* kserve: Add distinct file for cluster-roles
When we install both KFServing 0.6.1 and KServe 0.7.0 we are using the
standalone version of KServe 0.7.0. But, the standalone KServe
installation does not include the aggregated roles for the KF
kubeflow-{admin,editor,viewer} roles.
This commit adds the needed clusterroles/bingings as a distinct file to
explicitly include them, when installing both KFServing and standalone
KServe.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* kserve: Use kubeflow overlay of MWA
In order to use the KServe MWA by default we will need to use the
kubeflow overlay. This overlay updates the VirtualService to use the
kubeflow/kubeflow-gateway Gateway, alongside the other KF apps.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
Update the app's manifests to:
1. Work under the /kserve-endpoints prefix
2. Use the correct gatway in the manifests
3. Use the correct namespace in for the app's ConfigMap
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
When deploying knative-serving there a race due to an Istio issue
that ends up having cluster-local-gateway misconfigured because of
conflicting ports. In a nutshell Istio creates listeners based on
Gateway ports and the corresponding Services (if any) and in our
case we have two Services (cluster-local-gateway, knative-local-gateway)
with port 80 and different targetPort (8080, 8081). In normal
operation the pod gets the following listeners:
ADDRESS PORT MATCH DESTINATION
0.0.0.0 8080 ALL Route: http.80
0.0.0.0 8081 ALL Route: http.8081
We have seen on fresh deployment to end up with only 8081:8081 and
istio complaining with:
Error adding/updating listener(s) 0.0.0.0_8081: duplicate listener 0.0.0.0_8081 found
To fix that add a label in knative-local-gateway service so that
it gets ignored by istio when translating gateway ports.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
By default Knative's local gateway will use the istio-ingressgateway Pod
for configuring traffic and binding VirtualServices. This means that all
in-cluster traffic will need to also pass via the ingress gateway.
We've noticed 302s from Notebooks curl-ing InferenceServices. This was
because the AuthService is authenticating all requests that go through
the ingress gateway. But since we now send in-cluster requests via the
ingress gateway this means that AuthService will also check them.
To avoid the above we provide an overlay for making Knative's local
gateway to use Istio's local gateway and not the ingress one.
See: https://github.com/kubeflow/manifests/issues/1966
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* Update references for 1.4
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* Add a table for the common components
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* Update K8s version
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* Add 1.4 release information
Signed-off-by: Anna Jung (VMware) <antheaj@vmware.com>
* Add 1.4 release wg liaisons, product manager and a shadow
Signed-off-by: Anna Jung (VMware) <antheaj@vmware.com>
* Add a step to reach out to each WG during preparation for WG liaison info
Signed-off-by: Anna Jung (VMware) <antheaj@vmware.com>
* serving: Update to v0.22.1
Fetch the yamls from:
1. https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml
2. https://github.com/knative-sandbox/net-istio/releases/download/v0.23.1/net-istio.yaml
3. https://github.com/knative/serving/releases/download/v0.22.1/serving-post-install-jobs.yaml
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* serving: Remove comments with yq
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* serving: Remove anchors and aliases
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* serving: Remove knative-ingress-gateway Gateway
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* serving: Update post-install job
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* eventing: Update to v0.22.1
Use yamls from https://github.com/knative/eventing/releases/tag/v0.22.1
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* eventing: Remove all comments with yq
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* eventing: Remove aliases and anchors
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* eventing: Update post-install job
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* kustomization: Fix namespace and commonLabels
Don't explicitly set the namespace in the kustomization, since there are
resources like the knative-local-gateway Service that need to be applied
in other namespaces.
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* Update the README
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* remove vim .swp file
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
* review: Use string keys to work with kustomize 4.2
Signed-off-by: Kimonas Sotirchos <kimwnasptd@arrikto.com>
Kimonas Sotirchos