Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add third party license + source code to argo and minio images to comply with their license #2201

Merged
merged 12 commits into from
Oct 1, 2019
Merged

Add third party license + source code to argo and minio images to comply with their license #2201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
8519855
Add concatenated third party license to argo and minio images
Bobgy Sep 23, 2019
bcf5e44
Add MPL dependencies source code in argoexec docker image
Bobgy Sep 25, 2019
95ae91d
Include source code of MPL dependencies of minio in its image
Bobgy Sep 25, 2019
52d8180
Add source code for argo dependencies with MPL in argo images
Bobgy Sep 25, 2019
7d7d8cd
Updated workflow to release manually, included cloudbuild config to b…
Bobgy Sep 26, 2019
b4e1e91
docker env naming consistency
Bobgy Sep 26, 2019
530a7de
Include release scripts and instructions in third_party/README.md
Bobgy Sep 26, 2019
ec30211
Update README.md
Bobgy Sep 26, 2019
8503563
undo cloudbuild.yaml changes, update README
Bobgy Sep 26, 2019
4c1d5cc
Change argo and minio image tags in manifests
Bobgy Sep 26, 2019
a82abca
Remove unneeded code
Bobgy Sep 26, 2019
f826297
Fix copyright year
Bobgy Sep 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions .release.cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,10 +141,10 @@ steps:
waitFor: ['PullMetadataEnvoy']

- name: 'gcr.io/cloud-builders/docker'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's move all these entries to a separate cloudbuild.yaml file in the /third-party directory so that it's not triggered with every release.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't quite understand why we have these entries. They are copying already built images from gcr.io/ml-pipeline/... to gcr.io/ml-pipeline/google/pipelines/...:$TAG_NAME (released tag name).

But I couldn't find any usage of gcr.io/ml-pipeline/google/pipelines, our lite deployment only references gcr.io/ml-pipeline/image-name.

Can you explain what these are for? I didn't understand so I merely changed the tags to my new tags.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also checked https://github.com/kubeflow/manifests, they are also not using these. @IronPan do you know what these are for? Just meant as taking a snapshot of the release artifacts?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Bobgy no need to add license-compliance part in the tag here. As long as we're building these default ones with the source and license included, we're good.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neuromage My reasoning of the extra license-compliance part: #2201 (comment)

It's for purpose of safe gradual release, because images like gcr.io/ml-pipeline/argoexec:v2.3.0 are already in use today. If I push a new image to the same tag, everyone will switch to that new image immediately.

Technically, there's no difference between previous and new images. New images also just passed our presubmit tests. So risk pushing new images under the same tag is small too. I think we can also choose to do that.

WDYT? I'd like to double check if you want me to push new images under the same tag? or would you want to suggest a simpler naming?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think if we're distributing the images, we should just version them (since we technically rebuild these every release). Ideally, we would name them something like argoexec-v2.3.0-kfp:0.1.30 which can indicate that this is based of argo v2.3.0, but released under kfp with tag 0.1.30. I don't want to block this PR, but can we consider using this convention? This can be done in a future PR.

/cc @IronPan

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

argoexec-v2.3.0-kfp:0.1.30
Should we do that even if we only release a modified version of the image once per Argo release (not once per KFP release)?

Using different tags for the same image might be a bit confusing.

args: ['pull', 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z']
args: ['pull', 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance']
id: 'PullMinio'
- name: 'gcr.io/cloud-builders/docker'
args: ['tag', 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z', 'gcr.io/ml-pipeline/google/pipelines/minio:$TAG_NAME']
args: ['tag', 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance', 'gcr.io/ml-pipeline/google/pipelines/minio:$TAG_NAME']
Bobgy marked this conversation as resolved.
Show resolved Hide resolved
waitFor: ['PullMinio']

- name: 'gcr.io/cloud-builders/docker'
Expand All @@ -162,17 +162,17 @@ steps:
waitFor: ['PullCloudsqlProxy']

- name: 'gcr.io/cloud-builders/docker'
args: ['pull', 'gcr.io/ml-pipeline/argoexec:v2.3.0']
args: ['pull', 'gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance']
id: 'PullArgoExecutor'
- name: 'gcr.io/cloud-builders/docker'
args: ['tag', 'gcr.io/ml-pipeline/argoexec:v2.3.0', 'gcr.io/ml-pipeline/google/pipelines/argoexecutor:$TAG_NAME']
args: ['tag', 'gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance', 'gcr.io/ml-pipeline/google/pipelines/argoexecutor:$TAG_NAME']
waitFor: ['PullArgoExecutor']

