Skip to content

Commit

Permalink
Profiles KFAM: Move manifests development upstream (kubeflow#5611)
Browse files Browse the repository at this point in the history 
As part of the work of wg-manifests for 1.3
(kubeflow/manifests#1735), we are moving manifests
development in upstream repos. This gives the application developers full
ownership of their manifests, tracked in a single place.

This commit copies the manifests for application `Profiles + KFAM`
from path `apps/profiles/upstream` of kubeflow/manifests to path
`components/profile-controller/config` of the upstream repo (https://github.com/kubeflow/kubeflow).

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
  • Loading branch information
@yanniszark
yanniszark authored and julius committed Mar 7, 2021
1 parent bdc33a4 commit 873dd45
Show file tree
Hide file tree
Showing 24 changed files with 595 additions and 0 deletions.
5 changes: 5 additions & 0 deletions components/profile-controller/config/base/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
When profile-controller image updated, you can run below command to update it in manifest.

```
kustomize edit set image gcr.io/kubeflow-images-public/profile-controller:$NEW_TAG
```
11 changes: 11 additions & 0 deletions components/profile-controller/config/base/cluster-role-binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: controller-service-account
156 changes: 156 additions & 0 deletions components/profile-controller/config/base/crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: profiles.kubeflow.org
spec:
conversion:
strategy: None
group: kubeflow.org
names:
kind: Profile
plural: profiles
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
description: Profile is the Schema for the profiles API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProfileSpec defines the desired state of Profile
properties:
owner:
description: The profile owner
properties:
apiGroup:
description: APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io"
for User and Group subjects.
type: string
kind:
description: Kind of object being referenced. Values defined by
this API group are "User", "Group", and "ServiceAccount". If the
Authorizer does not recognized the kind value, the Authorizer
should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
required:
- kind
- name
type: object
plugins:
items:
description: Plugin is for customize actions on different platform.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this
representation of an object. Servers should convert recognized
schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint
the client submits requests to. Cannot be updated. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
spec:
type: object
type: object
type: array
resourceQuotaSpec:
description: Resourcequota that will be applied to target namespace
properties:
hard:
additionalProperties:
type: string
description: 'hard is the set of desired hard limits for each named
resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
scopeSelector:
description: scopeSelector is also a collection of filters like
scopes that must match each object tracked by a quota but expressed
using ScopeSelectorOperator in combination with possible values.
For a resource to match, both scopes AND scopeSelector (if specified
in spec), must be matched.
properties:
matchExpressions:
description: A list of scope selector requirements by scope
of the resources.
items:
description: A scoped-resource selector requirement is a selector
that contains values, a scope name, and an operator that
relates the scope name and values.
properties:
operator:
description: Represents a scope's relationship to a set
of values. Valid operators are In, NotIn, Exists, DoesNotExist.
type: string
scopeName:
description: The name of the scope that the selector applies
to.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- operator
- scopeName
type: object
type: array
type: object
scopes:
description: A collection of filters that must match each object
tracked by a quota. If not specified, the quota matches all objects.
items:
description: A ResourceQuotaScope defines a filter that must match
each object tracked by a quota
type: string
type: array
type: object
type: object
status:
description: ProfileStatus defines the observed state of Profile
properties:
conditions:
items:
properties:
message:
type: string
status:
type: string
type:
type: string
type: object
type: array
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
- name: v1beta1
served: true
storage: false
57 changes: 57 additions & 0 deletions components/profile-controller/config/base/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
