Git-Mirrors/ml-quantum-tensorflow-py
1
0
Fork 0
mirror of https://github.com/autistic-symposium/ml-quantum-tensorflow-py.git synced 2025-05-03 07:14:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

kustomize

Browse source
This commit is contained in:
Steinkirch 2020-04-06 17:23:26 -07:00
parent ae72757665
commit aa0e248a45
330 changed files with 27690 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
kubeflow/kfapp/kustomize/api-service/base/deployment.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: ml-pipeline
spec:
template:
spec:
containers:
- name: ml-pipeline-api-server
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/ml-pipeline/api-server:0.1.23
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8888
- containerPort: 8887
serviceAccountName: ml-pipeline

13
kubeflow/kfapp/kustomize/api-service/base/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app: ml-pipeline
resources:
- deployment.yaml
- role-binding.yaml
- role.yaml
- service-account.yaml
- service.yaml
images:
- name: gcr.io/ml-pipeline/api-server
newTag: '0.1.23'

11
kubeflow/kfapp/kustomize/api-service/base/role-binding.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: ml-pipeline
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline
subjects:
- kind: ServiceAccount
name: ml-pipeline

28
kubeflow/kfapp/kustomize/api-service/base/role.yaml Normal file
View file

@ -0,0 +1,28 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: ml-pipeline
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- create
- get
- list
- update
- patch
- delete

4
kubeflow/kfapp/kustomize/api-service/base/service-account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline

14
kubeflow/kfapp/kustomize/api-service/base/service.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
name: ml-pipeline
spec:
ports:
- name: http
port: 8888
protocol: TCP
targetPort: 8888
- name: grpc
port: 8887
protocol: TCP
targetPort: 8887

5
kubeflow/kfapp/kustomize/api-service/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: kubeflow

239
kubeflow/kfapp/kustomize/application-crds/base/crd.yaml Normal file
View file

@ -0,0 +1,239 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: applications.app.k8s.io
spec:
group: app.k8s.io
names:
kind: Application
plural: applications
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
addOwnerRef:
type: boolean
assemblyPhase:
type: string
componentKinds:
items:
type: object
type: array
descriptor:
properties:
description:
type: string
icons:
items:
properties:
size:
type: string
src:
type: string
type:
type: string
required:
- src
type: object
type: array
keywords:
items:
type: string
type: array
links:
items:
properties:
description:
type: string
url:
type: string
type: object
type: array
maintainers:
items:
properties:
email:
type: string
name:
type: string
url:
type: string
type: object
type: array
notes:
type: string
owners:
items:
properties:
email:
type: string
name:
type: string
url:
type: string
type: object
type: array
type:
type: string
version:
type: string
type: object
info:
items:
properties:
name:
type: string
type:
type: string
value:
type: string
valueFrom:
properties:
configMapKeyRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
key:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
ingressRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
host:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
path:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
secretKeyRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
key:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
resourceVersion:
type: string
uid:
type: string
type: object
serviceRef:
properties:
apiVersion:
type: string
fieldPath:
type: string
kind:
type: string
name:
type: string
namespace:
type: string
path:
type: string
port:
format: int32
type: integer
resourceVersion:
type: string
uid:
type: string
type: object
type:
type: string
type: object
type: object
type: array
selector:
type: object
type: object
status:
properties:
components:
items:
properties:
group:
type: string
kind:
type: string
link:
type: string
name:
type: string
status:
type: string
type: object
type: array
conditions:
items:
properties:
lastTransitionTime:
format: date-time
type: string
lastUpdateTime:
format: date-time
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
required:
- type
- status
type: object
type: array
observedGeneration:
format: int64
type: integer
type: object
version: v1beta1
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

4
kubeflow/kfapp/kustomize/application-crds/base/kustomization.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crd.yaml

5
kubeflow/kfapp/kustomize/application-crds/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: kubeflow

11
kubeflow/kfapp/kustomize/application/base/cluster-role-binding.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-role
subjects:
- kind: ServiceAccount
name: service-account

21
kubeflow/kfapp/kustomize/application/base/cluster-role.yaml Normal file
View file

@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- update
- patch
- watch
- apiGroups:
- app.k8s.io
resources:
- '*'
verbs:
- '*'

29
kubeflow/kfapp/kustomize/application/base/kustomization.yaml Normal file
View file

@ -0,0 +1,29 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role.yaml
- cluster-role-binding.yaml
- service-account.yaml
- service.yaml
- stateful-set.yaml
namespace: kubeflow
nameprefix: application-controller-
configMapGenerator:
- name: parameters
env: params.env
generatorOptions:
disableNameSuffixHash: true
images:
- name: gcr.io/kubeflow-images-public/kubernetes-sigs/application
newName: gcr.io/kubeflow-images-public/kubernetes-sigs/application
newTag: 1.0-beta
vars:
- name: project
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.project
configurations:
- params.yaml

1
kubeflow/kfapp/kustomize/application/base/params.env Normal file
View file

@ -0,0 +1 @@
project=

3
kubeflow/kfapp/kustomize/application/base/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: spec/template/spec/containers/image
kind: StatefulSet

4
kubeflow/kfapp/kustomize/application/base/service-account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account

7
kubeflow/kfapp/kustomize/application/base/service.yaml Normal file
View file

@ -0,0 +1,7 @@
apiVersion: v1
kind: Service
metadata:
name: service
spec:
ports:
- port: 443

19
kubeflow/kfapp/kustomize/application/base/stateful-set.yaml Normal file
View file

@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: stateful-set
spec:
serviceName: service
template:
spec:
containers:
- name: manager
command:
- /root/manager
image: gcr.io/kubeflow-images-public/kubernetes-sigs/application
imagePullPolicy: Always
env:
- name: project
value: $(project)
serviceAccountName: service-account
volumeClaimTemplates: []

