Add MLX readonly install k8s manifests (#126)

* add minimum k8s install

* update manifests to support readonly deployment

* optimize and update manifests and quickstart files

* remove api access token config

* change default secret name

* update manifests to be more feasible

* add missing namespace

* Update main readme to a compacted setup of MLX

* fix initdb config mounting

README.md

@@ -34,7 +34,7 @@ For a full deployment, we use [Kubeflow Kfctl](https://github.com/kubeflow/kfctl
 
 * #### [MLX using Docker Compose (Asset Catalog Only)](./quickstart)
 
-* #### [MLX Deployment on Kubernetes or OpenShift](./docs/mlx-install-with-kubeflow.md)
+* #### [MLX Deployment on Kubernetes or OpenShift](./docs/mlx-setup.md)
 
 * #### [MLX on an existing Kubeflow Cluster](./docs/install-mlx-on-kubeflow.md)
 

docs/mlx-setup.md

@@ -8,11 +8,25 @@ This minimum MLX contains:
 - Tekton Pipeline
 - MLX
 
-We will be using [kustomize 3.2.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/v3.2.0) to align with Kubeflow's requirements because we will be using kubeflow pipelines as the MLX pipeline engine. 
-```
+We will be using [kustomize 3.2.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/v3.2.0) to align with Kubeflow's requirements because we will be using kubeflow pipelines as the MLX pipeline engine.
+
+```shell
 git clone https://github.com/machine-learning-exchange/manifests -b mlx-single-user
 cd manifests
 # run the below command two times if the CRDs take too long to provision.
 while ! kustomize build example | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done
 ```
 Then access the MLX page using http://<cluster_node_ip>:30380/mlx/
+
+
+## Deploy the MLX ReadOnly mode on an Existing Kubernetes Cluster
+
+To deploy the MLX ReadOnly mode on an existing Kubernetes Cluster, run the following commands
+
+This MLX ReadOnly mode only contains MLX ReadOnly deployment.
+
+```shell
+git clone https://github.com/machine-learning-exchange/mlx
+cd mlx
+kubectl apply -k manifests/read-only-k8s
+```

manifests/base/kustomization.yaml

@@ -14,7 +14,9 @@
 # limitations under the License.
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+bases:
+  - mlx-deployments
 resources:
-  - mlx-api.yaml
-  - mlx-ui.yaml
+  - mlx-api-vs.yaml
+  - mlx-ui-vs.yaml
   - mlx-profile.yaml

manifests/base/mlx-api-vs.yaml

@@ -0,0 +1,36 @@
+# Copyright 2021 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: mlx-api
+  namespace: kubeflow
+spec:
+  gateways:
+  - kubeflow-gateway
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: /apis/v1alpha1
+    rewrite:
+      uri: /apis/v1alpha1
+    route:
+    - destination:
+        host: mlx-api.kubeflow.svc.cluster.local
+        port:
+          number: 80
+    timeout: 300s

manifests/base/mlx-deployments/kustomization.yaml

@@ -0,0 +1,19 @@
+
+# Copyright 2021 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - mlx-api.yaml
+  - mlx-ui.yaml

manifests/base/mlx-api.yaml → manifests/base/mlx-deployments/mlx-api.yaml

@@ -20,7 +20,6 @@ metadata:
     service: mlx-api
     environment: dev
 spec:
-  type: NodePort
   ports:
   - name: mlx-api
     port: 80
@@ -79,10 +78,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        resources:
-          limits:
-            cpu: 250m
-            memory: 256Mi
         volumeMounts:
         - name: context
           mountPath: "/root/.config/kfp"
@@ -137,26 +132,3 @@ kind: ServiceAccount
 metadata:
   name: mlx-api
   namespace: kubeflow
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: mlx-api
-  namespace: kubeflow
-spec:
-  gateways:
-  - kubeflow-gateway
-  hosts:
-  - '*'
-  http:
-  - match:
-    - uri:
-        prefix: /apis/v1alpha1
-    rewrite:
-      uri: /apis/v1alpha1
-    route:
-    - destination:
-        host: mlx-api.kubeflow.svc.cluster.local
-        port:
-          number: 80
-    timeout: 300s

manifests/base/mlx-ui.yaml → manifests/base/mlx-deployments/mlx-ui.yaml

@@ -99,29 +99,5 @@ spec:
   - port: 80
     protocol: TCP
     targetPort: 3000
-  type: NodePort
   selector:
     service: mlx-ui
----
-apiVersion: networking.istio.io/v1alpha3
-kind: VirtualService
-metadata:
-  name: mlx-ui
-  namespace: kubeflow
-spec:
-  gateways:
-  - kubeflow-gateway
-  hosts:
-  - '*'
-  http:
-  - match:
-    - uri:
-        prefix: /mlx
-    rewrite:
-      uri: /mlx
-    route:
-    - destination:
-        host: mlx-ui.kubeflow.svc.cluster.local
-        port:
-          number: 80
-    timeout: 300s

manifests/base/mlx-ui-vs.yaml

@@ -0,0 +1,36 @@
+# Copyright 2021 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: mlx-ui
