Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Manifest]Cache - mkp deployment #3343

Merged
merged 17 commits into from
Apr 1, 2020
Merged

[Manifest]Cache - mkp deployment #3343

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6994984
Initial execution cache
rui5i Feb 10, 2020
1534782
Merge branch 'master' of https://github.com/kubeflow/pipelines
rui5i Feb 27, 2020
d5ce005
Merge branch 'master' of https://github.com/kubeflow/pipelines
rui5i Mar 3, 2020
fdb3ba4
fix master
rui5i Mar 3, 2020
2b69c1e
Merge branch 'master' of https://github.com/kubeflow/pipelines
rui5i Mar 19, 2020
6a4dca2
Merge branch 'master' of https://github.com/kubeflow/pipelines
rui5i Mar 20, 2020
295f155
Merge branch 'master' of https://github.com/kubeflow/pipelines
rui5i Mar 23, 2020
2f3a7bc
Add cache manifests for mkp deployment
rui5i Mar 23, 2020
d9b4fa2
revert go.sum
rui5i Mar 23, 2020
04d4dcc
Add helm on delete policy for cache deployer job
rui5i Mar 24, 2020
010b749
Change cache deployer job to statefulset
rui5i Mar 25, 2020
89e299f
remove unnecessary cluster role
rui5i Mar 26, 2020
8bbaa93
Merge branch 'master' of https://github.com/kubeflow/pipelines into c…
rui5i Mar 30, 2020
677cc8e
seperate clusterrole and role
rui5i Mar 30, 2020
4366de3
add role and rolebinding to mkp
rui5i Mar 30, 2020
926882a
change secret role to clusterrole
rui5i Mar 30, 2020
7883360
Add cloudsql support to cache
rui5i Mar 31, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
259 changes: 259 additions & 0 deletions manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/cache.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
apiVersion: apps/v1
kind: StatefulSet
rui5i marked this conversation as resolved.
Show resolved Hide resolved
metadata:
name: cache-deployer-statefulset
labels:
app: cache-deployer
app.kubernetes.io/name: {{ .Release.Name }}
spec:
replicas: 1
serviceName: cache-deployer
selector:
matchLabels:
app: cache-deployer
app.kubernetes.io/name: {{ .Release.Name }}
template:
metadata:
labels:
app: cache-deployer
app.kubernetes.io/name: {{ .Release.Name }}
spec:
containers:
- name: main
image: {{ .Values.images.cachedeployer }}
imagePullPolicy: Always
rmgogogo marked this conversation as resolved.
Show resolved Hide resolved
env:
- name: NAMESPACE_TO_WATCH
value: {{ .Release.Namespace }}
serviceAccountName: kubeflow-pipelines-cache-deployer-sa
restartPolicy: Always
volumeClaimTemplates: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: kubeflow-pipelines-cache-deployer-clusterrole
app.kubernetes.io/name: {{ .Release.Name }}
name: kubeflow-pipelines-cache-deployer-clusterrole
rules:
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
- certificatesigningrequests/approval
verbs:
- create
- delete
- get
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: kubeflow-pipelines-cache-deployer-role
app.kubernetes.io/name: {{ .Release.Name }}
name: kubeflow-pipelines-cache-deployer-role
rules:
- apiGroups:
- ""
resources:
- secrets
rui5i marked this conversation as resolved.
Show resolved Hide resolved
verbs:
- create
- get
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeflow-pipelines-cache-deployer-sa
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubeflow-pipelines-cache-deployer-clusterrolebinding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubeflow-pipelines-cache-deployer-clusterrole
subjects:
- kind: ServiceAccount
name: kubeflow-pipelines-cache-deployer-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubeflow-pipelines-cache-deployer-rolebinding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubeflow-pipelines-cache-deployer-role
subjects:
- kind: ServiceAccount
name: kubeflow-pipelines-cache-deployer-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cache-server
labels:
app: cache-server
app.kubernetes.io/name: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: cache-server
app.kubernetes.io/name: {{ .Release.Name }}
template:
metadata:
labels:
app: cache-server
app.kubernetes.io/name: {{ .Release.Name }}
spec:
containers:
- name: server
image: {{ .Values.images.cacheserver }}
env:
- name: DBCONFIG_DRIVER
valueFrom:
configMapKeyRef:
name: cache-configmap
key: mysql_driver
- name: DBCONFIG_DB_NAME
valueFrom:
configMapKeyRef:
name: cache-configmap
key: mysql_database
- name: DBCONFIG_HOST_NAME
rmgogogo marked this conversation as resolved.
Show resolved Hide resolved
valueFrom:
configMapKeyRef:
name: cache-configmap
key: mysql_host
- name: DBCONFIG_PORT
valueFrom:
configMapKeyRef:
name: cache-configmap
key: mysql_port
- name: NAMESPACE_TO_WATCH
value: {{ .Release.Namespace }}
args: ["--db_driver=$(DBCONFIG_DRIVER)",
"--db_host=$(DBCONFIG_HOST_NAME)",
"--db_port=$(DBCONFIG_PORT)",
"--namespace_to_watch=$(NAMESPACE_TO_WATCH)",
]
imagePullPolicy: Always
ports:
- containerPort: 8443
name: webhook-api
volumeMounts:
- name: webhook-tls-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes:
- name: webhook-tls-certs
secret:
secretName: webhook-server-tls
serviceAccountName: kubeflow-pipelines-cache
---
apiVersion: v1
kind: Service
metadata:
name: cache-server
labels:
app: cache-server
app.kubernetes.io/name: {{ .Release.Name }}
spec:
selector:
app: cache-server
app.kubernetes.io/name: {{ .Release.Name }}
ports:
- port: 443
targetPort: webhook-api
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cache-configmap
labels:
component: cache-server
data:
mysql_driver: "mysql"
mysql_database: "cachedb"
mysql_host: "mysql"
mysql_port: "3306"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: kubeflow-pipelines-cache-role
app.kubernetes.io/name: {{ .Release.Name }}
name: kubeflow-pipelines-cache-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- update
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubeflow-pipelines-cache
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubeflow-pipelines-cache-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubeflow-pipelines-cache-role
subjects:
- kind: ServiceAccount
name: kubeflow-pipelines-cache
namespace: {{ .Release.Namespace }}

