From c3235d725eb1d1eb06b5600a8291967aa6cf518f Mon Sep 17 00:00:00 2001 From: IronPan Date: Mon, 13 May 2019 23:56:58 -0700 Subject: [PATCH] kustomize kf pipeline (#1305) * stage minimum * update * working example * move code * remove code * update readme * address comments --- manifests/README.md | 41 + manifests/base/argo/kustomization.yaml | 9 + .../argo/workflow-controller-configmap.yaml | 26 + .../argo/workflow-controller-deployment.yaml | 51 ++ .../base/argo/workflow-controller-role.yaml | 45 + .../argo/workflow-controller-rolebinding.yaml | 11 + .../base/argo/workflow-controller-sa.yaml | 4 + manifests/base/crds/kustomization.yaml | 7 + .../base/crds/scheduled-workflow-crd.yaml | 18 + manifests/base/crds/viewer-crd.yaml | 20 + manifests/base/crds/workflow-crd.yaml | 13 + manifests/base/kustomization.yaml | 27 + manifests/base/minio/kustomization.yaml | 8 + .../base/minio/minio-artifact-secret.yaml | 9 + manifests/base/minio/minio-deployment.yaml | 36 + manifests/base/minio/minio-pvc.yaml | 10 + manifests/base/minio/minio-service.yaml | 11 + manifests/base/mysql/kustomization.yaml | 7 + manifests/base/mysql/mysql-deployment.yaml | 31 + manifests/base/mysql/mysql-pv-claim.yaml | 10 + manifests/base/mysql/mysql-service.yaml | 9 + manifests/base/pipeline/kustomization.yaml | 29 + .../ml-pipeline-apiserver-deployment.yaml | 28 + .../pipeline/ml-pipeline-apiserver-role.yaml | 30 + .../ml-pipeline-apiserver-rolebinding.yaml | 13 + .../pipeline/ml-pipeline-apiserver-sa.yaml | 4 + .../ml-pipeline-apiserver-service.yaml | 16 + ...-pipeline-persistenceagent-deployment.yaml | 20 + .../ml-pipeline-persistenceagent-role.yaml | 21 + ...pipeline-persistenceagent-rolebinding.yaml | 11 + .../ml-pipeline-persistenceagent-sa.yaml | 4 + ...pipeline-scheduledworkflow-deployment.yaml | 20 + .../ml-pipeline-scheduledworkflow-role.yaml | 31 + ...ipeline-scheduledworkflow-rolebinding.yaml | 11 + .../ml-pipeline-scheduledworkflow-sa.yaml | 4 + .../pipeline/ml-pipeline-ui-deployment.yaml | 22 + .../base/pipeline/ml-pipeline-ui-role.yaml | 16 + .../pipeline/ml-pipeline-ui-rolebinding.yaml | 14 + .../base/pipeline/ml-pipeline-ui-sa.yaml | 4 + .../base/pipeline/ml-pipeline-ui-service.yaml | 12 + .../ml-pipeline-viewer-crd-deployment.yaml | 20 + .../pipeline/ml-pipeline-viewer-crd-role.yaml | 30 + .../ml-pipeline-viewer-crd-rolebinding.yaml | 11 + .../pipeline/ml-pipeline-viewer-crd-sa.yaml | 4 + .../base/pipeline/pipeline-runner-role.yaml | 66 ++ .../pipeline/pipeline-runner-rolebinding.yaml | 11 + .../base/pipeline/pipeline-runner-sa.yaml | 4 + manifests/namespaced-install.yaml | 824 ++++++++++++++++++ manifests/namespaced-install/README.md | 2 + .../namespaced-install/kustomization.yaml | 27 + .../kustomizeconfig/namespace.yaml | 6 + ...ine-persistenceagent-deployment-patch.yaml | 12 + ...ne-scheduledworkflow-deployment-patch.yaml | 12 + manifests/namespaced-install/namespace.yaml | 4 + .../workflow-controller-configmap.yaml | 27 + 55 files changed, 1773 insertions(+) create mode 100644 manifests/README.md create mode 100644 manifests/base/argo/kustomization.yaml create mode 100644 manifests/base/argo/workflow-controller-configmap.yaml create mode 100644 manifests/base/argo/workflow-controller-deployment.yaml create mode 100644 manifests/base/argo/workflow-controller-role.yaml create mode 100644 manifests/base/argo/workflow-controller-rolebinding.yaml create mode 100644 manifests/base/argo/workflow-controller-sa.yaml create mode 100644 manifests/base/crds/kustomization.yaml create mode 100644 manifests/base/crds/scheduled-workflow-crd.yaml create mode 100644 manifests/base/crds/viewer-crd.yaml create mode 100644 manifests/base/crds/workflow-crd.yaml create mode 100644 manifests/base/kustomization.yaml create mode 100644 manifests/base/minio/kustomization.yaml create mode 100644 manifests/base/minio/minio-artifact-secret.yaml create mode 100644 manifests/base/minio/minio-deployment.yaml create mode 100644 manifests/base/minio/minio-pvc.yaml create mode 100644 manifests/base/minio/minio-service.yaml create mode 100644 manifests/base/mysql/kustomization.yaml create mode 100644 manifests/base/mysql/mysql-deployment.yaml create mode 100644 manifests/base/mysql/mysql-pv-claim.yaml create mode 100644 manifests/base/mysql/mysql-service.yaml create mode 100644 manifests/base/pipeline/kustomization.