14
kubeflow/kfapp/kustomize/application/kustomization.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
commonLabels:
app.kubernetes.io/component: kubeflow
app.kubernetes.io/instance: kubeflow
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/name: kubeflow
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6
kind: Kustomization
namespace: kubeflow
resources:
- overlays/application/application.yaml

31
kubeflow/kfapp/kustomize/application/overlays/application/application.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: kubeflow
spec:
selector:
matchLabels:
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6
componentKinds:
- group: app.k8s.io
kind: Application
descriptor:
type: kubeflow
version: v0.6.2
description: application that aggregates all kubeflow applications
maintainers:
- name: Jeremy Lewi
email: jlewi@google.com
- name: Kam Kasravi
email: kam.d.kasravi@intel.com
owners:
- name: Jeremy Lewi
email: jlewi@google.com
keywords:
- kubeflow
links:
- description: About
url: "https://kubeflow.org"
addOwnerRef: true

13
kubeflow/kfapp/kustomize/application/overlays/application/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
resources:
- application.yaml
commonLabels:
app.kubernetes.io/name: kubeflow
app.kubernetes.io/instance: kubeflow
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/component: kubeflow
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6

6
kubeflow/kfapp/kustomize/application/overlays/debug/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- stateful-set.yaml

22
kubeflow/kfapp/kustomize/application/overlays/debug/stateful-set.yaml Normal file
View file

@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: stateful-set
spec:
template:
spec:
containers:
- name: manager
image: gcr.io/$(project)/application-controller:latest
command:
- /go/bin/dlv
args:
- --listen=:2345
- --headless=true
- --api-version=2
- exec
- /go/src/github.com/kubernetes-sigs/application/manager
ports:
- containerPort: 2345
securityContext:
privileged: true

29
kubeflow/kfapp/kustomize/argo/base/cluster-role-binding.yaml Normal file
View file

@ -0,0 +1,29 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: argo
name: argo
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo
subjects:
- kind: ServiceAccount
name: argo
namespace: kubeflow
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
app: argo-ui
name: argo-ui
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argo-ui
subjects:
- kind: ServiceAccount
name: argo-ui

77
kubeflow/kfapp/kustomize/argo/base/cluster-role.yaml Normal file
View file

@ -0,0 +1,77 @@
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: argo
name: argo
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- update
- patch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: argo
name: argo-ui
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch

27
kubeflow/kfapp/kustomize/argo/base/config-map.yaml Normal file
View file

@ -0,0 +1,27 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: workflow-controller-configmap
namespace: kubeflow
data:
config: |
{
executorImage: $(executorImage),
artifactRepository:
{
s3: {
bucket: $(artifactRepositoryBucket),
keyPrefix: $(artifactRepositoryKeyPrefix),
endpoint: $(artifactRepositoryEndpoint),
insecure: $(artifactRepositoryInsecure),
accessKeySecret: {
name: $(artifactRepositoryAccessKeySecretName),
key: $(artifactRepositoryAccessKeySecretKey)
},
secretKeySecret: {
name: $(artifactRepositorySecretKeySecretName),
key: $(artifactRepositorySecretKeySecretKey)
}
}
}
}

15
kubeflow/kfapp/kustomize/argo/base/crd.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: workflows.argoproj.io
spec:
group: argoproj.io
names:
kind: Workflow
listKind: WorkflowList
plural: workflows
shortNames:
- wf
singular: workflow
scope: Namespaced
version: v1alpha1

105
kubeflow/kfapp/kustomize/argo/base/deployment.yaml Normal file
View file

@ -0,0 +1,105 @@
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: argo-ui
name: argo-ui
namespace: kubeflow
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: argo-ui
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: argo-ui
spec:
containers:
- env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: IN_CLUSTER
value: "true"
- name: BASE_HREF
value: /argo/
image: argoproj/argoui:v2.3.0
imagePullPolicy: IfNotPresent
name: argo-ui
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
readinessProbe:
httpGet:
path: /
port: 8001
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argo-ui
serviceAccountName: argo-ui
terminationGracePeriodSeconds: 30
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: workflow-controller
name: workflow-controller
namespace: kubeflow
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: workflow-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: workflow-controller
spec:
containers:
- args:
- --configmap
- workflow-controller-configmap
command:
- workflow-controller
env:
- name: ARGO_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: argoproj/workflow-controller:v2.3.0
imagePullPolicy: IfNotPresent
name: workflow-controller
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argo
serviceAccountName: argo
terminationGracePeriodSeconds: 30

104
kubeflow/kfapp/kustomize/argo/base/kustomization.yaml Normal file
View file

@ -0,0 +1,104 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role-binding.yaml
- cluster-role.yaml
- config-map.yaml
- crd.yaml
- deployment.yaml
- service-account.yaml
- service.yaml
commonLabels:
kustomize.component: argo
images:
- name: argoproj/argoui
newName: argoproj/argoui
newTag: v2.3.0
- name: argoproj/workflow-controller
newName: argoproj/workflow-controller
newTag: v2.3.0
configMapGenerator:
- name: workflow-controller-parameters
env: params.env
generatorOptions:
disableNameSuffixHash: true
vars:
- name: executorImage
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.executorImage
- name: artifactRepositoryBucket
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryBucket
- name: artifactRepositoryKeyPrefix
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryKeyPrefix
- name: artifactRepositoryEndpoint
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryEndpoint
- name: artifactRepositoryInsecure
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryInsecure
- name: artifactRepositoryAccessKeySecretName
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryAccessKeySecretName
- name: artifactRepositoryAccessKeySecretKey
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositoryAccessKeySecretKey
- name: artifactRepositorySecretKeySecretName
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositorySecretKeySecretName
- name: artifactRepositorySecretKeySecretKey
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.artifactRepositorySecretKeySecretKey
- name: namespace
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.namespace
- name: clusterDomain
objref:
kind: ConfigMap
name: workflow-controller-parameters
apiVersion: v1
fieldref:
fieldpath: data.clusterDomain
configurations:
- params.yaml

