kubeflow
/
manifests
mirror of https://github.com/kubeflow/manifests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Synchronize kubeflow pipelines manifests 2.5.0 (#3121) 

* Update kubeflow/pipelines manifests from 2.5.0

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update scripts

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update kfp sdk version

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* consistency

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update sdk

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix test

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix test

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
This commit is contained in:
Julius von Kohout 2025-04-30 08:38:03 +02:00 committed by GitHub
parent 7588f29d23
commit 8680bf79c0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
200 changed files with 2749 additions and 7175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/full_kubeflow_integration_test.yaml vendored
View File

@ -95,13 +95,13 @@ jobs:
kustomize build apps/model-registry/upstream/options/ui/overlays/istio | kubectl apply -f -
- name: Install Spark
run: chmod u+x tests/gh-actions/spark_*.sh && ./tests/gh-actions/spark_install.sh
run: chmod u+x tests/gh-actions/*.sh && ./tests/gh-actions/install_spark.sh
- name: Wait for All Pods to be Ready
run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 60s --field-selector=status.phase!=Succeeded
- name: Install Dependencies
run: pip install pytest kubernetes kfp==2.11.0 kserve pytest-timeout pyyaml requests
run: pip install pytest kubernetes kfp==2.13.0 kserve pytest-timeout pyyaml requests
- name: Port-forward the istio-ingress gateway
run: ./tests/gh-actions/port_forward_gateway.sh
@ -120,14 +120,14 @@ jobs:
- name: Test Pipeline Access with Authorized Token
run: |
TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)"
python3 tests/gh-actions/pipeline_test.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
- name: Test Pipeline Access with Unauthorized Token
run: |
kubectl create namespace test-unauthorized
kubectl create serviceaccount test-unauthorized -n test-unauthorized
UNAUTHORIZED_TOKEN=$(kubectl -n test-unauthorized create token test-unauthorized)
python3 tests/gh-actions/pipeline_test.py test_unauthorized_access "$UNAUTHORIZED_TOKEN" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py test_unauthorized_access "$UNAUTHORIZED_TOKEN" "${KF_PROFILE}"
- name: Test Volumes Web Application API
run: ./tests/gh-actions/test_volumes_web_application.sh "${KF_PROFILE}"
@ -173,7 +173,7 @@ jobs:
# TODO the individual KServe tests is currently being restructured. Afterwards we can also test inferencing
- name: Run Spark Test
run: chmod u+x tests/gh-actions/spark_*.sh && ./tests/gh-actions/spark_test.sh "${KF_PROFILE}"
run: chmod u+x tests/gh-actions/*.sh && ./tests/gh-actions/test_spark.sh "${KF_PROFILE}"
- name: Test Model Registry Deployment
run: |

2
.github/workflows/katib_test.yaml vendored
View File

@ -54,7 +54,7 @@ jobs:
- name: Install Dependencies
run: pip install pytest kubernetes kfp==2.11.0 requests
run: pip install pytest kubernetes kfp==2.13.0 requests
- name: Port-forward the istio-ingress gateway
run: ./tests/gh-actions/port_forward_gateway.sh

8
.github/workflows/pipeline_swfs_test.yaml vendored
View File

@ -67,17 +67,17 @@ jobs:
- name: List and deploy test pipeline with authorized ServiceAccount Token
run: |
pip3 install kfp==2.12.1
pip3 install kfp==2.13.0
KF_PROFILE=kubeflow-user-example-com
TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)"
python3 tests/gh-actions/pipeline_test.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
- name: Fail to list pipelines with unauthorized ServiceAccount Token
run: |
pip3 install kfp==2.12.1
pip3 install kfp==2.13.0
KF_PROFILE=kubeflow-user-example-com
TOKEN="$(kubectl -n default create token default)"
python3 tests/gh-actions/pipeline_test.py test_unauthorized_access "${TOKEN}" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py test_unauthorized_access "${TOKEN}" "${KF_PROFILE}"
echo "Test succeeded. Token from unauthorized ServiceAccount cannot list pipelines in $KF_PROFILE namespace."

12
.github/workflows/pipeline_test.yaml vendored
View File

@ -3,7 +3,7 @@ on:
pull_request:
paths:
- tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
- .github/workflows/pipeline_test.yaml
- .github/workflows/test_pipeline.yaml
- apps/pipeline/upstream/**
- tests/gh-actions/install_istio.sh
- tests/gh-actions/install_cert_manager.sh
@ -11,7 +11,7 @@ on:
- common/cert-manager/**
- common/oauth2-proxy/**
- common/istio*/**
- tests/gh-actions/pipeline_test.py
- tests/gh-actions/test_pipeline.py
- experimental/security/PSS/*
jobs:
@ -66,17 +66,17 @@ jobs:
- name: List and deploy test pipeline with authorized ServiceAccount Token
run: |
pip3 install kfp==2.12.1
pip3 install kfp==2.13.0
KF_PROFILE=kubeflow-user-example-com
TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)"
python3 tests/gh-actions/pipeline_test.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py run_pipeline "${TOKEN}" "${KF_PROFILE}"
- name: Fail to list pipelines with unauthorized ServiceAccount Token
run: |
pip3 install kfp==2.12.1
pip3 install kfp==2.13.0
KF_PROFILE=kubeflow-user-example-com
TOKEN="$(kubectl -n default create token default)"
python3 tests/gh-actions/pipeline_test.py test_unauthorized_access "${TOKEN}" "${KF_PROFILE}"
python3 tests/gh-actions/test_pipeline.py test_unauthorized_access "${TOKEN}" "${KF_PROFILE}"
echo "Test succeeded. Token from unauthorized ServiceAccount cannot list pipelines in $KF_PROFILE namespace."

8
.github/workflows/spark_test.yaml vendored
View File

@ -3,7 +3,7 @@ on:
pull_request:
paths:
- tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
- .github/workflows/spark_test.yaml
- .github/workflows/test_spark.yaml
- apps/spark/**
- tests/gh-actions/spark*.sh
- tests/gh-actions/install_istio.sh
@ -47,6 +47,6 @@ jobs:
cd apps/spark
# TODO remove the debugging lines
ls -lah ../../tests/gh-actions/
chmod u+x ../../tests/gh-actions/spark*
../../tests/gh-actions/spark_install.sh
../../tests/gh-actions/spark_test.sh "kubeflow-user-example-com"
chmod u+x ../../tests/gh-actions/*.sh
../../tests/gh-actions/install_spark.sh
../../tests/gh-actions/test_spark.sh "kubeflow-user-example-com"

2
.shellcheckrc
View File

@ -1,2 +1,2 @@
# ~/.shellcheckrc
disable=SC1017,SC2086,SC2070,SC2046,SC2155,SC2006
disable=SC1017,SC2086,SC2070,SC2046,SC2155,SC2006,SC1091,SC2164