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-apiserver-deployment.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-apiserver-role.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-apiserver-sa.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-apiserver-service.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-persistenceagent-role.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-persistenceagent-sa.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-ui-deployment.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-ui-role.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-ui-rolebinding.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-ui-sa.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-ui-service.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-viewer-crd-role.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml create mode 100644 manifests/base/pipeline/ml-pipeline-viewer-crd-sa.yaml create mode 100644 manifests/base/pipeline/pipeline-runner-role.yaml create mode 100644 manifests/base/pipeline/pipeline-runner-rolebinding.yaml create mode 100644 manifests/base/pipeline/pipeline-runner-sa.yaml create mode 100644 manifests/namespaced-install.yaml create mode 100644 manifests/namespaced-install/README.md create mode 100644 manifests/namespaced-install/kustomization.yaml create mode 100644 manifests/namespaced-install/kustomizeconfig/namespace.yaml create mode 100644 manifests/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml create mode 100644 manifests/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml create mode 100644 manifests/namespaced-install/namespace.yaml create mode 100644 manifests/namespaced-install/workflow-controller-configmap.yaml diff --git a/manifests/README.md b/manifests/README.md new file mode 100644 index 00000000000..2e387a136f2 --- /dev/null +++ b/manifests/README.md @@ -0,0 +1,41 @@ +# TL;DR +If you want to skip any customization, you can deploy Kubeflow Pipelines by running +``` +export PIPELINE_VERSION=0.1.20 +kubectl create -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/namespaced-install.yaml +``` + +You might lack the permission to create role and command might partially fail. If so, bind your account as cluster admin. +(Or role creator in your namespace) +``` +kubectl create clusterrolebinding your-binding --clusterrole=cluster-admin --user=[your-user-name] +``` + +# Customization +Customization can be done through Kustomize Overlay, and don't need to modify the base directory. + +## Change deploy namespace +This directory contains the Kustomize Manifest for deploying Kubeflow Pipelines. +Kustomize allows you to easily customize your deployment. + +To deploy Kubeflow Pipelines in namespace FOO +- Edit [kustomization.yaml](namespaced-install/kustomization.yaml) namespace section to FOO +- Then run +``` +kubectl kustomize . | kubectl apply -f - +``` + +## Reinstall with existing data +TODO + + +# Uninstall +You can uninstall everything by running +``` +kubectl delete -f https://raw.githubusercontent.com/kubeflow/pipelines/$PIPELINE_VERSION/manifests/namespaced-install.yaml +``` + +Or if you deploy using kustomize +``` +kubectl kustomize . | kubectl delete -f - +``` diff --git a/manifests/base/argo/kustomization.yaml b/manifests/base/argo/kustomization.yaml new file mode 100644 index 00000000000..890cb4cb396 --- /dev/null +++ b/manifests/base/argo/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- workflow-controller-configmap.yaml +- workflow-controller-deployment.yaml +- workflow-controller-role.yaml +- workflow-controller-rolebinding.yaml +- workflow-controller-sa.yaml diff --git a/manifests/base/argo/workflow-controller-configmap.yaml b/manifests/base/argo/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..458adb5e2c8 --- /dev/null +++ b/manifests/base/argo/workflow-controller-configmap.