/webhook/service.yaml | 30 ------- .../exithandler/webhook/serviceaccount.yaml | 10 --- .../webhook/validatingwebhookconfig.yaml | 19 ---- .../controller/clusterrole.clusteraccess.yaml | 66 -------------- .../controller/clusterrole.tenantaccess.yaml | 21 ----- .../clusterrolebinding.clusteraccess.yaml | 16 ---- .../clusterrolebinding.leaderelection.yaml | 16 ---- .../clusterrolebinding.tenantaccess.yaml | 16 ---- config/v2/kfptask/controller/deployment.yaml | 60 ------------- .../v2/kfptask/controller/kustomization.yaml | 10 --- config/v2/kfptask/controller/role.yaml | 38 -------- config/v2/kfptask/controller/rolebinding.yaml | 17 ---- .../v2/kfptask/controller/serviceaccount.yaml | 10 --- config/v2/kfptask/crd.yaml | 29 ------ config/v2/kfptask/kustomization.yaml | 5 -- .../clusterrolebinding.clusteraccess.yaml | 16 ---- .../clusterrolebinding.leaderelection.yaml | 16 ---- config/v2/kfptask/webhook/deployment.yaml | 71 --------------- .../webhook/mutatingwebhookconfig.yaml | 19 ---- config/v2/kfptask/webhook/role.yaml | 53 ----------- config/v2/kfptask/webhook/rolebinding.yaml | 16 ---- config/v2/kfptask/webhook/service.yaml | 30 ------- config/v2/kfptask/webhook/serviceaccount.yaml | 10 --- .../webhook/validatingwebhookconfig.yaml | 19 ---- config/v2/kustomization.yaml | 12 --- .../controller/clusterrole.clusteraccess.yaml | 66 -------------- .../clusterrolebinding.clusteraccess.yaml | 16 ---- .../clusterrolebinding.leaderelection.yaml | 16 ---- .../clusterrolebinding.tenantaccess.yaml | 16 ---- .../pipelineloop/controller/deployment.yaml | 60 ------------- .../controller/kustomization.yaml | 10 --- config/v2/pipelineloop/controller/role.yaml | 36 -------- .../pipelineloop/controller/rolebinding.yaml | 16 ---- .../controller/serviceaccount.yaml | 10 --- config/v2/pipelineloop/crd.yaml | 29 ------ config/v2/pipelineloop/kustomization.yaml | 5 -- .../webhook/clusterrole.clusteraccess.yaml | 88 ------------------- .../clusterrolebinding.clusteraccess.yaml | 16 ---- .../clusterrolebinding.leaderelection.yaml | 16 ---- .../v2/pipelineloop/webhook/deployment.yaml | 71 --------------- .../pipelineloop/webhook/kustomization.yaml | 11 --- .../webhook/mutatingwebhookconfig.yaml | 19 ---- config/v2/pipelineloop/webhook/role.yaml | 52 ----------- .../v2/pipelineloop/webhook/rolebinding.yaml | 16 ---- config/v2/pipelineloop/webhook/service.yaml | 30 ------- .../pipelineloop/webhook/serviceaccount.yaml | 10 --- .../webhook/validatingwebhookconfig.yaml | 19 ---- config/v2/tektoncrds/crd.yaml | 28 ------ config/v2/tektoncrds/kustomization.yaml | 2 - controllers/common_test.go | 1 - controllers/dspipeline_params.go | 11 +-- kfdef/kfdef.yaml | 23 ----- 87 files changed, 13 insertions(+), 2273 deletions(-) delete mode 100644 config/v2/cache/clusterrolebinding.yaml delete mode 100644 config/v2/cache/kustomization.yaml delete mode 100644 config/v2/cache/serviceaccount.yaml delete mode 100644 config/v2/driver/clusterrole.yaml delete mode 100644 config/v2/driver/clusterrolebinding.yaml delete mode 100644 config/v2/driver/deployment.yaml delete mode 100644 config/v2/driver/kustomization.yaml delete mode 100644 config/v2/driver/role.yaml delete mode 100644 config/v2/driver/rolebinding.yaml delete mode 100644 config/v2/driver/service.yaml delete mode 100644 config/v2/driver/serviceaccount.yaml delete mode 100644 config/v2/exithandler/controller/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/exithandler/controller/clusterrolebinding.leaderelection.yaml delete mode 100644 config/v2/exithandler/controller/clusterrolebinding.tenantaccess.yaml delete mode 100644 config/v2/exithandler/controller/deployment.yaml delete mode 100644 config/v2/exithandler/controller/kustomization.yaml delete mode 100644 config/v2/exithandler/controller/role.yaml delete mode 100644 config/v2/exithandler/controller/rolebinding.yaml delete mode 100644 config/v2/exithandler/controller/serviceaccount.yaml delete mode 100644 config/v2/exithandler/crd.yaml delete mode 100644 config/v2/exithandler/kustomization.yaml delete mode 100644 config/v2/exithandler/webhook/clusterrole.clusteraccess.yaml delete mode 100644 config/v2/exithandler/webhook/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/exithandler/webhook/deployment.yaml delete mode 100644 config/v2/exithandler/webhook/mutatingwebhookconfig.yaml delete mode 100644 config/v2/exithandler/webhook/role.yaml delete mode 100644 config/v2/exithandler/webhook/rolebinding.yaml delete mode 100644 config/v2/exithandler/webhook/service.yaml delete mode 100644 config/v2/exithandler/webhook/serviceaccount.yaml delete mode 100644 config/v2/exithandler/webhook/validatingwebhookconfig.yaml delete mode 100644 config/v2/kfptask/controller/clusterrole.clusteraccess.yaml delete mode 100644 config/v2/kfptask/controller/clusterrole.tenantaccess.yaml delete mode 100644 config/v2/kfptask/controller/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/kfptask/controller/clusterrolebinding.leaderelection.yaml delete mode 100644 config/v2/kfptask/controller/clusterrolebinding.tenantaccess.yaml delete mode 100644 config/v2/kfptask/controller/deployment.yaml delete mode 100644 config/v2/kfptask/controller/kustomization.yaml delete mode 100644 config/v2/kfptask/controller/role.yaml delete mode 100644 config/v2/kfptask/controller/rolebinding.yaml delete mode 100644 config/v2/kfptask/controller/serviceaccount.yaml delete mode 100644 config/v2/kfptask/crd.yaml delete mode 100644 config/v2/kfptask/kustomization.yaml delete mode 100644 config/v2/kfptask/webhook/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/kfptask/webhook/clusterrolebinding.leaderelection.yaml delete mode 100644 config/v2/kfptask/webhook/deployment.yaml delete mode 100644 config/v2/kfptask/webhook/mutatingwebhookconfig.yaml delete mode 100644 config/v2/kfptask/webhook/role.yaml delete mode 100644 config/v2/kfptask/webhook/rolebinding.yaml delete mode 100644 config/v2/kfptask/webhook/service.yaml delete mode 100644 config/v2/kfptask/webhook/serviceaccount.yaml delete mode 100644 config/v2/kfptask/webhook/validatingwebhookconfig.yaml delete mode 100644 config/v2/kustomization.yaml delete mode 100644 config/v2/pipelineloop/controller/clusterrole.clusteraccess.yaml delete mode 100644 config/v2/pipelineloop/controller/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/pipelineloop/controller/clusterrolebinding.leaderelection.yaml delete mode 100644 config/v2/pipelineloop/controller/clusterrolebinding.tenantaccess.yaml delete mode 100644 config/v2/pipelineloop/controller/deployment.yaml delete mode 100644 config/v2/pipelineloop/controller/kustomization.yaml delete mode 100644 config/v2/pipelineloop/controller/role.yaml delete mode 100644 config/v2/pipelineloop/controller/rolebinding.yaml delete mode 100644 config/v2/pipelineloop/controller/serviceaccount.yaml delete mode 100644 config/v2/pipelineloop/crd.yaml delete mode 100644 config/v2/pipelineloop/kustomization.yaml delete mode 100644 config/v2/pipelineloop/webhook/clusterrole.clusteraccess.yaml delete mode 100644 config/v2/pipelineloop/webhook/clusterrolebinding.clusteraccess.yaml delete mode 100644 config/v2/pipelineloop/webhook/clusterrolebinding.leaderelection.yaml delete mode 100644 config/v2/pipelineloop/webhook/deployment.yaml delete mode 100644 config/v2/pipelineloop/webhook/kustomization.yaml delete mode 100644 config/v2/pipelineloop/webhook/mutatingwebhookconfig.yaml delete mode 100644 config/v2/pipelineloop/webhook/role.yaml delete mode 100644 config/v2/pipelineloop/webhook/rolebinding.yaml delete mode 100644 config/v2/pipelineloop/webhook/service.yaml delete mode 100644 config/v2/pipelineloop/webhook/serviceaccount.yaml delete mode 100644 config/v2/pipelineloop/webhook/validatingwebhookconfig.yaml delete mode 100644 config/v2/tektoncrds/crd.yaml delete mode 100644 config/v2/tektoncrds/kustomization.yaml diff --git a/Makefile b/Makefile index 4dcc3f02b..b10268b02 100644 --- a/Makefile +++ b/Makefile @@ -163,18 +163,6 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi cd config/overlays/make-deploy && $(KUSTOMIZE) edit set namespace ${OPERATOR_NS} $(KUSTOMIZE) build config/overlays/make-deploy | kubectl delete --ignore-not-found=$(ignore-not-found) -f - -.PHONY: v2deploy -v2deploy: manifests kustomize - cd config/overlays/make-v2deploy \ - && $(KUSTOMIZE) edit set namespace ${V2INFRA_NS} - $(KUSTOMIZE) build config/overlays/make-v2deploy | kubectl apply -f - - -.PHONY: v2undeploy -v2undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - cd config/overlays/make-v2deploy \ - && $(KUSTOMIZE) edit set namespace ${V2INFRA_NS} - $(KUSTOMIZE) build config/overlays/make-v2deploy | kubectl delete --ignore-not-found=$(ignore-not-found) -f - - .PHONY: argodeploy argodeploy: manifests kustomize cd config/overlays/make-argodeploy \ diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index 9e5cefcba..32d94b287 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -53,9 +53,6 @@ type DSPASpec struct { DSPVersion string `json:"dspVersion,omitempty"` // +kubebuilder:validation:Optional // +kubebuilder:default:="tekton" - EngineDriver string `json:"engineDriver,omitempty"` - // DS Pipelines Argo Workflow Controller Configuration. - // +kubebuilder:default:={deploy: false} *WorkflowController `json:"workflowController,omitempty"` } diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index cdab43931..157c11d90 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -239,82 +239,5 @@ vars: apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_ARGO_WORKFLOWCONTROLLER - - name: IMAGESV2_TEKTON_APISERVER - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_APISERVER - - name: IMAGESV2_TEKTON_ARTIFACT - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_ARTIFACT - - name: IMAGESV2_TEKTON_PERSISTENTAGENT - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_PERSISTENTAGENT - - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_SCHEDULEDWORKFLOW - - name: IMAGESV2_TEKTON_CACHE - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_CACHE - - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_MOVERESULTSIMAGE - - name: IMAGESV2_TEKTON_MLMDENVOY - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_MLMDENVOY - - name: IMAGESV2_TEKTON_MLMDGRPC - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_MLMDGRPC - - name: IMAGESV2_TEKTON_MLMDWRITER - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_MLMDWRITER - - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_VISUALIZATIONSERVER - - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_TEKTON_WORKFLOWCONTROLLER configurations: - params.yaml diff --git a/config/base/params.env b/config/base/params.env index 56d190d3d..856b2e0b3 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -23,16 +23,6 @@ IMAGESV2_ARGO_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 IMAGESV2_ARGO_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 IMAGESV2_ARGO_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.2 IMAGESV2_ARGO_WORKFLOWCONTROLLER=gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance -IMAGESV2_TEKTON_APISERVER=quay.io/rmartine/apiserver:v2 -IMAGESV2_TEKTON_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:main -IMAGESV2_TEKTON_PERSISTENTAGENT=quay.io/rmartine/persistenceagent-dev:6b8723529 -IMAGESV2_TEKTON_SCHEDULEDWORKFLOW=quay.io/rmartine/swf-dev:6b8723529 -IMAGESV2_TEKTON_MLMDENVOY=gcr.io/ml-pipeline/metadata-envoy:2.0.0-rc.2 -IMAGESV2_TEKTON_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 -IMAGESV2_TEKTON_MLMDWRITER=gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 -IMAGESV2_TEKTON_CACHE=registry.access.redhat.com/ubi8/ubi-minimal:8.7 -IMAGESV2_TEKTON_MOVERESULTSIMAGE=registry.access.redhat.com/ubi8/ubi-micro:8.7 -IMAGESV2_TEKTON_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 ZAP_LOG_LEVEL=info MAX_CONCURRENT_RECONCILES=10 DSPO_HEALTHCHECK_DATABASE_CONNECTIONTIMEOUT=15s diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index 4e5e498ad..60c5a5ed9 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -37,22 +37,6 @@ spec: value: "{{.DBConnection.Host}}" - name: DBCONFIG_PORT value: "{{.DBConnection.Port}}" -<<<<<<< HEAD - - name: ARTIFACT_BUCKET - value: "{{.ObjectStorageConnection.Bucket}}" - - name: ARTIFACT_ENDPOINT - value: "{{.ObjectStorageConnection.Endpoint}}" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "{{ .APIServer.ArtifactScriptConfigMap.Key }}" - name: "{{ .APIServer.ArtifactScriptConfigMap.Name }}" - - name: ARTIFACT_IMAGE - value: "{{.APIServer.ArtifactImage}}" - - name: ARCHIVE_LOGS - value: "{{.APIServer.ArchiveLogs}}" - - name: EXECUTIONTYPE - value: PipelineRun {{ if .APIServer.CABundle }} - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME value: "{{.APIServer.CABundle.ConfigMapName}}" @@ -61,41 +45,22 @@ spec: - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH value: {{ .PiplinesCABundleMountPath }} {{ end }} - - name: TRACK_ARTIFACTS - value: "{{.APIServer.TrackArtifacts}}" - - name: STRIP_EOF - value: "{{.APIServer.StripEOF}}" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-{{.Name}}" - - name: INJECT_DEFAULT_SCRIPT - value: "{{.APIServer.InjectDefaultScript}}" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "{{.APIServer.ApplyTektonCustomResource}}" - - name: TERMINATE_STATUS - value: "{{.APIServer.TerminateStatus}}" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" -======= ->>>>>>> 22b6380 (Engine-Agnostic Manifests: APIServer) - name: DBCONFIG_CONMAXLIFETIMESEC value: "{{.APIServer.DBConfigConMaxLifetimeSec}}" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST value: "ds-pipeline-visualizationserver" - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT value: "8888" -<<<<<<< HEAD - name: OBJECTSTORECONFIG_CREDENTIALSSECRET value: "{{.ObjectStorageConnection.CredentialsSecret.SecretName}}" - name: OBJECTSTORECONFIG_CREDENTIALSACCESSKEYKEY value: "{{.ObjectStorageConnection.CredentialsSecret.AccessKey}}" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" -======= - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT value: "pipeline-runner-{{.Name}}" ->>>>>>> 22b6380 (Engine-Agnostic Manifests: APIServer) - name: OBJECTSTORECONFIG_BUCKETNAME value: "{{.ObjectStorageConnection.Bucket}}" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -133,10 +98,10 @@ spec: value: "8887" ## Values change based on Engine Driver ## - name: EXECUTIONTYPE - {{ if (eq .EngineDriver "tekton") }} - value: PipelineRun - {{ else }} + {{ if (eq .DSPVersion "v2") }} value: Workflow + {{ else }} + value: PipelineRun {{ end }} ## Argo-Specific Env Vars ## - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION @@ -161,7 +126,7 @@ spec: - name: DBCONFIG_MYSQLCONFIG_PORT value: "{{.DBConnection.Port}}" ## Tekton-Specific Env Vars ## - {{ if (eq .EngineDriver "tekton") }} + {{ if (eq .DSPVersion "v1") }} - name: ARTIFACT_BUCKET value: "{{.ObjectStorageConnection.Bucket}}" - name: ARTIFACT_ENDPOINT diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index 02d56835b..b2ca5f507 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -35,10 +35,10 @@ spec: - name: KUBEFLOW_USERID_PREFIX value: "" - name: EXECUTIONTYPE - {{ if eq .EngineDriver "tekton" }} - value: PipelineRun - {{ else }} + {{ if eq .DSPVersion "v2" }} value: Workflow + {{ else }} + value: PipelineRun {{ end }} image: "{{.PersistenceAgent.Image}}" imagePullPolicy: IfNotPresent @@ -89,14 +89,14 @@ spec: memory: {{.PersistenceAgent.Resources.Limits.Memory}} {{ end }} {{ end }} - {{ if eq .EngineDriver "argo" }} + {{ if eq .DSPVersion "v2" }} volumeMounts: - mountPath: /var/run/secrets/kubeflow/tokens/persistenceagent-sa-token name: persistenceagent-sa-token subPath: ds-pipeline-persistenceagent-{{.Name}}-token {{ end }} serviceAccountName: ds-pipeline-persistenceagent-{{.Name}} - {{ if eq .EngineDriver "argo" }} + {{ if eq .DSPVersion "v2" }} volumes: - name: persistenceagent-sa-token projected: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 7e2dcca65..cb0896126 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -84,28 +84,6 @@ spec: value: $(IMAGESV2_ARGO_VISUALIZATIONSERVER) - name: IMAGESV2_ARGO_WORKFLOWCONTROLLER value: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) - - name: IMAGESV2_TEKTON_APISERVER - value: $(IMAGESV2_TEKTON_APISERVER) - - name: IMAGESV2_TEKTON_ARTIFACT - value: $(IMAGESV2_TEKTON_ARTIFACT) - - name: IMAGESV2_TEKTON_PERSISTENTAGENT - value: $(IMAGESV2_TEKTON_PERSISTENTAGENT) - - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW - value: $(IMAGESV2_TEKTON_SCHEDULEDWORKFLOW) - - name: IMAGESV2_TEKTON_CACHE - value: $(IMAGESV2_TEKTON_CACHE) - - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE - value: $(IMAGESV2_TEKTON_MOVERESULTSIMAGE) - - name: IMAGESV2_TEKTON_MLMDENVOY - value: $(IMAGESV2_TEKTON_MLMDENVOY) - - name: IMAGESV2_TEKTON_MLMDGRPC - value: $(IMAGESV2_TEKTON_MLMDGRPC) - - name: IMAGESV2_TEKTON_MLMDWRITER - value: $(IMAGESV2_TEKTON_MLMDWRITER) - - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER - value: $(IMAGESV2_TEKTON_VISUALIZATIONSERVER) - - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER - value: $(IMAGESV2_TEKTON_WORKFLOWCONTROLLER) - name: ZAP_LOG_LEVEL value: $(ZAP_LOG_LEVEL) - name: MAX_CONCURRENT_RECONCILES diff --git a/config/overlays/make-deploy/kustomization.yaml b/config/overlays/make-deploy/kustomization.yaml index 7814f52a5..1ec5fdeb4 100644 --- a/config/overlays/make-deploy/kustomization.yaml +++ b/config/overlays/make-deploy/kustomization.yaml @@ -8,4 +8,4 @@ patchesStrategicMerge: images: - name: controller newName: quay.io/opendatahub/data-science-pipelines-operator - newTag: main + newTag: pr-479 diff --git a/config/v2/cache/clusterrolebinding.yaml b/config/v2/cache/clusterrolebinding.yaml deleted file mode 100644 index 8c1e030fd..000000000 --- a/config/v2/cache/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cache-deployer-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cache-deployer-clusterrole -subjects: -- kind: ServiceAccount - name: cache-deployer-sa - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/cache/kustomization.yaml b/config/v2/cache/kustomization.yaml deleted file mode 100644 index 51229db72..000000000 --- a/config/v2/cache/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- clusterrole.yaml -- clusterrolebinding.yaml -- serviceaccount.yaml diff --git a/config/v2/cache/serviceaccount.yaml b/config/v2/cache/serviceaccount.yaml deleted file mode 100644 index f1702bc71..000000000 --- a/config/v2/cache/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - namespace: datasciencepipelinesapplications-controller - name: cache-deployer-sa diff --git a/config/v2/driver/clusterrole.yaml b/config/v2/driver/clusterrole.yaml deleted file mode 100644 index 3468389c2..000000000 --- a/config/v2/driver/clusterrole.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kubeflow-pipeline - name: driver-cluster-access-clusterrole -rules: -- apiGroups: - - tekton.dev - resources: - - runs - - customruns - - runs/finalizers - - customruns/finalizers - - runs/status - - customruns/status - - pipelineruns - - task - - taskruns - - conditions - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - watch - - list diff --git a/config/v2/driver/clusterrolebinding.yaml b/config/v2/driver/clusterrolebinding.yaml deleted file mode 100644 index c2bf01c40..000000000 --- a/config/v2/driver/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kubeflow-pipeline - name: driver-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: driver-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: driver - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/driver/deployment.yaml b/config/v2/driver/deployment.yaml deleted file mode 100644 index 2ea4f2bf9..000000000 --- a/config/v2/driver/deployment.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: ckfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/name: driver - app.kubernetes.io/part-of: kubeflow-pipeline - app.kubernetes.io/version: devel - name: driver -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/name: driver - app.kubernetes.io/part-of: kubeflow-pipeline - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: kfp-driver - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/name: driver - app.kubernetes.io/part-of: kubeflow-pipeline - app.kubernetes.io/version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - - name: ML_PIPELINE_SERVICE_HOST - value: ds-pipeline-sample.data-science-pipelines-application-v2.svc.cluster.local - - name: ML_PIPELINE_SERVICE_PORT_GRPC - value: '8887' - - name: MINIO_SERVICE_SERVICE_HOST - value: minio-sample.data-science-pipelines-application-v2.svc.cluster.local - - name: MINIO_SERVICE_SERVICE_PORT - value: '9000' - - name: METADATA_GRPC_SERVICE_SERVICE_HOST - value: ds-pipeline-metadata-grpc-sample.data-science-pipelines-application-v2.svc.cluster.local - - name: METADATA_GRPC_SERVICE_SERVICE_PORT - value: '8080' - image: quay.io/internaldatahub/tekton-driver:2.0.0 - imagePullPolicy: Always - name: driver - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: driver diff --git a/config/v2/driver/kustomization.yaml b/config/v2/driver/kustomization.yaml deleted file mode 100644 index aa8114fa8..000000000 --- a/config/v2/driver/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -resources: -- clusterrole.yaml -- clusterrolebinding.yaml -- deployment.yaml -- role.yaml -- rolebinding.yaml -- service.yaml -- serviceaccount.yaml diff --git a/config/v2/driver/role.yaml b/config/v2/driver/role.yaml deleted file mode 100644 index dc1be8689..000000000 --- a/config/v2/driver/role.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kubeflow-pipeline - namespace: datasciencepipelinesapplications-controller - name: driver-role -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - verbs: - - '*' -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get -- apiGroups: - - "" - resources: - - pods - - pods/exec - - pods/log - - services - verbs: - - '*' -- apiGroups: - - "" - - apps - - extensions - resources: - - deployments - - replicasets - verbs: - - '*' -- apiGroups: - - kubeflow.org - resources: - - '*' - verbs: - - '*' -- apiGroups: - - batch - resources: - - jobs - verbs: - - '*' -- apiGroups: - - machinelearning.seldon.io - resources: - - seldondeployments - verbs: - - '*' -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/driver/rolebinding.yaml b/config/v2/driver/rolebinding.yaml deleted file mode 100644 index d882b3713..000000000 --- a/config/v2/driver/rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kubeflow-pipeline - name: driver-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: driver-role -subjects: -- kind: ServiceAccount - name: driver - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/driver/service.yaml b/config/v2/driver/service.yaml deleted file mode 100644 index f57b423c3..000000000 --- a/config/v2/driver/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: kfp-driver - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/name: driver - app.kubernetes.io/part-of: kubeflow-pipeline - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: driver -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/name: driver - app.kubernetes.io/part-of: kubeflow-pipeline diff --git a/config/v2/driver/serviceaccount.yaml b/config/v2/driver/serviceaccount.yaml deleted file mode 100644 index 87d53f272..000000000 --- a/config/v2/driver/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: kfp-driver - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kubeflow-pipeline - namespace: datasciencepipelinesapplications-controller - name: driver diff --git a/config/v2/exithandler/controller/clusterrolebinding.clusteraccess.yaml b/config/v2/exithandler/controller/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index 047393dcc..000000000 --- a/config/v2/exithandler/controller/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-controller-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: exithandler-controller-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: exithandler-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/controller/clusterrolebinding.leaderelection.yaml b/config/v2/exithandler/controller/clusterrolebinding.leaderelection.yaml deleted file mode 100644 index 98320d612..000000000 --- a/config/v2/exithandler/controller/clusterrolebinding.leaderelection.