2
README.md
View File

@ -65,7 +65,7 @@ This repository periodically synchronizes all official Kubeflow components from
| Katib | apps/katib/upstream | [v0.18.0](https://github.com/kubeflow/katib/tree/v0.18.0/manifests/v1beta1) |
| KServe | apps/kserve/kserve | [v0.15.0](https://github.com/kserve/kserve/releases/tag/v0.15.0/install/v0.15.0) |
| KServe Models Web Application | apps/kserve/models-web-app | [v0.14.0](https://github.com/kserve/models-web-app/tree/v0.14.0/config) |
| Kubeflow Pipelines | apps/pipeline/upstream | [2.4.1](https://github.com/kubeflow/pipelines/tree/2.4.1/manifests/kustomize) |
| Kubeflow Pipelines | apps/pipeline/upstream | [2.5.0](https://github.com/kubeflow/pipelines/tree/2.5.0/manifests/kustomize) |
| Kubeflow Model Registry | apps/model-registry/upstream | [v0.2.16](https://github.com/kubeflow/model-registry/tree/v0.2.16/manifests/kustomize) |
The following matrix shows the versions of common components used across different Kubeflow projects:

2
apps/pipeline/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml
View File

@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cache-deployer-clusterrole.yaml
- cache-deployer-clusterrolebinding.yaml
@ -8,4 +9,3 @@ resources:
# Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add
# namespace for the clusterrolebinding's SA ref.
- cache-deployer-sa.yaml

8
apps/pipeline/upstream/base/cache-deployer/kustomization.yaml
View File

@ -4,8 +4,10 @@ resources:
- cache-deployer-role.yaml
- cache-deployer-rolebinding.yaml
- cache-deployer-deployment.yaml
commonLabels:
app: cache-deployer
images:
- name: ghcr.io/kubeflow/kfp-cache-deployer
newTag: 2.4.1
newTag: 2.5.0
labels:
- includeSelectors: true
pairs:
app: cache-deployer

5
apps/pipeline/upstream/base/cache/cache-deployment.yaml vendored
View File

@ -14,12 +14,13 @@ spec:
labels:
app: cache-server
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: server
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

17
apps/pipeline/upstream/base/cache/cache-role.yaml vendored
View File

@ -31,20 +31,3 @@ rules:
- watch
- update
- patch
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- customruns
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

8
apps/pipeline/upstream/base/cache/kustomization.yaml vendored
View File

@ -6,8 +6,10 @@ resources:
- cache-rolebinding.yaml
- cache-sa.yaml
- cache-service.yaml
commonLabels:
app: cache-server
images:
- name: ghcr.io/kubeflow/kfp-cache-server
newTag: 2.4.1
newTag: 2.5.0
labels:
- includeSelectors: true
pairs:
app: cache-server

5
apps/pipeline/upstream/base/crds/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- pipelines.kubeflow.org_pipelines.yaml
- pipelines.kubeflow.org_pipelineversions.yaml

49
apps/pipeline/upstream/base/crds/pipelines.kubeflow.org_pipelines.yaml Normal file
View File

@ -0,0 +1,49 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.4
name: pipelines.pipelines.kubeflow.org
spec:
group: pipelines.kubeflow.org
names:
kind: Pipeline
listKind: PipelineList
plural: pipelines
singular: pipeline
scope: Namespaced
versions:
- name: v2beta1
schema:
openAPIV3Schema:
description: Pipeline is the Schema for the pipelines API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PipelineSpec defines the desired state of Pipeline.
properties:
description:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

89
apps/pipeline/upstream/base/crds/pipelines.kubeflow.org_pipelineversions.yaml Normal file
View File

@ -0,0 +1,89 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.4
name: pipelineversions.pipelines.kubeflow.org
spec:
group: pipelines.kubeflow.org
names:
kind: PipelineVersion
listKind: PipelineVersionList
plural: pipelineversions
singular: pipelineversion
scope: Namespaced
versions:
- name: v2beta1
schema:
openAPIV3Schema:
description: PipelineVersion is the Schema for the pipelineversions API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PipelineVersionSpec defines the desired state of PipelineVersion.
properties:
codeSourceURL:
type: string
description:
type: string
pipelineName:
type: string
pipelineSpec:
x-kubernetes-preserve-unknown-fields: true
required:
- pipelineSpec
type: object
status:
description: PipelineVersionStatus defines the observed state of PipelineVersion.
properties:
conditions:
items:
description: |-
SimplifiedCondition is a metav1.Condition without lastTransitionTime since the database model doesn't have such
a concept and it allows a default status in the CRD without a controller setting it.
properties:
message:
maxLength: 32768
type: string
reason:
type: string
status:
enum:
- "True"
- "False"
- Unknown
type: string
type:
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

40
apps/pipeline/upstream/base/installs/generic/kustomization.yaml
View File

@ -8,40 +8,40 @@ resources:
- pipeline-install-config.yaml
- mysql-secret.yaml
vars:
- name: kfp-namespace
- fieldref:
fieldPath: metadata.namespace
name: kfp-namespace
objref:
kind: Deployment
apiVersion: apps/v1
kind: Deployment
name: ml-pipeline
fieldref:
fieldpath: metadata.namespace
- name: kfp-app-name
- fieldref:
fieldPath: data.appName
name: kfp-app-name
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.appName
- name: kfp-app-version
- fieldref:
fieldPath: data.appVersion
name: kfp-app-version
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.appVersion
- name: kfp-artifact-bucket-name
- fieldref:
fieldPath: data.bucketName
name: kfp-artifact-bucket-name
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.bucketName
- name: kfp-default-pipeline-root
- fieldref:
fieldPath: data.defaultPipelineRoot
name: kfp-default-pipeline-root
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.defaultPipelineRoot
configurations:
- params.yaml

2
apps/pipeline/upstream/base/installs/generic/pipeline-install-config.yaml
View File

@ -11,7 +11,7 @@ data:
until the changes take effect. A quick way to restart all deployments in a
namespace: `kubectl rollout restart deployment -n <your-namespace>`.
appName: pipeline
appVersion: 2.4.1
appVersion: 2.5.0
dbHost: mysql # relic to be removed after release
dbPort: "3306" # relic to be removed after release
dbType: mysql

40
apps/pipeline/upstream/base/installs/generic/postgres/kustomization.yaml
View File

