forked from kubeflow/kubeflow
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Profiles KFAM: Move manifests development upstream (kubeflow#5611)
As part of the work of wg-manifests for 1.3 (kubeflow/manifests#1735), we are moving manifests development in upstream repos. This gives the application developers full ownership of their manifests, tracked in a single place. This commit copies the manifests for application `Profiles + KFAM` from path `apps/profiles/upstream` of kubeflow/manifests to path `components/profile-controller/config` of the upstream repo (https://github.com/kubeflow/kubeflow). Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
- Loading branch information
1 parent
bdc33a4
commit 873dd45
Showing
24 changed files
with
595 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
When profile-controller image updated, you can run below command to update it in manifest. | ||
|
||
``` | ||
kustomize edit set image gcr.io/kubeflow-images-public/profile-controller:$NEW_TAG | ||
``` |
11 changes: 11 additions & 0 deletions
11
components/profile-controller/config/base/cluster-role-binding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: cluster-role-binding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: cluster-admin | ||
subjects: | ||
- kind: ServiceAccount | ||
name: controller-service-account |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
apiVersion: apiextensions.k8s.io/v1beta1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
creationTimestamp: null | ||
name: profiles.kubeflow.org | ||
spec: | ||
conversion: | ||
strategy: None | ||
group: kubeflow.org | ||
names: | ||
kind: Profile | ||
plural: profiles | ||
scope: Cluster | ||
subresources: | ||
status: {} | ||
validation: | ||
openAPIV3Schema: | ||
description: Profile is the Schema for the profiles API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation | ||
of an object. Servers should convert recognized schemas to the latest | ||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this | ||
object represents. Servers may infer this from the endpoint the client | ||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: ProfileSpec defines the desired state of Profile | ||
properties: | ||
owner: | ||
description: The profile owner | ||
properties: | ||
apiGroup: | ||
description: APIGroup holds the API group of the referenced subject. | ||
Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" | ||
for User and Group subjects. | ||
type: string | ||
kind: | ||
description: Kind of object being referenced. Values defined by | ||
this API group are "User", "Group", and "ServiceAccount". If the | ||
Authorizer does not recognized the kind value, the Authorizer | ||
should report an error. | ||
type: string | ||
name: | ||
description: Name of the object being referenced. | ||
type: string | ||
required: | ||
- kind | ||
- name | ||
type: object | ||
plugins: | ||
items: | ||
description: Plugin is for customize actions on different platform. | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this | ||
representation of an object. Servers should convert recognized | ||
schemas to the latest internal value, and may reject unrecognized | ||
values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource | ||
this object represents. Servers may infer this from the endpoint | ||
the client submits requests to. Cannot be updated. In CamelCase. | ||
More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' | ||
type: string | ||
spec: | ||
type: object | ||
type: object | ||
type: array | ||
resourceQuotaSpec: | ||
description: Resourcequota that will be applied to target namespace | ||
properties: | ||
hard: | ||
additionalProperties: | ||
type: string | ||
description: 'hard is the set of desired hard limits for each named | ||
resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' | ||
type: object | ||
scopeSelector: | ||
description: scopeSelector is also a collection of filters like | ||
scopes that must match each object tracked by a quota but expressed | ||
using ScopeSelectorOperator in combination with possible values. | ||
For a resource to match, both scopes AND scopeSelector (if specified | ||
in spec), must be matched. | ||
properties: | ||
matchExpressions: | ||
description: A list of scope selector requirements by scope | ||
of the resources. | ||
items: | ||
description: A scoped-resource selector requirement is a selector | ||
that contains values, a scope name, and an operator that | ||
relates the scope name and values. | ||
properties: | ||
operator: | ||
description: Represents a scope's relationship to a set | ||
of values. Valid operators are In, NotIn, Exists, DoesNotExist. | ||
type: string | ||
scopeName: | ||
description: The name of the scope that the selector applies | ||
to. | ||
type: string | ||
values: | ||
description: An array of string values. If the operator | ||
is In or NotIn, the values array must be non-empty. | ||
If the operator is Exists or DoesNotExist, the values | ||
array must be empty. This array is replaced during a | ||
strategic merge patch. | ||
items: | ||
type: string | ||
type: array | ||
required: | ||
- operator | ||
- scopeName | ||
type: object | ||
type: array | ||
type: object | ||
scopes: | ||
description: A collection of filters that must match each object | ||
tracked by a quota. If not specified, the quota matches all objects. | ||
items: | ||
description: A ResourceQuotaScope defines a filter that must match | ||
each object tracked by a quota | ||
type: string | ||
type: array | ||
type: object | ||
type: object | ||
status: | ||
description: ProfileStatus defines the observed state of Profile | ||
properties: | ||
conditions: | ||
items: | ||
properties: | ||
message: | ||
type: string | ||
