diff --git a/build/gm/rbac/gm.yaml b/build/gm/rbac/gm.yaml new file mode 100644 index 0000000..bb63adf --- /dev/null +++ b/build/gm/rbac/gm.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: neptune +--- +# cluster role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: neptune +rules: + # list/watch these ai-feature crds + - apiGroups: + - neptune.io + resources: + - datasets + - models + - jointinferenceservices + - federatedlearningjobs + - incrementallearningjobs + verbs: + - get + - list + - watch + + # update crd status + - apiGroups: + - neptune.io + resources: + - datasets/status + - models/status + - jointinferenceservices/status + - federatedlearningjobs/status + - incrementallearningjobs/status + verbs: + - get + - update + + # current we implement ai features by k8s pods, services + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - get + - list + - watch + - delete + + - apiGroups: + - "" + resources: + - services + verbs: + - create + - list + - get + + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: neptune +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: neptune +subjects: +- kind: ServiceAccount + name: neptune + namespace: neptune +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: neptune + namespace: neptune diff --git a/build/gm/rbac/neptune-roles.yaml b/build/gm/rbac/neptune-roles.yaml deleted file mode 100644 index 35cafc6..0000000 --- a/build/gm/rbac/neptune-roles.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# permissions for end users to edit memcacheds. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: neptune-role -rules: -# list/watch these ai-feature crds -- apiGroups: - - neptune.io - resources: - - datasets - - models - - jointinferenceservices - - federatedlearningjobs - verbs: - - get - - list - - watch - -# update crd status -- apiGroups: - - neptune.io - resources: - - datasets/status - - models/status - - jointinferenceservices/status - - federatedlearningjobs/status - verbs: - - get - - update - -# current we implement ai features by k8s pods, services -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - get - - list - - watch - -- apiGroups: - - "" - resources: - - services - verbs: - - create - - get - -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - -- apiGroups: - - "" - resources: - - events - verbs: - - create diff --git a/build/gm/rbac/role_binding.yaml b/build/gm/rbac/role_binding.yaml deleted file mode 100644 index 30b876e..0000000 --- a/build/gm/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: neptune-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: neptune-role -subjects: -- kind: ServiceAccount - name: default - namespace: default diff --git a/docs/setup/install.md b/docs/setup/install.md index 05d6ea8..1acaf70 100644 --- a/docs/setup/install.md +++ b/docs/setup/install.md @@ -4,7 +4,7 @@ * [Deploy GM](#deploy-gm) * [Prepare GM config](#prepare-gm-config) * [Build worker base images](#build-worker-base-images) - * [Run GM as k8s pod(recommended)](#run-gm-as-k8s-podrecommended) + * [Run GM as k8s deployment(recommended)](#run-gm-as-k8s-deploymentrecommended) * [Run GM as a single process(alternative)](#run-gm-as-a-single-processalternative) * [Run GM as docker container(alternative)](#run-gm-as-docker-containeralternative) * [Deploy LC](#deploy-lc) @@ -85,7 +85,7 @@ docker push $WORKER_TF1_IMAGE There are some methods to run gm, you can choose one method below: -#### Run GM as k8s pod(**recommended**): +#### Run GM as k8s deployment(**recommended**): We don't need to config the kubeconfig in this method said by [accessing the API from a Pod](https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod). @@ -101,16 +101,11 @@ kubectl create -f build/gm/rbac/ GM_PORT=9000 LC_PORT=9100 -# fill the GM_NODE_NAME's ip which edge node can access to. -# such as GM_IP=192.168.0.9 -GM_IP= - # here using github container registry for example # edit it with the truly container registry by your choice. IMAGE_REPO=ghcr.io/edgeai-neptune/neptune IMAGE_TAG=v1alpha1 -GM_ADDRESS=$GM_IP:$GM_PORT LC_SERVER="http://localhost:$LC_PORT" ``` @@ -151,43 +146,74 @@ docker push $GM_IMAGE 4\. Create gm configmap: ```shell # create configmap from $CONFIG_FILE -CONFIG_NAME=neptune-gm-config # customize this configmap name -kubectl create configmap $CONFIG_NAME --from-file=$CONFIG_FILE +CONFIG_NAME=gm-config # customize this configmap name +kubectl create -n neptune configmap $CONFIG_NAME --from-file=$CONFIG_FILE ``` -5\. Deploy GM as pod: +5\. Deploy GM as deployment: ```shell # we assign gm to the node which edge node can access to. # here current terminal node name, i.e. the k8s master node. # remember the GM_IP GM_NODE_NAME=$(hostname) -GM_POD_NAME=gm-from-$CONFIG_NAME + kubectl apply -f - < +# here try to get node ip by kubectl +gm_node_ip=$(kubectl get node $GM_NODE_NAME -o jsonpath='{ .status.addresses[?(@.type=="ExternalIP")].address }') +gm_node_internal_ip=$(kubectl get node $GM_NODE_NAME -o jsonpath='{ .status.addresses[?(@.type=="InternalIP")].address }') + +GM_ADDRESS=${gm_node_ip:-$gm_node_internal_ip}:$gm_node_port kubectl create -f- <