diff --git a/distributions/kfdef/kfctl_ibm.v1.3.0.yaml b/distributions/kfdef/kfctl_ibm.v1.3.0.yaml new file mode 100644 index 0000000000..a0328f81e8 --- /dev/null +++ b/distributions/kfdef/kfctl_ibm.v1.3.0.yaml @@ -0,0 +1,181 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + # Install istio in a different namespace: istio-system + # Remove this application if istio is already installed + # cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager + name: cert-manager + + #istio + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/istio-1-9-0 + name: istio-stack + # knative + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/knative + name: knative + + # kfserving + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kfserving + name: kfserving + + # kubeflow namespace + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kubeflow-namespace + name: kubeflow-namespace + # kubeflow roles + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kubeflow-roles + name: kubeflow-roles + # profiles + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/profiles + name: kubeflow-apps + + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/oidc-authservice + name: oidc-authservice + # dex + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/dex-auth + name: dex-auth + # user namespace + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/user-namespace + name: user-namespace + + # Kubeflow components + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/admission-webhook + name: admission-webhook + + # central dashboard multiuser + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/centraldashboard/single-user + name: centraldashboard + + + # katib + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/katib + name: katib + # pipeline + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kfp-tekton + name: kfp-tekton + # Default on IBM Cloud is Kubeflow Pipelines with Tekton. Switch the above kfp-tekton to + # the below applications if you want to + # run Kubeflow Pipelines with Argo + # - kustomizeConfig: + # repoRef: + # name: manifests + # path: distributions/stacks/ibm/application/kfp-argo + # name: kfp-argo + # notebooks controller + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/notebook-controller + name: notebooks-controller + # jupyter web app + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/jupyter-web-app/insecure + name: jupyter-web-app + # tensorboard controller + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tensorboard-controller + name: tensorboard-controller + # tensorboard web app + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tensorboard-web-app/insecure + name: tensorboard-web-app + # volumes web app + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/volumes-web-app/insecure + name: volumes-web-app + # pytorch job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/pytorch-job + name: pytorch-job + # tf job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tf-job + name: tf-job + # mpi job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/mpi-job + name: mpi-job + # mxnet job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/mxnet-job + name: mxnet-job + # xgboost job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/xgboost-job + name: xgboost-job + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.3-branch.tar.gz + version: v1.3-branch diff --git a/distributions/kfdef/kfctl_ibm_multi_user.v1.3.0.yaml b/distributions/kfdef/kfctl_ibm_multi_user.v1.3.0.yaml new file mode 100644 index 0000000000..9cd29882ed --- /dev/null +++ b/distributions/kfdef/kfctl_ibm_multi_user.v1.3.0.yaml @@ -0,0 +1,167 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + namespace: kubeflow +spec: + applications: + # Install istio in a different namespace: istio-system + # Remove this application if istio is already installed + # cert-manager + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager-crds + name: cert-manager-crds + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager-kube-system-resources + name: cert-manager-kube-system-resources + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/cert-manager + name: cert-manager + + #istio + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/istio-1-9-0 + name: istio-stack + # knative + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/knative + name: knative + + # kfserving + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kfserving + name: kfserving + + # kubeflow namespace + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kubeflow-namespace + name: kubeflow-namespace + # kubeflow roles + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kubeflow-roles + name: kubeflow-roles + + # profiles + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/profiles + name: kubeflow-apps + + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/oidc-authservice-appid + name: oidc-authservice-appid + # Kubeflow components + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/admission-webhook + name: admission-webhook + # central dashboard multiuser + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/centraldashboard/multi-user + name: centraldashboard + + # katib + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/katib + name: katib + # pipeline + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/kfp-tekton + name: kfp-tekton + # Default on IBM Cloud is Kubeflow Pipelines with Tekton. Switch the above kfp-tekton to + # the below applications if you want to + # run Kubeflow Pipelines with Argo + # - kustomizeConfig: + # repoRef: + # name: manifests + # path: distributions/stacks/ibm/application/kfp-argo + # name: kfp-argo + # notebooks controller + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/notebook-controller + name: notebooks-controller + # jupyter web app + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/jupyter-web-app/insecure + name: jupyter-web-app + # tensorboard controller + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tensorboard-controller + name: tensorboard-controller + # tensorboard web app . remove insecure if tls is enabled + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tensorboard-web-app/insecure + name: tensorboard-web-app + # volumes web app + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/volumes-web-app/insecure + name: volumes-web-app + # pytorch job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/pytorch-job + name: pytorch-job + # tf job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/tf-job + name: tf-job + # mpi job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/mpi-job + name: mpi-job + # mxnet job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/mxnet-job + name: mxnet-job + # xgboost job + - kustomizeConfig: + repoRef: + name: manifests + path: distributions/stacks/ibm/application/xgboost-job + name: xgboost-job + repos: + - name: manifests + uri: https://github.com/kubeflow/manifests/archive/v1.3-branch.tar.gz + version: v1.3-branch diff --git a/distributions/stacks/ibm/OWNERS b/distributions/stacks/ibm/OWNERS index 0e5c85d5a2..ce2426bb0c 100644 --- a/distributions/stacks/ibm/OWNERS +++ b/distributions/stacks/ibm/OWNERS @@ -1,4 +1,5 @@ approvers: -- adrian555 - animeshsingh - tomcli +- moficodes +- pvaneck \ No newline at end of file diff --git a/distributions/stacks/ibm/application/admission-webhook/kustomization.yaml b/distributions/stacks/ibm/application/admission-webhook/kustomization.yaml index 4ee7c6f859..20b7dd5fa7 100644 --- a/distributions/stacks/ibm/application/admission-webhook/kustomization.yaml +++ b/distributions/stacks/ibm/application/admission-webhook/kustomization.yaml @@ -2,26 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- ../../../../admission-webhook/webhook/v3 -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file +- ../../../../../apps/admission-webhook/upstream/overlays/cert-manager diff --git a/distributions/stacks/ibm/application/argo/kustomization.yaml b/distributions/stacks/ibm/application/argo/kustomization.yaml deleted file mode 100644 index aa0811c841..0000000000 --- a/distributions/stacks/ibm/application/argo/kustomization.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: - - ../../../../argo/base_v3 -configMapGenerator: -- name: workflow-controller-parameters - behavior: merge - literals: - - containerRuntimeExecutor=pns -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file diff --git a/distributions/stacks/ibm/application/istio/kustomization.yaml b/distributions/stacks/ibm/application/centraldashboard/multi-user/kustomization.yaml similarity index 53% rename from distributions/stacks/ibm/application/istio/kustomization.yaml rename to distributions/stacks/ibm/application/centraldashboard/multi-user/kustomization.yaml index 85a05b1d5f..77837d7c43 100644 --- a/distributions/stacks/ibm/application/istio/kustomization.yaml +++ b/distributions/stacks/ibm/application/centraldashboard/multi-user/kustomization.yaml @@ -1,12 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: kubeflow resources: -- ../../../../istio/istio/base_v3 +- ../../../../../../apps/centraldashboard/upstream/overlays/istio configMapGenerator: -- name: istio-config - behavior: merge - envs: +- envs: - params.env -configurations: -- params.yaml + name: centraldashboard-parameters + behavior: merge diff --git a/distributions/stacks/ibm/application/centraldashboard/multi-user/params.env b/distributions/stacks/ibm/application/centraldashboard/multi-user/params.env new file mode 100644 index 0000000000..7c4c87f640 --- /dev/null +++ b/distributions/stacks/ibm/application/centraldashboard/multi-user/params.env @@ -0,0 +1 @@ +CD_REGISTRATION_FLOW=true diff --git a/distributions/stacks/ibm/application/cluster-local-gateway/kustomization.yaml b/distributions/stacks/ibm/application/centraldashboard/single-user/kustomization.yaml similarity index 50% rename from distributions/stacks/ibm/application/cluster-local-gateway/kustomization.yaml rename to distributions/stacks/ibm/application/centraldashboard/single-user/kustomization.yaml index 493282e083..c42a7698b9 100644 --- a/distributions/stacks/ibm/application/cluster-local-gateway/kustomization.yaml +++ b/distributions/stacks/ibm/application/centraldashboard/single-user/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: istio-system resources: -- ../../../../istio/cluster-local-gateway/base_v3 +- ../../../../../../apps/centraldashboard/upstream/overlays/istio diff --git a/distributions/stacks/ibm/application/cert-manager-crds/kustomization.yaml b/distributions/stacks/ibm/application/cert-manager-crds/kustomization.yaml index 7046d1031a..1ac5d0aa29 100644 --- a/distributions/stacks/ibm/application/cert-manager-crds/kustomization.yaml +++ b/distributions/stacks/ibm/application/cert-manager-crds/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: cert-manager resources: -- ../../../../cert-manager/cert-manager-crds/base +- ../../../../../common/cert-manager/cert-manager-crds/base diff --git a/distributions/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml b/distributions/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml index 35d6700694..e6b281bc99 100644 --- a/distributions/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml +++ b/distributions/stacks/ibm/application/cert-manager-kube-system-resources/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kube-system resources: -- ../../../../cert-manager/cert-manager-kube-system-resources/base +- ../../../../../common/cert-manager/cert-manager-kube-system-resources/base diff --git a/distributions/stacks/ibm/application/cert-manager/kustomization.yaml b/distributions/stacks/ibm/application/cert-manager/kustomization.yaml index dde74a1c8f..8db506a887 100644 --- a/distributions/stacks/ibm/application/cert-manager/kustomization.yaml +++ b/distributions/stacks/ibm/application/cert-manager/kustomization.yaml @@ -6,8 +6,5 @@ commonLabels: kind: Kustomization namespace: cert-manager resources: -- ../../../../cert-manager/cert-manager/base -- ../../../../cert-manager/cert-manager/overlays/application/application.yaml -- ../../../../cert-manager/cert-manager/overlays/self-signed/cluster-issuer.yaml +- ../../../../../common/cert-manager/cert-manager/overlays/self-signed configurations: -- ../../../../cert-manager/cert-manager/overlays/application/params.yaml diff --git a/distributions/stacks/ibm/application/cluster-local-gateway-1-3-1/kustomization.yaml b/distributions/stacks/ibm/application/cluster-local-gateway-1-3-1/kustomization.yaml deleted file mode 100644 index 2fec176155..0000000000 --- a/distributions/stacks/ibm/application/cluster-local-gateway-1-3-1/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: istio-system -resources: -- ../../../../istio-1-3-1/cluster-local-gateway-1-3-1/base_v3 diff --git a/distributions/stacks/ibm/application/dex-auth/custom-env.yaml b/distributions/stacks/ibm/application/dex-auth/custom-env.yaml new file mode 100644 index 0000000000..5d5d4e25f8 --- /dev/null +++ b/distributions/stacks/ibm/application/dex-auth/custom-env.