replicas: 1
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- command:
- /manager
args:
- "-userid-header"
- $(userid-header)
- "-userid-prefix"
- $(userid-prefix)
- "-workload-identity"
- $(gcp-sa)
image: gcr.io/kubeflow-images-public/profile-controller:v20190619-v0-219-gbd3daa8c-dirty-1ced0e
imagePullPolicy: Always
name: manager
livenessProbe:
httpGet:
path: /metrics
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
ports:
- containerPort: 8080
name: manager-http
protocol: TCP
- command:
- /access-management
args:
- "-cluster-admin"
- $(admin)
- "-userid-header"
- $(userid-header)
- "-userid-prefix"
- $(userid-prefix)
image: gcr.io/kubeflow-images-public/kfam:v20190612-v0-170-ga06cdb79-dirty-a33ee4
imagePullPolicy: Always
name: kfam
livenessProbe:
httpGet:
path: /metrics
port: 8081
initialDelaySeconds: 30
periodSeconds: 30
ports:
- containerPort: 8081
name: kfam-http
protocol: TCP
serviceAccountName: controller-service-account
65 changes: 65 additions & 0 deletions components/profile-controller/config/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# TODO(jlewi): This kustomization.yaml is deprecated. We want the
# base_v3 version. This version uses a bunch of problematic patterns e.g.
# i) Using vars to do command line substitution
# ii) Not using a configmap to make application and global config available
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role-binding.yaml
- crd.yaml
- deployment.yaml
- service.yaml
- service-account.yaml
namePrefix: profiles-
namespace: kubeflow
commonLabels:
kustomize.component: profiles
configMapGenerator:
- envs:
- params.env
name: profiles-parameters
images:
- name: gcr.io/kubeflow-images-public/kfam
newName: gcr.io/kubeflow-images-public/kfam
newTag: vmaster-g9f3bfd00
- name: gcr.io/kubeflow-images-public/profile-controller
newName: gcr.io/kubeflow-images-public/profile-controller
newTag: vmaster-ga49f658f
vars:
- fieldref:
fieldPath: data.admin
name: admin
objref:
apiVersion: v1
kind: ConfigMap
name: profiles-parameters
- fieldref:
fieldPath: data.gcp-sa
name: gcp-sa
objref:
apiVersion: v1
kind: ConfigMap
name: profiles-parameters
- fieldref:
fieldPath: data.userid-header
name: userid-header
objref:
apiVersion: v1
kind: ConfigMap
name: profiles-parameters
- fieldref:
fieldPath: data.userid-prefix
name: userid-prefix
objref:
apiVersion: v1
kind: ConfigMap
name: profiles-parameters
- fieldref:
fieldPath: metadata.namespace
name: namespace
objref:
apiVersion: v1
kind: Service
name: kfam
configurations:
- params.yaml
4 changes: 4 additions & 0 deletions components/profile-controller/config/base/params.env
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
admin=anonymous
gcp-sa=
userid-header=
userid-prefix=
13 changes: 13 additions & 0 deletions components/profile-controller/config/base/params.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
varReference:
- path: spec/template/spec/containers/0/args/1
kind: Deployment
- path: spec/template/spec/containers/0/args/3
kind: Deployment
- path: spec/template/spec/containers/0/args/5
kind: Deployment
- path: spec/template/spec/containers/1/args/1
kind: Deployment
- path: spec/template/spec/containers/1/args/3
kind: Deployment
- path: spec/template/spec/containers/1/args/5
kind: Deployment
4 changes: 4 additions & 0 deletions components/profile-controller/config/base/service-account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: controller-service-account
7 changes: 7 additions & 0 deletions components/profile-controller/config/base/service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: kfam
spec:
ports:
- port: 8081
60 changes: 60 additions & 0 deletions components/profile-controller/config/base_v3/deployment_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- command:
- /manager
- -userid-header
- $(USERID_HEADER)
- -userid-prefix
- $(USERID_PREFIX)
- -workload-identity
- $(WORKLOAD_IDENTITY)
args: []
name: manager
env:
- name: USERID_HEADER
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-header
- name: USERID_PREFIX
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-prefix
- name: WORKLOAD_IDENTITY
valueFrom:
configMapKeyRef:
name: profiles-config
key: gcp-sa
- command:
- /access-management
- -cluster-admin
- $(CLUSTER_ADMIN)
- -userid-prefix
- $(USERID_PREFIX)
- -userid-header
- $(USERID_HEADER)
args: []
name: kfam
env:
- name: USERID_HEADER
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-header
- name: USERID_PREFIX
valueFrom:
configMapKeyRef:
name: kubeflow-config
key: userid-prefix
- name: CLUSTER_ADMIN
valueFrom:
configMapKeyRef:
name: profiles-config
key: admin
Loading

0 comments on commit 873dd45

Please sign in to comment.