11
kubeflow/kfapp/kustomize/argo/base/params.env Normal file
View file

@ -0,0 +1,11 @@
namespace=kubeflow
executorImage=argoproj/argoexec:v2.3.0
artifactRepositoryBucket=mlpipeline
artifactRepositoryKeyPrefix=artifacts
artifactRepositoryEndpoint=minio-service.kubeflow:9000
artifactRepositoryInsecure=true
artifactRepositoryAccessKeySecretName=mlpipeline-minio-artifact
artifactRepositoryAccessKeySecretKey=accesskey
artifactRepositorySecretKeySecretName=mlpipeline-minio-artifact
artifactRepositorySecretKeySecretKey=secretkey
clusterDomain=cluster.local

7
kubeflow/kfapp/kustomize/argo/base/params.yaml Normal file
View file

@ -0,0 +1,7 @@
varReference:
- path: data/config
kind: ConfigMap
- path: data/config
kind: Deployment
- path: metadata/annotations/getambassador.io\/config
kind: Service

11
kubeflow/kfapp/kustomize/argo/base/service-account.yaml Normal file
View file

@ -0,0 +1,11 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo-ui
namespace: kubeflow

23
kubeflow/kfapp/kustomize/argo/base/service.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
annotations:
getambassador.io/config: |-
---
apiVersion: ambassador/v0
kind: Mapping
name: argo-ui-mapping
prefix: /argo/
service: argo-ui.$(namespace)
labels:
app: argo-ui
name: argo-ui
namespace: kubeflow
spec:
ports:
- port: 80
targetPort: 8001
selector:
app: argo-ui
sessionAffinity: None
type: NodePort

9
kubeflow/kfapp/kustomize/argo/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
configurations:
- overlays/istio/params.yaml
kind: Kustomization
namespace: kubeflow
resources:
- overlays/istio/virtual-service.yaml

8
kubeflow/kfapp/kustomize/argo/overlays/istio/kustomization.yaml Normal file
View file

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
resources:
- virtual-service.yaml
configurations:
- params.yaml

3
kubeflow/kfapp/kustomize/argo/overlays/istio/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: spec/http/route/destination/host
kind: VirtualService

20
kubeflow/kfapp/kustomize/argo/overlays/istio/virtual-service.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: argo-ui
spec:
gateways:
- kubeflow-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /argo/
rewrite:
uri: /
route:
- destination:
host: argo-ui.$(namespace).svc.$(clusterDomain)
port:
number: 80

11
kubeflow/kfapp/kustomize/bootstrap/base/cluster-role-binding.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-role
subjects:
- kind: ServiceAccount
name: service-account

25
kubeflow/kfapp/kustomize/bootstrap/base/cluster-role.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: cluster-role
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete

131
kubeflow/kfapp/kustomize/bootstrap/base/config-map.yaml Normal file
View file

@ -0,0 +1,131 @@
apiVersion: v1
data:
create_ca.sh: |
#!/bin/bash
set -e
usage() {
cat <<EOF
Generate certificate suitable for use with an sidecar-injector webhook service.
This script uses k8s' CertificateSigningRequest API to a generate a
certificate signed by k8s CA suitable for use with sidecar-injector webhook
services. This requires permissions to create and approve CSR. See
https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster for
detailed explantion and additional instructions.
The server key/cert k8s CA cert are stored in a k8s secret.
usage: ${0} [OPTIONS]
The following flags are required.
--service Service name of webhook.
--namespace Namespace where webhook service and secret reside.
--secret Secret name for CA certificate and server certificate/key pair.
EOF
exit 1
}
while [[ $# -gt 0 ]]; do
case ${1} in
--service)
service="$2"
shift
;;
--secret)
secret="$2"
shift
;;
--namespace)
namespace="$2"
shift
;;
*)
usage
;;
esac
shift
done
[ -z ${service} ] && service=$(webhookNamePrefix)service
[ -z ${secret} ] && secret=webhook-certs
[ -z ${namespace} ] && namespace=$(namespace)
[ -z ${namespace} ] && namespace=default
webhookDeploymentName=$(webhookNamePrefix)deployment
mutatingWebhookConfigName=$(webhookNamePrefix)mutating-webhook-configuration
echo ${service}
echo ${namespace}
echo ${secret}
echo ${webhookDeploymentName}
echo ${mutatingWebhookconfigName}
if [ ! -x "$(command -v openssl)" ]; then
echo "openssl not found"
exit 1
fi
csrName=${service}.${namespace}
tmpdir=$(mktemp -d)
echo "creating certs in tmpdir ${tmpdir} "
# x509 outputs a self signed certificate instead of certificate request, later used as self signed root CA
openssl req -x509 -newkey rsa:2048 -keyout ${tmpdir}/self_ca.key -out ${tmpdir}/self_ca.crt -days 365 -nodes -subj /C=/ST=/L=/O=/OU=/CN=test-certificate-authority
cat <<EOF >> ${tmpdir}/csr.conf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${service}
DNS.2 = ${service}.${namespace}
DNS.3 = ${service}.${namespace}.svc
EOF
openssl genrsa -out ${tmpdir}/server-key.pem 2048
openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
# Self sign
openssl x509 -req -days 365 -in ${tmpdir}/server.csr -CA ${tmpdir}/self_ca.crt -CAkey ${tmpdir}/self_ca.key -CAcreateserial -out ${tmpdir}/server-cert.pem
# create the secret with CA cert and server cert/key
kubectl create secret generic ${secret} \
--from-file=key.pem=${tmpdir}/server-key.pem \
--from-file=cert.pem=${tmpdir}/server-cert.pem \
--dry-run -o yaml |
kubectl -n ${namespace} apply -f -
# Webhook pod needs to be restarted so that the service reload the secret
# http://github.com/kueflow/kubeflow/issues/3227
webhookPod=$(kubectl get pods -n ${namespace} |grep ${webhookDeploymentName} |awk '{print $1;}')
# ignore error if webhook pod does not exist
kubectl delete pod ${webhookPod} 2>/dev/null || true
echo "webhook ${webhookPod} is restarted to utilize the new secret"
cat ${tmpdir}/self_ca.crt
# -a means base64 encode
caBundle=$(cat ${tmpdir}/self_ca.crt | openssl enc -a -A)
echo ${caBundle}
patchString='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{CA_BUNDLE}}"}]'
patchString=$(echo ${patchString} | sed "s|{{CA_BUNDLE}}|${caBundle}|g")
echo ${patchString}
checkWebhookConfig() {
currentBundle=$(kubectl get mutatingwebhookconfigurations -n ${namespace} ${mutatingWebhookConfigName} -o jsonpath='{.webhooks[0].clientConfig.caBundle}')
[[ "$currentBundle" == "$caBundle" ]]
}
while true; do
if ! checkWebhookConfig; then
echo "patching ca bundle for webhook configuration..."
kubectl patch mutatingwebhookconfiguration ${mutatingWebhookConfigName} \
--type='json' -p="${patchString}"
fi
sleep 10
done
kind: ConfigMap
metadata:
name: config-map