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: dex +data: + config.yaml: | + issuer: http://dex.auth.svc.cluster.local:5556/dex + storage: + type: kubernetes + config: + inCluster: true + web: + http: 0.0.0.0:5556 + logger: + level: "debug" + format: text + oauth2: + skipApprovalScreen: true + enablePasswordDB: true + staticPasswords: + - email: user@example.com + hash: $2y$12$4K/VkmDd1q1Orb3xAt82zu8gk7Ad6ReFR4LCP9UeYE90NLiN9Df72 + # https://github.com/dexidp/dex/pull/1601/commits + # FIXME: Use hashFromEnv instead + username: user + userID: "15841185641784" + staticClients: + # https://github.com/dexidp/dex/pull/1664 + - idEnv: OIDC_CLIENT_ID + redirectURIs: ["/login/oidc"] + name: 'Dex Login Application' + secretEnv: OIDC_CLIENT_SECRET diff --git a/distributions/stacks/ibm/application/dex-auth/kustomization.yaml b/distributions/stacks/ibm/application/dex-auth/kustomization.yaml index 42ce379ac5..8e43c00e35 100644 --- a/distributions/stacks/ibm/application/dex-auth/kustomization.yaml +++ b/distributions/stacks/ibm/application/dex-auth/kustomization.yaml @@ -2,12 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: auth resources: -- ../../../../dex-auth/dex-crds/overlays/github -configMapGenerator: -- name: dex-parameters - behavior: merge - literals: - - issuer="http://dex.auth.svc.cluster.local:5556/dex" - - oidc_redirect_uris=["/login/oidc"] - - static_password_hash=$2b$10$ztyRMtzZ.CgC7KKeHsJuku03GWTjt0d0ClcCz4J2qG2FdVnJB8a8a - - client_id=kubeflow-oidc-authservice +- ../../../../../common/dex/overlays/istio +patchesStrategicMerge: +- custom-env.yaml diff --git a/distributions/stacks/ibm/application/istio-1-3-1-stack/kustomization.yaml b/distributions/stacks/ibm/application/istio-1-3-1-stack/kustomization.yaml deleted file mode 100644 index db48cfbdbe..0000000000 --- a/distributions/stacks/ibm/application/istio-1-3-1-stack/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: istio-system -resources: -- ../../../../istio-1-3-1/istio-crds-1-3-1/base -- ../../../../istio-1-3-1/istio-install-1-3-1/base_v3 diff --git a/distributions/stacks/ibm/application/istio-1-9-0/kustomization.yaml b/distributions/stacks/ibm/application/istio-1-9-0/kustomization.yaml new file mode 100644 index 0000000000..dd9e7aa561 --- /dev/null +++ b/distributions/stacks/ibm/application/istio-1-9-0/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: istio-system +resources: +- ../../../../../common/istio-1-9-0/istio-crds/base +- ../../../../../common/istio-1-9-0/istio-namespace/base +- ../../../../../common/istio-1-9-0/istio-install/base +patchesStrategicMerge: +- service-nodeport.yaml diff --git a/distributions/stacks/ibm/application/istio-1-9-0/service-nodeport.yaml b/distributions/stacks/ibm/application/istio-1-9-0/service-nodeport.yaml new file mode 100644 index 0000000000..cf64bfcd41 --- /dev/null +++ b/distributions/stacks/ibm/application/istio-1-9-0/service-nodeport.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: istio-ingressgateway + namespace: istio-system +spec: + ports: + - port: 80 + nodePort: 30380 diff --git a/distributions/stacks/ibm/application/istio-stack/kustomization.yaml b/distributions/stacks/ibm/application/istio-stack/kustomization.yaml deleted file mode 100644 index ca325cebbe..0000000000 --- a/distributions/stacks/ibm/application/istio-stack/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: istio-system -resources: -- ../../../../istio/istio-crds/base -- ../../../../istio/istio-install/base diff --git a/distributions/stacks/ibm/application/istio/params.env b/distributions/stacks/ibm/application/istio/params.env deleted file mode 100644 index b39a745766..0000000000 --- a/distributions/stacks/ibm/application/istio/params.env +++ /dev/null @@ -1 +0,0 @@ -clusterRbacConfig=OFF diff --git a/distributions/stacks/ibm/application/istio/params.yaml b/distributions/stacks/ibm/application/istio/params.yaml deleted file mode 100644 index e894f9bd68..0000000000 --- a/distributions/stacks/ibm/application/istio/params.yaml +++ /dev/null @@ -1,3 +0,0 @@ -varReference: -- path: spec/mode - kind: ClusterRbacConfig diff --git a/distributions/stacks/ibm/application/jupyter-web-app/README.md b/distributions/stacks/ibm/application/jupyter-web-app/README.md deleted file mode 100644 index 976b85d8d4..0000000000 --- a/distributions/stacks/ibm/application/jupyter-web-app/README.md +++ /dev/null @@ -1 +0,0 @@ -Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `jupyter-web-app` instead of `jupyter-web-app-jupyter-web-app`. diff --git a/distributions/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml b/distributions/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml deleted file mode 100644 index 34e9493408..0000000000 --- a/distributions/stacks/ibm/application/jupyter-web-app/base/deployment_patch.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# TODO(https://github.com/kubeflow/manifests/issues/774): This is a patch -# that pulls out from core the parts that should be in pulled into stacks. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deployment -spec: - template: - spec: - containers: - - name: jupyter-web-app - imagePullPolicy: $(policy) - env: - - name: ROK_SECRET_NAME - valueFrom: - configMapKeyRef: - name: jupyter-web-app-parameters - key: ROK_SECRET_NAME - - name: UI - valueFrom: - configMapKeyRef: - name: jupyter-web-app-parameters - key: UI - - name: USERID_HEADER - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-header - - name: USERID_PREFIX - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-prefix diff --git a/distributions/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml b/distributions/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml deleted file mode 100644 index 399ce3d8ca..0000000000 --- a/distributions/stacks/ibm/application/jupyter-web-app/base/kustomization.