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + { + executorImage: argoproj/argoexec:v2.2.0, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.default:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } diff --git a/manifests/base/argo/workflow-controller-deployment.yaml b/manifests/base/argo/workflow-controller-deployment.yaml new file mode 100644 index 00000000000..ff17301c3f4 --- /dev/null +++ b/manifests/base/argo/workflow-controller-deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - argoproj/argoexec:v2.2.0 + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.2.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 \ No newline at end of file diff --git a/manifests/base/argo/workflow-controller-role.yaml b/manifests/base/argo/workflow-controller-role.yaml new file mode 100644 index 00000000000..606d61509ab --- /dev/null +++ b/manifests/base/argo/workflow-controller-role.yaml @@ -0,0 +1,45 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/base/argo/workflow-controller-rolebinding.yaml b/manifests/base/argo/workflow-controller-rolebinding.yaml new file mode 100644 index 00000000000..05a7b3a46e2 --- /dev/null +++ b/manifests/base/argo/workflow-controller-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo \ No newline at end of file diff --git a/manifests/base/argo/workflow-controller-sa.yaml b/manifests/base/argo/workflow-controller-sa.yaml new file mode 100644 index 00000000000..297172c4b6a --- /dev/null +++ b/manifests/base/argo/workflow-controller-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo \ No newline at end of file diff --git a/manifests/base/crds/kustomization.yaml b/manifests/base/crds/kustomization.yaml new file mode 100644 index 00000000000..ae914d70887 --- /dev/null +++ b/manifests/base/crds/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- scheduled-workflow-crd.yaml +- viewer-crd.yaml +- workflow-crd.yaml \ No newline at end of file diff --git a/manifests/base/crds/scheduled-workflow-crd.yaml b/manifests/base/crds/scheduled-workflow-crd.yaml new file mode 100644 index 00000000000..623e183494b --- /dev/null +++ b/manifests/base/crds/scheduled-workflow-crd.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true \ No newline at end of file diff --git a/manifests/base/crds/viewer-crd.yaml b/manifests/base/crds/viewer-crd.yaml new file mode 100644 index 00000000000..4bec1167f7c --- /dev/null +++ b/manifests/base/crds/viewer-crd.yaml @@ -0,0 +1,20 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + ksonnet.io/component: pipeline + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true \ No newline at end of file diff --git a/manifests/base/crds/workflow-crd.yaml b/manifests/base/crds/workflow-crd.yaml new file mode 100644 index 00000000000..2e87ee71de3 --- /dev/null +++ b/manifests/base/crds/workflow-crd.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + version: v1alpha1 + scope: Namespaced + names: + kind: Workflow + plural: workflows + shortNames: + - wf \ No newline at end of file diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml new file mode 100644 index 00000000000..70b58fb8e54 --- /dev/null +++ b/manifests/base/kustomization.yaml @@ -0,0 +1,27 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- argo +- crds +- minio +- mysql +- pipeline + +images: +- name: argoproj/workflow-controller + newTag: v2.2.0 +- name: minio/minio + newTag: RELEASE.2018-02-09T22-40-05Z +- name: mysql + newTag: "5.6" +- name: gcr.io/ml-pipeline/api-server + newTag: 0.1.20 +- name: gcr.io/ml-pipeline/persistenceagent + newTag: 0.1.20 +- name: gcr.io/ml-pipeline/scheduledworkflow + newTag: 0.1.20 +- name: gcr.io/ml-pipeline/frontend + newTag: 0.1.20 +- name: gcr.io/ml-pipeline/viewer-crd-controller + newTag: 0.1.20 diff --git a/manifests/base/minio/kustomization.yaml b/manifests/base/minio/kustomization.yaml new file mode 100644 index 00000000000..731cc557d4c --- /dev/null +++ b/manifests/base/minio/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- minio-artifact-secret.yaml +- minio-deployment.yaml +- minio-pvc.yaml +- minio-service.yaml diff --git a/manifests/base/minio/minio-artifact-secret.yaml b/manifests/base/minio/minio-artifact-secret.yaml new file mode 100644 index 00000000000..29e74012f86 --- /dev/null +++ b/manifests/base/minio/minio-artifact-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque \ No newline at end of file diff --git a/manifests/base/minio/minio-deployment.yaml b/manifests/base/minio/minio-deployment.yaml new file mode 100644 index 00000000000..3aeeba18373 --- /dev/null +++ b/manifests/base/minio/minio-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: minio +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: minio/minio:RELEASE.2018-02-09T22-40-05Z + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc \ No newline at end of file diff --git a/manifests/base/minio/minio-pvc.yaml b/manifests/base/minio/minio-pvc.yaml new file mode 100644 index 00000000000..ecfa32bbe8a --- /dev/null +++ b/manifests/base/minio/minio-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/manifests/base/minio/minio-service.yaml b/manifests/base/minio/minio-service.yaml new file mode 100644 index 00000000000..bdecf182a09 --- /dev/null +++ b/manifests/base/minio/minio-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio \ No newline at end of file diff --git a/manifests/base/mysql/kustomization.yaml b/manifests/base/mysql/kustomization.yaml new file mode 100644 index 00000000000..97e3a556460 --- /dev/null +++ b/manifests/base/mysql/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- mysql-deployment.yaml +- mysql-pv-claim.yaml +- mysql-service.yaml \ No newline at end of file diff --git a/manifests/base/mysql/mysql-deployment.yaml b/manifests/base/mysql/mysql-deployment.yaml new file mode 100644 index 00000000000..a94d94f4931 --- /dev/null +++ b/manifests/base/mysql/mysql-deployment.yaml @@ -0,0 +1,31 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: mysql +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim \ No newline at end of file diff --git a/manifests/base/mysql/mysql-pv-claim.yaml b/manifests/base/mysql/mysql-pv-claim.yaml new file mode 100644 index 00000000000..108dc24ef32 --- /dev/null +++ b/manifests/base/mysql/mysql-pv-claim.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/manifests/base/mysql/mysql-service.yaml b/manifests/base/mysql/mysql-service.yaml new file mode 100644 index 00000000000..78e201bf7f9 --- /dev/null +++ b/manifests/base/mysql/mysql-service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: mysql +spec: + ports: + - port: 3306 + selector: + app: mysql \ No newline at end of file diff --git a/manifests/base/pipeline/kustomization.yaml b/manifests/base/pipeline/kustomization.yaml new file mode 100644 index 00000000000..35d5e3c1afb --- /dev/null +++ b/manifests/base/pipeline/kustomization.yaml @@ -0,0 +1,29 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ml-pipeline-apiserver-deployment.yaml +- ml-pipeline-apiserver-role.yaml +- ml-pipeline-apiserver-rolebinding.yaml +- ml-pipeline-apiserver-sa.yaml +- ml-pipeline-apiserver-service.yaml +- ml-pipeline-persistenceagent-deployment.yaml +- ml-pipeline-persistenceagent-role.yaml +- ml-pipeline-persistenceagent-rolebinding.yaml +- ml-pipeline-persistenceagent-sa.yaml +- ml-pipeline-scheduledworkflow-deployment.yaml +- ml-pipeline-scheduledworkflow-role.yaml +- ml-pipeline-scheduledworkflow-rolebinding.yaml +- ml-pipeline-scheduledworkflow-sa.yaml +- ml-pipeline-ui-deployment.yaml +- ml-pipeline-ui-role.yaml +- ml-pipeline-ui-rolebinding.yaml +- ml-pipeline-ui-sa.yaml +- ml-pipeline-ui-service.yaml +- ml-pipeline-viewer-crd-role.yaml +- ml-pipeline-viewer-crd-rolebinding.yaml +- ml-pipeline-viewer-crd-deployment.yaml +- ml-pipeline-viewer-crd-sa.yaml +- pipeline-runner-role.yaml +- pipeline-runner-rolebinding.yaml +- pipeline-runner-sa.yaml \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/manifests/base/pipeline/ml-pipeline-apiserver-deployment.yaml new file mode 100644 index 00000000000..9dea549b29b --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -0,0 +1,28 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/api-server:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + - containerPort: 8887 + serviceAccountName: ml-pipeline \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-apiserver-role.yaml b/manifests/base/pipeline/ml-pipeline-apiserver-role.yaml new file mode 100644 index 00000000000..10737df4931 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-apiserver-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml b/manifests/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml new file mode 100644 index 00000000000..fe25597051a --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-apiserver-sa.yaml b/manifests/base/pipeline/ml-pipeline-apiserver-sa.yaml