From 21a0171bd09ce548b6ba055ea1b55799174c6110 Mon Sep 17 00:00:00 2001 From: Tommy Li Date: Thu, 21 Dec 2023 13:17:04 -0800 Subject: [PATCH] chore(release): Add kfp-tekton 1.9.1 release (#1437) --- Makefile | 2 +- SECURITY.md | 1 + VERSION | 2 +- guides/kfp_tekton_install.md | 10 +- guides/release.md | 1 + install/v1.9.1/kfp-tekton.yaml | 3462 +++++++++++++++++ .../kustomize/base/cache/kustomization.yaml | 2 +- .../base/pipeline/kustomization.yaml | 10 +- .../tekton-custom-task/kustomization.yaml | 4 +- sdk/python/kfp_tekton/__init__.py | 2 +- sdk/python/setup.py | 4 +- 11 files changed, 3482 insertions(+), 18 deletions(-) create mode 100644 install/v1.9.1/kfp-tekton.yaml diff --git a/Makefile b/Makefile index d8b6ddf2b9..abc459d760 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ # - The help target was derived from https://stackoverflow.com/a/35730328/5601796 VENV ?= .venv -KFP_TEKTON_RELEASE ?= v1.9.0 +KFP_TEKTON_RELEASE ?= v1.9.1 export VIRTUAL_ENV := $(abspath ${VENV}) export PATH := ${VIRTUAL_ENV}/bin:${PATH} DOCKER_REGISTRY ?= aipipeline diff --git a/SECURITY.md b/SECURITY.md index e9f9260967..43d3a47439 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,7 @@ Below are the list of supported KFP-Tekton for security and bug fixes. | Version | Supported | | ------- | ------------------ | | 2.0.x | :white_check_mark: | +| 1.9.x | :white_check_mark: | | 1.8.x | :white_check_mark: | | 1.7.x | :white_check_mark: | | < 1.7 | :x: | diff --git a/VERSION b/VERSION index f8e233b273..9ab8337f39 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.9.0 +1.9.1 diff --git a/guides/kfp_tekton_install.md b/guides/kfp_tekton_install.md index 06082b8058..60a7d84cce 100644 --- a/guides/kfp_tekton_install.md +++ b/guides/kfp_tekton_install.md @@ -73,14 +73,14 @@ To install the standalone Kubeflow Pipelines V1 with Tekton , run the following -p '{"data":{"default-timeout-minutes": "0"}}' ``` -3. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v1.9.0` [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)(CRDs). +3. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v1.9.1` [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)(CRDs). ```shell - kubectl apply --selector kubeflow/crd-install=true -f https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.0/kfp-tekton.yaml + kubectl apply --selector kubeflow/crd-install=true -f https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.1/kfp-tekton.yaml ``` -4. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v1.9.0` deployment +4. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v1.9.1` deployment ```shell - kubectl apply -f https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.0/kfp-tekton.yaml + kubectl apply -f https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.1/kfp-tekton.yaml ``` 5. Then, if you want to expose the Kubeflow Pipelines endpoint outside the cluster, run the following commands: @@ -101,7 +101,7 @@ To install the standalone Kubeflow Pipelines V1 with Tekton , run the following 7. (OpenShift only) If you are running the standalone KFP-Tekton on OpenShift, apply the necessary security context constraint below ```shell - curl -L https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.0/kfp-tekton.yaml | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f - + curl -L https://raw.githubusercontent.com/kubeflow/kfp-tekton/master/install/v1.9.1/kfp-tekton.yaml | yq 'del(.spec.template.spec.containers[].securityContext.runAsUser, .spec.template.spec.containers[].securityContext.runAsGroup)' | oc apply -f - oc apply -k https://github.com/kubeflow/kfp-tekton//manifests/kustomize/third-party/openshift/standalone oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook diff --git a/guides/release.md b/guides/release.md index 47b09d8b91..459a872eed 100644 --- a/guides/release.md +++ b/guides/release.md @@ -28,6 +28,7 @@ cd sdk/python pip install -e . export KFP_TEKTON_VERSION=${KFP_TEKTON_VERSION} + python3 setup.py sdist twine check dist/kfp-tekton-${KFP_TEKTON_VERSION}.tar.gz twine upload --repository pypi dist/kfp-tekton-${KFP_TEKTON_VERSION}.tar.gz ``` diff --git a/install/v1.9.1/kfp-tekton.yaml b/install/v1.9.1/kfp-tekton.yaml new file mode 100644 index 0000000000..19703e8758 --- /dev/null +++ b/install/v1.9.1/kfp-tekton.yaml @@ -0,0 +1,3462 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-s3 +parameters: + csi.storage.k8s.io/controller-publish-secret-name: kfp-csi-secret + csi.storage.k8s.io/controller-publish-secret-namespace: kubeflow + csi.storage.k8s.io/node-publish-secret-name: kfp-csi-secret + csi.storage.k8s.io/node-publish-secret-namespace: kubeflow + csi.storage.k8s.io/node-stage-secret-name: kfp-csi-secret + csi.storage.k8s.io/node-stage-secret-namespace: kubeflow + csi.storage.k8s.io/provisioner-secret-name: kfp-csi-secret + csi.storage.k8s.io/provisioner-secret-namespace: kubeflow + mounter: goofys +provisioner: ch.ctrox.csi.s3-driver +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + version: devel + name: breaktasks.custom.tekton.dev +spec: + group: custom.tekton.dev + names: + categories: + - tekton + - tekton-pipelines + - openshift-pipelines + kind: BreakTask + plural: breaktasks + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + version: devel + name: pipelineloops.custom.tekton.dev +spec: + group: custom.tekton.dev + names: + categories: + - tekton + - tekton-pipelines + - openshift-pipelines + kind: PipelineLoop + plural: pipelineloops + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + application-crd-id: kubeflow-pipelines + kubeflow/crd-install: "true" + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + - status + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + application-crd-id: kubeflow-pipelines + kubeflow/crd-install: "true" + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + served: true + storage: true +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-attacher + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-provisioner + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-s3 + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-container-builder + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-viewer + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: metadata-grpc-server + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-external-attacher-cfg + namespace: kubeflow +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-external-provisioner-cfg + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - taskruns + - taskruns/status + verbs: + - get + - list + - watch + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - get + - list + - watch + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - runs + - customruns + - tasks + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - runs + - customruns + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + - scheduledworkflows/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - runs + - customruns + - tasks + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - tasks + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + - viewers/finalizers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + - runs + - tasks + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - config-leader-election + - config-logging + - config-observability + - object-store-config + resources: + - configmaps + verbs: + - get +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + - openshift-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - config-logging + - config-observability + - config-leader-election + - object-store-config + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - tekton-pipelineloop-webhook-certs + resources: + - secrets + verbs: + - get + - update +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + - openshift-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-s3 + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-external-provisioner-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-external-attacher-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - create +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/* + resources: + - signers + verbs: + - approve +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-cluster-access +rules: +- apiGroups: + - tekton.dev + resources: + - runs + - customruns + - taskruns + - pipelineruns + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - tekton.dev + resources: + - runs/status + - customruns/status + - taskruns/status + - pipelineruns/status + - runs/finalizers + - customruns/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-tenant-access +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-leader-election +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-cluster-access +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - webhook.pipelineloop.custom.tekton.dev + resources: + - mutatingwebhookconfigurations + verbs: + - get + - update +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - validation.webhook.pipelineloop.custom.tekton.dev + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + - openshift-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-attacher-role-cfg + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kfp-external-attacher-cfg +subjects: +- kind: ServiceAccount + name: kfp-csi-attacher + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-provisioner-role-cfg + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kfp-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: kfp-csi-provisioner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelineloop-controller +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelineloop-webhook +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-provisioner-role + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kfp-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: kfp-csi-provisioner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-s3 + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kfp-csi-s3 +subjects: +- kind: ServiceAccount + name: kfp-csi-s3 + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-attacher-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kfp-external-attacher-runner +subjects: +- kind: ServiceAccount + name: kfp-csi-attacher + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-cluster-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-controller-cluster-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-leaderelection +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-leader-election +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-tenant-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-controller-tenant-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-cluster-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-webhook-cluster-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-leaderelection +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-leader-election +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + accessKeyID-base64: bWluaW8= + bucket-base64: bWxwaXBlbGluZQ== + endpoint-base64: aHR0cDovL21pbmlvLXNlcnZpY2Uua3ViZWZsb3c6OTAwMA== + kubelet-path: /var/data + secretAccessKey-bas64: bWluaW8xMjM= +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: csi-s3-parameters + namespace: kubeflow +--- +apiVersion: v1 +data: + defaultPipelineRoot: "" +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kfp-launcher + namespace: kubeflow +--- +apiVersion: v1 +data: + apply_tekton_custom_resource: "true" + archive_logs: "true" + artifact_bucket: mlpipeline + artifact_endpoint: minio-service.kubeflow:9000 + artifact_endpoint_scheme: http:// + artifact_image: minio/mc:RELEASE.2020-11-25T23-04-07Z + artifact_script: |- + push_artifact() { + if [ -f "$2" ] || [ -d "$2" ]; then + tar -cvzf $1.tgz -C $(dirname $2) $(basename $2) + mc cp $1.tgz storage/$ARTIFACT_BUCKET/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz + else + echo "$2 file does not exist. Skip artifact tracking for $1" + fi + } + push_log() { + cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log + push_artifact main-log step-main.log + } + strip_eof() { + if [ -f "$2" ]; then + awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 + fi + } + mc config host add storage ${ARTIFACT_ENDPOINT_SCHEME}${ARTIFACT_ENDPOINT} $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY + inject_default_script: "true" + moveresults_image: busybox:1.34.1 + strip_eof: "true" + terminate_status: Cancelled + track_artifacts: "true" +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kfp-tekton-config + namespace: kubeflow +--- +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kubeflow-pipelines-viewer" + } + } +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + ConMaxLifeTime: 120s + appName: pipeline + appVersion: 1.8.4 + autoUpdatePipelineDefaultVersion: "true" + bucketName: mlpipeline + cacheDb: cachedb + cacheImage: registry.access.redhat.com/ubi8/ubi-minimal + cacheNodeRestrictions: "false" + cronScheduleTimezone: UTC + dbHost: mysql + dbPort: "3306" + defaultPipelineRoot: "" + mlmdDb: metadb + objectStoreHost: minio-service + objectStorePort: "9000" + pipelineDb: mlpipeline + warning: | + 1. Do not use kubectl to edit this configmap, because some values are used + during kustomize build. Instead, change the configmap and apply the entire + kustomize manifests again. + 2. After updating the configmap, some deployments may need to be restarted + until the changes take effect. A quick way to restart all deployments in a + namespace: `kubectl rollout restart deployment -n `. +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-install-config + namespace: kubeflow +--- +apiVersion: v1 +data: + dbName: cachedb + disabled: "true" + driver: mysql + extraParams: "" + host: mysql.kubeflow.svc.cluster.local + mysqlDBGroupConcatMaxLen: "4194304" + password: "" + port: "3306" + timeout: 6m + user: root +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines-loops + name: cache-config + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + accessKey: minio + apiKey: + authEndpoint: https://iam.cloud.ibm.com/identity/token + defaultBucketName: pipelineloop-logs + enable: "false" + ibmStyleCredentials: "false" + region: us-south + secretKey: minio123 + serviceEndpoint: http://minio-service.kubeflow:9000 + serviceInstanceID: 'crn:v1:bluemix:public:cloud-object-storage:global:a/ID-dummy-1231231231-123abcdefgh:dummy-values::' +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines-loops + name: object-store-config + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + accessKeyID: bWluaW8= + bucket: bWxwaXBlbGluZQ== + endpoint: aHR0cDovL21pbmlvLXNlcnZpY2Uua3ViZWZsb3c6OTAwMA== + extract: ZmFsc2U= + provision: ZmFsc2U= + readonly: ZmFsc2U= + region: "" + remove-on-delete: ZmFsc2U= + secretAccessKey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kfp-csi-secret + namespace: kubeflow +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mlpipeline-minio-artifact + namespace: kubeflow +stringData: + accesskey: minio + secretkey: minio123 +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql-secret + namespace: kubeflow +stringData: + password: "" + username: root +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: tekton-pipelineloop-webhook-certs + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: kfp-csi-attacher-s3 + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-attacher-s3 + namespace: kubeflow +spec: + ports: + - name: dummy + port: 12345 + selector: + app: kfp-csi-attacher-s3 + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: kfp-csi-provisioner-s3 + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-provisioner-s3 + namespace: kubeflow +spec: + ports: + - name: dummy + port: 12345 + selector: + app: kfp-csi-provisioner-s3 + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-envoy + application-crd-id: kubeflow-pipelines + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + application-crd-id: kubeflow-pipelines + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-api + port: 8080 + protocol: TCP + selector: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8888" + prometheus.io/scheme: http + prometheus.io/scrape: "true" + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.8.4 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: CACHE_IMAGE + valueFrom: + configMapKeyRef: + key: cacheImage + name: pipeline-install-config + - name: CACHE_NODE_RESTRICTIONS + valueFrom: + configMapKeyRef: + key: cacheNodeRestrictions + name: pipeline-install-config + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/aipipeline/cache-server:1.9.1 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + template: + metadata: + annotations: + sidecar.istio.io/inject: "false" + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + spec: + containers: + - image: gcr.io/ml-pipeline/metadata-envoy:1.8.4 + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + template: + metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + spec: + containers: + - args: + - --grpc_port=8080 + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_host=$(MYSQL_HOST) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(DBCONFIG_USER) + - --mysql_config_password=$(DBCONFIG_PASSWORD) + - --enable_database_upgrade=true + command: + - /bin/metadata_store_server + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + key: mlmdDb + name: pipeline-install-config + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + image: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 + livenessProbe: + initialDelaySeconds: 3 + periodSeconds: 5 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: grpc-api + readinessProbe: + initialDelaySeconds: 3 + periodSeconds: 5 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 + serviceAccountName: metadata-grpc-server +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PIPELINE_RUNTIME + value: tekton + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + key: archive_logs + name: kfp-tekton-config + image: quay.io/aipipeline/metadata-writer:1.9.1 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + application-crd-id: kubeflow-pipelines + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + resources: + requests: + cpu: 20m + memory: 100Mi + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_HOST + valueFrom: + configMapKeyRef: + key: objectStoreHost + name: pipeline-install-config + - name: OBJECTSTORECONFIG_PORT + valueFrom: + configMapKeyRef: + key: objectStorePort + name: pipeline-install-config + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: CLIENTQPS + value: "50" + - name: CLIENTBURST + value: "50" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: PIPELINE_RUNTIME + value: tekton + - name: ARTIFACT_BUCKET + valueFrom: + configMapKeyRef: + key: artifact_bucket + name: kfp-tekton-config + - name: ARTIFACT_ENDPOINT + valueFrom: + configMapKeyRef: + key: artifact_endpoint + name: kfp-tekton-config + - name: ARTIFACT_ENDPOINT_SCHEME + valueFrom: + configMapKeyRef: + key: artifact_endpoint_scheme + name: kfp-tekton-config + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + key: archive_logs + name: kfp-tekton-config + - name: TRACK_ARTIFACTS + valueFrom: + configMapKeyRef: + key: track_artifacts + name: kfp-tekton-config + - name: STRIP_EOF + valueFrom: + configMapKeyRef: + key: strip_eof + name: kfp-tekton-config + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: artifact_script + name: kfp-tekton-config + - name: ARTIFACT_IMAGE + valueFrom: + configMapKeyRef: + key: artifact_image + name: kfp-tekton-config + - name: MOVERESULTS_IMAGE + valueFrom: + configMapKeyRef: + key: moveresults_image + name: kfp-tekton-config + - name: INJECT_DEFAULT_SCRIPT + valueFrom: + configMapKeyRef: + key: inject_default_script + name: kfp-tekton-config + - name: APPLY_TEKTON_CUSTOM_RESOURCE + valueFrom: + configMapKeyRef: + key: apply_tekton_custom_resource + name: kfp-tekton-config + - name: TERMINATE_STATUS + valueFrom: + configMapKeyRef: + key: terminate_status + name: kfp-tekton-config + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + valueFrom: + configMapKeyRef: + key: autoUpdatePipelineDefaultVersion + name: pipeline-install-config + - name: DBCONFIG_CONMAXLIFETIME + valueFrom: + configMapKeyRef: + key: ConMaxLifeTime + name: pipeline-install-config + image: quay.io/aipipeline/api-server:1.9.1 + imagePullPolicy: Always + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 250m + memory: 500Mi + serviceAccountName: ml-pipeline +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + - name: NUM_WORKERS + value: "2" + - name: CHILDREFERENCES_KINDS + value: PipelineLoop + - name: LEGACY_STATUS_UPDATE + value: "false" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config + - name: DBCONFIG_CONMAXLIFETIME + valueFrom: + configMapKeyRef: + key: ConMaxLifeTime + name: pipeline-install-config + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: quay.io/aipipeline/persistenceagent:1.9.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + resources: + requests: + cpu: 120m + memory: 500Mi + serviceAccountName: ml-pipeline-persistenceagent +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CRON_SCHEDULE_TIMEZONE + valueFrom: + configMapKeyRef: + key: cronScheduleTimezone + name: pipeline-install-config + image: quay.io/aipipeline/scheduledworkflow:1.9.1 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + - name: ARGO_ARCHIVE_LOGS + value: "true" + image: quay.io/aipipeline/frontend:1.9.1 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 10m + memory: 70Mi + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.8.4 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.8.4 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + resources: + requests: + cpu: 30m + memory: 500Mi + serviceAccountName: ml-pipeline-visualizationserver +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + application-crd-id: kubeflow-pipelines + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --datadir + - /var/lib/mysql + - --default-authentication-plugin=mysql_native_password + - --disable-log-bin + env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:8.0.26 + name: mysql + ports: + - containerPort: 3306 + name: mysql + resources: + requests: + cpu: 100m + memory: 800Mi + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + serviceAccountName: mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelineloop-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + image: quay.io/aipipeline/pipelineloop-controller:1.9.1 + name: tekton-pipelineloop-controller + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + serviceAccountName: tekton-pipelineloop-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelineloop-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-pipelineloop-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + image: quay.io/aipipeline/pipelineloop-webhook:1.9.1 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8443 + name: https-webhook + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + serviceAccountName: tekton-pipelineloop-webhook +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-attacher-s3 + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: kfp-csi-attacher-s3 + application-crd-id: kubeflow-pipelines + serviceName: kfp-csi-attacher-s3 + template: + metadata: + labels: + app: kfp-csi-attacher-s3 + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --v=5 + - --csi-address=/csi/csi.sock + image: k8s.gcr.io/sig-storage/csi-attacher:v3.3.0 + imagePullPolicy: Always + name: kfp-csi-attacher + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + serviceAccountName: kfp-csi-attacher + volumes: + - hostPath: + path: /var/data/kubelet/plugins/kfp-csi-s3 + type: DirectoryOrCreate + name: socket-dir +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-provisioner-s3 + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: kfp-csi-provisioner-s3 + application-crd-id: kubeflow-pipelines + serviceName: kfp-csi-provisioner-s3 + template: + metadata: + labels: + app: kfp-csi-provisioner-s3 + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - -v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 + imagePullPolicy: Always + name: kfp-csi-provisioner + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + serviceAccountName: kfp-csi-provisioner + volumes: + - hostPath: + path: /var/data/kubelet/plugins/kfp-csi-s3 + type: DirectoryOrCreate + name: socket-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + name: kfp-csi-s3 + namespace: kubeflow +spec: + selector: + matchLabels: + app: kfp-csi-s3 + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: kfp-csi-s3 + app.kubernetes.io/name: kubeflow + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path + - /var/data/kubelet/plugins/kfp-csi-s3/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0 + imagePullPolicy: Always + name: driver-registrar + securityContext: + privileged: false + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - --v=5 + - --endpoint=$(CSI_ENDPOINT) + - --nodeid=$(KUBE_NODE_NAME) + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: cheap + value: "off" + image: quay.io/datashim-io/csi-s3:latest + imagePullPolicy: Always + name: kfp-csi-s3 + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/data/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /dev + name: dev-dir + serviceAccountName: kfp-csi-s3 + volumes: + - hostPath: + path: /var/data/kubelet/plugins/kfp-csi-s3 + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/data/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/data/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ch.ctrox.csi.s3-driver +spec: + attachRequired: false + podInfoOnMount: false +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: webhook.pipelineloop.custom.tekton.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + name: webhook.pipelineloop.custom.tekton.dev + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: validation.webhook.pipelineloop.custom.tekton.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + name: validation.webhook.pipelineloop.custom.tekton.dev + sideEffects: None diff --git a/manifests/kustomize/base/cache/kustomization.yaml b/manifests/kustomize/base/cache/kustomization.yaml index 1cdf63e2c7..1c4ddcdeaa 100644 --- a/manifests/kustomize/base/cache/kustomization.yaml +++ b/manifests/kustomize/base/cache/kustomization.yaml @@ -11,4 +11,4 @@ commonLabels: images: - name: gcr.io/ml-pipeline/cache-server newName: quay.io/aipipeline/cache-server - newTag: 1.9.0 + newTag: 1.9.1 diff --git a/manifests/kustomize/base/pipeline/kustomization.yaml b/manifests/kustomize/base/pipeline/kustomization.yaml index e9b41d813d..22a516eaea 100644 --- a/manifests/kustomize/base/pipeline/kustomization.yaml +++ b/manifests/kustomize/base/pipeline/kustomization.yaml @@ -42,20 +42,20 @@ patches: images: - name: gcr.io/ml-pipeline/api-server newName: quay.io/aipipeline/api-server - newTag: 1.9.0 + newTag: 1.9.1 - name: gcr.io/ml-pipeline/persistenceagent newName: quay.io/aipipeline/persistenceagent - newTag: 1.9.0 + newTag: 1.9.1 - name: gcr.io/ml-pipeline/scheduledworkflow newName: quay.io/aipipeline/scheduledworkflow - newTag: 1.9.0 + newTag: 1.9.1 - name: gcr.io/ml-pipeline/frontend newName: quay.io/aipipeline/frontend - newTag: 1.9.0 + newTag: 1.9.1 - name: gcr.io/ml-pipeline/viewer-crd-controller newTag: 1.8.4 - name: gcr.io/ml-pipeline/visualization-server newTag: 1.8.4 - name: gcr.io/ml-pipeline/metadata-writer newName: quay.io/aipipeline/metadata-writer - newTag: 1.9.0 + newTag: 1.9.1 diff --git a/manifests/kustomize/third-party/tekton-custom-task/kustomization.yaml b/manifests/kustomize/third-party/tekton-custom-task/kustomization.yaml index b44bbcc4bb..7c5b32308c 100644 --- a/manifests/kustomize/third-party/tekton-custom-task/kustomization.yaml +++ b/manifests/kustomize/third-party/tekton-custom-task/kustomization.yaml @@ -8,6 +8,6 @@ namespace: tekton-pipelines images: - name: quay.io/aipipeline/pipelineloop-controller - newTag: 1.9.0 + newTag: 1.9.1 - name: quay.io/aipipeline/pipelineloop-webhook - newTag: 1.9.0 + newTag: 1.9.1 diff --git a/sdk/python/kfp_tekton/__init__.py b/sdk/python/kfp_tekton/__init__.py index 715b507fd6..e7f400c65d 100644 --- a/sdk/python/kfp_tekton/__init__.py +++ b/sdk/python/kfp_tekton/__init__.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -__version__ = '1.9.0' +__version__ = '1.9.1' from ._client import TektonClient # noqa F401 from .k8s_client_helper import env_from_secret # noqa F401 diff --git a/sdk/python/setup.py b/sdk/python/setup.py index 40f0f37a95..d72fa77d40 100644 --- a/sdk/python/setup.py +++ b/sdk/python/setup.py @@ -20,14 +20,14 @@ # # To create a distribution for PyPi run: # -# $ export KFP_TEKTON_VERSION=1.9.0-rc1 +# $ export KFP_TEKTON_VERSION=1.9.1-rc1 # $ python3 setup.py sdist # $ twine check dist/kfp-tekton-${KFP_TEKTON_VERSION/-rc/rc}.tar.gz # $ twine upload --repository pypi dist/kfp-tekton-${KFP_TEKTON_VERSION/-rc/rc}.tar.gz # # ... or: # -# $ make distribution KFP_TEKTON_VERSION=1.9.0-rc1 +# $ make distribution KFP_TEKTON_VERSION=1.9.1-rc1 # # =============================================================================