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - app.kubernetes.io/component: jupyter-web-app - app.kubernetes.io/name: jupyter-web-app - app: jupyter-web-app - kustomize.component: jupyter-web-app -namePrefix: jupyter-web-app- -namespace: kubeflow -images: -- name: gcr.io/kubeflow-images-public/jupyter-web-app - newName: gcr.io/kubeflow-images-public/jupyter-web-app - newTag: vmaster-ge4456300 -resources: -- ../../../../../jupyter/jupyter-web-app/base/cluster-role-binding.yaml -- ../../../../../jupyter/jupyter-web-app/base/cluster-role.yaml -- ../../../../../jupyter/jupyter-web-app/base/deployment.yaml -- ../../../../../jupyter/jupyter-web-app/base/role-binding.yaml -- ../../../../../jupyter/jupyter-web-app/base/role.yaml -- ../../../../../jupyter/jupyter-web-app/base/service-account.yaml -- ../../../../../jupyter/jupyter-web-app/base/service.yaml -patchesStrategicMerge: -- deployment_patch.yaml -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- name: jupyter-web-app-config - files: - - ../../../../../jupyter/jupyter-web-app/base/configs/spawner_ui_config.yaml -- name: parameters - envs: - - params.env -vars: -- fieldref: - fieldPath: data.policy - name: policy - objref: - apiVersion: v1 - kind: ConfigMap - name: parameters -- fieldref: - fieldPath: data.prefix - name: prefix - objref: - apiVersion: v1 - kind: ConfigMap - name: parameters -configurations: -- params.yaml diff --git a/distributions/stacks/ibm/application/jupyter-web-app/base/params.env b/distributions/stacks/ibm/application/jupyter-web-app/base/params.env deleted file mode 100644 index 0d6dd92898..0000000000 --- a/distributions/stacks/ibm/application/jupyter-web-app/base/params.env +++ /dev/null @@ -1,4 +0,0 @@ -UI=default -ROK_SECRET_NAME=secret-rok-{username} -policy=Always -prefix=jupyter diff --git a/distributions/stacks/ibm/application/jupyter-web-app/base/params.yaml b/distributions/stacks/ibm/application/jupyter-web-app/base/params.yaml deleted file mode 100644 index c665650a15..0000000000 --- a/distributions/stacks/ibm/application/jupyter-web-app/base/params.yaml +++ /dev/null @@ -1,7 +0,0 @@ -varReference: -- path: spec/template/spec/containers/imagePullPolicy - kind: Deployment -- path: metadata/annotations/getambassador.io\/config - kind: Service -- path: spec/http/route/destination/host - kind: VirtualService diff --git a/distributions/stacks/ibm/application/jupyter-web-app/insecure/custom-env.yaml b/distributions/stacks/ibm/application/jupyter-web-app/insecure/custom-env.yaml new file mode 100644 index 0000000000..1b4d7143dd --- /dev/null +++ b/distributions/stacks/ibm/application/jupyter-web-app/insecure/custom-env.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: jupyter-web-app + env: + - name: APP_SECURE_COOKIES + value: "false" diff --git a/distributions/stacks/ibm/application/jupyter-web-app/insecure/kustomization.yaml b/distributions/stacks/ibm/application/jupyter-web-app/insecure/kustomization.yaml new file mode 100644 index 0000000000..0c7e527113 --- /dev/null +++ b/distributions/stacks/ibm/application/jupyter-web-app/insecure/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../../../apps/jupyter/jupyter-web-app/upstream/overlays/istio +patchesStrategicMerge: +- custom-env.yaml diff --git a/distributions/stacks/ibm/application/jupyter-web-app/kustomization.yaml b/distributions/stacks/ibm/application/jupyter-web-app/kustomization.yaml index 10fe1d1d97..8c8de2f827 100644 --- a/distributions/stacks/ibm/application/jupyter-web-app/kustomization.yaml +++ b/distributions/stacks/ibm/application/jupyter-web-app/kustomization.yaml @@ -2,6 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- base -- ../../../../jupyter/jupyter-web-app/overlays/istio -- ../../../../jupyter/jupyter-web-app/overlays/application +- ../../../../../apps/jupyter/jupyter-web-app/upstream/overlays/istio diff --git a/distributions/stacks/ibm/application/katib/kustomization.yaml b/distributions/stacks/ibm/application/katib/kustomization.yaml index 1b17d942bb..22cdefed16 100644 --- a/distributions/stacks/ibm/application/katib/kustomization.yaml +++ b/distributions/stacks/ibm/application/katib/kustomization.yaml @@ -2,33 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: - - ../../../../katib/installs/katib-standalone-ibm -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldpath: metadata.namespace - name: katib-ui-namespace - objref: - kind: Service - name: katib-ui - apiVersion: v1 -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file +- ../../../../../apps/katib/upstream/installs/katib-with-kubeflow diff --git a/distributions/stacks/ibm/application/kfp-argo-multi-user/kustomization.yaml b/distributions/stacks/ibm/application/kfp-argo-multi-user/kustomization.yaml deleted file mode 100644 index 29805289da..0000000000 --- a/distributions/stacks/ibm/application/kfp-argo-multi-user/kustomization.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: - - ../../../../pipeline/minio/installs/ibm - - ../../../../pipeline/mysql/installs/ibm - - ../../../../pipeline/installs/multi-user -configMapGenerator: -- name: pipeline-mysql-parameters - behavior: merge - literals: - - mysqlPvcName=mysql-pv-claim -- name: pipeline-minio-parameters - behavior: merge - literals: - - minioPvcName=minio-pv-claim -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config diff --git a/distributions/stacks/ibm/application/kfp-argo/kustomization.yaml b/distributions/stacks/ibm/application/kfp-argo/kustomization.yaml index d745d03655..7096a7c662 100644 --- a/distributions/stacks/ibm/application/kfp-argo/kustomization.yaml +++ b/distributions/stacks/ibm/application/kfp-argo/kustomization.yaml @@ -2,35 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: - - ../../../../pipeline/minio/installs/ibm - - ../../../../pipeline/mysql/installs/ibm - - ../../../../pipeline/installs/generic -configMapGenerator: -- name: pipeline-mysql-parameters - behavior: merge - literals: - - mysqlPvcName=mysql-pv-claim -- name: pipeline-minio-parameters - behavior: merge - literals: - - minioPvcName=minio-pv-claim -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config + - ../../../../../apps/pipeline/upstream/env/platform-agnostic-multi-user diff --git a/distributions/stacks/ibm/application/kfp-tekton-multi-user/kustomization.yaml b/distributions/stacks/ibm/application/kfp-tekton-multi-user/kustomization.yaml deleted file mode 100644 index 0bf283de94..0000000000 --- a/distributions/stacks/ibm/application/kfp-tekton-multi-user/kustomization.