-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Separate run resources in namespaces #2694
Separate run resources in namespaces #2694
Conversation
/test kubeflow-pipeline-sample-test |
…pelines into authorize-requests
/test kubeflow-pipeline-e2e-test |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: IronPan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* add namespace to some run APIs * update only the create run api * add resourcereference for namespace runs * pass user identity header from the gRPC server to KFP service * add variables in const * declare a flag and fill in the authorizations * add types to toModel func * bug fix * strip the namespace resource reference when mapping to the db model * add unit tests * add authorization * interpret json response * use gofmt * add more meaningful error message; format * refactoring codes * separate workflow client * replace belonging relationshipreference to owner * put a todo for further investigation of using namespace or uuid * apply gofmt * revert minor change * refactor codes * minor change * use internal server error in kfam client * minor change * use timeout in kfam client * make kfam service host/port configurable * minor changes * update name * rename * update the util function to accept a list of resourcereferences * better error message * reformat * remove IsRequestAuthorized func * add multi-user mode flag * apply different service accounts based on the multi-user mode flag * apply service account only when it is not set * add kfam host and port in config.json * generalize the auth code * rename KFAMInterface to KFAMClientInterface * add kfam fake for tests * add build bazel * add unit tests for util func * remove the config * add unit test for authorization with httptest * only intialize the kfam client when kubeflow deployment * minor change * fix typo * wrap the whole auth func * update authz logic to be enabled when it is kubeflow deployment * change flag from kubeflow deployment to multiuser mode * gofmt * minor change * combine getnamespace func * insert annotation to disable istio injection * move unit tests * move fake kfam to the original kfam; create multiple fake kfam clients * combine authorize func, add unit tests for util_test * wrap errors * fix unit test * service unauthorized info to user * better user errors * inject default sa when it is empty or injected by the SDK in multi-user mode * revert some accidental change * revert some accidental change * Update util.go * make functions local * deduplicate return values from isauthorized * update kfam service host env variable * disable istio injection * set annotations to template instead of the workflow * fix reference/value bug * addressing comments * Create an argoclient class * move podnamespace to argo client * addressing comments * addressing comments
This change is
Create pipeline runs in different namespaces.