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-controller-leaderelection-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: exithandler-leader-election-clusterrole -subjects: -- kind: ServiceAccount - name: exithandler-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/controller/clusterrolebinding.tenantaccess.yaml b/config/v2/exithandler/controller/clusterrolebinding.tenantaccess.yaml deleted file mode 100644 index 7682ba12b..000000000 --- a/config/v2/exithandler/controller/clusterrolebinding.tenantaccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-controller-tenant-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: exithandler-controller-tenant-access-clusterrole -subjects: -- kind: ServiceAccount - name: exithandler-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/controller/deployment.yaml b/config/v2/exithandler/controller/deployment.yaml deleted file mode 100644 index 843c478fa..000000000 --- a/config/v2/exithandler/controller/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: exithandler-controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: kfp-tekton - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: kfp-exithandler-controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-exithandler-controller:2.0.0 - name: exithandler-controller - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: exithandler-controller diff --git a/config/v2/exithandler/controller/kustomization.yaml b/config/v2/exithandler/controller/kustomization.yaml deleted file mode 100644 index 54449bfd8..000000000 --- a/config/v2/exithandler/controller/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -resources: -- clusterrole.clusteraccess.yaml -- clusterrole.tenantaccess.yaml -- clusterrolebinding.clusteraccess.yaml -- clusterrolebinding.leaderelection.yaml -- clusterrolebinding.tenantaccess.yaml -- deployment.yaml -- role.yaml -- rolebinding.yaml -- serviceaccount.yaml diff --git a/config/v2/exithandler/controller/role.yaml b/config/v2/exithandler/controller/role.yaml deleted file mode 100644 index adb1ebed5..000000000 --- a/config/v2/exithandler/controller/role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-controller-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-leader-election - - config-logging - - config-observability - - object-store-config - - cache-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/exithandler/controller/rolebinding.yaml b/config/v2/exithandler/controller/rolebinding.yaml deleted file mode 100644 index af8c564db..000000000 --- a/config/v2/exithandler/controller/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: exithandler-controller-role -subjects: -- kind: ServiceAccount - name: exithandler-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/controller/serviceaccount.yaml b/config/v2/exithandler/controller/serviceaccount.yaml deleted file mode 100644 index 69823ccd6..000000000 --- a/config/v2/exithandler/controller/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - namespace: datasciencepipelinesapplications-controller - name: exithandler-controller diff --git a/config/v2/exithandler/crd.yaml b/config/v2/exithandler/crd.yaml deleted file mode 100644 index da184975b..000000000 --- a/config/v2/exithandler/crd.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - version: devel - name: exithandlers.custom.tekton.dev -spec: - group: custom.tekton.dev - names: - categories: - - tekton - - tekton-pipelines - - openshift-pipelines - kind: ExitHandler - plural: exithandlers - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/config/v2/exithandler/kustomization.yaml b/config/v2/exithandler/kustomization.yaml deleted file mode 100644 index 4c7cb015a..000000000 --- a/config/v2/exithandler/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- crd.yaml -- clusterrole.leaderelection.yaml -- ./controller -- ./webhook diff --git a/config/v2/exithandler/webhook/clusterrole.clusteraccess.yaml b/config/v2/exithandler/webhook/clusterrole.clusteraccess.yaml deleted file mode 100644 index b773d1ca2..000000000 --- a/config/v2/exithandler/webhook/clusterrole.clusteraccess.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-webhook-cluster-access-clusterrole -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - - customresourcedefinitions/status - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - webhook.exithandler.custom.tekton.dev - resources: - - mutatingwebhookconfigurations - verbs: - - get - - update - - delete -- apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces/finalizers - resourceNames: - - openshift-pipelines - verbs: - - update -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - validation.webhook.exithandler.custom.tekton.dev - resources: - - validatingwebhookconfigurations - verbs: - - get - - update - - delete -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/exithandler/webhook/clusterrolebinding.clusteraccess.yaml b/config/v2/exithandler/webhook/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index 2df37eade..000000000 --- a/config/v2/exithandler/webhook/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-webhook-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: exithandler-webhook-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: exithandler-webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/webhook/deployment.yaml b/config/v2/exithandler/webhook/deployment.yaml deleted file mode 100644 index 35ddfad35..000000000 --- a/config/v2/exithandler/webhook/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: exithandler-webhook -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: kfp-exithandler-webhook - - name: WEBHOOK_SECRET_NAME - value: kfp-exithandler-webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-exithandler-webhook:2.0.0 - name: webhook - ports: - - containerPort: 9090 - name: metrics - - containerPort: 8008 - name: profiling - - containerPort: 8443 - name: https-webhook - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: exithandler-webhook diff --git a/config/v2/exithandler/webhook/mutatingwebhookconfig.yaml b/config/v2/exithandler/webhook/mutatingwebhookconfig.yaml deleted file mode 100644 index 655ab1c78..000000000 --- a/config/v2/exithandler/webhook/mutatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - name: webhook.exithandler.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: exithandler-webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: webhook.exithandler.custom.tekton.dev - sideEffects: None diff --git a/config/v2/exithandler/webhook/role.yaml b/config/v2/exithandler/webhook/role.yaml deleted file mode 100644 index d8fbb1139..000000000 --- a/config/v2/exithandler/webhook/role.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-webhook-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-logging - - config-observability - - config-leader-election - - object-store-config - - cache-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - kfp-exithandler-webhook-certs - resources: - - secrets - verbs: - - get - - update -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/exithandler/webhook/rolebinding.yaml b/config/v2/exithandler/webhook/rolebinding.yaml deleted file mode 100644 index e7baa905d..000000000 --- a/config/v2/exithandler/webhook/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: exithandler-webhook-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: exithandler-webhook-role -subjects: -- kind: ServiceAccount - name: exithandler-webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/exithandler/webhook/service.yaml b/config/v2/exithandler/webhook/service.yaml deleted file mode 100644 index ad2e06a1d..000000000 --- a/config/v2/exithandler/webhook/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: exithandler-webhook - namespace: datasciencepipelinesapplications-controller -spec: - ports: - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton diff --git a/config/v2/exithandler/webhook/serviceaccount.yaml b/config/v2/exithandler/webhook/serviceaccount.yaml deleted file mode 100644 index e4ae47bf0..000000000 --- a/config/v2/exithandler/webhook/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - namespace: datasciencepipelinesapplications-controller - name: exithandler-webhook diff --git a/config/v2/exithandler/webhook/validatingwebhookconfig.yaml b/config/v2/exithandler/webhook/validatingwebhookconfig.yaml deleted file mode 100644 index f18912178..000000000 --- a/config/v2/exithandler/webhook/validatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - name: validation.webhook.exithandler.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: exithandler-webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: validation.webhook.exithandler.custom.tekton.dev - sideEffects: None diff --git a/config/v2/kfptask/controller/clusterrole.clusteraccess.yaml b/config/v2/kfptask/controller/clusterrole.clusteraccess.yaml deleted file mode 100644 index d95fd6141..000000000 --- a/config/v2/kfptask/controller/clusterrole.clusteraccess.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-cluster-access-clusterrole -rules: -- apiGroups: - - tekton.dev - resources: - - runs - - customruns - - taskruns - - pipelineruns - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - runs/status - - customruns/status - - taskruns/status - - pipelineruns/status - - runs/finalizers - - customruns/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - custom.tekton.dev - resources: - - kfptasks - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch diff --git a/config/v2/kfptask/controller/clusterrole.tenantaccess.yaml b/config/v2/kfptask/controller/clusterrole.tenantaccess.yaml deleted file mode 100644 index 789553259..000000000 --- a/config/v2/kfptask/controller/clusterrole.tenantaccess.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-tenant-access-clusterrole -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - create - - update - - delete - - patch - - watch diff --git a/config/v2/kfptask/controller/clusterrolebinding.clusteraccess.yaml b/config/v2/kfptask/controller/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index 660c52cc5..000000000 --- a/config/v2/kfptask/controller/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: controller-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/controller/clusterrolebinding.leaderelection.yaml b/config/v2/kfptask/controller/clusterrolebinding.leaderelection.yaml deleted file mode 100644 index d6449e36d..000000000 --- a/config/v2/kfptask/controller/clusterrolebinding.leaderelection.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-leaderelection-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: leader-election-clusterrole -subjects: -- kind: ServiceAccount - name: controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/controller/clusterrolebinding.tenantaccess.yaml b/config/v2/kfptask/controller/clusterrolebinding.tenantaccess.yaml deleted file mode 100644 index 4827d6ebf..000000000 --- a/config/v2/kfptask/controller/clusterrolebinding.tenantaccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-tenant-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: controller-tenant-access-clusterrole -subjects: -- kind: ServiceAccount - name: controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/controller/deployment.yaml b/config/v2/kfptask/controller/deployment.yaml deleted file mode 100644 index 57576974b..000000000 --- a/config/v2/kfptask/controller/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: kfp-tekton - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: kfptask-controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-kfptask-controller:2.0.0 - name: controller - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: controller diff --git a/config/v2/kfptask/controller/kustomization.yaml b/config/v2/kfptask/controller/kustomization.yaml deleted file mode 100644 index 54449bfd8..000000000 --- a/config/v2/kfptask/controller/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -resources: -- clusterrole.clusteraccess.yaml -- clusterrole.tenantaccess.yaml -- clusterrolebinding.clusteraccess.yaml -- clusterrolebinding.leaderelection.yaml -- clusterrolebinding.tenantaccess.yaml -- deployment.yaml -- role.yaml -- rolebinding.yaml -- serviceaccount.yaml diff --git a/config/v2/kfptask/controller/role.yaml b/config/v2/kfptask/controller/role.yaml deleted file mode 100644 index 275f63232..000000000 --- a/config/v2/kfptask/controller/role.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-leader-election - - config-logging - - config-observability - - object-store-config - - cache-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/kfptask/controller/rolebinding.yaml b/config/v2/kfptask/controller/rolebinding.yaml deleted file mode 100644 index 569eb7f83..000000000 --- a/config/v2/kfptask/controller/rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: controller-role -subjects: -- kind: ServiceAccount - name: controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/controller/serviceaccount.yaml b/config/v2/kfptask/controller/serviceaccount.yaml deleted file mode 100644 index 99a950cb2..000000000 --- a/config/v2/kfptask/controller/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - namespace: datasciencepipelinesapplications-controller - name: controller diff --git a/config/v2/kfptask/crd.yaml b/config/v2/kfptask/crd.yaml deleted file mode 100644 index a3ec9de60..000000000 --- a/config/v2/kfptask/crd.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - version: devel - name: kfptasks.custom.tekton.dev -spec: - group: custom.tekton.dev - names: - categories: - - tekton - - tekton-pipelines - - openshift-pipelines - kind: KfpTask - plural: kfptasks - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/config/v2/kfptask/kustomization.yaml b/config/v2/kfptask/kustomization.yaml deleted file mode 100644 index 4c7cb015a..000000000 --- a/config/v2/kfptask/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- crd.yaml -- clusterrole.leaderelection.yaml -- ./controller -- ./webhook diff --git a/config/v2/kfptask/webhook/clusterrolebinding.clusteraccess.yaml b/config/v2/kfptask/webhook/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index 58b4bb31d..000000000 --- a/config/v2/kfptask/webhook/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: webhook-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: webhook-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/webhook/clusterrolebinding.leaderelection.yaml b/config/v2/kfptask/webhook/clusterrolebinding.leaderelection.yaml deleted file mode 100644 index acd0b5c3e..000000000 --- a/config/v2/kfptask/webhook/clusterrolebinding.leaderelection.