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: - - ../../../../pipeline/minio/installs/ibm - - ../../../../pipeline/mysql/installs/ibm - - ../../../../pipeline/installs/tekton-multi-user -configMapGenerator: -- name: pipeline-mysql-parameters - behavior: merge - literals: - - mysqlPvcName=mysql-pv-claim -- name: pipeline-minio-parameters - behavior: merge - literals: - - minioPvcName=minio-pv-claim -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config diff --git a/distributions/stacks/ibm/application/kfp-tekton/kustomization.yaml b/distributions/stacks/ibm/application/kfp-tekton/kustomization.yaml index 4f0bdd65b7..7aa32577db 100644 --- a/distributions/stacks/ibm/application/kfp-tekton/kustomization.yaml +++ b/distributions/stacks/ibm/application/kfp-tekton/kustomization.yaml @@ -1,24 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: kubeflow resources: - - ../../../../pipeline/installs/tekton -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config + - ../../../../../apps/kfp-tekton/upstream/env/platform-agnostic-multi-user diff --git a/distributions/stacks/ibm/application/bootstrap/kustomization.yaml b/distributions/stacks/ibm/application/kfserving/kustomization.yaml similarity index 60% rename from distributions/stacks/ibm/application/bootstrap/kustomization.yaml rename to distributions/stacks/ibm/application/kfserving/kustomization.yaml index bd0df0dc81..cf87bb65d9 100644 --- a/distributions/stacks/ibm/application/bootstrap/kustomization.yaml +++ b/distributions/stacks/ibm/application/kfserving/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- ../../../../admission-webhook/bootstrap/overlays/application +- ../../../../../apps/kfserving/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/knative/kustomization.yaml b/distributions/stacks/ibm/application/knative/kustomization.yaml new file mode 100644 index 0000000000..f5bedc738c --- /dev/null +++ b/distributions/stacks/ibm/application/knative/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../../../common/knative/knative-serving-crds/base +- ../../../../../common/knative/knative-serving-install/base +- ../../../../../common/knative/knative-eventing-crds/base +- ../../../../../common/knative/knative-eventing-install/base +- ../../../../../common/istio-1-9-0/cluster-local-gateway/base diff --git a/distributions/stacks/ibm/application/kubeflow-istio-resources/kustomization.yaml b/distributions/stacks/ibm/application/kubeflow-istio-resources/kustomization.yaml new file mode 100644 index 0000000000..0216f7207e --- /dev/null +++ b/distributions/stacks/ibm/application/kubeflow-istio-resources/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +# Kubeflow Istio Resources +- ../../../../../common/istio-1-9-0/kubeflow-istio-resources/base diff --git a/distributions/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml b/distributions/stacks/ibm/application/kubeflow-namespace/kustomization.yaml similarity index 50% rename from distributions/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml rename to distributions/stacks/ibm/application/kubeflow-namespace/kustomization.yaml index 3a282e21d3..f112f87ad0 100644 --- a/distributions/stacks/ibm/application/add-anonymous-user-filter/kustomization.yaml +++ b/distributions/stacks/ibm/application/kubeflow-namespace/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: istio-system resources: -- ../../../../istio/add-anonymous-user-filter/base +- ../../../../../common/kubeflow-namespace/base diff --git a/distributions/stacks/ibm/application/kubeflow-roles/kustomization.yaml b/distributions/stacks/ibm/application/kubeflow-roles/kustomization.yaml new file mode 100644 index 0000000000..c3b9dfd9cb --- /dev/null +++ b/distributions/stacks/ibm/application/kubeflow-roles/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../../../common/kubeflow-roles/base diff --git a/distributions/stacks/ibm/application/metadata/kustomization.yaml b/distributions/stacks/ibm/application/metadata/kustomization.yaml deleted file mode 100644 index eb74983fdd..0000000000 --- a/distributions/stacks/ibm/application/metadata/kustomization.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -commonLabels: - app.kubernetes.io/component: metadata - app.kubernetes.io/name: metadata - kustomize.component: metadata -resources: -- ../../../../metadata/overlays/db -- ../../../../metadata/overlays/application/application.yaml -- ../../../../metadata/overlays/istio/virtual-service-metadata-grpc.yaml -configurations: -- ../../../../metadata/overlays/istio/params.yaml -images: - - name: mysql - newTag: "5.6" - newName: mysql -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config diff --git a/distributions/stacks/ibm/application/mpi-job/kustomization.yaml b/distributions/stacks/ibm/application/mpi-job/kustomization.yaml new file mode 100644 index 0000000000..ac02cc8b81 --- /dev/null +++ b/distributions/stacks/ibm/application/mpi-job/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: + - ../../../../../apps/mpi-job/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/mxnet-job/kustomization.yaml b/distributions/stacks/ibm/application/mxnet-job/kustomization.yaml new file mode 100644 index 0000000000..7a0c98130e --- /dev/null +++ b/distributions/stacks/ibm/application/mxnet-job/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: + - ../../../../../apps/mxnet-job/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/notebook-controller/README.md b/distributions/stacks/ibm/application/notebook-controller/README.md deleted file mode 100644 index 520d7af56a..0000000000 --- a/distributions/stacks/ibm/application/notebook-controller/README.md +++ /dev/null @@ -1 +0,0 @@ -Note: the approach to have the `base` in a sub-directory is to avoid the problem of current `namePrefix` incapability to skip adding to certain resources. In this case, they are `VirtualService` and `Application`. For these, we want the name to be `notebook-controller` instead of `notebook-controller-notebook-controller`. diff --git a/distributions/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml b/distributions/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml deleted file mode 100644 index e1ea7a60db..0000000000 --- a/distributions/stacks/ibm/application/notebook-controller/base/deployment_patch.