diff --git a/bootstrap/config/kfctl_basic_auth.yaml b/bootstrap/config/kfctl_basic_auth.yaml deleted file mode 100644 index 79e76f3f414..00000000000 --- a/bootstrap/config/kfctl_basic_auth.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# TODO(jlewi): This file is legacy config for bootstrapper. -# we can delete it once bootstrapper is using kfctl and KfDef. -# Config entry used for deploying on GCP with basic auth enabled -# Load this file as object (KsonnetSpec)[https://github.com/kubeflow/kubeflow/blob/master/bootstrap/pkg/apis/apps/ksonnet/v1alpha1/application_types.go#L201] -# All TODO fields need to be changed following user's input before apply -# TODO change repo on the fly: set it to local tmp dir containing kubeflow registry -repo: /path/to/local/tmp/containing/kubeflow -packages: - - argo - - common - - examples - - gcp - - admission-webhook - - jupyter - - katib-v1alpha2 - - metacontroller - - metadata - - modeldb - - mpi-job - - pipeline - - pytorch-job - - seldon - - tensorboard - - tf-serving - - tf-training -components: -# ordering is important - - metacontroller - - ambassador - - argo - - basic-auth - - basic-auth-ingress - - centraldashboard - - cert-manager - - cloud-endpoints - - gpu-driver - - admission-webhook - - jupyter-web-app - - katib-db - - katib-manager - - katib-controller - - katib-ui - - metrics-collector - - metadata - - suggestion - - notebook-controller - - pipeline - - pytorch-operator - - spartakus - - tensorboard - - tf-job-operator -componentParams: - argo: - - initRequired: true - name: injectIstio - value: "false" - centraldashboard: - - initRequired: true - name: injectIstio - value: "false" - cert-manager: - - name: acmeEmail - # TODO change value on the fly: use your email for ssl cert - value: johnDoe@acme.com - initRequired: true - basic-auth-ingress: - - name: ipName - # TODO change value on the fly: value of ipName need to match resource name in deployment entry. - value: ipName - initRequired: true - - name: hostname - # TODO change value on the fly: replace with user-provide parameters. This need to be fully qualified domain name to use with ingress. - value: .endpoints..cloud.goog - initRequired: true - cloud-endpoints: - - name: secretName - value: admin-gcp-sa - ambassador: - - name: ambassadorServiceType - value: NodePort - pipeline: - - name: mysqlPd - value: -storage-metadata-store - - name: minioPd - value: -storage-artifact-store - - name: injectIstio - value: "false" - spartakus: - - name: usageId - value: - initRequired: true - - name: reportUsage - value: "true" - initRequired: true - notebook-controller: - - name: injectGcpCredentials - value: "true" - - initRequired: true - name: injectIstio - value: "false" - jupyter-web-app: - - initRequired: true - name: injectIstio - value: "false" - katib-ui: - - initRequired: true - name: injectIstio - value: "false" - tensorboard: - - initRequired: true - name: injectIstio - value: "false" - tf-job-operator: - - initRequired: true - name: injectIstio - value: "false" -platform: gcp diff --git a/bootstrap/config/kfctl_default.yaml b/bootstrap/config/kfctl_default.yaml deleted file mode 100644 index 12bfb8cd0cb..00000000000 --- a/bootstrap/config/kfctl_default.yaml +++ /dev/null @@ -1,49 +0,0 @@ -# TODO(jlewi): This file is legacy config for bootstrapper. -# we can delete it once bootstrapper is using kfctl and KfDef. -# Config entry used for deploying with no platform specified (or --platform none) and no basic auth enabled -# Load this file as object (KsonnetSpec)[https://github.com/kubeflow/kubeflow/blob/master/bootstrap/pkg/apis/apps/ksonnet/v1alpha1/application_types.go#L201] -# All TODO fields need to be changed following user's input before apply -# TODO change repo on the fly: set it to local tmp dir containing kubeflow registry -repo: /path/to/local/tmp/containing/kubeflow -packages: - - argo - - common - - examples - - gcp - - admission-webhook - - jupyter - - katib-v1alpha2 - - metacontroller - - metadata - - modeldb - - mpi-job - - pipeline - - pytorch-job - - seldon - - tensorboard - - tf-serving - - tf-training -components: -# ordering is important - - metacontroller - - ambassador - - argo - - centraldashboard - - admission-webhook - - jupyter-web-app - - katib-db - - katib-manager - - katib-controller - - katib-ui - - metrics-collector - - metadata - - suggestion - - notebook-controller - - pipeline - - pytorch-operator - - tensorboard - - tf-job-operator -componentParams: - ambassador: - - name: ambassadorServiceType - value: NodePort diff --git a/bootstrap/config/kfctl_iap.yaml b/bootstrap/config/kfctl_iap.yaml deleted file mode 100644 index fd4e968fc3c..00000000000 --- a/bootstrap/config/kfctl_iap.yaml +++ /dev/null @@ -1,118 +0,0 @@ -# TODO(jlewi): This file is legacy config for bootstrapper. -# we can delete it once bootstrapper is using kfctl and KfDef. -# Config entry used for deploying on GCP with IAP enabled -# Load this file as object (KsonnetSpec)[https://github.com/kubeflow/kubeflow/blob/master/bootstrap/pkg/apis/apps/ksonnet/v1alpha1/application_types.go#L201] -# All TODO fields need to be changed following user's input before apply -# TODO change repo on the fly: set it to local tmp dir containing kubeflow registry -repo: /path/to/local/tmp/containing/kubeflow -packages: - - argo - - common - - examples - - gcp - - admission-webhook - - jupyter - - katib-v1alpha2 - - metacontroller - - metadata - - modeldb - - mpi-job - - pipeline - - pytorch-job - - seldon - - tensorboard - - tf-serving - - tf-training - - profiles -components: -# ordering is important - - metacontroller - - argo - - centraldashboard - - cert-manager - - cloud-endpoints - - gpu-driver - - iap-ingress - - admission-webhook - - jupyter-web-app - - katib-db - - katib-manager - - katib-controller - - katib-ui - - metrics-collector - - metadata - - suggestion - - notebook-controller - - pipeline - - pytorch-operator - - spartakus - - tensorboard - - tf-job-operator - - profiles -componentParams: - argo: - - initRequired: true - name: injectIstio - value: "false" - centraldashboard: - - initRequired: true - name: injectIstio - value: "false" - cert-manager: - - name: acmeEmail - # TODO change value on the fly: use your email for ssl cert - value: johnDoe@acme.com - initRequired: true - cloud-endpoints: - - name: secretName - value: admin-gcp-sa - iap-ingress: - - name: ipName - # TODO change value on the fly: value of ipName need to match resource name in deployment entry. - value: ipName - initRequired: true - - name: hostname - # TODO change value on the fly: replace with user-provide parameters. This need to be fully qualified domain name to use with ingress. - value: .endpoints..cloud.goog - initRequired: true - - name: injectIstio - initRequired: true - value: "false" - jupyter-web-app: - - initRequired: true - name: injectIstio - value: "false" - katib-ui: - - initRequired: true - name: injectIstio - value: "false" - notebook-controller: - - name: injectGcpCredentials - value: "true" - pipeline: - - name: mysqlPd - value: -storage-metadata-store - - name: minioPd - value: -storage-artifact-store - - name: injectIstio - value: "false" - spartakus: - - name: usageId - value: - initRequired: true - - name: reportUsage - value: "true" - initRequired: true - tensorboard: - - initRequired: true - name: injectIstio - value: "false" - tf-job-operator: - - initRequired: true - name: injectIstio - value: "false" - profiles: - - initRequired: true - name: admin - value: "" -platform: gcp diff --git a/bootstrap/config/kfctl_k8s_istio.yaml b/bootstrap/config/kfctl_k8s_istio.yaml index f7cbf4cfee4..505c9222608 100644 --- a/bootstrap/config/kfctl_k8s_istio.yaml +++ b/bootstrap/config/kfctl_k8s_istio.yaml @@ -1,152 +1,247 @@ # This