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: webhook-leaderelection-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: leader-election-clusterrole -subjects: -- kind: ServiceAccount - name: webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/webhook/deployment.yaml b/config/v2/kfptask/webhook/deployment.yaml deleted file mode 100644 index 2f15a509a..000000000 --- a/config/v2/kfptask/webhook/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: webhook -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: kfptask-webhook - - name: WEBHOOK_SECRET_NAME - value: kfptask-webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-kfptask-webhook:2.0.0 - name: webhook - ports: - - containerPort: 9090 - name: metrics - - containerPort: 8008 - name: profiling - - containerPort: 8443 - name: https-webhook - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: webhook diff --git a/config/v2/kfptask/webhook/mutatingwebhookconfig.yaml b/config/v2/kfptask/webhook/mutatingwebhookconfig.yaml deleted file mode 100644 index b1ff8fec0..000000000 --- a/config/v2/kfptask/webhook/mutatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - name: webhook.kfptask.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: webhook.kfptask.custom.tekton.dev - sideEffects: None diff --git a/config/v2/kfptask/webhook/role.yaml b/config/v2/kfptask/webhook/role.yaml deleted file mode 100644 index d179a5cfb..000000000 --- a/config/v2/kfptask/webhook/role.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: webhook-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-logging - - config-observability - - config-leader-election - - object-store-config - - cache-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - kfptask-webhook-certs - resources: - - secrets - verbs: - - get - - update -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/kfptask/webhook/rolebinding.yaml b/config/v2/kfptask/webhook/rolebinding.yaml deleted file mode 100644 index f62b1cdfa..000000000 --- a/config/v2/kfptask/webhook/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - name: webhook-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: webhook-role -subjects: -- kind: ServiceAccount - name: webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/kfptask/webhook/service.yaml b/config/v2/kfptask/webhook/service.yaml deleted file mode 100644 index 40434576f..000000000 --- a/config/v2/kfptask/webhook/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: webhook - namespace: datasciencepipelinesapplications-controller -spec: - ports: - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: kfp-tekton diff --git a/config/v2/kfptask/webhook/serviceaccount.yaml b/config/v2/kfptask/webhook/serviceaccount.yaml deleted file mode 100644 index bf030f189..000000000 --- a/config/v2/kfptask/webhook/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: data-science-pipelines-operator - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - namespace: datasciencepipelinesapplications-controller - name: webhook diff --git a/config/v2/kfptask/webhook/validatingwebhookconfig.yaml b/config/v2/kfptask/webhook/validatingwebhookconfig.yaml deleted file mode 100644 index 3f72469a2..000000000 --- a/config/v2/kfptask/webhook/validatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: kfp-tekton - pipeline.tekton.dev/release: devel - name: validation.webhook.kfptask.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: validation.webhook.kfptask.custom.tekton.dev - sideEffects: None diff --git a/config/v2/kustomization.yaml b/config/v2/kustomization.yaml deleted file mode 100644 index 8b3c8c0a7..000000000 --- a/config/v2/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: openshift-pipelines -namePrefix: data-science-pipelines-operator- - -resources: -- ./cache -- ./driver -- ./exithandler -- ./kfptask -- ./pipelineloop -- ./tektoncrds diff --git a/config/v2/pipelineloop/controller/clusterrole.clusteraccess.yaml b/config/v2/pipelineloop/controller/clusterrole.clusteraccess.yaml deleted file mode 100644 index ea5988dd0..000000000 --- a/config/v2/pipelineloop/controller/clusterrole.clusteraccess.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-cluster-access-clusterrole -rules: -- apiGroups: - - tekton.dev - resources: - - runs - - customruns - - taskruns - - pipelineruns - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - runs/status - - customruns/status - - taskruns/status - - pipelineruns/status - - runs/finalizers - - customruns/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - custom.tekton.dev - resources: - - pipelineloops - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch diff --git a/config/v2/pipelineloop/controller/clusterrolebinding.clusteraccess.yaml b/config/v2/pipelineloop/controller/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index adf99c4bf..000000000 --- a/config/v2/pipelineloop/controller/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pipelineloop-controller-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: pipelineloop-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/controller/clusterrolebinding.leaderelection.yaml b/config/v2/pipelineloop/controller/clusterrolebinding.leaderelection.yaml deleted file mode 100644 index 2b1189a48..000000000 --- a/config/v2/pipelineloop/controller/clusterrolebinding.leaderelection.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-leaderelection-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pipelineloop-leader-election-clusterrole -subjects: -- kind: ServiceAccount - name: pipelineloop-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/controller/clusterrolebinding.tenantaccess.yaml b/config/v2/pipelineloop/controller/clusterrolebinding.tenantaccess.yaml deleted file mode 100644 index 1b395017e..000000000 --- a/config/v2/pipelineloop/controller/clusterrolebinding.tenantaccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-tenant-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pipelineloop-controller-tenant-access-clusterrole -subjects: -- kind: ServiceAccount - name: pipelineloop-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/controller/deployment.yaml b/config/v2/pipelineloop/controller/deployment.yaml deleted file mode 100644 index 1263b8ac2..000000000 --- a/config/v2/pipelineloop/controller/deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: pipelineloop-controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: tekton-pipeline-loops - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tektonpipelineloop-controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/name: controller - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-pipelineloop-controller:2.0.0 - name: pipelineloop-controller - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: pipelineloop-controller diff --git a/config/v2/pipelineloop/controller/kustomization.yaml b/config/v2/pipelineloop/controller/kustomization.yaml deleted file mode 100644 index 54449bfd8..000000000 --- a/config/v2/pipelineloop/controller/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -resources: -- clusterrole.clusteraccess.yaml -- clusterrole.tenantaccess.yaml -- clusterrolebinding.clusteraccess.yaml -- clusterrolebinding.leaderelection.yaml -- clusterrolebinding.tenantaccess.yaml -- deployment.yaml -- role.yaml -- rolebinding.yaml -- serviceaccount.yaml diff --git a/config/v2/pipelineloop/controller/role.yaml b/config/v2/pipelineloop/controller/role.yaml deleted file mode 100644 index 6b7818e29..000000000 --- a/config/v2/pipelineloop/controller/role.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-leader-election - - config-logging - - config-observability - - object-store-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/pipelineloop/controller/rolebinding.yaml b/config/v2/pipelineloop/controller/rolebinding.yaml deleted file mode 100644 index 24feb66bf..000000000 --- a/config/v2/pipelineloop/controller/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pipelineloop-controller-role -subjects: -- kind: ServiceAccount - name: pipelineloop-controller - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/controller/serviceaccount.yaml b/config/v2/pipelineloop/controller/serviceaccount.yaml deleted file mode 100644 index 7e09fdc8d..000000000 --- a/config/v2/pipelineloop/controller/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/name: data-science-pipelines-operator - namespace: datasciencepipelinesapplications-controller - name: pipelineloop-controller diff --git a/config/v2/pipelineloop/crd.yaml b/config/v2/pipelineloop/crd.yaml deleted file mode 100644 index 860c6a7b7..000000000 --- a/config/v2/pipelineloop/crd.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - pipeline.tekton.dev/release: devel - version: devel - name: pipelineloops.custom.tekton.dev -spec: - group: custom.tekton.dev - names: - categories: - - tekton - - tekton-pipelines - - openshift-pipelines - kind: PipelineLoop - plural: pipelineloops - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/config/v2/pipelineloop/kustomization.yaml b/config/v2/pipelineloop/kustomization.yaml deleted file mode 100644 index 4c7cb015a..000000000 --- a/config/v2/pipelineloop/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- crd.yaml -- clusterrole.leaderelection.yaml -- ./controller -- ./webhook diff --git a/config/v2/pipelineloop/webhook/clusterrole.clusteraccess.yaml b/config/v2/pipelineloop/webhook/clusterrole.clusteraccess.yaml deleted file mode 100644 index 2af9cd61d..000000000 --- a/config/v2/pipelineloop/webhook/clusterrole.clusteraccess.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-webhook-cluster-access-clusterrole -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - - customresourcedefinitions/status - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - update - - patch - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - list - - watch -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - webhook.pipelineloop.custom.tekton.dev - resources: - - mutatingwebhookconfigurations - verbs: - - get - - update - - delete -- apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - namespaces/finalizers - resourceNames: - - openshift-pipelines - verbs: - - update -- apiGroups: - - admissionregistration.k8s.io - resourceNames: - - validation.webhook.pipelineloop.custom.tekton.dev - resources: - - validatingwebhookconfigurations - verbs: - - get - - update - - delete -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/pipelineloop/webhook/clusterrolebinding.clusteraccess.yaml b/config/v2/pipelineloop/webhook/clusterrolebinding.clusteraccess.yaml deleted file mode 100644 index 63587376d..000000000 --- a/config/v2/pipelineloop/webhook/clusterrolebinding.clusteraccess.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-webhook-cluster-access-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pipelineloop-webhook-cluster-access-clusterrole -subjects: -- kind: ServiceAccount - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/webhook/clusterrolebinding.leaderelection.yaml b/config/v2/pipelineloop/webhook/clusterrolebinding.leaderelection.yaml deleted file mode 100644 index b164f1cb6..000000000 --- a/config/v2/pipelineloop/webhook/clusterrolebinding.leaderelection.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-webhook-leaderelection-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: pipelineloop-leader-election-clusterrole -subjects: -- kind: ServiceAccount - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/webhook/deployment.yaml b/config/v2/pipelineloop/webhook/deployment.yaml deleted file mode 100644 index 1fcbd4c5f..000000000 --- a/config/v2/pipelineloop/webhook/deployment.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: pipelineloop-webhook -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: tekton-pipeline-loops - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: tektonpipelineloop-webhook - - name: WEBHOOK_SECRET_NAME - value: tektonpipelineloop-webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - image: quay.io/internaldatahub/tekton-pipelineloop-webhook:2.0.0 - name: webhook - ports: - - containerPort: 9090 - name: metrics - - containerPort: 8008 - name: profiling - - containerPort: 8443 - name: https-webhook - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: pipelineloop-webhook diff --git a/config/v2/pipelineloop/webhook/kustomization.yaml b/config/v2/pipelineloop/webhook/kustomization.yaml deleted file mode 100644 index df691ded5..000000000 --- a/config/v2/pipelineloop/webhook/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resources: -- clusterrole.clusteraccess.yaml -- clusterrolebinding.clusteraccess.yaml -- clusterrolebinding.leaderelection.yaml -- deployment.yaml -- mutatingwebhookconfig.yaml -- role.yaml -- rolebinding.yaml -- service.yaml -- serviceaccount.yaml -- validatingwebhookconfig.yaml diff --git a/config/v2/pipelineloop/webhook/mutatingwebhookconfig.yaml b/config/v2/pipelineloop/webhook/mutatingwebhookconfig.yaml deleted file mode 100644 index 761454a3e..000000000 --- a/config/v2/pipelineloop/webhook/mutatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - pipeline.tekton.dev/release: devel - name: webhook.pipelineloop.