39
kubeflow/kfapp/kustomize/bootstrap/base/kustomization.yaml Normal file
View file

@ -0,0 +1,39 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role-binding.yaml
- cluster-role.yaml
- config-map.yaml
- service-account.yaml
- stateful-set.yaml
commonLabels:
kustomize.component: admission-webhook-bootstrap
namePrefix: admission-webhook-bootstrap-
images:
- name: gcr.io/kubeflow-images-public/ingress-setup
newName: gcr.io/kubeflow-images-public/ingress-setup
newTag: latest
generatorOptions:
disableNameSuffixHash: true
configurations:
- params.yaml
namespace: kubeflow
configMapGenerator:
- name: config-map
behavior: merge
env: params.env
vars:
- name: webhookNamePrefix
objref:
kind: ConfigMap
name: config-map
apiVersion: v1
fieldref:
fieldpath: data.webhookNamePrefix
- name: namespace
objref:
kind: ConfigMap
name: config-map
apiVersion: v1
fieldref:
fieldpath: data.namespace

2
kubeflow/kfapp/kustomize/bootstrap/base/params.env Normal file
View file

@ -0,0 +1,2 @@
namespace=kubeflow
webhookNamePrefix=admission-webhook-

3
kubeflow/kfapp/kustomize/bootstrap/base/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: data/create_ca.sh
kind: ConfigMap

4
kubeflow/kfapp/kustomize/bootstrap/base/service-account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account

26
kubeflow/kfapp/kustomize/bootstrap/base/stateful-set.yaml Normal file
View file

@ -0,0 +1,26 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: stateful-set
spec:
replicas: 1
serviceName: service
template:
spec:
containers:
- command:
- sh
- /var/webhook-config/create_ca.sh
image: gcr.io/kubeflow-images-public/ingress-setup:latest
name: bootstrap
volumeMounts:
- mountPath: /var/webhook-config/
name: admission-webhook-config
restartPolicy: Always
serviceAccountName: service-account
volumes:
- configMap:
name: config-map
name: admission-webhook-config
# Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677
volumeClaimTemplates: []

5
kubeflow/kfapp/kustomize/bootstrap/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: kubeflow

14
kubeflow/kfapp/kustomize/centraldashboard/base/clusterrole-binding.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: centraldashboard
name: centraldashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: centraldashboard
subjects:
- kind: ServiceAccount
name: centraldashboard
namespace: $(namespace)

17
kubeflow/kfapp/kustomize/centraldashboard/base/clusterrole.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: centraldashboard
name: centraldashboard
rules:
- apiGroups:
- ""
resources:
- events
- namespaces
- nodes
verbs:
- get
- list
- watch

31
kubeflow/kfapp/kustomize/centraldashboard/base/deployment.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: centraldashboard
name: centraldashboard
spec:
replicas: 1
selector:
matchLabels:
app: centraldashboard
template:
metadata:
labels:
app: centraldashboard
spec:
containers:
- image: gcr.io/kubeflow-images-public/centraldashboard:v0.5.0
imagePullPolicy: IfNotPresent
name: centraldashboard
ports:
- containerPort: 8082
protocol: TCP
env:
- name: USERID_HEADER
value: $(userid-header)
- name: USERID_PREFIX
value: $(userid-prefix)
- name: PROFILES_KFAM_SERVICE_HOST
value: profiles-kfam.kubeflow
serviceAccountName: centraldashboard

54
kubeflow/kfapp/kustomize/centraldashboard/base/kustomization.yaml Normal file
View file

