Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Master #1

Merged
merged 123 commits into from
Nov 26, 2020
Merged

Bump Master #1

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
60c2bbf
Disable sidecar for activator and autoscaler (#1340)
yuzisun Jul 3, 2020
9a2fc70
Update to KFP 1.0.0-rc.3 (#1341)
Bobgy Jul 5, 2020
bad1ffe
fix(gcp): Use IAMPolicyMember for workload identity bindings (#1347)
Bobgy Jul 6, 2020
0186ae8
added support for registration flow env variable (#1335)
maganaluis Jul 7, 2020
3d8651e
feat: KFP multi user mode PR1 - enable multi user mode without istio …
Bobgy Jul 7, 2020
14de0c7
add kfctl_ibm_dex.yaml the dex version of Kubeflow kfdef configuratio…
adrian555 Jul 7, 2020
ed6928a
[AWS] Upgrade istio auth adapter version (#1353)
Jeffwan Jul 7, 2020
1861ca5
[AWS] Revert istio version in cognito manifest back to 1.1.x (#1360)
Jeffwan Jul 8, 2020
0a37a87
add myself to kfdef/OWNERS (#1355)
adrian555 Jul 8, 2020
ffb31aa
Switch GCP to regular channel which is on GKE 1.16 (#1366)
jlewi Jul 8, 2020
8947d3a
Use kubeflow userid header and prefix config for KFP servers (#1365)
Bobgy Jul 9, 2020
748a617
feat: KFP multi user mode PR2 - secure KFP with istio mTLS and authz …
Bobgy Jul 10, 2020
0c89baa
refactor: pipelines profile controller should get minio access keys f…
Bobgy Jul 10, 2020
58e99b2
feat: Use KFP multi user mode for GCP (#1373)
Bobgy Jul 10, 2020
6168766
Add knative and kfserving to GCP stack (#1376)
jlewi Jul 10, 2020
fb8760d
[auto PR] Update the notebook-controller image to tag vmaster-g101c77…
kubeflow-bot Jul 10, 2020
13062e9
Fix for Seldon custom namespace installs of kubeflow (#1375)
ukclivecox Jul 13, 2020
5cc6fd3
feat: Add application and common labels to KFP and various fixes (#1374)
Bobgy Jul 13, 2020
3254452
Update Katib image tag to c3b38d8 on master (#1350)
andreyvelich Jul 14, 2020
8a95734
knative shouldn't be part of GCP stack kustomization (#1381)
jlewi Jul 14, 2020
ac14931
Remove katib-metricscollector-injection label from Kubeflow namespace…
andreyvelich Jul 14, 2020
430b4d0
Revert CRD status exception and remove status from Seldon CRD (#1389)
ukclivecox Jul 16, 2020
09ec1c3
Check in expected kpt output for Kptfile refactoring (#1393)
jlewi Jul 20, 2020
902e6f3
feat: update KFP to 1.0.0 (#1397)
Bobgy Jul 20, 2020
94d1e48
Migrate AWS manifests to v3 pattern (#1396)
Jeffwan Jul 21, 2020
78c961a
Convert v1 to v2 setters & substituions in gcp (#1398)
jlewi Jul 21, 2020
0647e6d
Add optional Knative eventing component (#1402)
Tomcli Jul 21, 2020
59aeca3
Update tektoncd pipeline and dashboard version to the latest release …
Tomcli Jul 21, 2020
71299ee
[auto PR] Update the centraldashboard image to tag vmaster-gd601b2d0 …
kubeflow-bot Jul 22, 2020
92c7c05
[auto PR] Update the kfam image to tag vmaster-g9f3bfd00 (#1280)
kubeflow-bot Jul 23, 2020
ffe6f98
AWS Kfdef changes using v3 stacks (#1410)
Jul 24, 2020
3c8f0a4
Moving central dashboard links to configmap (#1394)
SachinVarghese Jul 24, 2020
baddd85
Add PatrickXYS into reviewer list (#1425)
Jul 25, 2020
dcfc9f2
chore: upgrade istio to 1.4.10-asm.15 (#1412)
Bobgy Jul 27, 2020
1ac4d8b
Bring back some istio virtual services back to kubeflow namespace (#1…
Jul 29, 2020
1186db5
Correct AWS authz adaptor header (#1435)
Jeffwan Jul 30, 2020
4c1221c
Fix management blueprint kptfile and stop using namespace mode for CN…
jlewi Jul 30, 2020
5bdce80
Fix cloudresourcemanager service; missing ApiVersion. (#1437)
jlewi Jul 30, 2020
759992c
add kfctl_ibm_dex_multi_user.yaml kfdef configuration (#1428)
adrian555 Jul 31, 2020
34b07b5
Upgrade AWS jupyter images to 1.1.0 (#1442)
Jeffwan Jul 31, 2020