@ -8,40 +8,40 @@ resources:
- pipeline-install-config.yaml
- postgres-secret-extended.yaml
vars:
- name: kfp-namespace
- fieldref:
fieldPath: metadata.namespace
name: kfp-namespace
objref:
kind: Deployment
apiVersion: apps/v1
kind: Deployment
name: ml-pipeline
fieldref:
fieldpath: metadata.namespace
- name: kfp-app-name
- fieldref:
fieldPath: data.appName
name: kfp-app-name
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.appName
- name: kfp-app-version
- fieldref:
fieldPath: data.appVersion
name: kfp-app-version
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.appVersion
- name: kfp-artifact-bucket-name
- fieldref:
fieldPath: data.bucketName
name: kfp-artifact-bucket-name
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.bucketName
- name: kfp-default-pipeline-root
- fieldref:
fieldPath: data.defaultPipelineRoot
name: kfp-default-pipeline-root
objref:
apiVersion: v1
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.defaultPipelineRoot
configurations:
- params.yaml

14
apps/pipeline/upstream/base/installs/multi-user/api-service/cluster-role.yaml
View File

@ -35,6 +35,20 @@ rules:
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows/finalizers
verbs:
- update
- apiGroups:
- pipelines.kubeflow.org
resources:
- pipelines
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:

4
apps/pipeline/upstream/base/installs/multi-user/api-service/kustomization.yaml
View File

@ -4,6 +4,6 @@ resources:
- cluster-role-binding.yaml
- cluster-role.yaml
configMapGenerator:
- name: pipeline-api-server-config
envs:
- envs:
- params.env
name: pipeline-api-server-config

6
apps/pipeline/upstream/base/installs/multi-user/cache/kustomization.yaml vendored
View File

@ -1,7 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app: cache-server
resources:
- cluster-role.yaml
- cluster-role-binding.yaml
labels:
- includeSelectors: true
pairs:
app: cache-server

8
apps/pipeline/upstream/base/installs/multi-user/kustomization.yaml
View File

@ -1,9 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
commonLabels:
app.kubernetes.io/name: kubeflow-pipelines
app.kubernetes.io/component: ml-pipeline
resources:
- ../../pipeline/cluster-scoped
- ../../cache-deployer/cluster-scoped
@ -31,3 +28,8 @@ patches:
configurations:
- params.yaml
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/component: ml-pipeline
app.kubernetes.io/name: kubeflow-pipelines

3
apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/deployment.yaml
View File

@ -6,7 +6,7 @@ spec:
replicas: 1
template:
metadata:
annotations:
labels:
sidecar.istio.io/inject: "false"
spec:
containers:
@ -57,4 +57,3 @@ spec:
- name: hooks
configMap:
name: kubeflow-pipelines-profile-controller-code

14
apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml
View File

@ -1,16 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
commonLabels:
app: kubeflow-pipelines-profile-controller
resources:
- service.yaml
- deployment.yaml
- decorator-controller.yaml
configMapGenerator:
- name: kubeflow-pipelines-profile-controller-code
files:
- files:
- sync.py
- name: kubeflow-pipelines-profile-controller-env
envs:
name: kubeflow-pipelines-profile-controller-code
- envs:
- params.env
name: kubeflow-pipelines-profile-controller-env
labels:
- includeSelectors: true
pairs:
app: kubeflow-pipelines-profile-controller

6
apps/pipeline/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml
View File

@ -1,8 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
commonLabels:
app: ml-pipeline-ui
resources:
- cluster-role.yaml
- cluster-role-binding.yaml
labels:
- includeSelectors: true
pairs:
app: ml-pipeline-ui

6
apps/pipeline/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml
View File

@ -15,6 +15,12 @@ rules:
- update
- patch
- delete
- apiGroups:
- pipelines.kubeflow.org
resources:
- runs
verbs:
- create
- apiGroups:
- kubeflow.org
resources:

2
apps/pipeline/upstream/base/metadata/base/kustomization.yaml
View File

@ -10,4 +10,4 @@ resources:
- metadata-grpc-sa.yaml
images:
- name: ghcr.io/kubeflow/kfp-metadata-envoy
newTag: 2.4.1
newTag: 2.5.0

1
apps/pipeline/upstream/base/metadata/base/metadata-envoy-deployment.yaml
View File

@ -13,7 +13,6 @@ spec:
metadata:
labels:
component: metadata-envoy
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:

3
apps/pipeline/upstream/base/metadata/base/metadata-grpc-deployment.yaml
View File

@ -14,6 +14,9 @@ spec:
labels:
component: metadata-grpc-server
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: container
# ! Sync to the same MLMD version:

16
apps/pipeline/upstream/base/metadata/overlays/db/kustomization.yaml
View File

@ -12,13 +12,13 @@ patches:
- path: patches/metadata-grpc-deployment.yaml
configMapGenerator:
- name: metadata-db-parameters
envs:
- envs:
- params.env
name: metadata-db-parameters
secretGenerator:
- name: metadata-db-secrets
envs:
- envs:
- secrets.env
name: metadata-db-secrets
generatorOptions:
disableNameSuffixHash: true
@ -29,10 +29,10 @@ images:
newTag: 8.0.3
vars:
- name: MLMD_DB_HOST
- fieldref:
fieldPath: metadata.name
name: MLMD_DB_HOST
objref:
apiVersion: v1
kind: Service
name: metadata-db
apiVersion: v1
fieldref:
fieldpath: metadata.name

2
apps/pipeline/upstream/base/metadata/overlays/db/metadata-db-deployment.yaml
View File

@ -16,7 +16,6 @@ spec:
name: db
labels:
component: db
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
@ -49,4 +48,3 @@ spec:
- name: metadata-mysql
persistentVolumeClaim:
claimName: metadata-mysql

16
apps/pipeline/upstream/base/metadata/overlays/postgres/kustomization.yaml
View File

@ -12,13 +12,13 @@ patches:
- path: patches/metadata-grpc-deployment.yaml
configMapGenerator:
- name: metadata-postgres-db-parameters
envs:
- envs:
- params.env
name: metadata-postgres-db-parameters
secretGenerator:
- name: metadata-postgres-db-secrets
envs:
- envs:
- secrets.env
name: metadata-postgres-db-secrets
generatorOptions:
disableNameSuffixHash: true
@ -28,10 +28,10 @@ images:
newTag: 14.7-alpine3.17
vars:
- name: MLMD_DB_HOST
- fieldref:
fieldPath: metadata.name
name: MLMD_DB_HOST
objref:
apiVersion: v1
kind: Service
name: metadata-postgres-db
apiVersion: v1
fieldref:
fieldpath: metadata.name

2
apps/pipeline/upstream/base/metadata/overlays/postgres/metadata-db-deployment.yaml
View File

@ -16,7 +16,6 @@ spec:
name: db
labels:
component: db
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
@ -40,4 +39,3 @@ spec:
- name: metadata-postgres
persistentVolumeClaim:
claimName: metadata-postgres