@ -0,0 +1,54 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- clusterrole-binding.yaml
- clusterrole.yaml
- deployment.yaml
- role-binding.yaml
- role.yaml
- service-account.yaml
- service.yaml
namespace: kubeflow
commonLabels:
kustomize.component: centraldashboard
images:
- name: gcr.io/kubeflow-images-public/centraldashboard
newName: gcr.io/kubeflow-images-public/centraldashboard
newTag: v20190823-v0.6.0-rc.0-69-gcb7dab59
configMapGenerator:
- name: parameters
env: params.env
generatorOptions:
disableNameSuffixHash: true
vars:
- name: namespace
objref:
kind: Service
name: centraldashboard
apiVersion: v1
fieldref:
fieldpath: metadata.namespace
- name: clusterDomain
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.clusterDomain
- name: userid-header
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.userid-header
- name: userid-prefix
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.userid-prefix
configurations:
- params.yaml

3
kubeflow/kfapp/kustomize/centraldashboard/base/params.env Normal file
View file

@ -0,0 +1,3 @@
clusterDomain=cluster.local
userid-header=
userid-prefix=

9
kubeflow/kfapp/kustomize/centraldashboard/base/params.yaml Normal file
View file

@ -0,0 +1,9 @@
varReference:
- path: metadata/annotations/getambassador.io\/config
kind: Service
- path: spec/http/route/destination/host
kind: VirtualService
- path: spec/template/spec/containers/0/env/0/value
kind: Deployment
- path: spec/template/spec/containers/0/env/1/value
kind: Deployment

14
kubeflow/kfapp/kustomize/centraldashboard/base/role-binding.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: centraldashboard
name: centraldashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: centraldashboard
subjects:
- kind: ServiceAccount
name: centraldashboard
namespace: $(namespace)

25
kubeflow/kfapp/kustomize/centraldashboard/base/role.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: centraldashboard
name: centraldashboard
rules:
- apiGroups:
- ""
- "app.k8s.io"
resources:
- applications
- pods
- pods/exec
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get

4
kubeflow/kfapp/kustomize/centraldashboard/base/service-account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: centraldashboard

24
kubeflow/kfapp/kustomize/centraldashboard/base/service.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: v1
kind: Service
metadata:
annotations:
getambassador.io/config: |-
---
apiVersion: ambassador/v0
kind: Mapping
name: centralui-mapping
prefix: /
rewrite: /
service: centraldashboard.$(namespace)
labels:
app: centraldashboard
name: centraldashboard
spec:
ports:
- port: 80
protocol: TCP
targetPort: 8082
selector:
app: centraldashboard
sessionAffinity: None
type: ClusterIP

9
kubeflow/kfapp/kustomize/centraldashboard/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
configurations:
- overlays/istio/params.yaml
kind: Kustomization
namespace: kubeflow
resources:
- overlays/istio/virtual-service.yaml

52
kubeflow/kfapp/kustomize/centraldashboard/overlays/application/application.yaml Normal file
View file

@ -0,0 +1,52 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: centraldashboard
spec:
selector:
matchLabels:
app.kubernetes.io/name:
app.kubernetes.io/instance: centraldashboard
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/component: centraldashboard
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6
componentKinds:
- group: core
kind: ConfigMap
- group: apps
kind: Deployment
- group: rbac.authorization.k8s.io
kind: RoleBinding
- group: rbac.authorization.k8s.io
kind: Role
- group: core
kind: ServiceAccount
- group: networking.istio.io
kind: VirtualService
descriptor:
type: centraldashboard
version: v0.6.2
description: Provides a Dashboard UI for kubeflow
maintainers:
- name: Jason Prodonovich
email: prodonjs@gmail.com
- name: Apoorv Verma
email: apverma@google.com
- name: Adhita Selvaraj
email: adhita94@gmail.com
owners:
- name: Jason Prodonovich
email: prodonjs@gmail.com
- name: Apoorv Verma
email: apverma@google.com
- name: Adhita Selvaraj
email: adhita94@gmail.com
keywords:
- centraldashboard
- kubeflow
links:
- description: About
url: https://github.com/kubeflow/kubeflow/tree/master/components/centraldashboard
addOwnerRef: true

13
kubeflow/kfapp/kustomize/centraldashboard/overlays/application/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
resources:
- application.yaml
commonLabels:
app.kubernetes.io/name: centraldashboard
app.kubernetes.io/instance: centraldashboard
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/component: centraldashboard
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6

9
kubeflow/kfapp/kustomize/centraldashboard/overlays/istio/kustomization.yaml Normal file
View file

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
resources:
- virtual-service.yaml
configurations:
- params.yaml

3
kubeflow/kfapp/kustomize/centraldashboard/overlays/istio/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: spec/http/route/destination/host
kind: VirtualService

20
kubeflow/kfapp/kustomize/centraldashboard/overlays/istio/virtual-service.yaml Normal file
View file

@ -0,0 +1,20 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: centraldashboard
spec:
gateways:
- kubeflow-gateway
hosts:
- '*'
http:
- match:
- uri:
prefix: /
rewrite:
uri: /
route:
- destination:
host: centraldashboard.$(namespace).svc.$(clusterDomain)
port:
number: 80

1535
kubeflow/kfapp/kustomize/istio-crds/base/crds.yaml Normal file
View file

File diff suppressed because it is too large Load diff

5
kubeflow/kfapp/kustomize/istio-crds/base/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds.yaml
namespace: kubeflow

5
kubeflow/kfapp/kustomize/istio-crds/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: istio-system

17336
kubeflow/kfapp/kustomize/istio-install/base/istio-noauth.yaml Normal file
View file

File diff suppressed because it is too large Load diff

5
kubeflow/kfapp/kustomize/istio-install/base/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- istio-noauth.yaml
namespace: kubeflow

5
kubeflow/kfapp/kustomize/istio-install/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: istio-system

7
kubeflow/kfapp/kustomize/istio/base/README.md Normal file
View file

@ -0,0 +1,7 @@
# Manifest for Istio in Kubeflow
- `install` dir contains the manifest to install Istio
- kf-istio-resources.yaml has
- Gateway for routing
- VirtualService for Grafana
- ServiceEntry and VirtualService for egress traffic

