Skip to content

Added PSS profile seccompProfile to pods of istio #44

Added PSS profile seccompProfile to pods of istio

Added PSS profile seccompProfile to pods of istio #44

# If anyone changes or improve the following tests for Model Registry, please
# consider reflecting the same changes on https://github.com/kubeflow/model-registry
name: Deploy and test Kubeflow Model Registry
on:
pull_request:
paths:
- apps/model-registry/upstream/**
- tests/gh-actions/kind-cluster.yaml
- tests/gh-actions/install_kustomize.sh
- tests/gh-actions/install_istio.sh
- common/istio*/**
jobs:
build-kfmr:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install KinD
run: ./tests/gh-actions/install_kind.sh
- name: Create KinD Cluster
run: kind create cluster --config tests/gh-actions/kind-cluster.yaml
- name: Install kubectl
run: ./tests/gh-actions/install_kubectl.sh
- name: Install kustomize
run: ./tests/gh-actions/install_kustomize.sh
- name: Create kubeflow namespace
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
- name: Install Istio with ext auth
run: ./tests/gh-actions/install_istio_with_ext_auth.sh*
- name: Install cert-manager
run: ./tests/gh-actions/install_cert_manager.sh
- name: Install knative
run: ./tests/gh-actions/install_knative.sh
- name: Build & Apply KF Model Registry manifests
run: |
kustomize build apps/model-registry/upstream/overlays/db | kubectl apply -f -
kustomize build apps/model-registry/upstream/options/istio | kubectl apply -f -
- name: Test KF Model Registry deployment
run: |
echo "Waiting for all Model Registry Pods to become ready..."
kubectl wait --for=condition=available -n kubeflow deployment/model-registry-db --timeout=600s
kubectl wait --for=condition=available -n kubeflow deployment/model-registry-deployment --timeout=600s
- name: Dry-run KF Model Registry API directly
run: |
echo "Dry-run KF Model Registry API directly..."
nohup kubectl port-forward svc/model-registry-service -n kubeflow 8081:8080 &
while ! curl localhost:8081; do echo "waiting for port-forwarding 8081"; sleep 1; done; echo "port-forwarding 8181 ready"
curl -v -X 'GET' \
'http://localhost:8081/api/model_registry/v1alpha3/registered_models?pageSize=100&orderBy=ID&sortOrder=DESC' \
-H 'accept: application/json'
# for these steps below ensure same steps as kserve (ie: Istio with ext auth, cert0manager, knative) so to achieve same setup
- name: Port forward Istio gateway
run: |
INGRESS_GATEWAY_SERVICE=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0].metadata.name}')
nohup kubectl port-forward --namespace istio-system svc/${INGRESS_GATEWAY_SERVICE} 8080:80 &
while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready
- name: Dry-run KF Model Registry REST API
run: |
echo "Dry-run KF Model Registry REST API..."
export KF_TOKEN="$(kubectl -n default create token default)"
curl -v -H "Authorization: Bearer "$KF_TOKEN http://localhost:8080/api/model_registry/v1alpha3/registered_models