e3f7453
Pass userid-header param to kfam (#1445)
yhwang Jul 31, 2020
011c81e
[IBM] update manifests repo link (#1447)
adrian555 Jul 31, 2020
9709bd3
Add a kustomize function to remove namespace (#1446)
jlewi Aug 2, 2020
c2f1132
Update Katib image tag to ce89cbf on master (#1440)
andreyvelich Aug 3, 2020
b34d7f8
Update unit test for the latest changes (#1454)
andreyvelich Aug 3, 2020
875e292
cert-manager namespace needs label control-plane (#1451)
jlewi Aug 3, 2020
2661054
Add Bobgy to OWNERS (#1453)
Bobgy Aug 3, 2020
e55cf3d
Create a kustomize function to change the gateway of virtual services…
jlewi Aug 4, 2020
01719e1
Add Seldon Owners (#1295)
ukclivecox Aug 4, 2020
b3f8a28
Add Jeffwan to OWNERS files (#1443)
Jeffwan Aug 5, 2020
34c4158
[auto PR] Update the profile-controller image to tag vmaster-ga49f658…
kubeflow-bot Aug 5, 2020
9ab472f
Fix XGBoost Operator manifest issue (#1463)
Jeffwan Aug 6, 2020
ddbbd74
Migrate istio and dex to V3 (#1426)
Aug 6, 2020
6ec36d3
Clean up inactive approvers (#1458)
Jeffwan Aug 7, 2020
65d350f
[auto PR] Update the jupyter-web-app image to tag vmaster-g845af298 (…
kubeflow-bot Aug 8, 2020
8449d4e
[auto PR] Update the notebook-controller image to tag vmaster-g845af2…
kubeflow-bot Aug 8, 2020
316c3f1
Remove tensorboard manifest (#1459)
Jeffwan Aug 10, 2020
1d717cb
fix: update kfp profile controller's version (#1488)
Bobgy Aug 13, 2020
6dcebbe
v1.1 istio dex components for kubernetes installation (#1494)
krishnadurai Aug 17, 2020
c429076
v1.1 manifests for vanilla k8s (#1483)
swiftdiaries Aug 18, 2020
13e0220
add parameter for istio gateway in oidc-authservice (#1123)
thesuperzapper Aug 26, 2020
3306cdc
Remove http from the GCP ingress and explicitly set the default backe…
jlewi Aug 27, 2020
ed61541
Add missing files for k8s_istio.v1.1.0 KFDef (#1515)
pvaneck Aug 31, 2020
ebc3c77
Delete Deployment manager configs for GCP (#1538)
virgoaugustine Sep 8, 2020
3fd1c71
Fixes #1509: Notebook CRD allows misconfigured notebooks that make th…
agoblet Sep 9, 2020
365b598
fix application specs (#1106)
thesuperzapper Sep 11, 2020
2fdf610
Add USERID_HEADER argument in access management (#1559)
Jeffwan Sep 16, 2020
042c84e
Add Myself into AWS OWNERS (#1557)
PatrickXYS Sep 16, 2020
bf67bc6
Add AWS v1.1.0 manifest to master branch (#1560)
Jeffwan Sep 16, 2020
c728bc7
ASM Mesh id should be proj-${PROJECTNUBMER} (#1563)
jlewi Sep 21, 2020
f95406b
Update kfctl_ibm manifests to use Istio 1.3.1 (#1580)
pvaneck Oct 14, 2020
ea1a351
[IBM] split full stack to components to support finer grain customiza…
adrian555 Oct 20, 2020
ff23fbe
Upgrade CNRM from 1.15 to 1.27.2 (#1595)
jlewi Oct 29, 2020
fc7858f
[auto PR] Update the pytorch-operator image to tag vmaster-g518f9c76 …
kubeflow-bot Oct 29, 2020
4acbcce
[auto PR] Update the xgboost-operator image to tag vmaster-g56c2c075 …
kubeflow-bot Oct 29, 2020
6372198
[auto PR] Update the tf_operator image to tag vmaster-gda226016 (#1485)
kubeflow-bot Oct 29, 2020
c903ce8
Add PatrickXYS as tests folder approver (#1598)
Oct 30, 2020
eea545d
[Fix tests] Skip non SequenceNode yaml to work around on the old kyam…
Tomcli Nov 3, 2020
82c6f35
feat(kfp): update kfp upstream manifests to 1.0.4 (#1605)
Bobgy Nov 3, 2020
343c6f3
Update Notebook OWNERS (#1599)
thesuperzapper Nov 3, 2020
5c2ae32
Katib 0.10 v1beta1 release (#1593)
andreyvelich Nov 4, 2020
855d7e9
Add PatrickXYS as OWNER of manifests repo (#1606)
Nov 4, 2020
0f673cf
[auto PR] Update the notebook-controller image to tag vmaster-g6eb007…
kubeflow-bot Nov 4, 2020
f0f5fbb
Add E2E Test on Kubeflow Shared Test-infra (#1601)
Nov 4, 2020
cdbcb2a
Update OWNERS file with Arrikto folk (#1607)