110
kubeflow/kfapp/kustomize/istio/base/kf-istio-resources.yaml Normal file
View file

@ -0,0 +1,110 @@
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: kubeflow-gateway
spec:
selector:
istio: ingressgateway
servers:
- port:
number: 80
name: http
protocol: HTTP
hosts:
- "*"
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: grafana-vs
spec:
hosts:
- "*"
gateways:
- "kubeflow-gateway"
http:
- match:
- uri:
prefix: "/istio/grafana/"
method:
exact: "GET"
rewrite:
uri: "/"
route:
- destination:
host: "grafana.istio-system.svc.cluster.local"
port:
number: 3000
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: google-api-entry
spec:
hosts:
- www.googleapis.com
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: google-api-vs
spec:
hosts:
- www.googleapis.com
tls:
- match:
- port: 443
sni_hosts:
- www.googleapis.com
route:
- destination:
host: www.googleapis.com
port:
number: 443
weight: 100
---
apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: google-storage-api-entry
spec:
hosts:
- storage.googleapis.com
ports:
- number: 443
name: https
protocol: HTTPS
resolution: DNS
location: MESH_EXTERNAL
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: google-storage-api-vs
spec:
hosts:
- storage.googleapis.com
tls:
- match:
- port: 443
sni_hosts:
- storage.googleapis.com
route:
- destination:
host: storage.googleapis.com
port:
number: 443
weight: 100
---
apiVersion: rbac.istio.io/v1alpha1
kind: ClusterRbacConfig
metadata:
name: default
spec:
mode: $(clusterRbacConfig)

18
kubeflow/kfapp/kustomize/istio/base/kustomization.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- kf-istio-resources.yaml
namespace: kubeflow
configMapGenerator:
- name: istio-parameters
env: params.env
vars:
- name: clusterRbacConfig
objref:
kind: ConfigMap
name: istio-parameters
apiVersion: v1
fieldref:
fieldpath: data.clusterRbacConfig
configurations:
- params.yaml

1
kubeflow/kfapp/kustomize/istio/base/params.env Normal file
View file

@ -0,0 +1 @@
clusterRbacConfig=OFF

3
kubeflow/kfapp/kustomize/istio/base/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: spec/mode
kind: ClusterRbacConfig

5
kubeflow/kfapp/kustomize/istio/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: kubeflow

11
kubeflow/kfapp/kustomize/jupyter-web-app/base/cluster-role-binding.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-role
subjects:
- kind: ServiceAccount
name: service-account

41
kubeflow/kfapp/kustomize/jupyter-web-app/base/cluster-role.yaml Normal file
View file

@ -0,0 +1,41 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- delete
- apiGroups:
- kubeflow.org
resources:
- notebooks
- poddefaults
verbs:
- get
- list
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch

143
kubeflow/kfapp/kustomize/jupyter-web-app/base/config-map.yaml Normal file
View file

@ -0,0 +1,143 @@
apiVersion: v1
data:
spawner_ui_config.yaml: |
# Configuration file for the Jupyter UI.
#
# Each Jupyter UI option is configured by two keys: 'value' and 'readOnly'
# - The 'value' key contains the default value
# - The 'readOnly' key determines if the option will be available to users
#
# If the 'readOnly' key is present and set to 'true', the respective option
# will be disabled for users and only set by the admin. Also when a
# Notebook is POSTED to the API if a necessary field is not present then
# the value from the config will be used.
#
# If the 'readOnly' key is missing (defaults to 'false'), the respective option
# will be available for users to edit.
#
# Note that some values can be templated. Such values are the names of the
# Volumes as well as their StorageClass
spawnerFormDefaults:
image:
# The container Image for the user's Jupyter Notebook
# If readonly, this value must be a member of the list below
value: gcr.io/kubeflow-images-public/tensorflow-1.13.1-notebook-cpu:v0.5.0
# The list of available standard container Images
options:
- gcr.io/kubeflow-images-public/tensorflow-1.5.1-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.5.1-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.6.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.6.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.7.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.7.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.8.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.8.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.9.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.9.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.10.1-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.10.1-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.11.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.11.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.12.0-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.12.0-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.13.1-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-1.13.1-notebook-gpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-2.0.0a-notebook-cpu:v0.5.0
- gcr.io/kubeflow-images-public/tensorflow-2.0.0a-notebook-gpu:v0.5.0
# By default, custom container Images are allowed
# Uncomment the following line to only enable standard container Images
readOnly: false
cpu:
# CPU for user's Notebook
value: '0.5'
readOnly: false
memory:
# Memory for user's Notebook
value: 1.0Gi
readOnly: false
workspaceVolume:
# Workspace Volume to be attached to user's Notebook
# Each Workspace Volume is declared with the following attributes:
# Type, Name, Size, MountPath and Access Mode
value:
type:
# The Type of the Workspace Volume
# Supported values: 'New', 'Existing'
value: New
name:
# The Name of the Workspace Volume
# Note that this is a templated value. Special values:
# {notebook-name}: Replaced with the name of the Notebook. The frontend
# will replace this value as the user types the name
value: 'workspace-{notebook-name}'
size:
# The Size of the Workspace Volume (in Gi)
value: '10Gi'
mountPath:
# The Path that the Workspace Volume will be mounted
value: /home/jovyan
accessModes:
# The Access Mode of the Workspace Volume
# Supported values: 'ReadWriteOnce', 'ReadWriteMany', 'ReadOnlyMany'
value: ReadWriteOnce
class:
# The StrageClass the PVC will use if type is New. Special values are:
# {none}: default StorageClass
# {empty}: empty string ""
value: '{none}'
readOnly: false
dataVolumes:
# List of additional Data Volumes to be attached to the user's Notebook
value: []
# Each Data Volume is declared with the following attributes:
# Type, Name, Size, MountPath and Access Mode
#
# For example, a list with 2 Data Volumes:
# value:
# - value:
# type:
# value: New
# name:
# value: '{notebook-name}-vol-1'
# size:
# value: '10Gi'
# class:
# value: standard
# mountPath:
# value: /home/jovyan/vol-1
# accessModes:
# value: ReadWriteOnce
# class:
# value: {none}
# - value:
# type:
# value: New
# name:
# value: '{notebook-name}-vol-2'
# size:
# value: '10Gi'
# mountPath:
# value: /home/jovyan/vol-2
# accessModes:
# value: ReadWriteMany
# class:
# value: {none}
readOnly: false
extraResources:
# Extra Resource Limits for user's Notebook
# e.x. "{'nvidia.com/gpu': 2}"
value: "{}"
readOnly: false
shm:
value: true
readOnly: false
configurations:
# List of labels to be selected, these are the labels from PodDefaults
# value:
# - add-gcp-secret
# - default-editor
value: []
readOnly: false
kind: ConfigMap
metadata:
name: config