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deployment -spec: - template: - spec: - containers: - - name: manager - env: - - name: USE_ISTIO - valueFrom: - configMapKeyRef: - name: notebook-controller-config - key: USE_ISTIO - - name: ISTIO_GATEWAY - valueFrom: - configMapKeyRef: - name: notebook-controller-config - key: ISTIO_GATEWAY - \ No newline at end of file diff --git a/distributions/stacks/ibm/application/notebook-controller/base/kustomization.yaml b/distributions/stacks/ibm/application/notebook-controller/base/kustomization.yaml deleted file mode 100644 index f197d72da2..0000000000 --- a/distributions/stacks/ibm/application/notebook-controller/base/kustomization.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namePrefix: notebook-controller- -namespace: kubeflow -commonLabels: - app: notebook-controller - app.kubernetes.io/component: notebook-controller - app.kubernetes.io/name: notebook-controller - kustomize.component: notebook-controller -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- literals: - - USE_ISTIO=true - - ISTIO_GATEWAY=kubeflow/kubeflow-gateway - name: config -images: -- name: gcr.io/kubeflow-images-public/notebook-controller - newName: gcr.io/kubeflow-images-public/notebook-controller - newTag: vmaster-g6eb007d0 -patchesStrategicMerge: -- deployment_patch.yaml -resources: -- ../../../../../jupyter/notebook-controller/base/cluster-role-binding.yaml -- ../../../../../jupyter/notebook-controller/base/cluster-role.yaml -- ../../../../../jupyter/notebook-controller/base/crd.yaml -- ../../../../../jupyter/notebook-controller/base/deployment.yaml -- ../../../../../jupyter/notebook-controller/base/service-account.yaml -- ../../../../../jupyter/notebook-controller/base/service.yaml diff --git a/distributions/stacks/ibm/application/notebook-controller/kustomization.yaml b/distributions/stacks/ibm/application/notebook-controller/kustomization.yaml index 018bc13c7c..420aa6b42d 100644 --- a/distributions/stacks/ibm/application/notebook-controller/kustomization.yaml +++ b/distributions/stacks/ibm/application/notebook-controller/kustomization.yaml @@ -4,5 +4,4 @@ commonLabels: app.kubernetes.io/component: notebook-controller app.kubernetes.io/name: notebook-controller resources: -- base -- ../../../../jupyter/notebook-controller/overlays/application/application.yaml +- ../../../../../apps/jupyter/notebook-controller/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/notebooks/kustomization.yaml b/distributions/stacks/ibm/application/notebooks/kustomization.yaml deleted file mode 100644 index 0d1a3748f2..0000000000 --- a/distributions/stacks/ibm/application/notebooks/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: - - ../../application/jupyter-web-app - - ../../application/notebook-controller -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config diff --git a/distributions/stacks/ibm/application/oidc-authservice-appid/container-env-vars.yaml b/distributions/stacks/ibm/application/oidc-authservice-appid/container-env-vars.yaml deleted file mode 100644 index da3237974d..0000000000 --- a/distributions/stacks/ibm/application/oidc-authservice-appid/container-env-vars.yaml +++ /dev/null @@ -1,32 +0,0 @@ -- op: replace - path: /spec/template/spec/containers/0/env/3 - value: - name: OIDC_PROVIDER - valueFrom: - secretKeyRef: - key: oAuthServerUrl - name: appid-application-configuration -- op: replace - path: /spec/template/spec/containers/0/env/6 - value: - name: REDIRECT_URL - valueFrom: - secretKeyRef: - key: oidcRedirectUrl - name: appid-application-configuration -- op: replace - path: /spec/template/spec/containers/0/env/9 - value: - name: CLIENT_ID - valueFrom: - secretKeyRef: - key: clientId - name: appid-application-configuration -- op: replace - path: /spec/template/spec/containers/0/env/10 - value: - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - key: secret - name: appid-application-configuration diff --git a/distributions/stacks/ibm/application/oidc-authservice-appid/kustomization.yaml b/distributions/stacks/ibm/application/oidc-authservice-appid/kustomization.yaml index a604cdaf3e..82fe56ea3b 100644 --- a/distributions/stacks/ibm/application/oidc-authservice-appid/kustomization.yaml +++ b/distributions/stacks/ibm/application/oidc-authservice-appid/kustomization.yaml @@ -3,7 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: istio-system resources: -- ../../../../istio/oidc-authservice/base +- ../../../../../common/oidc-authservice/base - service-account.yaml - vs.yaml commonLabels: @@ -11,13 +11,14 @@ commonLabels: app.kubernetes.io/name: oidc-authservice patches: - path: sts-patch.yaml -- path: container-env-vars.yaml - target: - version: v1 - kind: StatefulSet - name: authservice configMapGenerator: - name: oidc-authservice-parameters behavior: merge envs: - params.env +secretGenerator: +- name: oidc-authservice-client + type: Opaque + behavior: merge + envs: + - secret_params.env diff --git a/distributions/stacks/ibm/application/oidc-authservice-appid/params.env b/distributions/stacks/ibm/application/oidc-authservice-appid/params.env index cbc1d7015f..f83958d99a 100644 --- a/distributions/stacks/ibm/application/oidc-authservice-appid/params.env +++ b/distributions/stacks/ibm/application/oidc-authservice-appid/params.env @@ -1,5 +1,3 @@ -oidc_auth_url= -skip_auth_uri= -namespace=istio-system -userid-header=kubeflow-userid -userid-prefix= +OIDC_PROVIDER= +REDIRECT_URL=/login/oidc +OIDC_AUTH_URL=/authorization diff --git a/distributions/stacks/ibm/application/oidc-authservice-appid/secret_params.env