- name: 'gcr.io/cloud-builders/docker'
args: ['pull', 'gcr.io/ml-pipeline/workflow-controller:v2.3.0']
args: ['pull', 'gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance']
id: 'PullArgoWorkflowController'
- name: 'gcr.io/cloud-builders/docker'
args: ['tag', 'gcr.io/ml-pipeline/workflow-controller:v2.3.0', 'gcr.io/ml-pipeline/google/pipelines/argoworkflowcontroller:$TAG_NAME']
args: ['tag', 'gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance', 'gcr.io/ml-pipeline/google/pipelines/argoworkflowcontroller:$TAG_NAME']
waitFor: ['PullArgoWorkflowController']

# Copy the Python SDK
Expand Down
6 changes: 3 additions & 3 deletions manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
images:
apiserver: gcr.io/ml-pipeline/api-server:0.1.27
argoexecutor: gcr.io/ml-pipeline/argoexec:v2.3.0
argoworkflowcontroller: gcr.io/ml-pipeline/workflow-controller:v2.3.0
argoexecutor: gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance
argoworkflowcontroller: gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance
cloudsqlproxy: gcr.io/cloudsql-docker/gce-proxy:1.14
frontend: gcr.io/ml-pipeline/frontend:0.1.27
metadataserver: gcr.io/tfx-oss-public/ml_metadata_store_server:0.14.0
minio: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z
minio: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance
mysql: gcr.io/ml-pipeline/mysql:5.6
persistenceagent: gcr.io/ml-pipeline/persistenceagent:0.1.27
proxyagent: gcr.io/ml-pipeline/inverse-proxy-agent:0.1.27
Expand Down
2 changes: 1 addition & 1 deletion manifests/kustomize/base/argo/workflow-controller-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
data:
config: |
{
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0,
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance,
artifactRepository:
{
s3: {
Expand Down
4 changes: 2 additions & 2 deletions manifests/kustomize/base/argo/workflow-controller-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
- --configmap
- workflow-controller-configmap
- --executor-image
- gcr.io/ml-pipeline/argoexec:v2.3.0
- gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance
command:
- workflow-controller
env:
Expand All @@ -36,7 +36,7 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: gcr.io/ml-pipeline/workflow-controller:v2.3.0
image: gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance
imagePullPolicy: IfNotPresent
name: workflow-controller
resources: {}
Expand Down
2 changes: 0 additions & 2 deletions manifests/kustomize/base/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,6 @@ bases:
- metadata

images:
- name: argoproj/workflow-controller
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no usage of argoproj/workflow-controller. So I simply removed this one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty certain that the workflow controller is being used.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we are using gcr.io/ml-pipeline/workflow-controller, but not argoproj/workflow-controller.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty certain it's used.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you let me know where it is? I couldn't find it when I searched for it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it's already referencing the gcr image:

pipelines/manifests/kustomize/base/argo/workflow-controller-deployment.yaml

Line 39 in fbb008f

image: gcr.io/ml-pipeline/workflow-controller:v2.3.0

argoexec image is already there.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's what I found too. Do you have any further concerns?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does that image have the required licenses? Is there some script or cloudbuild entry that can create that image when new Argo version comes out?

Copy link
Contributor Author

@Bobgy Bobgy Sep 30, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gcr.io/ml-pipeline/workflow-controller:v2.3.0 doesn't have license

gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance has license

Is there some script or cloudbuild entry that can create that image when new Argo version comes out?

That's a good point.

I have some dirty scripts for generating the licenses. I made this image from these scripts manually this time.

I think cleaning up these scripts is not a blocker for MKP launch. I will put another PR for it later.

newTag: v2.3.0
- name: gcr.io/ml-pipeline/api-server
newTag: 0.1.31
- name: gcr.io/ml-pipeline/persistenceagent
Expand Down
2 changes: 1 addition & 1 deletion manifests/kustomize/env/dev/minio/minio-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ spec:
value: minio
- name: MINIO_SECRET_KEY
value: minio123
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance
name: minio
ports:
- containerPort: 9000
Expand Down
2 changes: 1 addition & 1 deletion manifests/kustomize/env/gcp/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ images:
- name: gcr.io/cloudsql-docker/gce-proxy
newTag: "1.14"
- name: gcr.io/ml-pipeline/minio
newTag: RELEASE.2019-08-14T20-37-41Z
newTag: RELEASE.2019-08-14T20-37-41Z-license-compliance

