forked from kubeflow/manifests
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding Openshift stack (kubeflow#1567)
* Adding owners files * adding required openshift scc * Adding istio * Adding istio * Fixing kustomize * adding cert-manager * Adding Argo * Adding cert manager * Adding jupyter web app * adding profiles and nb controller * Adding components * Adding Seldon * Adding kfdef for openshift * Fixing the fsgrp issue with nb controller * Adding a patch for jnakfour in metadatadb * moving openshift-scc to top * Adding namespace in profiles * Disabling tls in destination rule for pipeline ui * Adding route * Moving profiles and pipeline to top kustomize * Adding new line * Adding custom profile image to disable istio injection * Updating profile image and istio scc * Switching pipeline to generic and pulling out to application Co-authored-by: Juana Nakfour <nakfour>
- Loading branch information
Juana Nakfour
committed
Nov 6, 2020
1 parent
b0fd34c
commit 3440e7b
Showing
42 changed files
with
1,209 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
apiVersion: kfdef.apps.kubeflow.org/v1 | ||
kind: KfDef | ||
metadata: | ||
name: kubeflow | ||
namespace: kubeflow | ||
spec: | ||
applications: | ||
# This needs to be first to set up permissions | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/openshift/openshift-scc | ||
name: openshift-scc | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/istio-stack | ||
name: istio-stack | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/istio | ||
name: istio | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: application/v3 | ||
name: application | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: metacontroller/base | ||
name: metacontroller | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/cert-manager-crds | ||
name: cert-manager-crds | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/cert-manager-kube-system-resources | ||
name: cert-manager-kube-system-resources | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/cert-manager | ||
name: cert-manager | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/argo | ||
name: argo | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/jupyter-web-app | ||
name: jupyter-web-app | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/notebook-controller | ||
name: notebook-controller | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/metadata | ||
name: metadata | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/tf-job | ||
name: tf-job | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/pytorch-job | ||
name: pytorch-job | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/katib | ||
name: katib | ||
# commenting this out since it is included in kubeflow-apps | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/pipeline | ||
name: pipeline | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift/application/seldon | ||
name: seldon | ||
- kustomizeConfig: | ||
repoRef: | ||
name: manifests | ||
path: stacks/openshift | ||
name: kubeflow-apps | ||
repos: | ||
- name: manifests | ||
uri: https://github.com/kubeflow/manifests/archive/v1.1-branch.tar.gz | ||
version: v1.0-branch |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
approvers: | ||
- nakfour | ||
- vpavlin | ||
- crobby |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: kubeflow | ||
resources: | ||
- ../../../../argo/base_v3 | ||
configMapGenerator: | ||
- name: workflow-controller-parameters | ||
behavior: merge | ||
literals: | ||
- containerRuntimeExecutor=k8sapi | ||
- name: kubeflow-config | ||
envs: | ||
- ../../config/params.env | ||
# We need to define vars at the top level otherwise we will get | ||
# conflicts. | ||
vars: | ||
- fieldref: | ||
fieldPath: data.clusterDomain | ||
name: clusterDomain | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: kubeflow-config | ||
- fieldref: | ||
fieldPath: metadata.namespace | ||
name: namespace | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: kubeflow-config | ||
|
||
|
5 changes: 5 additions & 0 deletions
5
stacks/openshift/application/cert-manager-crds/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: cert-manager | ||
resources: | ||
- ../../../../cert-manager/cert-manager-crds/base |
5 changes: 5 additions & 0 deletions
5
stacks/openshift/application/cert-manager-kube-system-resources/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: kube-system | ||
resources: | ||
- ../../../../cert-manager/cert-manager-kube-system-resources/base |
13 changes: 13 additions & 0 deletions
13
stacks/openshift/application/cert-manager/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
commonLabels: | ||
app.kubernetes.io/component: cert-manager | ||
app.kubernetes.io/name: cert-manager | ||
kustomize.component: cert-manager | ||
kind: Kustomization | ||
namespace: cert-manager | ||
resources: | ||
- ../../../../cert-manager/cert-manager/base | ||
- ../../../../cert-manager/cert-manager/overlays/application/application.yaml | ||
- ../../../../cert-manager/cert-manager/overlays/self-signed/cluster-issuer.yaml | ||
configurations: | ||
- ../../../../cert-manager/cert-manager/overlays/application/params.yaml |
17 changes: 17 additions & 0 deletions
17
stacks/openshift/application/istio-stack/ingressgateway.route.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
kind: Route | ||
apiVersion: route.openshift.io/v1 | ||
metadata: | ||
name: istio-ingressgateway | ||
namespace: istio-system | ||
labels: | ||
app: istio-ingressgateway | ||
istio: ingressgateway | ||
release: istio | ||
spec: | ||
to: | ||
kind: Service | ||
name: istio-ingressgateway | ||
weight: 100 | ||
port: | ||
targetPort: http2 | ||
wildcardPolicy: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: istio-system | ||
resources: | ||
- ../../../../istio/istio-crds/base | ||
- ../../../../istio/istio-install/base | ||
- ingressgateway.route.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: kubeflow | ||