yanniszark Nov 4, 2020
4b9d01c
Update kfserving manifests for v0.4.1 (#1575)
pvaneck Nov 5, 2020
4238085
Add a test to verify no more use of deprecated env syntax (#1610)
jlewi Nov 5, 2020
1068243
Add AWS Periodic Tests (#1612)
Nov 5, 2020
7642630
Seldon 1.4.0 Upgrade for Kubeflow 1.2 Release (#1600)
ukclivecox Nov 5, 2020
7eaaab5
Ibmcloud appid (#1594)
shawnzhu Nov 5, 2020
3f9398f
Increase unit test argo workflow TTL (#1611)
Nov 5, 2020
7f0f77c
Add Periodic Tests back (#1615)
Nov 6, 2020
b9c5b80
Update Katib 0.10 image tag to 6dc1af8 (#1614)
andreyvelich Nov 6, 2020
b0fd34c
[IBM] Remap components to application for IBM stack (#1603)
moficodes Nov 6, 2020
3440e7b
Adding Openshift stack (#1567)
Nov 6, 2020
729e3cd
Add missing role to the Katib RBAC (#1618)
andreyvelich Nov 8, 2020
1d42a4d
Add kfdef 1.2 manifests (#1620)
Jeffwan Nov 9, 2020
7f563d2
[IBM] Add kfp-tekton deployment and update IBM stacks (#1621)
Tomcli Nov 10, 2020
6c4f265
fix mysql deployment strategy (#1562)
thesuperzapper Nov 10, 2020
3a690b3
Pin IBM v1.2 manifests (#1627)
Tomcli Nov 10, 2020
3b921da
Remove Tensorboard for AWS 1.2 Manifests (#1629)
Nov 10, 2020
7f4d943
Presubmit kicked off by istio_dex manifests (#1630)
Nov 11, 2020
e174d47
Update Knative to 0.14.3 (#1617)
pvaneck Nov 11, 2020
fcd557a
Add Paul as a reviewer (#1632)
animeshsingh Nov 11, 2020
81a22d5
feat: remove outdated metadata UI manifests (#1619)
Bobgy Nov 11, 2020
50fd92b
Rollout AWS Jupyter images to 1.2.0 (#1636)
Nov 12, 2020
9412a48
Replacement PR for PR #1625 - Azure kfdef manifests for 1.2 and previ…
berndverst Nov 12, 2020
674fa69
feat: remove kf metadata server (#1638)
Bobgy Nov 12, 2020
ab8d131
Adds Azure Stack Tests (#1640)
berndverst Nov 13, 2020
051f31a
update jupyter config with tolerations/selectors (#1644)
thesuperzapper Nov 16, 2020
fdd3204
update image tags (#1645)
thesuperzapper Nov 16, 2020
3e88eab
fix application selectors (#1646)
thesuperzapper Nov 16, 2020
a95c7d0
fix commonLabels (#1647)
thesuperzapper Nov 16, 2020
069ed80
Enable AWS Kubeflow-Kubernetes Periodic Tests (#1650)
Nov 16, 2020
7351704
[IBM] Update notebooks and profiles image tags (#1652)
pvaneck Nov 17, 2020
01028bd
Add Flink Operator to Kubeflow manifests (#1469)
Jeffwan Nov 17, 2020
cb844d3
update OWNERS (#1656)
thesuperzapper Nov 18, 2020
caf2c9b
Enable central dashboard to use configmap and remove manifest link (#…
Jeffwan Nov 18, 2020
e3bec69
Update jupyter web app image tag for Azure Stack (#1657)
berndverst Nov 18, 2020
b722994
Customize dashboard links in Azure Stack (#1655)
berndverst Nov 19, 2020
712afa8
Update jupyter config with tolerations/selectors for aws (#1662)
Jeffwan Nov 19, 2020
338b124
fix(kfp): fix application label selector. Part of #1573 (#1663)
Bobgy Nov 19, 2020
4e004e5
Fix web hook variables in seldon kustomize not being updated by kfctl…
ukclivecox Nov 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix(gcp): Use IAMPolicyMember for workload identity bindings (kubeflo… 
…w#1347)

* fix profile controller iam binding

* rename
  • Loading branch information
@Bobgy
Bobgy committed Jul 6, 2020
commit bad1ffef5ab7de7b79f91e589ac17afe2661e1fe
13 changes: 13 additions & 0 deletions gcp/v2/cnrm/iam/admin-manages-user-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: name-admin-manages-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
member: serviceAccount:[email protected] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"},{"name":"gcloud.core.project","value":"project-id"}]}}
# "roles/serviceAccountAdmin" grants kf-admin service account permission to
# manage workload identity binding policies for kf-user service account.
role: roles/iam.serviceAccountAdmin