status: | ||
type: string | ||
type: | ||
type: string | ||
type: object | ||
type: array | ||
type: object | ||
type: object | ||
version: v1 | ||
versions: | ||
- name: v1 | ||
served: true | ||
storage: true | ||
- name: v1beta1 | ||
served: true | ||
storage: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: deployment | ||
spec: | ||
replicas: 1 | ||
template: | ||
metadata: | ||
annotations: | ||
sidecar.istio.io/inject: "false" | ||
spec: | ||
containers: | ||
- command: | ||
- /manager | ||
args: | ||
- "-userid-header" | ||
- $(userid-header) | ||
- "-userid-prefix" | ||
- $(userid-prefix) | ||
- "-workload-identity" | ||
- $(gcp-sa) | ||
image: gcr.io/kubeflow-images-public/profile-controller:v20190619-v0-219-gbd3daa8c-dirty-1ced0e | ||
imagePullPolicy: Always | ||
name: manager | ||
livenessProbe: | ||
httpGet: | ||
path: /metrics | ||
port: 8080 | ||
initialDelaySeconds: 30 | ||
periodSeconds: 30 | ||
ports: | ||
- containerPort: 8080 | ||
name: manager-http | ||
protocol: TCP | ||
- command: | ||
- /access-management | ||
args: | ||
- "-cluster-admin" | ||
- $(admin) | ||
- "-userid-header" | ||
- $(userid-header) | ||
- "-userid-prefix" | ||
- $(userid-prefix) | ||
image: gcr.io/kubeflow-images-public/kfam:v20190612-v0-170-ga06cdb79-dirty-a33ee4 | ||
imagePullPolicy: Always | ||
name: kfam | ||
livenessProbe: | ||
httpGet: | ||
path: /metrics | ||
port: 8081 | ||
initialDelaySeconds: 30 | ||
periodSeconds: 30 | ||
ports: | ||
- containerPort: 8081 | ||
name: kfam-http | ||
protocol: TCP | ||
serviceAccountName: controller-service-account |
65 changes: 65 additions & 0 deletions
65
components/profile-controller/config/base/kustomization.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
# TODO(jlewi): This kustomization.yaml is deprecated. We want the | ||
# base_v3 version. This version uses a bunch of problematic patterns e.g. | ||
# i) Using vars to do command line substitution | ||
# ii) Not using a configmap to make application and global config available | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
resources: | ||
- cluster-role-binding.yaml | ||
- crd.yaml | ||
- deployment.yaml | ||
- service.yaml | ||
- service-account.yaml | ||
namePrefix: profiles- | ||
namespace: kubeflow | ||
commonLabels: | ||
kustomize.component: profiles | ||
configMapGenerator: | ||
- envs: | ||
- params.env | ||
name: profiles-parameters | ||
images: | ||
- name: gcr.io/kubeflow-images-public/kfam | ||
newName: gcr.io/kubeflow-images-public/kfam | ||
newTag: vmaster-g9f3bfd00 | ||
- name: gcr.io/kubeflow-images-public/profile-controller | ||
newName: gcr.io/kubeflow-images-public/profile-controller | ||
newTag: vmaster-ga49f658f | ||
vars: | ||
- fieldref: | ||
fieldPath: data.admin | ||
name: admin | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: profiles-parameters | ||
- fieldref: | ||
fieldPath: data.gcp-sa | ||
name: gcp-sa | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: profiles-parameters | ||
- fieldref: | ||
fieldPath: data.userid-header | ||
name: userid-header | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: profiles-parameters | ||
- fieldref: | ||
fieldPath: data.userid-prefix | ||
name: userid-prefix | ||
objref: | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
name: profiles-parameters | ||
- fieldref: | ||
fieldPath: metadata.namespace | ||
name: namespace | ||
objref: | ||
apiVersion: v1 | ||
kind: Service | ||
name: kfam | ||
configurations: | ||
- params.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
admin=anonymous | ||
gcp-sa= | ||
userid-header= | ||
userid-prefix= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
varReference: | ||
- path: spec/template/spec/containers/0/args/1 | ||
kind: Deployment | ||
- path: spec/template/spec/containers/0/args/3 | ||
kind: Deployment | ||
- path: spec/template/spec/containers/0/args/5 | ||
kind: Deployment | ||
- path: spec/template/spec/containers/1/args/1 | ||
kind: Deployment | ||
- path: spec/template/spec/containers/1/args/3 | ||
kind: Deployment | ||
- path: spec/template/spec/containers/1/args/5 | ||
kind: Deployment |
4 changes: 4 additions & 0 deletions
4
components/profile-controller/config/base/service-account.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: controller-service-account |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: kfam | ||
spec: | ||
ports: | ||
- port: 8081 |
60 changes: 60 additions & 0 deletions
60
components/profile-controller/config/base_v3/deployment_patch.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: deployment | ||
spec: | ||
template: | ||
spec: | ||
containers: | ||
- command: | ||
- /manager | ||
- -userid-header | ||
- $(USERID_HEADER) | ||
- -userid-prefix | ||
- $(USERID_PREFIX) | ||
- -workload-identity | ||
- $(WORKLOAD_IDENTITY) | ||
args: [] | ||
name: manager | ||
env: | ||
- name: USERID_HEADER | ||
valueFrom: | ||
configMapKeyRef: | ||
name: kubeflow-config | ||
key: userid-header | ||
- name: USERID_PREFIX | ||
valueFrom: | ||
configMapKeyRef: | ||
name: kubeflow-config | ||
key: userid-prefix | ||
- name: WORKLOAD_IDENTITY | ||
valueFrom: | ||
configMapKeyRef: | ||
name: profiles-config | ||
key: gcp-sa | ||
- command: | ||
- /access-management | ||
- -cluster-admin | ||
- $(CLUSTER_ADMIN) | ||
- -userid-prefix | ||
- $(USERID_PREFIX) | ||
- -userid-header | ||
- $(USERID_HEADER) | ||
args: [] | ||
name: kfam | ||
env: | ||
- name: USERID_HEADER | ||
valueFrom: | ||
configMapKeyRef: | ||
name: kubeflow-config | ||
key: userid-header | ||
- name: USERID_PREFIX | ||
valueFrom: | ||
configMapKeyRef: | ||
name: kubeflow-config | ||
key: userid-prefix | ||
- name: CLUSTER_ADMIN | ||
valueFrom: | ||
configMapKeyRef: | ||
name: profiles-config | ||
key: admin |
Oops, something went wrong.