2 changes: 2 additions & 0 deletions manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ images:
visualizationserver: gcr.io/ml-pipeline/google/pipelines/visualizationserver:dummy
metadataenvoy: gcr.io/ml-pipeline/google/pipelines/metadataenvoy:dummy
metadatawriter: gcr.io/ml-pipeline/google/pipelines/metadatawriter:dummy
cacheserver: gcr.io/ml-pipeline/google/pipelines/cacheserver:dummy
cachedeployer: gcr.io/ml-pipeline/google/pipelines/cachedeployer:dummy

gcpSecretName: "user-gcp-sa"
serviceAccountCredential: ""
Expand Down
12 changes: 10 additions & 2 deletions manifests/gcp_marketplace/schema.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,13 +77,21 @@ x-google-marketplace:
properties:
images.metadatawriter:
type: FULL
cacheserver:
properties:
images.cacheserver:
type: FULL
cachedeployer:
properties:
images.cachedeployer:
type: FULL
deployerServiceAccount:
roles:
- type: ClusterRole # This is a cluster-wide ClusterRole
rulesType: CUSTOM # We specify our own custom RBAC roles
rules:
- apiGroups: ['apiextensions.k8s.io']
resources: ['customresourcedefinitions']
- apiGroups: ['apiextensions.k8s.io', 'rbac.authorization.k8s.io']
resources: ['customresourcedefinitions', 'clusterroles', 'clusterrolebindings']
rmgogogo marked this conversation as resolved.
Show resolved Hide resolved
verbs: ['*']
clusterConstraints:
resources:
Expand Down
63 changes: 1 addition & 62 deletions manifests/kustomize/base/cache-deployer/cache-deployer-clusterrole.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,81 +5,20 @@ metadata:
app: kubeflow-pipelines-cache-deployer-clusterrole
name: kubeflow-pipelines-cache-deployer-clusterrole
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- "*"
resources:
- configmaps
verbs:
- get
- create
- apiGroups:
- extensions
- apps
resources:
- deployments
verbs:
- get
- create
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- services
verbs:
- get
- create
- list
- watch
- update
- patch
- delete
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
- certificatesigningrequests/approval
verbs:
- create
- delete
- get
- update
- watch
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
15 changes: 15 additions & 0 deletions manifests/kustomize/base/cache-deployer/cache-deployer-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: kubeflow-pipelines-cache-deployer-role
name: kubeflow-pipelines-cache-deployer-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- patch
Loading