b/distributions/stacks/ibm/application/oidc-authservice-appid/secret_params.env new file mode 100644 index 0000000000..725846593b --- /dev/null +++ b/distributions/stacks/ibm/application/oidc-authservice-appid/secret_params.env @@ -0,0 +1,2 @@ +CLIENT_SECRET= +CLIENT_ID= diff --git a/distributions/stacks/ibm/application/oidc-authservice/kustomization.yaml b/distributions/stacks/ibm/application/oidc-authservice/kustomization.yaml index 66bf8b7ecd..977e5e2655 100644 --- a/distributions/stacks/ibm/application/oidc-authservice/kustomization.yaml +++ b/distributions/stacks/ibm/application/oidc-authservice/kustomization.yaml @@ -1,24 +1,9 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: istio-system resources: -- ../../../../istio/oidc-authservice/base_v3 -images: -- name: busybox - newTag: "latest" - newName: busybox -patchesStrategicMerge: -- statefulset-patch.yaml -configMapGenerator: -- name: oidc-authservice-config - behavior: merge - literals: - - client_id=kubeflow-oidc-authservice - - oidc_provider=http://dex.auth.svc.cluster.local:5556/dex - - oidc_redirect_uri=/login/oidc - - oidc_auth_url=/dex/auth - - application_secret=pUBnBOY80SnXgjibTYM9ZWNzY2xreNGQok - - skip_auth_uri=/dex - - namespace=istio-system - - userid-header=kubeflow-userid - - userid-prefix= +- ../../../../../common/oidc-authservice/base +commonLabels: + app.kubernetes.io/component: oidc-authservice + app.kubernetes.io/name: oidc-authservice diff --git a/distributions/stacks/ibm/application/oidc-authservice/statefulset-patch.yaml b/distributions/stacks/ibm/application/oidc-authservice/statefulset-patch.yaml deleted file mode 100644 index 2bf14f3759..0000000000 --- a/distributions/stacks/ibm/application/oidc-authservice/statefulset-patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: authservice -spec: - template: - spec: - initContainers: - - name: fix-permission - image: busybox - command: ['sh', '-c'] - args: ['chmod -R 777 /var/lib/authservice;'] - volumeMounts: - - mountPath: /var/lib/authservice - name: data diff --git a/distributions/stacks/ibm/application/profile-control-plane/kustomization.yaml b/distributions/stacks/ibm/application/profile-control-plane/kustomization.yaml deleted file mode 100644 index 55d8cecda1..0000000000 --- a/distributions/stacks/ibm/application/profile-control-plane/kustomization.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: - - ../../../../common/centraldashboard/overlays/stacks - - ../../../../kubeflow-roles/base - - ../../application/profiles -configMapGenerator: -- name: profiles-config - behavior: merge - literals: - - admin=example@kubeflow.org -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file diff --git a/distributions/stacks/ibm/application/profiles/base/deployment_patch.yaml b/distributions/stacks/ibm/application/profiles/base/deployment_patch.yaml deleted file mode 100644 index 7928556d53..0000000000 --- a/distributions/stacks/ibm/application/profiles/base/deployment_patch.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: deployment -spec: - template: - spec: - containers: - - command: - - /manager - - -userid-header - - $(USERID_HEADER) - - -userid-prefix - - $(USERID_PREFIX) - - -workload-identity - - $(WORKLOAD_IDENTITY) - args: [] - name: manager - env: - - name: USERID_HEADER - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-header - - name: USERID_PREFIX - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-prefix - - name: WORKLOAD_IDENTITY - valueFrom: - configMapKeyRef: - name: profiles-config - key: gcp-sa - - command: - - /access-management - - -cluster-admin - - $(CLUSTER_ADMIN) - - -userid-prefix - - $(USERID_PREFIX) - - -userid-header - - $(USERID_HEADER) - args: [] - name: kfam - env: - - name: USERID_HEADER - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-header - - name: USERID_PREFIX - valueFrom: - configMapKeyRef: - name: kubeflow-config - key: userid-prefix - - name: CLUSTER_ADMIN - valueFrom: - configMapKeyRef: - name: profiles-config - key: admin diff --git a/distributions/stacks/ibm/application/profiles/base/kustomization.yaml b/distributions/stacks/ibm/application/profiles/base/kustomization.yaml deleted file mode 100644 index 6e1389b834..0000000000 --- a/distributions/stacks/ibm/application/profiles/base/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namePrefix: profiles- -commonLabels: - kustomize.component: profiles -images: -- name: gcr.io/kubeflow-images-public/kfam - newName: gcr.io/kubeflow-images-public/kfam - newTag: vmaster-g9f3bfd00 -- name: gcr.io/kubeflow-images-public/profile-controller - newName: gcr.io/kubeflow-images-public/profile-controller - newTag: vmaster-ga49f658f -resources: -- ../../../../../profiles/base/cluster-role-binding.yaml -- ../../../../../profiles/base/crd.yaml -- ../../../../../profiles/base/deployment.yaml -- ../../../../../profiles/base/service.yaml -- ../../../../../profiles/base/service-account.yaml -patchesStrategicMerge: -- deployment_patch.yaml -configMapGenerator: -# We need the name to be unique without the suffix because the original name is what -# gets used with patches -- name: profiles-config - literals: - - admin= - - gcp-sa= diff --git a/distributions/stacks/ibm/application/profiles/kustomization.yaml b/distributions/stacks/ibm/application/profiles/kustomization.yaml index 4d5d92ad39..d2ef83dae2 100644 --- a/distributions/stacks/ibm/application/profiles/kustomization.yaml +++ b/distributions/stacks/ibm/application/profiles/kustomization.yaml @@ -1,9 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -commonLabels: - app.kubernetes.io/component: profiles - app.kubernetes.io/name: profiles +namespace: kubeflow resources: -- base -- ../../../../profiles/overlays/istio/virtual-service.yaml -- ../../../../profiles/overlays/application/application.yaml +- ../../../../../apps/profiles/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/pytorch-job/kustomization.yaml b/distributions/stacks/ibm/application/pytorch-job/kustomization.yaml index 87f0333b45..7e3314bfa1 100644 --- a/distributions/stacks/ibm/application/pytorch-job/kustomization.yaml +++ b/distributions/stacks/ibm/application/pytorch-job/kustomization.yaml @@ -2,27 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: - - ../../../../pytorch-job/pytorch-job-crds/overlays/application - - ../../../../pytorch-job/pytorch-operator/overlays/application -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file + - ../../../../../apps/pytorch-job/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/seldon-core-operator/kustomization.yaml b/distributions/stacks/ibm/application/seldon-core-operator/kustomization.yaml deleted file mode 100644 index 8b3849a297..0000000000 --- a/distributions/stacks/ibm/application/seldon-core-operator/kustomization.