+  namespace: kubeflow
+spec:
+  gateways:
+  - kubeflow-gateway
+  hosts:
+  - '*'
+  http:
+  - match:
+    - uri:
+        prefix: /mlx
+    rewrite:
+      uri: /mlx
+    route:
+    - destination:
+        host: mlx-ui.kubeflow.svc.cluster.local
+        port:
+          number: 80
+    timeout: 300s

manifests/read-only-k8s/config.yaml

@@ -0,0 +1,34 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mysql-initdb-config
+  namespace: kubeflow
+data:
+  initdb.sql: |
+    CREATE TABLE IF NOT EXISTS `pipelines` (
+      `UUID` varchar(255) NOT NULL,
+      `CreatedAtInSec` bigint(20) NOT NULL,
+      `Name` varchar(255) NOT NULL,
+      `Description` longtext NOT NULL,
+      `Parameters` longtext NOT NULL,
+      `Status` varchar(255) NOT NULL,
+      `DefaultVersionId` varchar(255) DEFAULT NULL,
+      `Namespace` varchar(63) DEFAULT '',
+      PRIMARY KEY (`UUID`),
+      UNIQUE KEY `name_namespace_index` (`Name`,`Namespace`)
+    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+    CREATE TABLE IF NOT EXISTS `pipeline_versions` (
+      `UUID` varchar(255) NOT NULL,
+      `CreatedAtInSec` bigint(20) NOT NULL,
+      `Name` varchar(255) NOT NULL,
+      `Parameters` longtext NOT NULL,
+      `PipelineId` varchar(255) NOT NULL,
+      `Status` varchar(255) NOT NULL,
+      `CodeSourceUrl` varchar(255) DEFAULT NULL,
+      PRIMARY KEY (`UUID`),
+      UNIQUE KEY `idx_pipelineid_name` (`Name`,`PipelineId`),
+      KEY `idx_pipeline_versions_CreatedAtInSec` (`CreatedAtInSec`),
+      KEY `idx_pipeline_versions_PipelineId` (`PipelineId`),
+      CONSTRAINT `pipeline_versions_PipelineId_pipelines_UUID_foreign` FOREIGN KEY (`PipelineId`) REFERENCES `pipelines` (`UUID`) ON DELETE CASCADE ON UPDATE CASCADE
+    ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

manifests/read-only-k8s/init-jobs.yaml

@@ -0,0 +1,62 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: miniosetup
+  namespace: kubeflow
+  labels:
+    app: miniosetup
+spec:
+  backoffLimit: 10
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - args:
+        - |
+          /usr/bin/mc config host add miniohost http://minio-service:9000 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY;
+          /usr/bin/mc mb -p miniohost/mlpipeline;
+          /usr/bin/mc policy set download miniohost/mlpipeline;
+        command:
+          - /bin/sh
+          - -c
+        env:
+        - name: MINIO_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: mlpipeline-minio-artifact
+              key: accesskey
+        - name: MINIO_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: mlpipeline-minio-artifact
+              key: secretkey
+        image: minio/mc
+        name: minio
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: katalog
+  namespace: kubeflow
+  labels:
+    app: katalog
+spec:
+  backoffLimit: 10
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - command:
+          - /bin/sh
+          - -c
+          - |
+            cd /tmp &&
+            curl -L --output init_catalog.sh https://raw.githubusercontent.com/machine-learning-exchange/mlx/main/quickstart/init_catalog.sh &&
+            curl -L --output catalog_upload.json https://raw.githubusercontent.com/machine-learning-exchange/mlx/main/bootstrapper/catalog_upload.json &&
+            chmod 777 init_catalog.sh &&
+            ./init_catalog.sh
+        env:
+        - name: MLX_API_SERVER
+          value: mlx-api:80
+        image: curlimages/curl
+        name: katalog

manifests/read-only-k8s/k8s-ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mlx-ingress
+  namespace: kubeflow
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  tls:
+  - hosts:
+    - ml-exchange.org
+    secretName: mlx-certs
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: mlx-ui
+            port:
+              number: 80
+    host: $(ingress-domain)
+

manifests/read-only-k8s/kustomization.yaml

@@ -0,0 +1,43 @@
+# Copyright 2021 IBM Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+bases:
+  - ../base/mlx-deployments
+resources:
+  - minio.yaml
+  - mysql.yaml
+  - namespace.yaml
+  - k8s-ingress.yaml
+  - init-jobs.yaml
+  - config.yaml
+patchesStrategicMerge:
+  - mlx-api-patch.yaml
+  - mlx-ui-patch.yaml
+configMapGenerator:
+- name: mlx-parameters
+  literals:
+  # Update the credentials for the below fields before apply.
+  - ingress-domain=ml-exchange.org
+generatorOptions:
+  disableNameSuffixHash: true
+vars:
+- name: ingress-domain
+  objref:
+    kind: ConfigMap
+    name: mlx-parameters
+    apiVersion: v1
+  fieldref:
+    fieldpath: data.ingress-domain
+configurations:
+- params.yaml