secretGenerator:
- name: user-gcp-sa
Expand Down
2 changes: 1 addition & 1 deletion manifests/kustomize/env/gcp/minio/minio-gcs-gateway-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: minio
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance
args:
- gateway
- gcs
Expand Down
8 changes: 4 additions & 4 deletions manifests/kustomize/namespaced-install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@ data:
config: |
{
namespace: kubeflow,
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0,
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance,
artifactRepository:
{
s3: {
Expand Down Expand Up @@ -755,7 +755,7 @@ spec:
value: minio
- name: MINIO_SECRET_KEY
value: minio123
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z
image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance
name: minio
ports:
- containerPort: 9000
Expand Down Expand Up @@ -1020,7 +1020,7 @@ spec:
- --configmap
- workflow-controller-configmap
- --executor-image
- gcr.io/ml-pipeline/argoexec:v2.3.0
- gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance
command:
- workflow-controller
env:
Expand All @@ -1029,7 +1029,7 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: gcr.io/ml-pipeline/workflow-controller:v2.3.0
image: gcr.io/ml-pipeline/workflow-controller:v2.3.0-license-compliance
imagePullPolicy: IfNotPresent
name: workflow-controller
resources: {}
Expand Down
2 changes: 1 addition & 1 deletion manifests/kustomize/namespaced/workflow-controller-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ data:
config: |
{
namespace: $(NAMESPACE),
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0,
executorImage: gcr.io/ml-pipeline/argoexec:v2.3.0-license-compliance,
artifactRepository:
{
s3: {
Expand Down
51 changes: 51 additions & 0 deletions third_party/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# How to release third party images

## Release a new third party image version

1. Edit third_party/$LIBRARY/Dockerfile
1. Change the line `from IMAGE_NAME:TAG_NAME` to `from IMAGE_NAME:NEW_TAG_NAME`
1. Edit third_party/$LIBRARY/release.sh
1. Change TAG to NEW_TAG_NAME.
1. Commit and ask someone for review
1. Run the following (you need to have storage access to ml-pipeline project)
```
cd $KFP_SRC
./third_party/$LIBRARY/release.sh
```
1. Make a PR that
* changes all image references in .release.cloudbuild.yaml
* changes all image references in manifests

## How to build
```
cd $KFP_SRC
gcloud builds submit --config third_party/argo/cloudbuild.yaml . --substitutions=TAG_NAME="RELEASE_TAG_NAME_HERE"
gcloud builds submit --config third_party/minio/cloudbuild.yaml . --substitutions=TAG_NAME="RELEASE_TAG_NAME_HERE"
```

or you can build locally using docker too like the following
```
cd $KFP_SRC
docker build -t $IMAGE_NAME:$TAG -f third_party/minio/Dockerfile .
```

## Verify your built images are good
Run the following command to start an interactive shell in a new container of the image (the image must have shell installed to be able to run it)
```
docker run -it --entrypoint sh $IMAGE_NAME
```
Or if the image doesn't have a complete OS (like argoproj/workflow-controller)
```
docker save nginx > nginx.tar
tar -xvf nginx.tar
```
This saves layers of the image to a tarball that you can extract and see.

Credits to: https://stackoverflow.com/questions/44769315/how-to-see-docker-image-contents

## Release to gcr.io/ml-pipeline

(This has been automated by third_party/release.sh)
1. First build images in your own project
1. Use [this gcloud command](https://cloud.google.com/container-registry/docs/managing#tagging_images) to retag your images to gcr.io/ml-pipeline
1. When choosing the new tag, use the same text as the original release tag of the third party image
32 changes: 32 additions & 0 deletions third_party/argo/Dockerfile.argoexec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM alpine as downloader

COPY third_party /third_party

RUN apk add --no-cache curl

ENV OUTPUT_FOLDER /downloads/
RUN sh /third_party/download_source.sh </third_party/argo/repo-MPL.txt


# Argo exec image
From argoproj/argoexec:v2.3.0

# Copy concatenated license file
COPY third_party/argo/license.txt /third_party/license.txt

# Copy downloaded source code
COPY --from=downloader /downloads /third_party
30 changes: 30 additions & 0 deletions third_party/argo/Dockerfile.workflow-controller
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM alpine as downloader

COPY third_party /third_party

RUN apk add --no-cache curl

ENV OUTPUT_FOLDER /downloads/
RUN sh /third_party/download_source.sh </third_party/argo/repo-MPL.txt

From argoproj/workflow-controller:v2.3.0

# Copy concatenated license file
COPY third_party/argo/license.txt /third_party/license.txt

# Copy downloaded source code
COPY --from=downloader /downloads /third_party
13 changes: 13 additions & 0 deletions third_party/argo/cloudbuild.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
steps:
- name: 'gcr.io/cloud-builders/docker'
args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/workflow-controller:$TAG_NAME', '-f', 'third_party/argo/Dockerfile.workflow-controller', '.' ]
waitFor: ['-']
- name: 'gcr.io/cloud-builders/docker'
args: [ 'build', '-t', 'gcr.io/$PROJECT_ID/argoexec:$TAG_NAME', '-f', 'third_party/argo/Dockerfile.argoexec', '.' ]
waitFor: ['-']
timeout: 300s # 5min
options:
diskSizeGb: 20
images:
- 'gcr.io/$PROJECT_ID/argoexec'
- 'gcr.io/$PROJECT_ID/workflow-controller'
Loading