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: webhook.pipelineloop.custom.tekton.dev - sideEffects: None diff --git a/config/v2/pipelineloop/webhook/role.yaml b/config/v2/pipelineloop/webhook/role.yaml deleted file mode 100644 index e4c8c0d1a..000000000 --- a/config/v2/pipelineloop/webhook/role.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-webhook-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - config-logging - - config-observability - - config-leader-election - - object-store-config - resources: - - configmaps - verbs: - - get -- apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch -- apiGroups: - - "" - resourceNames: - - tektonpipelineloop-webhook-certs - resources: - - secrets - verbs: - - get - - update -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - - openshift-pipelines - resources: - - podsecuritypolicies - verbs: - - use diff --git a/config/v2/pipelineloop/webhook/rolebinding.yaml b/config/v2/pipelineloop/webhook/rolebinding.yaml deleted file mode 100644 index d5df12f0c..000000000 --- a/config/v2/pipelineloop/webhook/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - name: pipelineloop-webhook-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: pipelineloop-webhook-role -subjects: -- kind: ServiceAccount - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller diff --git a/config/v2/pipelineloop/webhook/service.yaml b/config/v2/pipelineloop/webhook/service.yaml deleted file mode 100644 index e073bc3cd..000000000 --- a/config/v2/pipelineloop/webhook/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/version: devel - pipeline.tekton.dev/release: devel - version: devel - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller -spec: - ports: - - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/name: webhook - app.kubernetes.io/part-of: tekton-pipeline-loops diff --git a/config/v2/pipelineloop/webhook/serviceaccount.yaml b/config/v2/pipelineloop/webhook/serviceaccount.yaml deleted file mode 100644 index bd71350d6..000000000 --- a/config/v2/pipelineloop/webhook/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - app.kubernetes.io/name: data-science-pipelines-operator - namespace: datasciencepipelinesapplications-controller - name: pipelineloop-webhook diff --git a/config/v2/pipelineloop/webhook/validatingwebhookconfig.yaml b/config/v2/pipelineloop/webhook/validatingwebhookconfig.yaml deleted file mode 100644 index f5fad8ae3..000000000 --- a/config/v2/pipelineloop/webhook/validatingwebhookconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - pipeline.tekton.dev/release: devel - name: validation.webhook.pipelineloop.custom.tekton.dev -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: pipelineloop-webhook - namespace: datasciencepipelinesapplications-controller - failurePolicy: Fail - name: validation.webhook.pipelineloop.custom.tekton.dev - sideEffects: None diff --git a/config/v2/tektoncrds/crd.yaml b/config/v2/tektoncrds/crd.yaml deleted file mode 100644 index 155c675a3..000000000 --- a/config/v2/tektoncrds/crd.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipeline-loops - pipeline.tekton.dev/release: devel - version: devel - name: breaktasks.custom.tekton.dev -spec: - group: custom.tekton.dev - names: - categories: - - tekton - - tekton-pipelines - kind: BreakTask - plural: breaktasks - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - served: true - storage: true - subresources: - status: {} diff --git a/config/v2/tektoncrds/kustomization.yaml b/config/v2/tektoncrds/kustomization.yaml deleted file mode 100644 index 1d3cbf0f8..000000000 --- a/config/v2/tektoncrds/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- crd.yaml diff --git a/controllers/common_test.go b/controllers/common_test.go index f9e2b3273..c0b411668 100644 --- a/controllers/common_test.go +++ b/controllers/common_test.go @@ -34,7 +34,6 @@ func TestDeployCommonPolicies(t *testing.T) { // Construct Basic DSPA Spec dspa := &dspav1alpha1.DataSciencePipelinesApplication{ Spec: dspav1alpha1.DSPASpec{ - EngineDriver: "tekton", Database: &dspav1alpha1.Database{ DisableHealthCheck: false, MariaDB: &dspav1alpha1.MariaDB{ diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 2c296e0b5..81edee2f9 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -36,12 +36,11 @@ import ( ) type DSPAParams struct { -<<<<<<< HEAD Name string Namespace string Owner mf.Owner DSPVersion string - EngineDriver string + EngineDriver string APIServer *dspa.APIServer APIServerPiplinesCABundleMountPath string PiplinesCABundleMountPath string @@ -90,11 +89,11 @@ func (p *DSPAParams) UsingV2Pipelines(dsp *dspa.DataSciencePipelinesApplication) } func (p *DSPAParams) UsingArgoEngineDriver(dsp *dspa.DataSciencePipelinesApplication) bool { - return dsp.Spec.EngineDriver == "argo" + return p.UsingV2Pipelines(dsp) } func (p *DSPAParams) UsingTektonEngineDriver(dsp *dspa.DataSciencePipelinesApplication) bool { - return dsp.Spec.EngineDriver == "tekton" + return !p.UsingV2Pipelines(dsp) } // UsingExternalDB will return true if an external Database is specified in the CR, otherwise false. @@ -437,7 +436,6 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip p.Name = dsp.Name p.Namespace = dsp.Namespace p.DSPVersion = dsp.Spec.DSPVersion - p.EngineDriver = dsp.Spec.EngineDriver p.Owner = dsp p.APIServer = dsp.Spec.APIServer.DeepCopy() p.APIServerDefaultResourceName = apiServerDefaultResourceNamePrefix + dsp.Name @@ -457,9 +455,6 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip pipelinesV2Images := p.UsingV2Pipelines(dsp) usingArgoEngine := p.UsingArgoEngineDriver(dsp) usingTektonEngine := p.UsingTektonEngineDriver(dsp) - // if !usingArgoEngine && !usingTektonEngine { - // return fmt.Errorf(fmt.Sprintf("Illegal Engine Driver (%s) specified, cannot continue.", dsp.Spec.EngineDriver)) - // } if p.APIServer != nil { APIServerImagePath := config.APIServerImagePath diff --git a/kfdef/kfdef.yaml b/kfdef/kfdef.yaml index 289afee13..697f2aed1 100644 --- a/kfdef/kfdef.yaml +++ b/kfdef/kfdef.yaml @@ -58,29 +58,6 @@ spec: value: gcr.io/ml-pipeline/visualization-server:2.0.2 - name: IMAGESV2_ARGO_WORKFLOWCONTROLLER value: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance - - name: IMAGESV2_TEKTON_APISERVER - value: quay.io/rmartine/apiserver:v2 - - name: IMAGESV2_TEKTON_ARTIFACT - value: quay.io/opendatahub/ds-pipelines-artifact-manager:main - - name: IMAGESV2_TEKTON_PERSISTENTAGENT - value: quay.io/rmartine/persistenceagent-dev:6b8723529 - - name: IMAGESV2_TEKTON_SCHEDULEDWORKFLOW - value: quay.io/rmartine/swf-dev:6b8723529 - - name: IMAGESV2_TEKTON_CACHE - value: registry.access.redhat.com/ubi8/ubi-minimal:8.7 - - name: IMAGESV2_TEKTON_MOVERESULTSIMAGE - value: registry.access.redhat.com/ubi8/ubi-micro:8.7 - - name: IMAGESV2_TEKTON_MLMDENVOY - value: gcr.io/ml-pipeline/metadata-envoy:2.0.0-rc.2 - - name: IMAGESV2_TEKTON_MLMDGRPC - value: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 - - name: IMAGESV2_TEKTON_MLMDWRITER - value: gcr.io/ml-pipeline/metadata-writer:2.0.0-rc.2 - - name: IMAGESV2_TEKTON_VISUALIZATIONSERVER - value: gcr.io/ml-pipeline/visualization-server:2.0.2 - - name: IMAGESV2_TEKTON_WORKFLOWCONTROLLER - value: gcr.io/ml-pipeline/workflow-controller:v3.3.10-license-compliance - repoRef: name: manifests path: config From 4333b16c3dc092d5e146c17390e76725d036924f Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 21 Nov 2023 11:46:03 -0500 Subject: [PATCH 11/20] Simplify ImagePath retrieval in DSPAParams --- controllers/config/defaults.go | 1 + controllers/dspipeline_params.go | 73 +++++++++----------------------- 2 files changed, 22 insertions(+), 52 deletions(-) diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go index 5c5bf238b..99ca0306d 100644 --- a/controllers/config/defaults.go +++ b/controllers/config/defaults.go @@ -90,6 +90,7 @@ const ( ) // DSPV2-Tekton Image Paths +// Note: These won't exist in config but aren't used, adding in case of future support const ( APIServerImagePathV2Tekton = "ImagesV2.Tekton.ApiServer" APIServerArtifactImagePathV2Tekton = "ImagesV2.Tekton.Artifact" diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 81edee2f9..57e6e8f2f 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -96,6 +96,17 @@ func (p *DSPAParams) UsingTektonEngineDriver(dsp *dspa.DataSciencePipelinesAppli return !p.UsingV2Pipelines(dsp) } +func (p *DSPAParams) GetImageForComponent(dsp *dspa.DataSciencePipelinesApplication, v1Image, v2ArgoImage, v2TektonImage string) string { + if p.UsingV2Pipelines(dsp) { + if p.UsingArgoEngineDriver(dsp) { + return v2ArgoImage + } else { + return v2TektonImage + } + } + return v1Image +} + // UsingExternalDB will return true if an external Database is specified in the CR, otherwise false. func (p *DSPAParams) UsingExternalDB(dsp *dspa.DataSciencePipelinesApplication) bool { if dsp.Spec.Database != nil && dsp.Spec.Database.ExternalDB != nil { @@ -373,20 +384,10 @@ func (p *DSPAParams) SetupObjectParams(ctx context.Context, dsp *dspa.DataScienc func (p *DSPAParams) SetupMLMD(ctx context.Context, dsp *dspa.DataSciencePipelinesApplication, client client.Client, log logr.Logger) error { if p.MLMD != nil { - MlmdEnvoyImagePath := config.MlmdEnvoyImagePath - MlmdGRPCImagePath := config.MlmdGRPCImagePath - MlmdWriterImagePath := config.MlmdWriterImagePath - if p.UsingV2Pipelines(dsp) { - if p.UsingArgoEngineDriver(dsp) { - MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Argo - MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Argo - MlmdWriterImagePath = config.MlmdWriterImagePathV2Argo - } else if p.UsingTektonEngineDriver(dsp) { - MlmdEnvoyImagePath = config.MlmdEnvoyImagePathV2Tekton - MlmdGRPCImagePath = config.MlmdGRPCImagePathV2Tekton - MlmdWriterImagePath = config.MlmdWriterImagePathV2Tekton - } - } + MlmdEnvoyImagePath := p.GetImageForComponent(dsp, config.MlmdEnvoyImagePath, config.MlmdEnvoyImagePathV2Argo, config.MlmdEnvoyImagePathV2Tekton) + MlmdGRPCImagePath := p.GetImageForComponent(dsp, config.MlmdGRPCImagePath, config.MlmdGRPCImagePathV2Argo, config.MlmdGRPCImagePathV2Tekton) + MlmdWriterImagePath := p.GetImageForComponent(dsp, config.MlmdWriterImagePath, config.MlmdWriterImagePathV2Argo, config.MlmdWriterImagePathV2Tekton) + if p.MLMD.Envoy == nil { p.MLMD.Envoy = &dspa.Envoy{ Image: config.GetStringConfigWithDefault(MlmdEnvoyImagePath, config.DefaultImageValue), @@ -452,28 +453,11 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip p.APIServerPiplinesCABundleMountPath = config.APIServerPiplinesCABundleMountPath p.PiplinesCABundleMountPath = config.PiplinesCABundleMountPath - pipelinesV2Images := p.UsingV2Pipelines(dsp) - usingArgoEngine := p.UsingArgoEngineDriver(dsp) - usingTektonEngine := p.UsingTektonEngineDriver(dsp) - if p.APIServer != nil { - APIServerImagePath := config.APIServerImagePath - APIServerArtifactImagePath := config.APIServerArtifactImagePath - APIServerCacheImagePath := config.APIServerCacheImagePath - APIServerMoveResultsImagePath := config.APIServerMoveResultsImagePath - if pipelinesV2Images { - if usingArgoEngine { - APIServerImagePath = config.APIServerImagePathV2Argo - APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Argo - APIServerCacheImagePath = config.APIServerCacheImagePathV2Argo - APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Argo - } else if usingTektonEngine { - APIServerImagePath = config.APIServerImagePathV2Tekton - APIServerArtifactImagePath = config.APIServerArtifactImagePathV2Tekton - APIServerCacheImagePath = config.APIServerCacheImagePathV2Tekton - APIServerMoveResultsImagePath = config.APIServerMoveResultsImagePathV2Tekton - } - } + APIServerImagePath := p.GetImageForComponent(dsp, config.APIServerImagePath, config.APIServerImagePathV2Argo, config.APIServerImagePathV2Tekton) + APIServerArtifactImagePath := p.GetImageForComponent(dsp, config.APIServerArtifactImagePath, config.APIServerArtifactImagePathV2Argo, config.APIServerArtifactImagePathV2Tekton) + APIServerCacheImagePath := p.GetImageForComponent(dsp, config.APIServerCacheImagePath, config.APIServerCacheImagePathV2Argo, config.APIServerCacheImagePathV2Tekton) + APIServerMoveResultsImagePath := p.GetImageForComponent(dsp, config.APIServerMoveResultsImagePath, config.APIServerMoveResultsImagePathV2Argo, config.APIServerMoveResultsImagePathV2Tekton) serverImageFromConfig := config.GetStringConfigWithDefault(APIServerImagePath, config.DefaultImageValue) artifactImageFromConfig := config.GetStringConfigWithDefault(APIServerArtifactImagePath, config.DefaultImageValue) @@ -508,28 +492,13 @@ func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePip } if p.PersistenceAgent != nil { - PersistenceAgentImagePath := config.PersistenceAgentImagePath - if pipelinesV2Images { - if usingArgoEngine { - PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Argo - } else if usingTektonEngine { - PersistenceAgentImagePath = config.PersistenceAgentImagePathV2Tekton - } - } + PersistenceAgentImagePath := p.GetImageForComponent(dsp, config.PersistenceAgentImagePath, config.PersistenceAgentImagePathV2Argo, config.PersistenceAgentImagePathV2Tekton) persistenceAgentImageFromConfig := config.GetStringConfigWithDefault(PersistenceAgentImagePath, config.DefaultImageValue) setStringDefault(persistenceAgentImageFromConfig, &p.PersistenceAgent.Image) setResourcesDefault(config.PersistenceAgentResourceRequirements, &p.PersistenceAgent.Resources) } if p.ScheduledWorkflow != nil { - ScheduledWorkflowImagePath := config.ScheduledWorkflowImagePath - if pipelinesV2Images { - if usingArgoEngine { - ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Argo - - } else if usingTektonEngine { - ScheduledWorkflowImagePath = config.ScheduledWorkflowImagePathV2Tekton - } - } + ScheduledWorkflowImagePath := p.GetImageForComponent(dsp, config.ScheduledWorkflowImagePath, config.ScheduledWorkflowImagePathV2Argo, config.ScheduledWorkflowImagePathV2Tekton) scheduledWorkflowImageFromConfig := config.GetStringConfigWithDefault(ScheduledWorkflowImagePath, config.DefaultImageValue) setStringDefault(scheduledWorkflowImageFromConfig, &p.ScheduledWorkflow.Image) setResourcesDefault(config.ScheduledWorkflowResourceRequirements, &p.ScheduledWorkflow.Resources) From 1f880eb6e639474019783d2761c9e938f4eda0a3 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 5 Dec 2023 11:55:32 -0500 Subject: [PATCH 12/20] Fix YAML formatting --- config/argo/clusterrole.argo-aggregate-to-admin.yaml | 2 +- config/argo/clusterrole.argo-aggregate-to-edit.yaml | 2 +- config/argo/clusterrole.argo-aggregate-to-view.yaml | 2 +- config/argo/clusterrole.argo-cluster-role.yaml | 2 +- config/argo/clusterrole.argo-server-cluster-role.yaml | 2 +- config/argo/clusterrolebinding.argo-binding.yaml | 2 +- config/argo/clusterrolebinding.argo-server-binding.yaml | 2 +- config/argo/configmap.workflow-controller-configmap.yaml | 2 +- config/argo/deployment.argo-server.yaml | 2 +- config/argo/deployment.workflow-controller.yaml | 2 +- config/argo/kustomization.yaml | 4 +--- config/argo/role.argo.yaml | 2 +- config/argo/rolebinding.argo-binding.yaml | 2 +- config/argo/service.argo-server.yaml | 2 +- config/argo/serviceaccount.argo-server.yaml | 2 +- config/argo/serviceaccount.argo.yaml | 2 +- config/internal/apiserver/default/deployment.yaml.tmpl | 2 +- .../internal/apiserver/default/service.ml-pipeline.yaml.tmpl | 1 - config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl | 2 +- config/internal/persistence-agent/deployment.yaml.tmpl | 2 +- config/internal/workflow-controller/configmap.yaml.tmpl | 1 - config/internal/workflow-controller/rolebinding.yaml.tmpl | 2 +- 22 files changed, 20 insertions(+), 24 deletions(-) diff --git a/config/argo/clusterrole.argo-aggregate-to-admin.yaml b/config/argo/clusterrole.argo-aggregate-to-admin.yaml index f978dca0c..3d669135b 100644 --- a/config/argo/clusterrole.argo-aggregate-to-admin.yaml +++ b/config/argo/clusterrole.argo-aggregate-to-admin.yaml @@ -31,4 +31,4 @@ rules: - list - patch - update - - watch \ No newline at end of file + - watch diff --git a/config/argo/clusterrole.argo-aggregate-to-edit.yaml b/config/argo/clusterrole.argo-aggregate-to-edit.yaml index 4797d0a1b..aec9b1871 100644 --- a/config/argo/clusterrole.argo-aggregate-to-edit.yaml +++ b/config/argo/clusterrole.argo-aggregate-to-edit.yaml @@ -29,4 +29,4 @@ rules: - list - patch - update - - watch \ No newline at end of file + - watch diff --git a/config/argo/clusterrole.argo-aggregate-to-view.yaml b/config/argo/clusterrole.argo-aggregate-to-view.yaml index 318097cf0..20b6b2d89 100644 --- a/config/argo/clusterrole.argo-aggregate-to-view.yaml +++ b/config/argo/clusterrole.argo-aggregate-to-view.yaml @@ -24,4 +24,4 @@ rules: verbs: - get - list - - watch \ No newline at end of file + - watch diff --git a/config/argo/clusterrole.argo-cluster-role.yaml b/config/argo/clusterrole.argo-cluster-role.yaml index 8e7410107..a71cf985e 100644 --- a/config/argo/clusterrole.argo-cluster-role.yaml +++ b/config/argo/clusterrole.argo-cluster-role.yaml @@ -103,4 +103,4 @@ rules: verbs: - create - get - - delete \ No newline at end of file + - delete diff --git a/config/argo/clusterrole.argo-server-cluster-role.yaml b/config/argo/clusterrole.argo-server-cluster-role.yaml index 699c36c41..0ad3b0465 100644 --- a/config/argo/clusterrole.argo-server-cluster-role.yaml +++ b/config/argo/clusterrole.argo-server-cluster-role.yaml @@ -63,4 +63,4 @@ rules: - watch - update - patch - - delete \ No newline at end of file + - delete diff --git a/config/argo/clusterrolebinding.argo-binding.yaml b/config/argo/clusterrolebinding.argo-binding.yaml index 05a9369b2..a927fdae1 100644 --- a/config/argo/clusterrolebinding.argo-binding.yaml +++ b/config/argo/clusterrolebinding.argo-binding.yaml @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: argo - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/argo/clusterrolebinding.argo-server-binding.yaml b/config/argo/clusterrolebinding.argo-server-binding.yaml index 81f664337..79b8df515 100644 --- a/config/argo/clusterrolebinding.argo-server-binding.yaml +++ b/config/argo/clusterrolebinding.argo-server-binding.yaml @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: argo-server - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/argo/configmap.workflow-controller-configmap.yaml b/config/argo/configmap.workflow-controller-configmap.yaml index 86379fcbe..f46690911 100644 --- a/config/argo/configmap.workflow-controller-configmap.yaml +++ b/config/argo/configmap.workflow-controller-configmap.yaml @@ -3,4 +3,4 @@ apiVersion: v1 kind: ConfigMap metadata: name: workflow-controller-configmap - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/argo/deployment.argo-server.yaml b/config/argo/deployment.argo-server.yaml index b12e7c88b..889f05c18 100644 --- a/config/argo/deployment.argo-server.yaml +++ b/config/argo/deployment.argo-server.yaml @@ -46,4 +46,4 @@ spec: serviceAccountName: argo-server volumes: - emptyDir: {} - name: tmp \ No newline at end of file + name: tmp diff --git a/config/argo/deployment.workflow-controller.yaml b/config/argo/deployment.workflow-controller.yaml index 1d5a056bf..b91ee6390 100644 --- a/config/argo/deployment.workflow-controller.yaml +++ b/config/argo/deployment.workflow-controller.yaml @@ -55,4 +55,4 @@ spec: priorityClassName: workflow-controller securityContext: runAsNonRoot: true - serviceAccountName: argo \ No newline at end of file + serviceAccountName: argo diff --git a/config/argo/kustomization.yaml b/config/argo/kustomization.yaml index 6b09a4e74..d7d64e58d 100644 --- a/config/argo/kustomization.yaml +++ b/config/argo/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: argo resources: -# Deploy Argo Controller and Server +# Deploy Argo Controller and Server # TODO: Only deploy server (not WC?) # - https://github.com/argoproj/argo-workflows/releases/download/v3.4.12/install.yaml @@ -35,5 +35,3 @@ resources: - crd.workflowtaskresult.yaml - crd.workflowtaskset.yaml - crd.workflowtemplate.yaml - - diff --git a/config/argo/role.argo.yaml b/config/argo/role.argo.yaml index d58c221b6..4c3cf0475 100644 --- a/config/argo/role.argo.yaml +++ b/config/argo/role.argo.yaml @@ -18,4 +18,4 @@ rules: resources: - secrets verbs: - - get \ No newline at end of file + - get diff --git a/config/argo/rolebinding.argo-binding.yaml b/config/argo/rolebinding.argo-binding.yaml index fe64852d9..3e056c348 100644 --- a/config/argo/rolebinding.argo-binding.yaml +++ b/config/argo/rolebinding.argo-binding.yaml @@ -11,4 +11,4 @@ roleRef: subjects: - kind: ServiceAccount name: argo - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/argo/service.argo-server.yaml b/config/argo/service.argo-server.yaml index b9affd5da..9afb910c0 100644 --- a/config/argo/service.argo-server.yaml +++ b/config/argo/service.argo-server.yaml @@ -10,4 +10,4 @@ spec: port: 2746 targetPort: 2746 selector: - app: argo-server \ No newline at end of file + app: argo-server diff --git a/config/argo/serviceaccount.argo-server.yaml b/config/argo/serviceaccount.argo-server.yaml index 27556a207..4d7a55bdb 100644 --- a/config/argo/serviceaccount.argo-server.yaml +++ b/config/argo/serviceaccount.argo-server.yaml @@ -3,4 +3,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: argo-server - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/argo/serviceaccount.argo.yaml b/config/argo/serviceaccount.argo.yaml index 2de7bc6d0..8ee79ed1c 100644 --- a/config/argo/serviceaccount.argo.yaml +++ b/config/argo/serviceaccount.argo.yaml @@ -3,4 +3,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: argo - namespace: argo \ No newline at end of file + namespace: argo diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index 60c5a5ed9..8dafd0c7c 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -109,7 +109,7 @@ spec: - name: OBJECTSTORECONFIG_SECURE value: "false" - name: OBJECTSTORECONFIG_BUCKETNAME - value: "{{.ObjectStorageConnection.Bucket}}" + value: "{{.ObjectStorageConnection.Bucket}}" - name: DB_DRIVER_NAME value: mysql - name: DBCONFIG_MYSQLCONFIG_USER diff --git a/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl b/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl index 919bf4cae..753507b92 100644 --- a/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl +++ b/config/internal/apiserver/default/service.ml-pipeline.yaml.tmpl @@ -25,4 +25,3 @@ spec: selector: app: ds-pipeline-{{.Name}} component: data-science-pipelines - diff --git a/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl index a92d8133b..1442b59fb 100644 --- a/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-grpc.configmap.yaml.tmpl @@ -7,4 +7,4 @@ metadata: component: metadata-grpc-server data: METADATA_GRPC_SERVICE_HOST: "ds-pipeline-metadata-grpc-{{.Name}}.{{.Namespace}}.svc.cluster.local" - METADATA_GRPC_SERVICE_PORT: "8080" \ No newline at end of file + METADATA_GRPC_SERVICE_PORT: "8080" diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index b2ca5f507..831809961 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -105,4 +105,4 @@ spec: audience: pipelines.kubeflow.org expirationSeconds: 3600 path: ds-pipeline-persistenceagent-{{.Name}}-token - {{ end }} \ No newline at end of file + {{ end }} diff --git a/config/internal/workflow-controller/configmap.yaml.tmpl b/config/internal/workflow-controller/configmap.yaml.tmpl index 45fdb2d70..7d7788bcc 100644 --- a/config/internal/workflow-controller/configmap.yaml.tmpl +++ b/config/internal/workflow-controller/configmap.yaml.tmpl @@ -39,4 +39,3 @@ data: containerRuntimeExecutor: emissary # TODO executor: | imagePullPolicy: IfNotPresent # TODO - diff --git a/config/internal/workflow-controller/rolebinding.yaml.tmpl b/config/internal/workflow-controller/rolebinding.yaml.tmpl index dbafe5730..4e388df4d 100644 --- a/config/internal/workflow-controller/rolebinding.yaml.tmpl +++ b/config/internal/workflow-controller/rolebinding.yaml.tmpl @@ -17,4 +17,4 @@ roleRef: subjects: - kind: ServiceAccount name: ds-pipeline-workflow-controller-{{.Name}} - namespace: {{.Namespace}} + namespace: {{.Namespace}} From e5e04d2fcc0c020078bfe68fdef311328ade731b Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 5 Dec 2023 12:09:30 -0500 Subject: [PATCH 13/20] Fix and Re-generate DataSciencePipelinesApplication CRD --- api/v1alpha1/dspipeline_types.go | 2 +- ...tions.opendatahub.io_datasciencepipelinesapplications.yaml | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index 32d94b287..bc84557fe 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -52,7 +52,7 @@ type DSPASpec struct { // +kubebuilder:default:="v1" DSPVersion string `json:"dspVersion,omitempty"` // +kubebuilder:validation:Optional - // +kubebuilder:default:="tekton" + // +kubebuilder:default:={deploy: false} *WorkflowController `json:"workflowController,omitempty"` } diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index 73defd443..499293c2d 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -300,9 +300,6 @@ spec: dspVersion: default: v1 type: string - engineDriver: - default: tekton - type: string mlmd: default: deploy: true @@ -766,7 +763,6 @@ spec: workflowController: default: deploy: false - description: DS Pipelines Argo Workflow Controller Configuration. properties: deploy: default: true From b3014b09e61622b284ce7a5a62cbed74263dc10c Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 5 Dec 2023 14:17:11 -0500 Subject: [PATCH 14/20] Only apply Argo-specfic env vars if on v2 --- .../apiserver/default/deployment.yaml.tmpl | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index 8dafd0c7c..ea19d4340 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -95,21 +95,11 @@ spec: - name: ML_PIPELINE_SERVICE_HOST value: "ds-pipeline-{{.Name}}.