12
apps/pipeline/upstream/base/pipeline/kustomization.yaml
View File

@ -36,14 +36,14 @@ resources:
- kfp-launcher-configmap.yaml
images:
- name: ghcr.io/kubeflow/kfp-api-server
newTag: 2.4.1
newTag: 2.5.0
- name: ghcr.io/kubeflow/kfp-persistence-agent
newTag: 2.4.1
newTag: 2.5.0
- name: ghcr.io/kubeflow/kfp-scheduled-workflow-controller
newTag: 2.4.1
newTag: 2.5.0
- name: ghcr.io/kubeflow/kfp-frontend
newTag: 2.4.1
newTag: 2.5.0
- name: ghcr.io/kubeflow/kfp-viewer-crd-controller
newTag: 2.4.1
newTag: 2.5.0
- name: ghcr.io/kubeflow/kfp-visualization-server
newTag: 2.4.1
newTag: 2.5.0

2
apps/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml
View File

@ -7,4 +7,4 @@ resources:
- metadata-writer-sa.yaml
images:
- name: ghcr.io/kubeflow/kfp-metadata-writer
newTag: 2.4.1
newTag: 2.5.0

6
apps/pipeline/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml
View File

@ -14,6 +14,10 @@ spec:
labels:
app: metadata-writer
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: main
image: ghcr.io/kubeflow/kfp-metadata-writer:dummy
@ -24,8 +28,6 @@ spec:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

15
apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml
View File

@ -15,10 +15,19 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- env:
# Whether or not to publish component logs to the object store.
- name: PUBLISH_LOGS
value: "true"
- name: LOG_LEVEL
value: "info"
# Driver / launcher log level during pipeline execution
- name: PIPELINE_LOG_LEVEL
value: "1"
- name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
valueFrom:
configMapKeyRef:
@ -109,6 +118,10 @@ spec:
secretKeyRef:
name: mlpipeline-minio-artifact
key: secretkey
- name: V2_DRIVER_IMAGE
value: ghcr.io/kubeflow/kfp-driver:2.5.0
- name: V2_LAUNCHER_IMAGE
value: ghcr.io/kubeflow/kfp-launcher:2.5.0
image: ghcr.io/kubeflow/kfp-api-server:dummy
imagePullPolicy: IfNotPresent
name: ml-pipeline-api-server
@ -158,8 +171,6 @@ spec:
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

44
apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml
View File

@ -37,6 +37,20 @@ rules:
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows/finalizers
verbs:
- update
- apiGroups:
- pipelines.kubeflow.org
resources:
- pipelines
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
@ -49,33 +63,3 @@ rules:
- tokenreviews
verbs:
- create
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- taskruns
- conditions
- runs
- tasks
- customruns
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- custom.tekton.dev
resources:
- pipelineloops
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

5
apps/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml
View File

@ -15,6 +15,9 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- env:
- name: NAMESPACE
@ -39,8 +42,6 @@ spec:
name: persistenceagent-sa-token
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

29
apps/pipeline/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml
View File

@ -33,32 +33,3 @@ rules:
verbs:
- reportMetrics
- readArtifact
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- taskruns
- conditions
- runs
- tasks
- customruns
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- custom.tekton.dev
resources:
- pipelineloops
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

16
apps/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml
View File

@ -15,6 +15,9 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- image: ghcr.io/kubeflow/kfp-scheduled-workflow-controller:dummy
imagePullPolicy: IfNotPresent
@ -33,12 +36,21 @@ spec:
key: cronScheduleTimezone
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /var/run/secrets/kubeflow/tokens
name: scheduledworkflow-sa-token
serviceAccountName: ml-pipeline-scheduledworkflow
volumes:
- name: scheduledworkflow-sa-token
projected:
sources:
- serviceAccountToken:
path: scheduledworkflow-sa-token
expirationSeconds: 3600
audience: pipelines.kubeflow.org

6
apps/pipeline/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml
View File

@ -30,6 +30,12 @@ rules:
- update
- patch
- delete
- apiGroups:
- pipelines.kubeflow.org
resources:
- runs
verbs:
- create
- apiGroups:
- ''
resources:

9
apps/pipeline/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml
View File

@ -15,6 +15,9 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
volumes:
- name: config-volume
configMap:
@ -31,8 +34,6 @@ spec:
readOnly: true
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
@ -62,6 +63,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGO_ARCHIVE_LOGS
value: "true"
- name: DISABLE_GKE_METADATA
value: "true"
readinessProbe:
exec:
command:

5
apps/pipeline/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml
View File

@ -15,6 +15,9 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- image: ghcr.io/kubeflow/kfp-viewer-crd-controller:dummy
imagePullPolicy: Always
@ -28,8 +31,6 @@ spec:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

5
apps/pipeline/upstream/base/pipeline/ml-pipeline-visualization-deployment.yaml
View File

@ -15,6 +15,9 @@ spec:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- image: ghcr.io/kubeflow/kfp-visualization-server:dummy
imagePullPolicy: IfNotPresent
@ -48,8 +51,6 @@ spec:
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0

29
apps/pipeline/upstream/base/pipeline/pipeline-runner-role.yaml
View File

@ -78,32 +78,3 @@ rules:
- seldondeployments
verbs:
- '*'
- apiGroups:
- tekton.dev
resources:
- pipelineruns
- taskruns
- conditions
- runs
- tasks
- customruns
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- custom.tekton.dev
resources:
- pipelineloops
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

10
apps/pipeline/upstream/base/webhook/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- pipelineversion-validating-webhook-config.yaml
- pipelineversion-mutating-webhook-config.yaml
configurations:
- params.yaml

13
apps/pipeline/upstream/base/webhook/params.yaml Normal file
View File

@ -0,0 +1,13 @@
varReference:
- path: metadata/annotations
kind: ValidatingWebhookConfiguration
- path: webhooks/clientConfig/service/namespace
kind: ValidatingWebhookConfiguration
- path: webhooks/name
kind: ValidatingWebhookConfiguration
- path: metadata/annotations
kind: MutatingWebhookConfiguration
- path: webhooks/clientConfig/service/namespace
kind: MutatingWebhookConfiguration
- path: webhooks/name
kind: MutatingWebhookConfiguration

27
apps/pipeline/upstream/base/webhook/pipelineversion-mutating-webhook-config.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
webhooks:
- name: pipelineversions.pipelines.kubeflow.org
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- pipelines.kubeflow.org
apiVersions:
- v2beta1
resources:
- pipelineversions
scope: Namespaced
admissionReviewVersions:
- v1
sideEffects: None
failurePolicy: Fail
clientConfig:
service:
name: ml-pipeline
namespace: $(kfp-namespace)
path: /webhooks/mutate-pipelineversion
port: 8443