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- ../../../../seldon/seldon-core-operator/overlays/application -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file diff --git a/distributions/stacks/ibm/application/spartakus/kustomization.yaml b/distributions/stacks/ibm/application/spartakus/kustomization.yaml deleted file mode 100644 index 10560182cd..0000000000 --- a/distributions/stacks/ibm/application/spartakus/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- ../../../../common/spartakus/overlays/application -configMapGenerator: -- name: spartakus-config - behavior: merge - literals: - - usageId= diff --git a/distributions/stacks/ibm/application/tensorboard-controller/kustomization.yaml b/distributions/stacks/ibm/application/tensorboard-controller/kustomization.yaml new file mode 100644 index 0000000000..23e7569fca --- /dev/null +++ b/distributions/stacks/ibm/application/tensorboard-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../../apps/tensorboard/tensorboard-controller/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/tensorboard-web-app/insecure/custom-env.yaml b/distributions/stacks/ibm/application/tensorboard-web-app/insecure/custom-env.yaml new file mode 100644 index 0000000000..02ae0bc5d5 --- /dev/null +++ b/distributions/stacks/ibm/application/tensorboard-web-app/insecure/custom-env.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: tensorboards-web-app + env: + - name: APP_SECURE_COOKIES + value: "false" diff --git a/distributions/stacks/ibm/application/tensorboard-web-app/insecure/kustomization.yaml b/distributions/stacks/ibm/application/tensorboard-web-app/insecure/kustomization.yaml new file mode 100644 index 0000000000..9b3ffed6c3 --- /dev/null +++ b/distributions/stacks/ibm/application/tensorboard-web-app/insecure/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../../../apps/tensorboard/tensorboards-web-app/upstream/overlays/istio +patchesStrategicMerge: +- custom-env.yaml diff --git a/distributions/stacks/ibm/application/tensorboard-web-app/kustomization.yaml b/distributions/stacks/ibm/application/tensorboard-web-app/kustomization.yaml new file mode 100644 index 0000000000..22e285123f --- /dev/null +++ b/distributions/stacks/ibm/application/tensorboard-web-app/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: +- ../../../../../apps/tensorboard/tensorboards-web-app/upstream/overlays/istio diff --git a/distributions/stacks/ibm/application/tf-job/kustomization.yaml b/distributions/stacks/ibm/application/tf-job/kustomization.yaml index 06e8f31c25..8f7b820184 100644 --- a/distributions/stacks/ibm/application/tf-job/kustomization.yaml +++ b/distributions/stacks/ibm/application/tf-job/kustomization.yaml @@ -2,27 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: - - ../../../../tf-training/tf-job-crds/overlays/application - - ../../../../tf-training/tf-job-operator/overlays/application -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -vars: -# We need to define vars at the top level otherwise we will get -# conflicts. -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - \ No newline at end of file + - ../../../../../apps/tf-training/upstream/overlays/kubeflow diff --git a/distributions/stacks/ibm/application/spark-operator/kustomization.yaml b/distributions/stacks/ibm/application/user-namespace/kustomization.yaml similarity index 62% rename from distributions/stacks/ibm/application/spark-operator/kustomization.yaml rename to distributions/stacks/ibm/application/user-namespace/kustomization.yaml index 0928ac4434..2476c69cac 100644 --- a/distributions/stacks/ibm/application/spark-operator/kustomization.yaml +++ b/distributions/stacks/ibm/application/user-namespace/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- ../../../../spark/spark-operator/overlays/application +- ../../../../../common/user-namespace/base diff --git a/distributions/stacks/ibm/application/volumes-web-app/insecure/custom-env.yaml b/distributions/stacks/ibm/application/volumes-web-app/insecure/custom-env.yaml new file mode 100644 index 0000000000..ff38444a00 --- /dev/null +++ b/distributions/stacks/ibm/application/volumes-web-app/insecure/custom-env.yaml @@ -0,0 +1,12 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: deployment +spec: + template: + spec: + containers: + - name: volumes-web-app + env: + - name: APP_SECURE_COOKIES + value: "false" diff --git a/distributions/stacks/ibm/application/volumes-web-app/insecure/kustomization.yaml b/distributions/stacks/ibm/application/volumes-web-app/insecure/kustomization.yaml new file mode 100644 index 0000000000..5e72218179 --- /dev/null +++ b/distributions/stacks/ibm/application/volumes-web-app/insecure/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../../../../apps/volumes-web-app/upstream/overlays/istio +patchesStrategicMerge: +- custom-env.yaml diff --git a/distributions/stacks/ibm/application/volumes-web-app/kustomization.yaml b/distributions/stacks/ibm/application/volumes-web-app/kustomization.yaml new file mode 100644 index 0000000000..52d4214f63 --- /dev/null +++ b/distributions/stacks/ibm/application/volumes-web-app/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../../../../apps/volumes-web-app/upstream/overlays/istio diff --git a/distributions/stacks/ibm/application/xgboost-job/kustomization.yaml b/distributions/stacks/ibm/application/xgboost-job/kustomization.yaml new file mode 100644 index 0000000000..900b029376 --- /dev/null +++ b/distributions/stacks/ibm/application/xgboost-job/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow +resources: + - ../../../../../apps/xgboost-job/upstream/overlays/kubeflow