{{.Namespace}}.svc.cluster.local" - name: ML_PIPELINE_SERVICE_PORT_GRPC - value: "8887" - ## Values change based on Engine Driver ## - - name: EXECUTIONTYPE + value: "8887" {{ if (eq .DSPVersion "v2") }} - value: Workflow - {{ else }} - value: PipelineRun - {{ end }} ## Argo-Specific Env Vars ## - - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION - value: "{{.APIServer.AutoUpdatePipelineDefaultVersion}}" - - name: OBJECTSTORECONFIG_SECURE - value: "false" - - name: OBJECTSTORECONFIG_BUCKETNAME - value: "{{.ObjectStorageConnection.Bucket}}" + - name: EXECUTIONTYPE + value: Workflow - name: DB_DRIVER_NAME value: mysql - name: DBCONFIG_MYSQLCONFIG_USER @@ -125,8 +115,10 @@ spec: value: "{{.DBConnection.Host}}" - name: DBCONFIG_MYSQLCONFIG_PORT value: "{{.DBConnection.Port}}" + {{ else }} ## Tekton-Specific Env Vars ## - {{ if (eq .DSPVersion "v1") }} + - name: EXECUTIONTYPE + value: PipelineRun - name: ARTIFACT_BUCKET value: "{{.ObjectStorageConnection.Bucket}}" - name: ARTIFACT_ENDPOINT From c909d669ed932bcdc21ec328ef6701a7743b01e1 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 5 Dec 2023 14:17:37 -0500 Subject: [PATCH 15/20] Fix/Update Functional Tests to accomodate v2-argo --- .../apiserver/default/deployment.yaml.tmpl | 2 +- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 58 +++++++++---------- .../created/apiserver_deployment.yaml | 48 ++++++--------- .../created/persistence-agent_deployment.yaml | 15 ++++- 9 files changed, 208 insertions(+), 205 deletions(-) diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index ea19d4340..85adaa00b 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -95,7 +95,7 @@ spec: - name: ML_PIPELINE_SERVICE_HOST value: "ds-pipeline-{{.Name}}.{{.Namespace}}.svc.cluster.local" - name: ML_PIPELINE_SERVICE_PORT_GRPC - value: "8887" + value: "8887" {{ if (eq .DSPVersion "v2") }} ## Argo-Specific Env Vars ## - name: EXECUTIONTYPE diff --git a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml index 38e5b1e58..15a850e3a 100644 --- a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "mariadb-testdsp0.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp0.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp0" - - name: ARTIFACT_IMAGE - value: "artifact-manager:test0" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp0" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp0" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,33 @@ spec: value: ds-pipeline-testdsp0.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp0.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp0" + - name: ARTIFACT_IMAGE + value: "artifact-manager:test0" + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: api-server:test0 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml index 85901a309..54378eadd 100644 --- a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "mariadb-testdsp2.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp2.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp2" - - name: ARTIFACT_IMAGE - value: "artifact-manager:test2" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp2" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp2" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,33 @@ spec: value: ds-pipeline-testdsp2.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp2.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp2" + - name: ARTIFACT_IMAGE + value: "artifact-manager:test2" + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: api-server:test2 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml index 24fb7955d..a191ef260 100644 --- a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "testdbhost3" - name: DBCONFIG_PORT value: "test3" - - name: ARTIFACT_BUCKET - value: "testbucket3" - - name: ARTIFACT_ENDPOINT - value: "https://teststoragehost3:80" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "somekey" - name: "doesnotexist" - - name: ARTIFACT_IMAGE - value: artifact-manager:test3 - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp3" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "testaccesskey3" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "testsecretkey3" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp3" - name: OBJECTSTORECONFIG_BUCKETNAME value: "testbucket3" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,33 @@ spec: value: ds-pipeline-testdsp3.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "testbucket3" + - name: ARTIFACT_ENDPOINT + value: "https://teststoragehost3:80" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "somekey" + name: "doesnotexist" + - name: ARTIFACT_IMAGE + value: artifact-manager:test3 + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: api-server:test3 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml index 074518c69..c1e74562b 100644 --- a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "mariadb-testdsp4.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp4.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp4" - - name: ARTIFACT_IMAGE - value: "this-artifact-manager-image-from-cr-should-be-used:test4" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp4" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp4" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,33 @@ spec: value: ds-pipeline-testdsp4.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp4.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp4" + - name: ARTIFACT_IMAGE + value: "this-artifact-manager-image-from-cr-should-be-used:test4" + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: this-apiserver-image-from-cr-should-be-used:test4 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml index 8bf8bc81d..39cb194fc 100644 --- a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "mariadb-testdsp5.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp5.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp5" - - name: ARTIFACT_IMAGE - value: "artifact-manager:test5" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp5" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp5" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,33 @@ spec: value: ds-pipeline-testdsp5.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp5.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp5" + - name: ARTIFACT_IMAGE + value: "artifact-manager:test5" + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: api-server:test5 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml index 2cbeda30d..f7893dccc 100644 --- a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml @@ -37,41 +37,12 @@ spec: value: "mariadb-testdsp6.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp6.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp6" - - name: ARTIFACT_IMAGE - value: "artifact-manager:test6" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME value: testcabundleconfigmap6 - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY value: testcabundleconfigmapkey6.crt - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH value: /etc/pki/tls/certs - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp6" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -86,6 +57,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp6" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -112,6 +85,33 @@ spec: value: ds-pipeline-testdsp6.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: PipelineRun + - name: ARTIFACT_BUCKET + value: "mlpipeline" + - name: ARTIFACT_ENDPOINT + value: "http://minio-testdsp6.default.svc.cluster.local:9000" + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: "artifact_script" + name: "ds-pipeline-artifact-script-testdsp6" + - name: ARTIFACT_IMAGE + value: "artifact-manager:test6" + - name: ARCHIVE_LOGS + value: "false" + - name: TRACK_ARTIFACTS + value: "true" + - name: STRIP_EOF + value: "true" + - name: PIPELINE_RUNTIME + value: "tekton" + - name: INJECT_DEFAULT_SCRIPT + value: "true" + - name: APPLY_TEKTON_CUSTOM_RESOURCE + value: "true" + - name: TERMINATE_STATUS + value: "Cancelled" image: api-server:test6 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml index 567e79bbf..090f30d5e 100644 --- a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml @@ -37,35 +37,6 @@ spec: value: "mariadb-testdsp7.default.svc.cluster.local" - name: DBCONFIG_PORT value: "3306" - - name: ARTIFACT_BUCKET - value: "mlpipeline" - - name: ARTIFACT_ENDPOINT - value: "http://minio-testdsp7.default.svc.cluster.local:9000" - - name: ARTIFACT_SCRIPT - valueFrom: - configMapKeyRef: - key: "artifact_script" - name: "ds-pipeline-artifact-script-testdsp7" - - name: ARTIFACT_IMAGE - value: "artifact-manager:test7" - - name: ARCHIVE_LOGS - value: "false" - - name: EXECUTIONTYPE - value: PipelineRun - - name: TRACK_ARTIFACTS - value: "true" - - name: STRIP_EOF - value: "true" - - name: PIPELINE_RUNTIME - value: "tekton" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp7" - - name: INJECT_DEFAULT_SCRIPT - value: "true" - - name: APPLY_TEKTON_CUSTOM_RESOURCE - value: "true" - - name: TERMINATE_STATUS - value: "Cancelled" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION value: "true" - name: DBCONFIG_CONMAXLIFETIMESEC @@ -80,6 +51,8 @@ spec: value: "accesskey" - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY value: "secretkey" + - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT + value: "pipeline-runner-testdsp7" - name: OBJECTSTORECONFIG_BUCKETNAME value: "mlpipeline" - name: OBJECTSTORECONFIG_ACCESSKEY @@ -110,6 +83,23 @@ spec: value: ds-pipeline-testdsp7.default.svc.cluster.local - name: ML_PIPELINE_SERVICE_PORT_GRPC value: "8887" + - name: EXECUTIONTYPE + value: Workflow + - name: DB_DRIVER_NAME + value: mysql + - name: DBCONFIG_MYSQLCONFIG_USER + value: testuser + - name: DBCONFIG_MYSQLCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: "password" + name: "ds-pipeline-db-testdsp7" + - name: DBCONFIG_MYSQLCONFIG_DBNAME + value: "randomDBName" + - name: DBCONFIG_MYSQLCONFIG_HOST + value: "mariadb-testdsp7.default.svc.cluster.local" + - name: DBCONFIG_MYSQLCONFIG_PORT + value: "3306" image: api-server:test7 imagePullPolicy: Always name: ds-pipeline-api-server diff --git a/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml index f914a38e2..abcb70d3e 100644 --- a/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml @@ -35,7 +35,7 @@ spec: - name: KUBEFLOW_USERID_PREFIX value: "" - name: EXECUTIONTYPE - value: PipelineRun + value: Workflow image: persistenceagent:test7 imagePullPolicy: IfNotPresent name: ds-pipeline-persistenceagent @@ -73,4 +73,17 @@ spec: limits: cpu: 2524m memory: 5Gi + volumeMounts: + - mountPath: /var/run/secrets/kubeflow/tokens/persistenceagent-sa-token + name: persistenceagent-sa-token + subPath: ds-pipeline-persistenceagent-testdsp7-token serviceAccountName: ds-pipeline-persistenceagent-testdsp7 + volumes: + - name: persistenceagent-sa-token + projected: + sources: + - serviceAccountToken: + audience: pipelines.kubeflow.org + expirationSeconds: 3600 + path: ds-pipeline-persistenceagent-testdsp7-token + defaultMode: 420 From 8749630b5e6379f0748dd4e3f2d7df8aa2214007 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Tue, 5 Dec 2023 14:42:14 -0500 Subject: [PATCH 16/20] Add Context Documentation for WorkflowController - Add description and code comments regarding Workflow Controller and its image to the CRD and DSPO config --- api/v1alpha1/dspipeline_types.go | 1 + config/configmaps/files/config.yaml | 5 ++++- ...ions.opendatahub.io_datasciencepipelinesapplications.