37
kubeflow/kfapp/kustomize/jupyter-web-app/base/deployment.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
replicas: 1
template:
spec:
containers:
- env:
- name: ROK_SECRET_NAME
valueFrom:
configMapKeyRef:
name: parameters
key: ROK_SECRET_NAME
- name: UI
valueFrom:
configMapKeyRef:
name: parameters
key: UI
- name: USERID_HEADER
value: $(userid-header)
- name: USERID_PREFIX
value: $(userid-prefix)
image: gcr.io/kubeflow-images-public/jupyter-web-app:v0.5.0
imagePullPolicy: $(policy)
name: jupyter-web-app
ports:
- containerPort: 5000
volumeMounts:
- mountPath: /etc/config
name: config-volume
serviceAccountName: service-account
volumes:
- configMap:
name: config
name: config-volume

70
kubeflow/kfapp/kustomize/jupyter-web-app/base/kustomization.yaml Normal file
View file

@ -0,0 +1,70 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role-binding.yaml
- cluster-role.yaml
- config-map.yaml
- deployment.yaml
- role-binding.yaml
- role.yaml
- service-account.yaml
- service.yaml
namePrefix: jupyter-web-app-
namespace: kubeflow
commonLabels:
app: jupyter-web-app
kustomize.component: jupyter-web-app
images:
- name: gcr.io/kubeflow-images-public/jupyter-web-app
newName: gcr.io/kubeflow-images-public/jupyter-web-app
newTag: 9419d4d
configMapGenerator:
- name: parameters
env: params.env
generatorOptions:
disableNameSuffixHash: true
vars:
- name: policy
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.policy
- name: prefix
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.prefix
- name: clusterDomain
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.clusterDomain
- name: namespace
objref:
kind: Service
name: service
apiVersion: v1
fieldref:
fieldpath: metadata.namespace
- name: userid-header
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.userid-header
- name: userid-prefix
objref:
kind: ConfigMap
name: parameters
apiVersion: v1
fieldref:
fieldpath: data.userid-prefix
configurations:
- params.yaml

7
kubeflow/kfapp/kustomize/jupyter-web-app/base/params.env Normal file
View file

@ -0,0 +1,7 @@
UI=default
ROK_SECRET_NAME=secret-rok-{username}
policy=Always
prefix=jupyter
clusterDomain=cluster.local
userid-header=
userid-prefix=

9
kubeflow/kfapp/kustomize/jupyter-web-app/base/params.yaml Normal file
View file

@ -0,0 +1,9 @@
varReference:
- path: spec/template/spec/containers/imagePullPolicy
kind: Deployment
- path: metadata/annotations/getambassador.io\/config
kind: Service
- path: spec/template/spec/containers/0/env/2/value
kind: Deployment
- path: spec/template/spec/containers/0/env/3/value
kind: Deployment

11
kubeflow/kfapp/kustomize/jupyter-web-app/base/role-binding.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: jupyter-notebook-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jupyter-notebook-role
subjects:
- kind: ServiceAccount
name: jupyter-notebook

35
kubeflow/kfapp/kustomize/jupyter-web-app/base/role.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: jupyter-notebook-role
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
- secrets
- services
verbs:
- '*'
- apiGroups:
- ""
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'

4
kubeflow/kfapp/kustomize/jupyter-web-app/base/service-account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account

23
kubeflow/kfapp/kustomize/jupyter-web-app/base/service.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
annotations:
getambassador.io/config: |-
---
apiVersion: ambassador/v0
kind: Mapping
name: webapp_mapping
prefix: /$(prefix)/
service: jupyter-web-app-service.$(namespace)
add_request_headers:
x-forwarded-prefix: /jupyter
labels:
run: jupyter-web-app
name: service
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 5000
type: ClusterIP

15
kubeflow/kfapp/kustomize/jupyter-web-app/kustomization.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
- overlays/istio
commonLabels:
app.kubernetes.io/component: jupyter
app.kubernetes.io/instance: jupyter-web-app
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/name: jupyter-web-app
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6
kind: Kustomization
namespace: kubeflow
resources:
- overlays/application/application.yaml

47
kubeflow/kfapp/kustomize/jupyter-web-app/overlays/application/application.yaml Normal file
View file