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
14 changes: 0 additions & 14 deletions gcp/v2/cnrm/iam/kf-admin-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,17 +165,3 @@ spec:
apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
external: projects/project-id # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: name-admin-workload-identity-users # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-admin # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:project-id.svc.id.goog[kubeflow/profiles-controller-service-account] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
11 changes: 11 additions & 0 deletions gcp/v2/cnrm/iam/kf-admin-workload-identity-bindings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: name-admin-workload-identity-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
member: serviceAccount:project-id.svc.id.goog[kubeflow/profiles-controller-service-account] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
role: roles/iam.workloadIdentityUser
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-admin # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
16 changes: 0 additions & 16 deletions gcp/v2/cnrm/iam/kf-user-policy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,19 +141,3 @@ spec:
apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
kind: Project
external: projects/project-id # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicy
metadata:
name: name-user-workload-identity-users # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
bindings:
- role: roles/iam.workloadIdentityUser
members:
- serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-ui] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
- serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-visualizationserver] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
- serviceAccount:project-id.svc.id.goog[kubeflow/pipeline-runner] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
35 changes: 35 additions & 0 deletions gcp/v2/cnrm/iam/kf-user-workload-identity-bindings.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: name-user-workload-identity-user-ml-pipeline-ui # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-ui] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
role: roles/iam.workloadIdentityUser
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: name-user-workload-identity-user-ml-pipeline-visualizationserver # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
member: serviceAccount:project-id.svc.id.goog[kubeflow/ml-pipeline-visualizationserver] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
role: roles/iam.workloadIdentityUser
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
---
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
name: name-user-workload-identity-user-pipeline-runner # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
spec:
member: serviceAccount:project-id.svc.id.goog[kubeflow/pipeline-runner] # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"gcloud.core.project","value":"project-id"}]}}
role: roles/iam.workloadIdentityUser
resourceRef:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
name: name-user # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"name","value":"name"}]}}
3 changes: 3 additions & 0 deletions gcp/v2/cnrm/iam/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,6 @@ resources:
- kf-admin-sa.yaml
- kf-user-policy.yaml
- kf-user-sa.yaml
- kf-admin-workload-identity-bindings.yaml
- kf-user-workload-identity-bindings.yaml
- admin-manages-user-policy.yaml