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/dspipeline_types.go b/api/v1alpha1/dspipeline_types.go index bc84557fe..c91efe42b 100644 --- a/api/v1alpha1/dspipeline_types.go +++ b/api/v1alpha1/dspipeline_types.go @@ -51,6 +51,7 @@ type DSPASpec struct { // +kubebuilder:validation:Optional // +kubebuilder:default:="v1" DSPVersion string `json:"dspVersion,omitempty"` + // WorkflowController is an argo-specific component that manages a DSPA's Workflow objects and handles the orchestration of them with the central Argo server // +kubebuilder:validation:Optional // +kubebuilder:default:={deploy: false} *WorkflowController `json:"workflowController,omitempty"` diff --git a/config/configmaps/files/config.yaml b/config/configmaps/files/config.yaml index dc5d0ef6f..3302586d9 100644 --- a/config/configmaps/files/config.yaml +++ b/config/configmaps/files/config.yaml @@ -37,7 +37,10 @@ ImagesV2: MlmdWriter: $(IMAGESV2_TEKTON_MLMDWRITER) VisualizationServer: $(IMAGES_TEKTON_VISUALIZATIONSERVER) # WorkflowController is an argo-only component - # Using argo image here only for fault tolerance, but should handle this in code. + # Using argo image here only for fault tolerance, but should handle this in code + # In a theoretical example, this is here so that if a V2 DSPA is using Tekton backend but + # also requests WorkflowController.deploy=true, we may hit issues if the value just doesn't exist. + # Having a fill-in value, even if it doesn't work with the rest of the deployment, alleviates some of those concerns WorkflowController: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) DSPO: HealthCheck: diff --git a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml index 499293c2d..d6f805dd9 100644 --- a/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml +++ b/config/crd/bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml @@ -763,6 +763,9 @@ spec: workflowController: default: deploy: false + description: WorkflowController is an argo-specific component that + manages a DSPA's Workflow objects and handles the orchestration + of them with the central Argo server properties: deploy: default: true From 07cf05fd646ec1f7ec6502df80f38bde6bb584b1 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 6 Dec 2023 10:47:22 -0500 Subject: [PATCH 17/20] Fix WorkflowController incorrect log messages --- controllers/workflow_controller.go | 6 +++--- controllers/workflow_controller_test.go | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/controllers/workflow_controller.go b/controllers/workflow_controller.go index eccbe0b20..21f0e01be 100644 --- a/controllers/workflow_controller.go +++ b/controllers/workflow_controller.go @@ -28,17 +28,17 @@ func (r *DSPAReconciler) ReconcileWorkflowController(dsp *dspav1alpha1.DataScien log := r.Log.WithValues("namespace", dsp.Namespace).WithValues("dspa_name", dsp.Name) if !dsp.Spec.WorkflowController.Deploy { - log.Info("Skipping Application of Visualization Server Resources") + log.Info("Skipping Application of WorkflowController Resources") return nil } - log.Info("Applying Visualization Server Resources") + log.Info("Applying WorkflowController Resources") err := r.ApplyDir(dsp, params, workflowControllerTemplatesDir) if err != nil { return err } - log.Info("Finished applying Visualization Server Resources") + log.Info("Finished applying WorkflowController Resources") return nil } diff --git a/controllers/workflow_controller_test.go b/controllers/workflow_controller_test.go index 31a4df87d..443535d82 100644 --- a/controllers/workflow_controller_test.go +++ b/controllers/workflow_controller_test.go @@ -30,7 +30,7 @@ func TestDeployWorkflowController(t *testing.T) { testDSPAName := "testdspa" expectedWorkflowControllerName := "ds-pipeline-workflow-controller-testdspa" - // Construct DSPASpec with deployed Visualization Server + // Construct DSPASpec with deployed WorkflowController dspa := &dspav1alpha1.DataSciencePipelinesApplication{ Spec: dspav1alpha1.DSPASpec{ APIServer: &dspav1alpha1.APIServer{ @@ -64,7 +64,7 @@ func TestDeployWorkflowController(t *testing.T) { err := params.ExtractParams(ctx, dspa, reconciler.Client, reconciler.Log) assert.Nil(t, err) - // Ensure Visualization Server Deployment doesn't yet exist + // Ensure WorkflowController Deployment doesn't yet exist deployment := &appsv1.Deployment{} created, err := reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) assert.False(t, created) @@ -74,7 +74,7 @@ func TestDeployWorkflowController(t *testing.T) { err = reconciler.ReconcileWorkflowController(dspa, params) assert.Nil(t, err) - // Ensure Visualization Server Deployment now exists + // Ensure WorkflowController Deployment now exists deployment = &appsv1.Deployment{} created, err = reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) assert.True(t, created) @@ -87,7 +87,7 @@ func TestDontDeployWorkflowController(t *testing.T) { testDSPAName := "testdspa" expectedWorkflowControllerName := "ds-pipeline-workflow-controller-testdspa" - // Construct DSPASpec with non-deployed Visualization Server + // Construct DSPASpec with non-deployed WorkflowController dspa := &dspav1alpha1.DataSciencePipelinesApplication{ Spec: dspav1alpha1.DSPASpec{ WorkflowController: &dspav1alpha1.WorkflowController{ @@ -103,7 +103,7 @@ func TestDontDeployWorkflowController(t *testing.T) { // Create Context, Fake Controller and Params ctx, params, reconciler := CreateNewTestObjects() - // Ensure Visualization Server Deployment doesn't yet exist + // Ensure WorkflowController Deployment doesn't yet exist deployment := &appsv1.Deployment{} created, err := reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) assert.False(t, created) @@ -113,7 +113,7 @@ func TestDontDeployWorkflowController(t *testing.T) { err = reconciler.ReconcileWorkflowController(dspa, params) assert.Nil(t, err) - // Ensure Visualization Server Deployment still doesn't exist + // Ensure WorkflowController Deployment still doesn't exist deployment = &appsv1.Deployment{} created, err = reconciler.IsResourceCreated(ctx, deployment, expectedWorkflowControllerName, testNamespace) assert.False(t, created) From 86e191a1bc9c2fa4422b5005caa7e95e6a1abb89 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Wed, 6 Dec 2023 10:49:10 -0500 Subject: [PATCH 18/20] Remove Unused V2Tekton Image References --- config/base/kustomization.yaml | 18 ++---------------- config/base/params.env | 2 +- config/configmaps/files/config.yaml | 19 +------------------ config/manager/manager.yaml | 4 ++-- controllers/config/defaults.go | 1 + controllers/dspipeline_params.go | 3 ++- kfdef/kfdef.yaml | 2 +- 7 files changed, 10 insertions(+), 39 deletions(-) diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 157c11d90..e3b47b8d6 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -162,13 +162,13 @@ vars: apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_ARGO_ARTIFACT - - name: IMAGESV2_ARGO_PERSISTENTAGENT + - name: IMAGESV2_ARGO_PERSISTENCEAGENT objref: kind: ConfigMap name: dspo-parameters apiVersion: v1 fieldref: - fieldpath: data.IMAGESV2_ARGO_PERSISTENTAGENT + fieldpath: data.IMAGESV2_ARGO_PERSISTENCEAGENT - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW objref: kind: ConfigMap @@ -190,20 +190,6 @@ vars: apiVersion: v1 fieldref: fieldpath: data.IMAGESV2_ARGO_MOVERESULTSIMAGE - - name: IMAGESV2_ARGO_PERSISTENTAGENT - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_PERSISTENTAGENT - - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW - objref: - kind: ConfigMap - name: dspo-parameters - apiVersion: v1 - fieldref: - fieldpath: data.IMAGESV2_SCHEDULEDWORKFLOW - name: IMAGESV2_ARGO_MLMDENVOY objref: kind: ConfigMap diff --git a/config/base/params.env b/config/base/params.env index 856b2e0b3..622ca7572 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -14,7 +14,7 @@ IMAGES_CRDVIEWER=gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-rc.2 IMAGES_VISUALIZATIONSERVER=gcr.io/ml-pipeline/visualization-server:2.0.0-rc.2 IMAGESV2_ARGO_APISERVER=gcr.io/ml-pipeline/api-server:2.0.2 IMAGESV2_ARGO_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:main -IMAGESV2_ARGO_PERSISTENTAGENT=gcr.io/ml-pipeline/persistenceagent:2.0.2 +IMAGESV2_ARGO_PERSISTENCEAGENT=gcr.io/ml-pipeline/persistenceagent:2.0.2 IMAGESV2_ARGO_SCHEDULEDWORKFLOW=gcr.io/ml-pipeline/scheduledworkflow:2.0.2 IMAGESV2_ARGO_MLMDENVOY=gcr.io/ml-pipeline/metadata-envoy:2.0.2 IMAGESV2_ARGO_MLMDGRPC=gcr.io/tfx-oss-public/ml_metadata_store_server:1.14.0 diff --git a/config/configmaps/files/config.yaml b/config/configmaps/files/config.yaml index 3302586d9..1b33b54f1 100644 --- a/config/configmaps/files/config.yaml +++ b/config/configmaps/files/config.yaml @@ -18,30 +18,13 @@ ImagesV2: Artifact: $(IMAGESV2_ARGO_ARTIFACT) Cache: $(IMAGESV2_ARGO_CACHE) MoveResultsImage: $(IMAGESV2_ARGO_MOVERESULTSIMAGE) - PersistentAgent: $(IMAGESV2_ARGO_PERSISTENTAGENT) + PersistentAgent: $(IMAGESV2_ARGO_PERSISTENCEAGENT) ScheduledWorkflow: $(IMAGESV2_ARGO_SCHEDULEDWORKFLOW) MlmdEnvoy: $(IMAGESV2_ARGO_MLMDENVOY) MlmdGRPC: $(IMAGESV2_ARGO_MLMDGRPC) MlmdWriter: $(IMAGESV2_ARGO_MLMDWRITER) VisualizationServer: $(IMAGES_ARGO_VISUALIZATIONSERVER) WorkflowController: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) - Tekton: - ApiServer: $(IMAGESV2_TEKTON_APISERVER) - Artifact: $(IMAGESV2_TEKTON_ARTIFACT) - Cache: $(IMAGESV2_TEKTON_CACHE) - MoveResultsImage: $(IMAGESV2_TEKTON_MOVERESULTSIMAGE) - PersistentAgent: $(IMAGESV2_TEKTON_PERSISTENTAGENT) - ScheduledWorkflow: $(IMAGESV2_TEKTON_SCHEDULEDWORKFLOW) - MlmdEnvoy: $(IMAGESV2_TEKTON_MLMDENVOY) - MlmdGRPC: $(IMAGESV2_TEKTON_MLMDGRPC) - MlmdWriter: $(IMAGESV2_TEKTON_MLMDWRITER) - VisualizationServer: $(IMAGES_TEKTON_VISUALIZATIONSERVER) - # WorkflowController is an argo-only component - # Using argo image here only for fault tolerance, but should handle this in code - # In a theoretical example, this is here so that if a V2 DSPA is using Tekton backend but - # also requests WorkflowController.deploy=true, we may hit issues if the value just doesn't exist. - # Having a fill-in value, even if it doesn't work with the rest of the deployment, alleviates some of those concerns - WorkflowController: $(IMAGESV2_ARGO_WORKFLOWCONTROLLER) DSPO: HealthCheck: Database: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index cb0896126..df9fc077e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -66,8 +66,8 @@ spec: value: $(IMAGESV2_ARGO_APISERVER) - name: IMAGESV2_ARGO_ARTIFACT value: $(IMAGESV2_ARGO_ARTIFACT) - - name: IMAGESV2_ARGO_PERSISTENTAGENT - value: $(IMAGESV2_ARGO_PERSISTENTAGENT) + - name: IMAGESV2_ARGO_PERSISTENCEAGENT + value: $(IMAGESV2_ARGO_PERSISTENCEAGENT) - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW value: $(IMAGESV2_ARGO_SCHEDULEDWORKFLOW) - name: IMAGESV2_ARGO_CACHE diff --git a/controllers/config/defaults.go b/controllers/config/defaults.go index 99ca0306d..a847047fa 100644 --- a/controllers/config/defaults.go +++ b/controllers/config/defaults.go @@ -91,6 +91,7 @@ const ( // DSPV2-Tekton Image Paths // Note: These won't exist in config but aren't used, adding in case of future support +// TODO: remove const ( APIServerImagePathV2Tekton = "ImagesV2.Tekton.ApiServer" APIServerArtifactImagePathV2Tekton = "ImagesV2.Tekton.Artifact" diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 57e6e8f2f..9666f54da 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -40,7 +40,6 @@ type DSPAParams struct { Namespace string Owner mf.Owner DSPVersion string - EngineDriver string APIServer *dspa.APIServer APIServerPiplinesCABundleMountPath string PiplinesCABundleMountPath string @@ -96,6 +95,8 @@ func (p *DSPAParams) UsingTektonEngineDriver(dsp *dspa.DataSciencePipelinesAppli return !p.UsingV2Pipelines(dsp) } +// TODO: rework to dynamically retrieve image based soley on 'pipelinesVersion' and 'engineDriver' rather than +// explicitly set images func (p *DSPAParams) GetImageForComponent(dsp *dspa.DataSciencePipelinesApplication, v1Image, v2ArgoImage, v2TektonImage string) string { if p.UsingV2Pipelines(dsp) { if p.UsingArgoEngineDriver(dsp) { diff --git a/kfdef/kfdef.yaml b/kfdef/kfdef.yaml index 697f2aed1..ffc494d94 100644 --- a/kfdef/kfdef.yaml +++ b/kfdef/kfdef.yaml @@ -38,7 +38,7 @@ spec: value: gcr.io/ml-pipeline/api-server:2.0.2 - name: IMAGESV2_ARGO_ARTIFACT value: quay.io/opendatahub/ds-pipelines-artifact-manager:main - - name: IMAGESV2_ARGO_PERSISTENTAGENT + - name: IMAGESV2_ARGO_PERSISTENCEAGENT value: gcr.io/ml-pipeline/persistenceagent:2.0.2 - name: IMAGESV2_ARGO_SCHEDULEDWORKFLOW value: gcr.io/ml-pipeline/scheduledworkflow:2.0.2 From e4921bc6441be74f2d9a704d8b061520bf96d461 Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Mon, 11 Dec 2023 13:21:48 -0500 Subject: [PATCH 19/20] Correct makedeploy newTag pointer --- config/overlays/make-deploy/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/overlays/make-deploy/kustomization.yaml b/config/overlays/make-deploy/kustomization.yaml index 1ec5fdeb4..7814f52a5 100644 --- a/config/overlays/make-deploy/kustomization.yaml +++ b/config/overlays/make-deploy/kustomization.yaml @@ -8,4 +8,4 @@ patchesStrategicMerge: images: - name: controller newName: quay.io/opendatahub/data-science-pipelines-operator - newTag: pr-479 + newTag: main From ade82dacdae5064d9fe82d6dd78cf27252b334ec Mon Sep 17 00:00:00 2001 From: Giulio Frasca Date: Mon, 11 Dec 2023 13:28:15 -0500 Subject: [PATCH 20/20] Remove broken rbac kustomization item --- config/rbac/kustomization.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index fe94772a8..1f0dd897c 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,6 +9,5 @@ resources: - role_binding.yaml - role.yaml - service_account.yaml -- aggregate_dspa_role.yaml - argo_role.yaml - argo_role_binding.yaml