feat(ws): add manifests for frontend (#487)

* feat(ws): Define k8s workload manifest for frontend component #404 Signed-off-by: Noa <nlimoy@redhat.com> * fix: virtual-service tweaks from review Signed-off-by: Andy Stoneberg <astonebe@redhat.com> --------- Signed-off-by: Noa <nlimoy@redhat.com> Signed-off-by: Andy Stoneberg <astonebe@redhat.com> Co-authored-by: Andy Stoneberg <astonebe@redhat.com>
2025-08-21 17:34:06 +00:00 · 2025-08-21 17:34:06 +00:00 · 42ffd9b0c5
parent 877e6de894
commit 42ffd9b0c5
10 changed files with 253 additions and 0 deletions
--- a/workspaces/frontend/manifests/kustomize/base/deployment.yaml
+++ b/workspaces/frontend/manifests/kustomize/base/deployment.yaml
@ -0,0 +1,58 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: workspaces-frontend
 spec:
  selector:
    matchLabels: {}
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  template:
    metadata:
      labels: {}
    spec:
      terminationGracePeriodSeconds: 30
      containers:
      - name: workspaces-frontend
        image: workspaces-frontend
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - "ALL"
        ports:
        - name: http-ui
          containerPort: 8080
        env:
        - name: PORT
          value: "8080"
        resources:
          limits:
            cpu: "1"
            memory: 512Mi
          requests:
            cpu: 100m
            memory: 256Mi
        livenessProbe:
          httpGet:
            path: /
            port: http-ui
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          timeoutSeconds: 5
          failureThreshold: 3
        readinessProbe:
          httpGet:
            path: /
            port: http-ui
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 3
          failureThreshold: 3
--- a/workspaces/frontend/manifests/kustomize/base/kustomization.yaml
+++ b/workspaces/frontend/manifests/kustomize/base/kustomization.yaml
@ -0,0 +1,14 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubeflow-workspaces
 resources:
 - namespace.yaml
 - deployment.yaml
 - service.yaml
 labels:
 - includeSelectors: true
  pairs:
    app.kubernetes.io/component: ui
--- a/workspaces/frontend/manifests/kustomize/base/namespace.yaml
+++ b/workspaces/frontend/manifests/kustomize/base/namespace.yaml
@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: kubeflow-workspaces
--- a/workspaces/frontend/manifests/kustomize/base/service.yaml
+++ b/workspaces/frontend/manifests/kustomize/base/service.yaml
@ -0,0 +1,10 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: workspaces-frontend
 spec:
  ports:
  - name: http-ui
    port: 8080
    targetPort: http-ui
  type: ClusterIP
--- a/workspaces/frontend/manifests/kustomize/components/common/kustomization.yaml
+++ b/workspaces/frontend/manifests/kustomize/components/common/kustomization.yaml
@ -0,0 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 labels:
 - includeSelectors: true
  pairs:
    app.kubernetes.io/managed-by: kustomize
    app.kubernetes.io/name: workspaces-frontend
    app.kubernetes.io/part-of: kubeflow-workspaces
--- a/workspaces/frontend/manifests/kustomize/components/istio/authorization-policy.yaml
+++ b/workspaces/frontend/manifests/kustomize/components/istio/authorization-policy.yaml
@ -0,0 +1,17 @@
 apiVersion: security.istio.io/v1beta1
 kind: AuthorizationPolicy
 metadata:
  name: workspaces-frontend
 spec:
  action: ALLOW
  selector:
    matchLabels:
      app.kubernetes.io/component: ui
      app.kubernetes.io/managed-by: kustomize
      app.kubernetes.io/name: workspaces-frontend
      app.kubernetes.io/part-of: kubeflow-workspaces
  rules:
    - from:
        - source:
            principals:
              - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
--- a/workspaces/frontend/manifests/kustomize/components/istio/destination-rule.yaml
+++ b/workspaces/frontend/manifests/kustomize/components/istio/destination-rule.yaml
@ -0,0 +1,9 @@
 apiVersion: networking.istio.io/v1beta1
 kind: DestinationRule
 metadata:
  name: workspaces-frontend
 spec:
  host: workspaces-frontend.kubeflow-workspaces.svc.cluster.local
  trafficPolicy:
    tls:
      mode: ISTIO_MUTUAL
--- a/workspaces/frontend/manifests/kustomize/components/istio/kustomization.yaml
+++ b/workspaces/frontend/manifests/kustomize/components/istio/kustomization.yaml
@ -0,0 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1alpha1
 kind: Component
 resources:
 - destination-rule.yaml
 - virtual-service.yaml
 - authorization-policy.yaml
 labels:
 - pairs:
    app.kubernetes.io/component: ui
--- a/workspaces/frontend/manifests/kustomize/components/istio/virtual-service.yaml
+++ b/workspaces/frontend/manifests/kustomize/components/istio/virtual-service.yaml
@ -0,0 +1,22 @@
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
  name: workspaces-frontend
 spec:
  gateways:
    - kubeflow/kubeflow-gateway
  hosts:
  - '*'
  http:
    - match:
        - uri:
            prefix: /workspaces/
        - uri:
            exact: /workspaces
      rewrite:
        uri: /
      route:
        - destination:
            host: workspaces-frontend.kubeflow-workspaces.svc.cluster.local
            port:
              number: 8080
--- a/workspaces/frontend/manifests/kustomize/overlays/istio/kustomization.yaml
+++ b/workspaces/frontend/manifests/kustomize/overlays/istio/kustomization.yaml
@ -0,0 +1,99 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubeflow-workspaces
 resources:
 - ../../base
 components:
 - ../../components/istio
 - ../../components/common
 patches:
 - patch: |-
    - op: remove
      path: /metadata/labels/app.kubernetes.io~1component
    - op: remove
      path: /metadata/labels/app.kubernetes.io~1name
    - op: add
      path: /metadata/labels/istio-injection
      value: enabled
  target:
    kind: Namespace
    name: kubeflow-workspaces
 replacements:
 - source:
    fieldPath: metadata.namespace
    kind: Deployment
    name: workspaces-frontend
  targets:
  - fieldPaths:
    - metadata.name
    select:
      kind: Namespace
      name: kubeflow-workspaces
 - source:
    fieldPath: metadata.name
    kind: Service
    name: workspaces-frontend
    version: v1
  targets:
  - fieldPaths:
    - spec.http.0.route.0.destination.host
    options:
      delimiter: .
    select:
      group: networking.istio.io
      kind: VirtualService
      name: workspaces-frontend
      version: v1beta1
  - fieldPaths:
    - spec.host
    options:
      delimiter: .
    select:
      group: networking.istio.io
      kind: DestinationRule
      name: workspaces-frontend
      version: v1beta1
 - source:
    fieldPath: metadata.namespace
    kind: Service
    name: workspaces-frontend
    version: v1
  targets:
  - fieldPaths:
    - spec.http.0.route.0.destination.host
    options:
      delimiter: .
      index: 1
    select:
      group: networking.istio.io
      kind: VirtualService
      name: workspaces-frontend
      version: v1beta1
  - fieldPaths:
    - spec.host
    options:
      delimiter: .
      index: 1
    select:
      group: networking.istio.io
      kind: DestinationRule
      name: workspaces-frontend
      version: v1beta1
 - source:
    fieldPath: spec.ports.[name=http-ui].port
    kind: Service
    name: workspaces-frontend
    version: v1
  targets:
  - fieldPaths:
    - spec.http.0.route.0.destination.port.number
    select:
      group: networking.istio.io
      kind: VirtualService
      name: workspaces-frontend
      version: v1beta1