@ -0,0 +1,47 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: jupyter-web-app
spec:
selector:
matchLabels:
app.kubernetes.io/name: jupyter-web-app
app.kubernetes.io/instance: jupyter-web-app
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/component: jupyter
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6
componentKinds:
- group: core
kind: ConfigMap
- group: apps
kind: Deployment
- group: rbac.authorization.k8s.io
kind: RoleBinding
- group: rbac.authorization.k8s.io
kind: Role
- group: core
kind: ServiceAccount
- group: networking.istio.io
kind: VirtualService
descriptor:
type: jupyter-web-app
version: v0.6.2
description: Provides a UI which allows the user to create/conect/delete jupyter notebooks.
maintainers:
- name: Kimonas Sotirchos
email: kimwnasptd@arrikto.com
owners:
- name: Kimonas Sotirchos
email: kimwnasptd@arrikto.com
keywords:
- jupyterhub
- jupyter ui
- notebooks
links:
- description: About
url: https://github.com/kubeflow/kubeflow/tree/master/components/jupyter-web-app
- description: Docs
url: https://www.kubeflow.org/docs/notebooks
addOwnerRef: true

13
kubeflow/kfapp/kustomize/jupyter-web-app/overlays/application/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
resources:
- application.yaml
commonLabels:
app.kubernetes.io/name: jupyter-web-app
app.kubernetes.io/instance: jupyter-web-app
app.kubernetes.io/managed-by: kfctl
app.kubernetes.io/component: jupyter
app.kubernetes.io/part-of: kubeflow
app.kubernetes.io/version: v0.6

6
kubeflow/kfapp/kustomize/jupyter-web-app/overlays/istio/kustomization.yaml Normal file
View file

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- virtual-service.yaml
configurations:
- params.yaml

3
kubeflow/kfapp/kustomize/jupyter-web-app/overlays/istio/params.yaml Normal file
View file

@ -0,0 +1,3 @@
varReference:
- path: spec/http/route/destination/host
kind: VirtualService

24
kubeflow/kfapp/kustomize/jupyter-web-app/overlays/istio/virtual-service.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: jupyter-web-app
spec:
gateways:
- kubeflow-gateway
hosts:
- '*'
http:
- headers:
request:
add:
x-forwarded-prefix: /jupyter
match:
- uri:
prefix: /jupyter/
rewrite:
uri: /
route:
- destination:
host: jupyter-web-app-service.$(namespace).svc.$(clusterDomain)
port:
number: 80

25
kubeflow/kfapp/kustomize/katib-controller/base/experiment-crd.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: experiments.kubeflow.org
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[-1:].type
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kubeflow.org
version: v1alpha2
scope: Namespaced
subresources:
status: {}
names:
kind: Experiment
singular: experiment
plural: experiments
categories:
- all
- kubeflow
- katib

40
kubeflow/kfapp/kustomize/katib-controller/base/katib-controller-deployment.yaml Normal file
View file

@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: katib-controller
labels:
app: katib-controller
spec:
replicas: 1
selector:
matchLabels:
app: katib-controller
template:
metadata:
labels:
app: katib-controller
spec:
serviceAccountName: katib-controller
containers:
- name: katib-controller
image: gcr.io/kubeflow-images-public/katib/v1alpha2/katib-controller:v0.1.2-alpha-289-g14dad8b
imagePullPolicy: IfNotPresent
command: ["./katib-controller"]
ports:
- containerPort: 443
name: webhook
protocol: TCP
env:
- name: KATIB_CORE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- mountPath: /tmp/cert
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: katib-controller

76
kubeflow/kfapp/kustomize/katib-controller/base/katib-controller-rbac.yaml Normal file
View file

@ -0,0 +1,76 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: katib-controller
rules:
- apiGroups:
- ""
resources:
- configmaps
- serviceaccounts
- services
- secrets
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- pods/log
- pods/status
verbs:
- "*"
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- "*"
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- get
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- experiments
- experiments/status
- trials
- trials/status
verbs:
- "*"
- apiGroups:
- kubeflow.org
resources:
- tfjobs
- pytorchjobs
verbs:
- "*"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: katib-controller
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: katib-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: katib-controller
subjects:
- kind: ServiceAccount
name: katib-controller

4
kubeflow/kfapp/kustomize/katib-controller/base/katib-controller-secret.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: Secret
metadata:
name: katib-controller

11
kubeflow/kfapp/kustomize/katib-controller/base/katib-controller-service.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: katib-controller
spec:
ports:
- port: 443
protocol: TCP
targetPort: 443
selector:
app: katib-controller

14
kubeflow/kfapp/kustomize/katib-controller/base/kustomization.yaml Normal file
View file

@ -0,0 +1,14 @@
namespace: kubeflow
resources:
- experiment-crd.yaml
- katib-controller-deployment.yaml
- katib-controller-rbac.yaml
- katib-controller-secret.yaml
- katib-controller-service.yaml
- trial-crd.yaml
- trial-template.yaml
generatorOptions:
disableNameSuffixHash: true
images:
- name: gcr.io/kubeflow-images-public/katib/v1alpha2/katib-controller
newTag: v0.6.0-rc.0

25
kubeflow/kfapp/kustomize/katib-controller/base/trial-crd.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: trials.kubeflow.org
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[-1:].type
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: kubeflow.org
version: v1alpha2
scope: Namespaced
subresources:
status: {}
names:
kind: Trial
singular: trial
plural: trials
categories:
- all
- kubeflow
- katib

18
kubeflow/kfapp/kustomize/katib-controller/base/trial-template.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: trial-template
data:
defaultTrialTemplate.yaml : |-
apiVersion: batch/v1
kind: Job
metadata:
name: {{.Trial}}
namespace: {{.NameSpace}}
spec:
template:
spec:
containers:
- name: {{.Trial}}
image: alpine
restartPolicy: Never

5
kubeflow/kfapp/kustomize/katib-controller/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- base
kind: Kustomization
namespace: kubeflow

Some files were not shown because too many files have changed in this diff Show more