kubeflow
/
notebooks
mirror of https://github.com/kubeflow/notebooks.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Notebook Controller: Consolidate manifests (kubeflow/kubeflow#5723) 

* notebook-controller: Modify kubebuilder manifests

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>

* notebook-controller: Set storageVersion to v1

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>

* notebook-controller: Fix RBAC

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>

* notebook-controller: Regenerate manifests

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>

* notebook-controller: Remove unused kubebuilder manifests

Signed-off-by: Yannis Zarkadas <yanniszark@arrikto.com>
This commit is contained in:
Yannis Zarkadas 2021-03-19 19:22:16 +02:00 committed by GitHub
parent da3c7a6642
commit ae3b53f8d2
44 changed files with 831 additions and 2840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
components/notebook-controller/Makefile
View File

@ -53,7 +53,7 @@ deploy: manifests
# Generate manifests e.g. CRD, RBAC etc. # Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
# Run go fmt against code # Run go fmt against code
fmt: fmt:

4
components/notebook-controller/api/v1/notebook_types.go
View File

@ -60,7 +60,8 @@ type NotebookCondition struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// +kubebuilder:subresource:status // +kubebuilder:subresource:status
// +kubebuilder:storageversion
// +kubebuilder:resource:path=notebooks,singular=notebook,scope=Namespaced
// Notebook is the Schema for the notebooks API // Notebook is the Schema for the notebooks API
type Notebook struct { type Notebook struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`
@ -71,7 +72,6 @@ type Notebook struct {
} }
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// NotebookList contains a list of Notebook // NotebookList contains a list of Notebook
type NotebookList struct { type NotebookList struct {
metav1.TypeMeta `json:",inline"` metav1.TypeMeta `json:",inline"`

1
components/notebook-controller/api/v1beta1/notebook_types.go
View File

@ -60,7 +60,6 @@ type NotebookCondition struct {
// +kubebuilder:object:root=true // +kubebuilder:object:root=true
// +kubebuilder:subresource:status // +kubebuilder:subresource:status
// +kubebuilder:storageversion
// Notebook is the Schema for the notebooks API // Notebook is the Schema for the notebooks API
type Notebook struct { type Notebook struct {

30
components/notebook-controller/config/README.md Normal file
View File

@ -0,0 +1,30 @@
### Manifests
This folder contains manifests for installing `notebook-controller`. The structure is the following:
```
.
├── crd
├── default
├── manager
├── rbac
├── samples
├── base
├── overlays
│ ├── kubeflow
│ └── standalone
```
The breakdown is the following:
- `crd`, `default`, `manager`, `rbac`, `samples`: Kubebuilder-generated structure. We keep this in order to be compatible with kubebuilder workflows. This is not meant for the consumer of the manifests.
- `base`, `overlays`: Kustomizations meant for consumption by the user:
- `overlays/kubeflow`: Installs `notebook-controller` as part of Kubeflow. The resulting manifests should be the same as the result of the [deprecated `base_v3` from kubeflow/manifests](https://github.com/kubeflow/manifests/tree/306d02979124bc29e48152272ddd60a59be9306c/profiles/base_v3). At a glance, it makes the following changes:
- Use namespace `kubeflow`.
- Remove namespace resource.
- Add KFAM container.
- Add KFAM Service and VirtualService.
- `overlays/standalone`: Install `notebook-controller` in its own namespace. Useful for testing or for users that prefer to install just the controller.
### CRD Issue
We patch the kubebuilder-generated CRD with an older version. That's because the validation was more relaxed in a previous version and now we ended up with some clients and resources in a state that fails more detailed validation, but works correctly. For more information, see: https://github.com/kubeflow/kubeflow/issues/5722

11
components/notebook-controller/config/base/cluster-role-binding.yaml
View File

@ -1,11 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: role
subjects:
- kind: ServiceAccount
name: service-account

91
components/notebook-controller/config/base/crd.yaml
View File

@ -1,91 +0,0 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: notebooks.kubeflow.org
spec:
group: kubeflow.org
names:
kind: Notebook
plural: notebooks
singular: notebook
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha1
served: true
storage: false
- name: v1beta1
served: true
storage: true
- name: v1
served: true
storage: false
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
template:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
properties:
spec:
properties:
containers:
items:
properties:
resources:
properties:
limits:
properties:
memory:
type: string
pattern: '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$'
cpu:
type: string
pattern: '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$'
type: object
requests:
properties:
memory:
type: string
pattern: '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$'
cpu:
type: string
pattern: '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$'
type: object
type: object
type: object
type: array
type: object
type: object
type: object
status:
properties:
conditions:
description: Conditions is an array of current conditions
items:
properties:
type:
description: Type of the confition/
type: string
required:
- type
type: object
type: array
required:
- conditions
type: object