27
apps/pipeline/upstream/base/webhook/pipelineversion-validating-webhook-config.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
webhooks:
- name: pipelineversions.pipelines.kubeflow.org
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- pipelines.kubeflow.org
apiVersions:
- v2beta1
resources:
- pipelineversions
scope: Namespaced
admissionReviewVersions:
- v1
sideEffects: None
failurePolicy: Fail
clientConfig:
service:
name: ml-pipeline
namespace: $(kfp-namespace)
path: /webhooks/validate-pipelineversion
port: 8443

26
apps/pipeline/upstream/cluster-scoped-resources-tekton/kustomization.yaml
View File

@ -1,26 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubeflow
resources:
- namespace.yaml
bases:
- ../third-party/application/cluster-scoped
- ../base/pipeline/cluster-scoped
- ../base/cache-deployer/cluster-scoped
vars:
# NOTE: var name must be unique globally to allow composition of multiple kustomize
# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from
# others.
- name: kfp-cluster-scoped-namespace
objref:
# cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml
# so that we only need to change kustomization.yaml's namespace field for namespace customization.
kind: ServiceAccount
name: kubeflow-pipelines-cache-deployer-sa
apiVersion: v1
fieldref:
fieldpath: metadata.namespace
configurations:
- params.yaml

4
apps/pipeline/upstream/cluster-scoped-resources-tekton/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: '$(kfp-cluster-scoped-namespace)'

4
apps/pipeline/upstream/cluster-scoped-resources-tekton/params.yaml
View File

@ -1,4 +0,0 @@
# Allow Kustomize var to replace following fields.
varReference:
- path: metadata/name
kind: Namespace

8
apps/pipeline/upstream/cluster-scoped-resources/kustomization.yaml
View File

@ -13,14 +13,14 @@ vars:
# NOTE: var name must be unique globally to allow composition of multiple kustomize
# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from
# others.
- name: kfp-cluster-scoped-namespace
- fieldref:
fieldPath: metadata.namespace
name: kfp-cluster-scoped-namespace
objref:
# cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml
# so that we only need to change kustomization.yaml's namespace field for namespace customization.
apiVersion: v1
kind: ServiceAccount
name: kubeflow-pipelines-cache-deployer-sa
apiVersion: v1
fieldref:
fieldpath: metadata.namespace
configurations:
- params.yaml

33
apps/pipeline/upstream/env/aws/kustomization.yaml vendored
View File

@ -4,24 +4,27 @@ namespace: kubeflow
resources:
- ../../env/platform-agnostic
configMapGenerator:
- name: pipeline-install-config
env: params.env
behavior: merge
- name: workflow-controller-configmap
behavior: replace
- behavior: merge
envs:
- params.env
name: pipeline-install-config
- behavior: replace
files:
- config
- name: ml-pipeline-ui-configmap
behavior: replace
name: workflow-controller-configmap
- behavior: replace
files:
- viewer-pod-template.json
name: ml-pipeline-ui-configmap
secretGenerator:
- name: mysql-secret
env: secret.env
behavior: merge
- name: mlpipeline-minio-artifact
env: minio-artifact-secret-patch.env
behavior: merge
- behavior: merge
envs:
- secret.env
name: mysql-secret
- behavior: merge
envs:
- minio-artifact-secret-patch.env
name: mlpipeline-minio-artifact
generatorOptions:
disableNameSuffixHash: true
patches:
@ -30,5 +33,7 @@ patches:
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

18
apps/pipeline/upstream/env/azure/kustomization.yaml vendored
View File

@ -9,17 +9,21 @@ resources:
- minio-azure-gateway
configMapGenerator:
- name: pipeline-install-config
env: params.env
behavior: merge
- behavior: merge
envs:
- params.env
name: pipeline-install-config
secretGenerator:
- name: mysql-secret
env: mysql-secret.env
behavior: merge
- behavior: merge
envs:
- mysql-secret.env
name: mysql-secret
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

5
apps/pipeline/upstream/env/azure/minio-azure-gateway/kustomization.yaml vendored
View File

@ -6,8 +6,9 @@ resources:
- minio-azure-gateway-service.yaml
secretGenerator:
- name: mlpipeline-minio-artifact
env: minio-artifact-secret.env
- envs:
- minio-artifact-secret.env
name: mlpipeline-minio-artifact
generatorOptions:
# mlpipeline-minio-artifact needs to be referred by exact name
disableNameSuffixHash: true

6
apps/pipeline/upstream/env/cert-manager/base-webhook-certs/kfp-api-cert-issuer.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: kfp-api-webhook-selfsigned-issuer
spec:
selfSigned: {}

15
apps/pipeline/upstream/env/cert-manager/base-webhook-certs/kfp-api-cert.yaml vendored Normal file
View File

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kfp-api-webhook-cert
spec:
commonName: kfp-api-webhook-cert
isCA: true
dnsNames:
- ml-pipeline
- ml-pipeline.$(kfp-namespace)
- ml-pipeline.$(kfp-namespace).svc
issuerRef:
kind: Issuer
name: kfp-api-webhook-selfsigned-issuer
secretName: kfp-api-webhook-cert

13
apps/pipeline/upstream/env/cert-manager/base-webhook-certs/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./kfp-api-cert-issuer.yaml
- ./kfp-api-cert.yaml
configurations:
- params.yaml
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow

7
apps/pipeline/upstream/env/cert-manager/base-webhook-certs/params.yaml vendored Normal file
View File

@ -0,0 +1,7 @@
varReference:
- path: spec/commonName
kind: Certificate
- path: spec/dnsNames
kind: Certificate
- path: spec/issuerRef/name
kind: Certificate

6
apps/pipeline/upstream/env/cert-manager/base/kustomization.yaml vendored
View File

@ -6,8 +6,10 @@ resources:
- cache-cert-issuer.yaml
- cache-cert.yaml
- cache-webhook-config.yaml
commonLabels:
app: cache-server-cert-manager
configurations:
- params.yaml
labels:
- includeSelectors: true
pairs:
app: cache-server-cert-manager

30
apps/pipeline/upstream/env/cert-manager/platform-agnostic-k8s-native/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,30 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/crds
- ../../platform-agnostic
- ../../../base/webhook
- ../base-webhook-certs/
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
patches:
- path: patches/deployment.yaml
target:
kind: Deployment
name: ml-pipeline
- path: patches/service.yaml
target:
kind: Service
name: ml-pipeline
- path: patches/validating-webhook.yaml
target:
kind: ValidatingWebhookConfiguration
name: pipelineversions.pipelines.kubeflow.org
- path: patches/mutating-webhook.yaml
target:
kind: MutatingWebhookConfiguration
name: pipelineversions.pipelines.kubeflow.org