is the config to install Kubeflow on an existing k8s cluster. -# If the cluster already has istio, comment out the istio install part (2 places) below. +# If the cluster already has istio, comment out the istio install part below. + apiVersion: kfdef.apps.kubeflow.org/v1alpha1 kind: KfDef metadata: - name: demo + name: kubeflow_app namespace: kubeflow spec: - componentParams: - application: - - name: overlay - value: application - argo: - - name: overlay - value: istio - centraldashboard: - - name: overlay - value: istio + repos: + - name: kubeflow + root: kubeflow-0.6.1 + uri: https://github.com/kubeflow/kubeflow/archive/v0.6.1.tar.gz + - name: manifests + root: manifests-0.6.1 + uri: https://github.com/kubeflow/manifests/archive/v0.6.1.tar.gz + applications: # Istio install. If not needed, comment out istio-crds and istio-install. - istio-crds: - - name: namespace - value: istio-system - istio-install: - - name: namespace - value: istio-system - jupyter: - - name: overlay - value: application - jupyter-web-app: - - name: overlay - value: istio - - name: overlay - value: application - katib-ui: # Issue: https://github.com/kubeflow/manifests/issues/151 - - name: overlay - value: istio - metadata: - - name: overlay - value: istio - minio: - - name: minioPd - value: dls-kf-storage-artifact-store - - name: minioPvName - value: minio-pv - - name: minioPvcName - value: minio-pv-claim - mysql: - - name: mysqlPd - value: dls-kf-storage-metadata-store - - name: mysqlPvName - value: mysql-pv - - name: mysqlPvcName - value: mysql-pv-claim - notebook-controller: - - name: overlay - value: istio - - name: overlay - value: application - pipelines-ui: - - name: overlay - value: istio - profiles: - - name: overlay - value: istio - - initRequired: true - name: admin - value: johnDoe@acme.com - spartakus: - - initRequired: true - name: usageId - value: - - initRequired: true - name: reportUsage - value: "true" - tensorboard: - - name: overlay - value: istio - tf-job-operator: - - name: overlay - value: istio - - name: overlay - value: application - seldon-core-operator: - - name: overlay - value: application - components: - # Istio install. If not needed, comment out istio-crds and istio-install. - - istio-crds - - istio-install - # This component is the istio resources for Kubeflow (e.g. gateway), not about installing istio. - - istio - - application-crds - - application - - metacontroller - - argo - - centraldashboard - - bootstrap - - webhook - - jupyter-web-app - - katib-db - - katib-manager - - katib-controller - - katib-ui - - metadata - - metrics-collector - - suggestion - - notebook-controller - - pytorch-job-crds - - pytorch-operator - - spartakus - - tensorboard - - tf-job-operator - - api-service - - minio - - mysql - - persistent-agent - - pipelines-runner - - pipelines-ui - - pipelines-viewer - - scheduledworkflow - - profiles - - seldon-core-operator + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-crds + name: istio-crds + - kustomizeConfig: + parameters: + - name: namespace + value: istio-system + repoRef: + name: manifests + path: istio/istio-install + name: istio-install + # This component is the istio resources for Kubeflow (e.g. gateway), not about installing istio. + - kustomizeConfig: + parameters: + - name: clusterRbacConfig + value: "OFF" + repoRef: + name: manifests + path: istio/istio + name: istio + - kustomizeConfig: + repoRef: + name: manifests + path: application/application-crds + name: application-crds + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: application/application + name: application + - kustomizeConfig: + repoRef: + name: manifests + path: metacontroller + name: metacontroller + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: argo + name: argo + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: common/centraldashboard + name: centraldashboard + - kustomizeConfig: + repoRef: + name: manifests + path: admission-webhook/bootstrap + name: bootstrap + - kustomizeConfig: + repoRef: + name: manifests + path: admission-webhook/webhook + name: webhook + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/jupyter-web-app + name: jupyter-web-app + - kustomizeConfig: + repoRef: + name: manifests + path: katib-v1alpha2/katib-db + name: katib-db + - kustomizeConfig: + repoRef: + name: manifests + path: katib-v1alpha2/katib-manager + name: katib-manager + - kustomizeConfig: + repoRef: + name: manifests + path: katib-v1alpha2/katib-controller + name: katib-controller + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: katib-v1alpha2/katib-ui + name: katib-ui # Issue: https://github.com/kubeflow/manifests/issues/151 + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: metadata + name: metadata + - kustomizeConfig: + repoRef: + name: manifests + path: katib-v1alpha2/metrics-collector + name: metrics-collector + - kustomizeConfig: + repoRef: + name: manifests + path: katib-v1alpha2/suggestion + name: suggestion + - kustomizeConfig: + overlays: + - istio + - application + repoRef: + name: manifests + path: jupyter/notebook-controller + name: notebook-controller + - kustomizeConfig: + repoRef: + name: manifests + path: pytorch-job/pytorch-job-crds + name: pytorch-job-crds + - kustomizeConfig: + repoRef: + name: manifests + path: pytorch-job/pytorch-operator + name: pytorch-operator + - kustomizeConfig: + parameters: + - initRequired: true + name: usageId + value: + - initRequired: true + name: reportUsage + value: "true" + repoRef: + name: manifests + path: common/spartakus + name: spartakus + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tensorboard + name: tensorboard + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: tf-training/tf-job-operator + name: tf-job-operator + - kustomizeConfig: + repoRef: + name: manifests + path: pipeline/api-service + name: api-service + - kustomizeConfig: + parameters: + - name: minioPvcName + value: minio-pv-claim + repoRef: + name: manifests + path: pipeline/minio + name: minio + - kustomizeConfig: + parameters: + - name: mysqlPvcName + value: mysql-pv-claim + repoRef: + name: manifests + path: pipeline/mysql + name: mysql + - kustomizeConfig: + repoRef: + name: manifests + path: pipeline/persistent-agent + name: persistent-agent + - kustomizeConfig: + repoRef: + name: manifests + path: pipeline/pipelines-runner + name: pipelines-runner + - kustomizeConfig: + overlays: + - istio + repoRef: + name: manifests + path: pipeline/pipelines-ui + name: pipelines-ui + - kustomizeConfig: + repoRef: + name: manifests + path: pipeline/pipelines-viewer + name: pipelines-viewer + - kustomizeConfig: + repoRef: + name: manifests + path: pipeline/scheduledworkflow + name: scheduledworkflow + - kustomizeConfig: + overlays: + - istio + parameters: + - initRequired: true + name: admin + value: johnDoe@acme.com + repoRef: + name: manifests + path: profiles + name: profiles + - kustomizeConfig: + overlays: + - application + repoRef: + name: manifests + path: seldon/seldon-core-operator + name: seldon-core-operator enableApplications: true packageManager: kustomize - packages: - - argo - - common - - examples - - admission-webhook - - istio - - jupyter - - katib-v1alpha2 - - metacontroller - - metadata - - modeldb - - mpi-job - - pytorch-job - - seldon - - tensorboard - - tf-serving - - tf-training - - pipeline - - profiles - - application + skipInitProject: true + useBasicAuth: false useIstio: true - repos: - - name: manifests - root: manifests-0.6.1 - uri: https://github.com/kubeflow/manifests/archive/v0.6.1.tar.gz - - name: kubeflow - root: kubeflow-0.6.1 - uri: https://github.com/kubeflow/kubeflow/archive/v0.6.1.tar.gz + version: SET_VERSION diff --git a/bootstrap/v2/pkg/kfapp/kustomize/kustomize.go b/bootstrap/v2/pkg/kfapp/kustomize/kustomize.go index