resources: | ||
- ../../../../istio/istio/base | ||
|
||
configMapGenerator: | ||
- name: istio-parameters | ||
behavior: merge | ||
envs: | ||
- params.env | ||
configurations: | ||
- params.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
clusterRbacConfig=OFF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
varReference: | ||
- path: spec/mode | ||
kind: ClusterRbacConfig |
125 changes: 125 additions & 0 deletions
125
stacks/openshift/application/jupyter-web-app/configs/spawner_ui_config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
# Configuration file for the Jupyter UI. | ||
# | ||
# Each Jupyter UI option is configured by two keys: 'value' and 'readOnly' | ||
# - The 'value' key contains the default value | ||
# - The 'readOnly' key determines if the option will be available to users | ||
# | ||
# If the 'readOnly' key is present and set to 'true', the respective option | ||
# will be disabled for users and only set by the admin. Also when a | ||
# Notebook is POSTED to the API if a necessary field is not present then | ||
# the value from the config will be used. | ||
# | ||
# If the 'readOnly' key is missing (defaults to 'false'), the respective option | ||
# will be available for users to edit. | ||
# | ||
# Note that some values can be templated. Such values are the names of the | ||
# Volumes as well as their StorageClass | ||
spawnerFormDefaults: | ||
image: | ||
# The container Image for the user's Jupyter Notebook | ||
# If readonly, this value must be a member of the list below | ||
value: quay.io/kubeflow/tf-notebook-image:v0.7.0 | ||
# The list of available standard container Images | ||
options: | ||
- quay.io/kubeflow/tf-notebook-image:v0.7.0 | ||
# By default, custom container Images are allowed | ||
# Uncomment the following line to only enable standard container Images | ||
readOnly: false | ||
cpu: | ||
# CPU for user's Notebook | ||
value: '0.5' | ||
readOnly: false | ||
memory: | ||
# Memory for user's Notebook | ||
value: 1.0Gi | ||
readOnly: false | ||
workspaceVolume: | ||
# Workspace Volume to be attached to user's Notebook | ||
# Each Workspace Volume is declared with the following attributes: | ||
# Type, Name, Size, MountPath and Access Mode | ||
value: | ||
type: | ||
# The Type of the Workspace Volume | ||
# Supported values: 'New', 'Existing' | ||
value: New | ||
name: | ||
# The Name of the Workspace Volume | ||
# Note that this is a templated value. Special values: | ||
# {notebook-name}: Replaced with the name of the Notebook. The frontend | ||
# will replace this value as the user types the name | ||
value: 'workspace-{notebook-name}' | ||
size: | ||
# The Size of the Workspace Volume (in Gi) | ||
value: '10Gi' | ||
mountPath: | ||
# The Path that the Workspace Volume will be mounted | ||
value: /home/jovyan | ||
accessModes: | ||
# The Access Mode of the Workspace Volume | ||
# Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany' | ||
value: ReadWriteOnce | ||
class: | ||
# The StrageClass the PVC will use if type is New. Special values are: | ||
# {none}: default StorageClass | ||
# {empty}: empty string "" | ||
value: '{none}' | ||
readOnly: false | ||
dataVolumes: | ||
# List of additional Data Volumes to be attached to the user's Notebook | ||
value: [] | ||
# Each Data Volume is declared with the following attributes: | ||
# Type, Name, Size, MountPath and Access Mode | ||
# | ||
# For example, a list with 2 Data Volumes: | ||
# value: | ||
# - value: | ||
# type: | ||
# value: New | ||
# name: | ||
# value: '{notebook-name}-vol-1' | ||
# size: | ||
# value: '10Gi' | ||
# class: | ||
# value: standard | ||
# mountPath: | ||
# value: /home/jovyan/vol-1 | ||
# accessModes: | ||
# value: ReadWriteOnce | ||
# class: | ||
# value: {none} | ||
# - value: | ||
# type: | ||
# value: New | ||
# name: | ||
# value: '{notebook-name}-vol-2' | ||
# size: | ||
# value: '10Gi' | ||
# mountPath: | ||
# value: /home/jovyan/vol-2 | ||
# accessModes: | ||
# value: ReadWriteMany | ||
# class: | ||
# value: {none} | ||
readOnly: false | ||
gpus: | ||
# Number of GPUs to be assigned to the Notebook Container | ||
value: | ||
# values: "none", "1", "2", "4", "8" | ||
num: "none" | ||
# Determines what the UI will show and send to the backend | ||
vendors: | ||
- limitsKey: "nvidia.com/gpu" | ||
uiName: "NVIDIA" | ||
# Values: "" or a `limits-key` from the vendors list | ||
vendor: "" | ||
readOnly: false | ||
shm: | ||
value: true | ||
readOnly: false | ||
configurations: | ||
# List of labels to be selected, these are the labels from PodDefaults | ||
# value: | ||
# - add-gcp-secret | ||
# - default-editor | ||
value: [] | ||
readOnly: false |
36 changes: 36 additions & 0 deletions
36
stacks/openshift/application/jupyter-web-app/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
namespace: kubeflow | ||
resources: | ||
- ../../../../jupyter/jupyter-web-app/base_v3 | ||
configMapGenerator: | ||
- name: jupyter-web-app-config | ||
behavior: merge | ||
files: | ||
- ./configs/spawner_ui_config.yaml | ||
- name: kubeflow-config | ||
envs: | ||
- ../../config/params.env | ||
# We need to define vars at the top level otherwise we will get | ||
# conflicts. | ||
vars: | ||
- fieldref: | ||
fieldPath: data.clusterDomain | ||
name: clusterDomain | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: kubeflow-config | ||
- fieldref: | ||
fieldPath: metadata.namespace | ||
name: namespace | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: kubeflow-config | ||
|
||
images: | ||
- name: gcr.io/kubeflow-images-public/jupyter-web-app | ||
newTag: v1.0.0 | ||
newName: quay.io/kubeflow/jupyter-web-app | ||
|
3 changes: 3 additions & 0 deletions
3
stacks/openshift/application/katib/katib-controller-deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
- op: add | ||
path: /spec/template/spec/containers/0/args/- | ||
value: '--webhook-inject-securitycontext=true' |
Oops, something went wrong.