29
apps/pipeline/upstream/env/cert-manager/platform-agnostic-k8s-native/patches/deployment.yaml vendored Normal file
View File

@ -0,0 +1,29 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline
spec:
template:
spec:
containers:
- name: ml-pipeline-api-server
ports:
- containerPort: 8443
name: webhook
command:
- "/bin/apiserver"
args:
- "--config=/config"
- "--sampleconfig=/config/sample_config.json"
- "-logtostderr=true"
- "--webhookTLSCertPath=/etc/webhook/certs/tls.crt"
- "--webhookTLSKeyPath=/etc/webhook/certs/tls.key"
- "--pipelinesStoreKubernetes=true"
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes:
- name: webhook-certs
secret:
secretName: kfp-api-webhook-cert

6
apps/pipeline/upstream/env/cert-manager/platform-agnostic-k8s-native/patches/mutating-webhook.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
annotations:
cert-manager.io/inject-ca-from: $(kfp-namespace)/kfp-api-webhook-cert

10
apps/pipeline/upstream/env/cert-manager/platform-agnostic-k8s-native/patches/service.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: ml-pipeline
spec:
ports:
- name: webhook
port: 8443
protocol: TCP
targetPort: 8443

6
apps/pipeline/upstream/env/cert-manager/platform-agnostic-k8s-native/patches/validating-webhook.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
annotations:
cert-manager.io/inject-ca-from: $(kfp-namespace)/kfp-api-webhook-cert

30
apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user-k8s-native/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,30 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../base/crds
- ../platform-agnostic-multi-user
- ../../../base/webhook
- ../base-webhook-certs/
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
patches:
- path: patches/deployment.yaml
target:
kind: Deployment
name: ml-pipeline
- path: patches/service.yaml
target:
kind: Service
name: ml-pipeline
- path: patches/validating-webhook.yaml
target:
kind: ValidatingWebhookConfiguration
name: pipelineversions.pipelines.kubeflow.org
- path: patches/mutating-webhook.yaml
target:
kind: MutatingWebhookConfiguration
name: pipelineversions.pipelines.kubeflow.org

30
apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user-k8s-native/patches/deployment.yaml vendored Normal file
View File

@ -0,0 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline
spec:
template:
spec:
containers:
- name: ml-pipeline-api-server
ports:
- containerPort: 8443
name: webhook
image: domain.local/apiserver:local
command:
- "/bin/apiserver"
args:
- "--config=/config"
- "--sampleconfig=/config/sample_config.json"
- "-logtostderr=true"
- "--webhookTLSCertPath=/etc/webhook/certs/tls.crt"
- "--webhookTLSKeyPath=/etc/webhook/certs/tls.key"
- "--pipelinesStoreKubernetes=true"
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes:
- name: webhook-certs
secret:
secretName: kfp-api-webhook-cert

6
apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user-k8s-native/patches/mutating-webhook.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
annotations:
cert-manager.io/inject-ca-from: $(kfp-namespace)/kfp-api-webhook-cert

10
apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user-k8s-native/patches/service.yaml vendored Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: ml-pipeline
spec:
ports:
- name: webhook
port: 8443
protocol: TCP
targetPort: 8443

6
apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user-k8s-native/patches/validating-webhook.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
annotations:
cert-manager.io/inject-ca-from: $(kfp-namespace)/kfp-api-webhook-cert

4
apps/pipeline/upstream/env/dev-kind/forward-local-api-endpoint.yaml vendored
View File

@ -15,3 +15,7 @@ subsets:
appProtocol: http
port: 8888
protocol: TCP
- name: webhook
appProtocol: http
port: 8443
protocol: TCP

40
apps/pipeline/upstream/env/dev-kind/kustomization.yaml vendored
View File

@ -2,9 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/application
- ../cert-manager/platform-agnostic-k8s-native
- ./forward-local-api-endpoint.yaml
- ../platform-agnostic
# !!! If you want to customize the namespace,
# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources
@ -126,5 +125,42 @@ patches:
port: 8887
protocol: TCP
targetPort: 8887
- name: webhook
port: 8443
protocol: TCP
targetPort: 8443
selector:
$patch: delete
- patch: |-
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
webhooks:
- name: pipelineversions.pipelines.kubeflow.org
clientConfig:
service:
name: ml-pipeline-reverse-proxy
- patch: |-
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pipelineversions.pipelines.kubeflow.org
webhooks:
- name: pipelineversions.pipelines.kubeflow.org
clientConfig:
service:
name: ml-pipeline-reverse-proxy
- patch: |-
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kfp-api-webhook-cert
spec:
dnsNames:
- ml-pipeline
- ml-pipeline.$(kfp-namespace)
- ml-pipeline.$(kfp-namespace).svc
- ml-pipeline-reverse-proxy
- ml-pipeline-reverse-proxy.$(kfp-namespace)
- ml-pipeline-reverse-proxy.$(kfp-namespace).svc

13
apps/pipeline/upstream/env/dev/kustomization.yaml vendored
View File

@ -8,12 +8,13 @@ resources:
- ../platform-agnostic
- ../gcp/inverse-proxy
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

14
apps/pipeline/upstream/env/dev/postgresql/kustomization.yaml vendored
View File

@ -8,12 +8,14 @@ resources:
- ../../platform-agnostic-postgresql
- ../../gcp/inverse-proxy
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

2
apps/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml vendored
View File

@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: ghcr.io/kubeflow/kfp-inverse-proxy-agent
newTag: 2.4.1
newTag: 2.5.0
resources:
- proxy-configmap.yaml
- proxy-deployment.yaml

20
apps/pipeline/upstream/env/gcp/kustomization.yaml vendored
View File

@ -12,11 +12,6 @@ resources:
- minio-gcs-gateway
- cloudsql-proxy
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
@ -27,6 +22,15 @@ patches:
# Used by Kustomize
configMapGenerator:
- name: pipeline-install-config
env: params.env
behavior: merge
- behavior: merge
envs:
- params.env
name: pipeline-install-config
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

5
apps/pipeline/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml vendored
View File

@ -7,8 +7,9 @@ resources:
- minio-gcs-gateway-service.yaml
secretGenerator:
- name: mlpipeline-minio-artifact
env: minio-artifact-secret.env
- envs:
- minio-artifact-secret.env
name: mlpipeline-minio-artifact
generatorOptions:
# mlpipeline-minio-artifact needs to be referred by exact name
disableNameSuffixHash: true

13
apps/pipeline/upstream/env/plain-multi-user/kustomization.yaml vendored
View File

@ -11,12 +11,15 @@ resources:
- ../../third-party/minio/options/istio
- ../../third-party/metacontroller/base
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