f777d2b6f64..ed1b4512925 100644 --- a/bootstrap/v2/pkg/kfapp/kustomize/kustomize.go +++ b/bootstrap/v2/pkg/kfapp/kustomize/kustomize.go @@ -112,7 +112,8 @@ type kustomize struct { } const ( - outputDir = "kustomize" + defaultUserId = "anonymous" + outputDir = "kustomize" ) // Setter defines an interface for modifying the plugin. @@ -303,57 +304,63 @@ func (kustomize *kustomize) Apply(resources kftypes.ResourceEnum) error { } } + // Create default profile + // When user identity available, the user will be owner of the profile + // Otherwise the profile would be a public one. + userId := defaultUserId if kustomize.kfDef.Spec.Email != "" { - // Profile name is also the namespace created. - defaultProfileNamespace := kftypesv2.EmailToDefaultName(kustomize.kfDef.Spec.Email) - profile := &profilev2.Profile{ - TypeMeta: metav1.TypeMeta{ - Kind: "Profile", - APIVersion: "kubeflow.org/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: defaultProfileNamespace, - }, - Spec: profilev2.ProfileSpec{ - Owner: rbacv2.Subject{ - Kind: "User", - Name: kustomize.kfDef.Spec.Email, - }, + // Use user email as user id if available. + // When platform == GCP, same user email is also identity in requests through IAP. + userId = kustomize.kfDef.Spec.Email + } + defaultProfileNamespace := kftypesv2.EmailToDefaultName(userId) + profile := &profilev2.Profile{ + TypeMeta: metav1.TypeMeta{ + Kind: "Profile", + APIVersion: "kubeflow.org/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: defaultProfileNamespace, + }, + Spec: profilev2.ProfileSpec{ + Owner: rbacv2.Subject{ + Kind: "User", + Name: userId, }, + }, + } + _, nsMissingErr = clientset.CoreV1().Namespaces().Get(defaultProfileNamespace, metav1.GetOptions{}) + if nsMissingErr != nil { + body, err := json.Marshal(profile) + if err != nil { + return err } - _, nsMissingErr := clientset.CoreV1().Namespaces().Get(defaultProfileNamespace, metav1.GetOptions{}) - if nsMissingErr != nil { - body, err := json.Marshal(profile) - if err != nil { - return err + resourcesErr := kustomize.deployResources(kustomize.restConfig, body) + if resourcesErr != nil { + return &kfapisv2.KfError{ + Code: int(kfapisv2.INTERNAL_ERROR), + Message: fmt.Sprintf("couldn't create default profile from %v Error: %v", profile, resourcesErr), } - resourcesErr := kustomize.deployResources(kustomize.restConfig, body) - if resourcesErr != nil { + } + b := backoff.NewExponentialBackOff() + b.InitialInterval = 3 * time.Second + b.MaxInterval = 30 * time.Second + b.MaxElapsedTime = 5 * time.Minute + return backoff.Retry(func() error { + _, nsErr := clientset.CoreV1().Namespaces().Get(defaultProfileNamespace, metav1.GetOptions{}) + if nsErr != nil { + msg := fmt.Sprintf("Could not find namespace %v, wait and retry: %v", defaultProfileNamespace, nsErr) + log.Warnf(msg) return &kfapisv2.KfError{ - Code: int(kfapisv2.INTERNAL_ERROR), - Message: fmt.Sprintf("couldn't create default profile from %v Error: %v", profile, resourcesErr), + Code: int(kfapisv2.INVALID_ARGUMENT), + Message: msg, } } - b := backoff.NewExponentialBackOff() - b.InitialInterval = 3 * time.Second - b.MaxInterval = 30 * time.Second - b.MaxElapsedTime = 5 * time.Minute - return backoff.Retry(func() error { - _, nsErr := clientset.CoreV1().Namespaces().Get(defaultProfileNamespace, metav1.GetOptions{}) - if nsErr != nil { - msg := fmt.Sprintf("Could not find namespace %v, wait and retry: %v", defaultProfileNamespace, nsErr) - log.Warnf(msg) - return &kfapisv2.KfError{ - Code: int(kfapisv2.INVALID_ARGUMENT), - Message: msg, - } - } - return nil - }, b) - } else { - log.Infof("Default profile namespace already exists: %v within owner %v", defaultProfileNamespace, - profile.Spec.Owner.Name) - } + return nil + }, b) + } else { + log.Infof("Default profile namespace already exists: %v within owner %v", defaultProfileNamespace, + profile.Spec.Owner.Name) } return nil }