new file mode 100644 index 00000000000..95ff3141e61 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-apiserver-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline diff --git a/manifests/base/pipeline/ml-pipeline-apiserver-service.yaml b/manifests/base/pipeline/ml-pipeline-apiserver-service.yaml new file mode 100644 index 00000000000..4ac2ba4ac90 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/manifests/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml new file mode 100644 index 00000000000..ef267e141d1 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - image: gcr.io/ml-pipeline/persistenceagent:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/manifests/base/pipeline/ml-pipeline-persistenceagent-role.yaml new file mode 100644 index 00000000000..de2b9c87378 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml b/manifests/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml new file mode 100644 index 00000000000..0fa1336ebe3 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent diff --git a/manifests/base/pipeline/ml-pipeline-persistenceagent-sa.yaml b/manifests/base/pipeline/ml-pipeline-persistenceagent-sa.yaml new file mode 100644 index 00000000000..4725287b375 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-persistenceagent-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml new file mode 100644 index 00000000000..acb7a0b1ef4 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - image: gcr.io/ml-pipeline/scheduledworkflow:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml new file mode 100644 index 00000000000..c0274f7fe4c --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml @@ -0,0 +1,31 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml new file mode 100644 index 00000000000..f21113bff17 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml new file mode 100644 index 00000000000..5e5d2c1cd42 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-ui-deployment.yaml b/manifests/base/pipeline/ml-pipeline-ui-deployment.yaml new file mode 100644 index 00000000000..2078073c033 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-ui-deployment.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - image: gcr.io/ml-pipeline/frontend:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + serviceAccountName: ml-pipeline-ui \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-ui-role.yaml b/manifests/base/pipeline/ml-pipeline-ui-role.yaml new file mode 100644 index 00000000000..2dce38cdba1 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-ui-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-ui-rolebinding.yaml b/manifests/base/pipeline/ml-pipeline-ui-rolebinding.yaml new file mode 100644 index 00000000000..70aec0cc346 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-ui-rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-ui-sa.yaml b/manifests/base/pipeline/ml-pipeline-ui-sa.yaml new file mode 100644 index 00000000000..06bc4453843 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-ui-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-ui-service.yaml b/manifests/base/pipeline/ml-pipeline-ui-service.yaml new file mode 100644 index 00000000000..53d3f391d20 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-ui-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml b/manifests/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml new file mode 100644 index 00000000000..506c3a470c9 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:0.1.15 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/manifests/base/pipeline/ml-pipeline-viewer-crd-role.yaml new file mode 100644 index 00000000000..111d703bf27 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete \ No newline at end of file diff --git a/manifests/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml b/manifests/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml new file mode 100644 index 00000000000..a33944457c2 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account diff --git a/manifests/base/pipeline/ml-pipeline-viewer-crd-sa.yaml b/manifests/base/pipeline/ml-pipeline-viewer-crd-sa.yaml new file mode 100644 index 00000000000..5dd08f88439 --- /dev/null +++ b/manifests/base/pipeline/ml-pipeline-viewer-crd-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account diff --git a/manifests/base/pipeline/pipeline-runner-role.yaml b/manifests/base/pipeline/pipeline-runner-role.yaml new file mode 100644 index 00000000000..a43faff6c5a --- /dev/null +++ b/manifests/base/pipeline/pipeline-runner-role.yaml @@ -0,0 +1,66 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: pipeline-runner +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' \ No newline at end of file diff --git a/manifests/base/pipeline/pipeline-runner-rolebinding.yaml b/manifests/base/pipeline/pipeline-runner-rolebinding.yaml new file mode 100644 index 00000000000..2bf828a80bf --- /dev/null +++ b/manifests/base/pipeline/pipeline-runner-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner diff --git a/manifests/base/pipeline/pipeline-runner-sa.yaml b/manifests/base/pipeline/pipeline-runner-sa.yaml new file mode 100644 index 00000000000..8cb2c669fb2 --- /dev/null +++ b/manifests/base/pipeline/pipeline-runner-sa.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner diff --git a/manifests/namespaced-install.yaml b/manifests/namespaced-install.yaml new file mode 100644 index 00000000000..e561e781967 --- /dev/null +++ b/manifests/namespaced-install.yaml @@ -0,0 +1,824 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + ksonnet.io/component: pipeline + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: workflows.argoproj.io +spec: + group: argoproj.io + names: + kind: Workflow + plural: workflows + shortNames: + - wf + scope: Namespaced + version: v1alpha1 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + - workflows/finalizers + verbs: + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - create + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-role +subjects: +- kind: ServiceAccount + name: argo + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: v1 +data: + config: | + { + namespace: kubeflow, + executorImage: argoproj/argoexec:v2.2.0, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.kubeflow:9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } +kind: ConfigMap +metadata: + name: workflow-controller-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service + namespace: kubeflow +spec: + ports: + - port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - port: 80 + targetPort: 3000 + selector: + app: ml-pipeline-ui +--- +apiVersion: v1 +kind: Service +metadata: + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline +--- +apiVersion: v1 +kind: Service +metadata: + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + selector: + app: mysql +--- +apiVersion: apps/v1beta1 +kind: Deployment +metadata: + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + value: minio + - name: MINIO_SECRET_KEY + value: minio123 + image: minio/minio:RELEASE.2018-02-09T22-40-05Z + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + spec: + containers: + - env: + - name: NAMESPACE + value: kubeflow + image: gcr.io/ml-pipeline-staging/persistenceagent:22be84b13c9d3c94d803d78685f00b0b5607258f + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + spec: + containers: + - env: + - name: NAMESPACE + value: kubeflow + image: gcr.io/ml-pipeline-staging/scheduledworkflow:22be84b13c9d3c94d803d78685f00b0b5607258f + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + template: + metadata: + labels: + app: ml-pipeline-ui + spec: + containers: + - image: gcr.io/ml-pipeline/frontend:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-ui + ports: + - containerPort: 3000 + serviceAccountName: ml-pipeline-ui +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + spec: + containers: + - image: gcr.io/ml-pipeline/viewer-crd-controller:0.1.15 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + labels: + app: ml-pipeline + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + template: + metadata: + labels: + app: ml-pipeline + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/api-server:0.1.15 + imagePullPolicy: IfNotPresent + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + - containerPort: 8887 + serviceAccountName: ml-pipeline +--- +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: workflow-controller + name: workflow-controller + namespace: kubeflow +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: workflow-controller + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: workflow-controller + spec: + containers: + - args: + - --configmap + - workflow-controller-configmap + - --executor-image + - argoproj/argoexec:v2.2.0 + command: + - workflow-controller + env: + - name: ARGO_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: argoproj/workflow-controller:v2.2.0 + imagePullPolicy: IfNotPresent + name: workflow-controller + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccount: argo + serviceAccountName: argo + terminationGracePeriodSeconds: 30 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/manifests/namespaced-install/README.md b/manifests/namespaced-install/README.md new file mode 100644 index 00000000000..87e84672f24 --- /dev/null +++ b/manifests/namespaced-install/README.md @@ -0,0 +1,2 @@ +This directory shows how to deploy to a non-default namespace. +To deploy to your own namespace, replace `kubeflow`. \ No newline at end of file diff --git a/manifests/namespaced-install/kustomization.yaml b/manifests/namespaced-install/kustomization.yaml new file mode 100644 index 00000000000..67fd7632638 --- /dev/null +++ b/manifests/namespaced-install/kustomization.yaml @@ -0,0 +1,27 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../base + +resources: +- namespace.yaml + +namespace: kubeflow + +patchesStrategicMerge: +- workflow-controller-configmap.yaml +- ml-pipeline-persistenceagent-deployment-patch.yaml +- ml-pipeline-scheduledworkflow-deployment-patch.yaml + +vars: + - name: NAMESPACE + objref: + kind: Deployment + apiVersion: extensions/v1beta1 + name: workflow-controller + fieldref: + fieldpath: metadata.namespace + +configurations: +- kustomizeconfig/namespace.yaml diff --git a/manifests/namespaced-install/kustomizeconfig/namespace.yaml b/manifests/namespaced-install/kustomizeconfig/namespace.yaml new file mode 100644 index 00000000000..2a5ae3d6456 --- /dev/null +++ b/manifests/namespaced-install/kustomizeconfig/namespace.yaml @@ -0,0 +1,6 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: data/config + kind: ConfigMap +- path: metadata/name + kind: Namespace \ No newline at end of file diff --git a/manifests/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml b/manifests/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml new file mode 100644 index 00000000000..de706660723 --- /dev/null +++ b/manifests/namespaced-install/ml-pipeline-persistenceagent-deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: ml-pipeline-persistenceagent +spec: + template: + spec: + containers: + - name: ml-pipeline-persistenceagent + env: + - name: NAMESPACE + value: $(NAMESPACE) diff --git a/manifests/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml b/manifests/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml new file mode 100644 index 00000000000..6837ff171c6 --- /dev/null +++ b/manifests/namespaced-install/ml-pipeline-scheduledworkflow-deployment-patch.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: ml-pipeline-scheduledworkflow +spec: + template: + spec: + containers: + - name: ml-pipeline-scheduledworkflow + env: + - name: NAMESPACE + value: $(NAMESPACE) diff --git a/manifests/namespaced-install/namespace.yaml b/manifests/namespaced-install/namespace.yaml new file mode 100644 index 00000000000..3cd514d2e1e --- /dev/null +++ b/manifests/namespaced-install/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: $(NAMESPACE) \ No newline at end of file diff --git a/manifests/namespaced-install/workflow-controller-configmap.yaml b/manifests/namespaced-install/workflow-controller-configmap.yaml new file mode 100644 index 00000000000..9fa7efb0f60 --- /dev/null +++ b/manifests/namespaced-install/workflow-controller-configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: workflow-controller-configmap +data: + config: | + { + namespace: $(NAMESPACE), + executorImage: argoproj/argoexec:v2.2.0, + artifactRepository: + { + s3: { + bucket: mlpipeline, + keyPrefix: artifacts, + endpoint: minio-service.$(NAMESPACE):9000, + insecure: true, + accessKeySecret: { + name: mlpipeline-minio-artifact, + key: accesskey + }, + secretKeySecret: { + name: mlpipeline-minio-artifact, + key: secretkey + } + } + } + } \ No newline at end of file