1
apps/pipeline/upstream/env/plain/kustomization.yaml vendored
View File

@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../cluster-scoped-resources-tekton
- ../../base/installs/generic
- ../../base/metadata/base
- ../../third-party/minio/base

13
apps/pipeline/upstream/env/platform-agnostic-multi-user-legacy/kustomization.yaml vendored
View File

@ -12,12 +12,15 @@ resources:
- ../../third-party/minio/base
- ../../third-party/minio/options/istio
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

13
apps/pipeline/upstream/env/platform-agnostic-multi-user/kustomization.yaml vendored
View File

@ -12,12 +12,15 @@ resources:
- ../../third-party/minio/base
- ../../third-party/minio/options/istio
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

13
apps/pipeline/upstream/env/platform-agnostic-postgresql/kustomization.yaml vendored
View File

@ -8,12 +8,15 @@ resources:
- ../../third-party/minio/base
- ../../third-party/postgresql/base
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# !!! If you want to customize the namespace,
# please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml
namespace: kubeflow
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

68
apps/pipeline/upstream/env/platform-agnostic-tekton-multi-user/kustomization.yaml vendored
View File

@ -1,68 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../third-party/tekton/installs/cluster
- ../../third-party/tekton-custom-task
- ../plain-multi-user
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
patches:
- path: tekton-config.yaml
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline
spec:
template:
spec:
containers:
- name: ml-pipeline-api-server
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-persistenceagent
spec:
template:
spec:
containers:
- name: ml-pipeline-persistenceagent
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-scheduledworkflow
spec:
template:
spec:
containers:
- name: ml-pipeline-scheduledworkflow
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-ui
spec:
template:
spec:
containers:
- name: ml-pipeline-ui
env:
- name: POD_LOG_CONTAINER_NAME
value: step-user-main

10
apps/pipeline/upstream/env/platform-agnostic-tekton-multi-user/tekton-config.yaml vendored
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: feature-flags
namespace: tekton-pipelines
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
data:
running-in-environment-with-injected-sidecars: "true"

70
apps/pipeline/upstream/env/platform-agnostic-tekton/kustomization.yaml vendored
View File

@ -1,70 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../third-party/tekton/installs/cluster
- ../../third-party/tekton-custom-task
- ../plain
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines
patches:
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline
spec:
template:
spec:
containers:
- name: ml-pipeline-api-server
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-persistenceagent
spec:
template:
spec:
containers:
- name: ml-pipeline-persistenceagent
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-scheduledworkflow
spec:
template:
spec:
containers:
- name: ml-pipeline-scheduledworkflow
env:
- name: EXECUTIONTYPE
value: PipelineRun
- patch: |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: ml-pipeline-ui
spec:
template:
spec:
containers:
- name: ml-pipeline-ui
env:
- name: POD_LOG_CONTAINER_NAME
value: step-user-main

11
apps/pipeline/upstream/hack/release.sh
View File

@ -40,3 +40,14 @@ do
done
yq w -i "${MANIFEST_DIR}/base/installs/generic/pipeline-install-config.yaml" data.appVersion "$TAG_NAME"
## Driver & Launcher images are added as environment variables
API_SERVER_MANIFEST="${MANIFEST_DIR}/base/pipeline/ml-pipeline-apiserver-deployment.yaml"
yq w -i ${API_SERVER_MANIFEST} \
"spec.template.spec.containers.(name==ml-pipeline-api-server).env.(name==V2_LAUNCHER_IMAGE).value" \
"ghcr.io/kubeflow/kfp-launcher:${TAG_NAME}"
yq w -i ${API_SERVER_MANIFEST} \
"spec.template.spec.containers.(name==ml-pipeline-api-server).env.(name==V2_DRIVER_IMAGE).value" \
"ghcr.io/kubeflow/kfp-driver:${TAG_NAME}"

32
apps/pipeline/upstream/sample/kustomization.yaml
View File

@ -11,28 +11,28 @@ resources:
# - ../third_party/prometheus
# - ../third_party/grafana
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
# Used by Kustomize
configMapGenerator:
- name: pipeline-install-config
env: params.env
behavior: merge
- behavior: merge
envs:
- params.env
name: pipeline-install-config
secretGenerator:
- name: mysql-secret
env: params-db-secret.env
behavior: merge
- behavior: merge
envs:
- params-db-secret.env
name: mysql-secret
# !!! If you want to customize the namespace,
# please also update sample/cluster-scoped-resources/kustomization.yaml's namespace field to the same value
namespace: kubeflow
#### Customization ###
# 1. Change values in params.env file
# 2. Change values in params-db-secret.env file for CloudSQL username and password
# 3. kustomize build ./ | kubectl apply -f -
####
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected
# when application is deleted.
labels:
- includeSelectors: true
pairs:
application-crd-id: kubeflow-pipelines

6
apps/pipeline/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml vendored
View File

@ -4,9 +4,9 @@ metadata:
name: workflow-controller-configmap
data:
# References:
# * https://github.com/argoproj/argo-workflows/blob/v3.4.17/config/config.go
# * https://github.com/argoproj/argo-workflows/blob/v3.4.17/docs/workflow-controller-configmap.md
# * https://github.com/argoproj/argo-workflows/blob/v3.4.17/docs/workflow-controller-configmap.yaml
# * https://github.com/argoproj/argo-workflows/blob/v3.5.14/config/config.go
# * https://github.com/argoproj/argo-workflows/blob/v3.5.14/docs/workflow-controller-configmap.md
# * https://github.com/argoproj/argo-workflows/blob/v3.5.14/docs/workflow-controller-configmap.yaml
# In artifactRepository.s3.endpoint, $(kfp-namespace) is needed, because in multi-user mode, pipelines may run in other namespaces.
artifactRepository: |

4
apps/pipeline/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml vendored
View File

@ -7,12 +7,12 @@ spec:
spec:
containers:
- name: workflow-controller
image: gcr.io/ml-pipeline/workflow-controller:v3.4.17-license-compliance
image: quay.io/argoproj/workflow-controller:v3.5.14
args:
- --configmap
- workflow-controller-configmap
- --executor-image
- gcr.io/ml-pipeline/argoexec:v3.4.17-license-compliance
- quay.io/argoproj/argoexec:v3.5.14
securityContext:
seccompProfile:
type: RuntimeDefault

6
apps/pipeline/upstream/third-party/argo/upstream/manifests/Kptfile vendored
View File

@ -7,12 +7,12 @@ upstream:
git:
repo: https://github.com/argoproj/argo-workflows
directory: /manifests
ref: v3.4.17
ref: v3.5.14
updateStrategy: resource-merge
upstreamLock:
type: git
git:
repo: https://github.com/argoproj/argo-workflows
directory: /manifests
ref: v3.4.17
commit: 89cbdb53361cbe59fbe81b887ee82722cce5de54
ref: v3.5.14
commit: d94c214176716ece96974fd98ac5107c38d61344

232
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml vendored
View File

@ -798,6 +798,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -827,6 +829,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -936,6 +949,8 @@ spec:
type: object
artifactGC:
properties:
forceFinalizerRemoval:
type: boolean
podMetadata:
properties:
annotations:
@ -947,6 +962,8 @@ spec:
type: string
type: object
type: object
podSpecPatch:
type: string
serviceAccountName:
type: string
strategy:
@ -1408,6 +1425,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -1437,6 +1456,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -1593,6 +1623,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -1686,6 +1718,8 @@ spec:
type: object
podGC:
properties:
deleteDelayDuration:
type: string
labelSelector:
properties:
matchExpressions:
@ -1840,6 +1874,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -1854,6 +1890,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
templateDefaults:
@ -2573,6 +2611,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -2598,6 +2638,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4284,6 +4335,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4313,6 +4366,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4846,6 +4910,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4875,6 +4941,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -5459,6 +5536,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -5488,6 +5567,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6622,6 +6712,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -6651,6 +6743,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6810,6 +6913,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -7272,6 +7377,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7301,6 +7408,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -7845,6 +7963,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7874,6 +7994,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -9229,6 +9360,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -9243,6 +9376,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:
@ -10662,6 +10797,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -10687,6 +10824,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12373,6 +12521,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12402,6 +12552,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12935,6 +13096,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12964,6 +13127,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -13548,6 +13722,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -13577,6 +13753,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14711,6 +14898,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -14740,6 +14929,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14899,6 +15099,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -15361,6 +15563,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15390,6 +15594,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -15934,6 +16149,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15963,6 +16180,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -17318,6 +17546,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -17332,6 +17562,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:

232
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml vendored
View File

@ -819,6 +819,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -848,6 +850,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -957,6 +970,8 @@ spec:
type: object
artifactGC:
properties:
forceFinalizerRemoval:
type: boolean
podMetadata:
properties:
annotations:
@ -968,6 +983,8 @@ spec:
type: string
type: object
type: object
podSpecPatch:
type: string
serviceAccountName:
type: string
strategy:
@ -1429,6 +1446,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -1458,6 +1477,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -1614,6 +1644,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -1707,6 +1739,8 @@ spec:
type: object
podGC:
properties:
deleteDelayDuration:
type: string
labelSelector:
properties:
matchExpressions:
@ -1861,6 +1895,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -1875,6 +1911,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
templateDefaults:
@ -2594,6 +2632,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -2619,6 +2659,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4305,6 +4356,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4334,6 +4387,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4867,6 +4931,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4896,6 +4962,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -5480,6 +5557,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -5509,6 +5588,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6643,6 +6733,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -6672,6 +6764,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6831,6 +6934,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -7293,6 +7398,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7322,6 +7429,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -7866,6 +7984,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7895,6 +8015,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -9250,6 +9381,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -9264,6 +9397,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:
@ -10683,6 +10818,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -10708,6 +10845,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12394,6 +12542,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12423,6 +12573,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12956,6 +13117,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12985,6 +13148,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -13569,6 +13743,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -13598,6 +13774,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14732,6 +14919,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -14761,6 +14950,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14920,6 +15120,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -15382,6 +15584,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15411,6 +15615,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -15955,6 +16170,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15984,6 +16201,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -17339,6 +17567,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -17353,6 +17583,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:

26
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowartifactgctasks.yaml vendored
View File

@ -387,6 +387,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -412,6 +414,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -870,6 +883,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -899,6 +914,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:

13
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml vendored
View File

@ -447,6 +447,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -476,6 +478,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:

626
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml vendored
View File

File diff suppressed because it is too large Load Diff

13
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml vendored
View File

@ -436,6 +436,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -465,6 +467,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:

110
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml vendored
View File

@ -746,6 +746,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -771,6 +773,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -2457,6 +2470,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -2486,6 +2501,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -3019,6 +3045,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -3048,6 +3076,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -3632,6 +3671,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -3661,6 +3702,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4795,6 +4847,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4824,6 +4878,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4983,6 +5048,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -5445,6 +5512,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -5474,6 +5543,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6018,6 +6098,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -6047,6 +6129,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -7402,6 +7495,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -7416,6 +7511,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:
@ -8536,6 +8633,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -8565,6 +8664,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:

232
apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml vendored
View File

@ -797,6 +797,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -826,6 +828,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -935,6 +948,8 @@ spec:
type: object
artifactGC:
properties:
forceFinalizerRemoval:
type: boolean
podMetadata:
properties:
annotations:
@ -946,6 +961,8 @@ spec:
type: string
type: object
type: object
podSpecPatch:
type: string
serviceAccountName:
type: string
strategy:
@ -1407,6 +1424,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -1436,6 +1455,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -1592,6 +1622,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -1685,6 +1717,8 @@ spec:
type: object
podGC:
properties:
deleteDelayDuration:
type: string
labelSelector:
properties:
matchExpressions:
@ -1839,6 +1873,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -1853,6 +1889,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
templateDefaults:
@ -2572,6 +2610,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -2597,6 +2637,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4283,6 +4334,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4312,6 +4365,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -4845,6 +4909,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -4874,6 +4940,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -5458,6 +5535,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -5487,6 +5566,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6621,6 +6711,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -6650,6 +6742,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -6809,6 +6912,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -7271,6 +7376,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7300,6 +7407,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -7844,6 +7962,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -7873,6 +7993,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -9228,6 +9359,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -9242,6 +9375,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:
@ -10661,6 +10796,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -10686,6 +10823,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12372,6 +12520,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12401,6 +12551,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -12934,6 +13095,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -12963,6 +13126,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -13547,6 +13721,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -13576,6 +13752,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14710,6 +14897,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -14739,6 +14928,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -14898,6 +15098,8 @@ spec:
type: object
gauge:
properties:
operation:
type: string
realtime:
type: boolean
value:
@ -15360,6 +15562,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15389,6 +15593,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -15933,6 +16148,8 @@ spec:
type: object
securityToken:
type: string
useSDKCreds:
type: boolean
required:
- key
type: object
@ -15962,6 +16179,17 @@ spec:
type: object
bucket:
type: string
caSecret:
properties:
key:
type: string
name:
type: string
optional:
type: boolean
required:
- key
type: object
createBucketIfNotPresent:
properties:
objectLocking:
@ -17317,6 +17545,8 @@ spec:
properties:
name:
type: string
namespace:
type: string
type: object
semaphore:
properties:
@ -17331,6 +17561,8 @@ spec:
required:
- key
type: object
namespace:
type: string
type: object
type: object
timeout:

Some files were not shown because too many files have changed in this diff Show More