23
components/notebook-controller/config/base/deployment.yaml
View File

@ -1,23 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
containers:
- name: manager
image: gcr.io/kubeflow-images-public/notebook-controller:v20190614-v0-160-g386f2749-e3b0c4
command:
- /manager
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /metrics
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
serviceAccountName: service-account

15
components/notebook-controller/config/base/deployment_patch.yaml
View File

@ -1,15 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: manager
env:
# We use a patch to set the USE_ISTIO because in other patches
# we want to set it to a configMapRef and so if we include the value
# in the base when we do the merge we end up with 2 fields setting the value.
- name: USE_ISTIO
value: "false"

41
components/notebook-controller/config/base/kustomization.yaml
View File

@ -1,43 +1,4 @@
# TODO(https://github.com/kubeflow/manifests/issues/1052): Cleanup this up
# once kustomize_v3 migration is done.
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- cluster-role-binding.yaml - ../default
- cluster-role.yaml
- crd.yaml
- deployment.yaml
- service-account.yaml
- service.yaml
namePrefix: notebook-controller-
namespace: kubeflow
patchesStrategicMerge:
- deployment_patch.yaml
commonLabels:
app: notebook-controller
kustomize.component: notebook-controller
images:
- name: gcr.io/kubeflow-images-public/notebook-controller
newName: gcr.io/kubeflow-images-public/notebook-controller
newTag: vmaster-g6eb007d0
configMapGenerator:
- envs:
- params.env
name: parameters
generatorOptions:
disableNameSuffixHash: true
vars:
- fieldref:
fieldPath: data.USE_ISTIO
name: USE_ISTIO
objref:
apiVersion: v1
kind: ConfigMap
name: parameters
- fieldref:
fieldPath: data.ISTIO_GATEWAY
name: ISTIO_GATEWAY
objref:
apiVersion: v1
kind: ConfigMap
name: parameters

3
components/notebook-controller/config/base/params.env
View File

@ -1,3 +0,0 @@
POD_LABELS=gcp-cred-secret=user-gcp-sa,gcp-cred-secret-filename=user-gcp-sa.json
USE_ISTIO=false
ISTIO_GATEWAY=kubeflow/kubeflow-gateway

4
components/notebook-controller/config/base/service-account.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account

7
components/notebook-controller/config/base/service.yaml
View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: service
spec:
ports:
- port: 443

21
components/notebook-controller/config/base_v3/deployment_patch.yaml
View File

@ -1,21 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: manager
env:
- name: USE_ISTIO
valueFrom:
configMapKeyRef:
name: notebook-controller-config
key: USE_ISTIO
- name: ISTIO_GATEWAY
valueFrom:
configMapKeyRef:
name: notebook-controller-config
key: ISTIO_GATEWAY

26
components/notebook-controller/config/base_v3/kustomization.yaml
View File

@ -1,26 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
commonLabels:
app: notebook-controller
kustomize.component: notebook-controller
configMapGenerator:
- literals:
- USE_ISTIO=true
- ISTIO_GATEWAY=kubeflow/kubeflow-gateway
name: notebook-controller-config
images:
- name: gcr.io/kubeflow-images-public/notebook-controller
newName: gcr.io/kubeflow-images-public/notebook-controller
newTag: vmaster-g6eb007d0
kind: Kustomization
namePrefix: notebook-controller-
namespace: kubeflow
patchesStrategicMerge:
- deployment_patch.yaml
resources:
- ../base/cluster-role-binding.yaml
- ../base/cluster-role.yaml
- ../base/crd.yaml
- ../base/deployment.yaml
- ../base/service-account.yaml
- ../base/service.yaml
- ../overlays/application/application.yaml

24
components/notebook-controller/config/certmanager/certificate.yaml
View File

@ -1,24 +0,0 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
commonName: $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize

5
components/notebook-controller/config/certmanager/kustomization.yaml
View File

@ -1,5 +0,0 @@
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

16
components/notebook-controller/config/certmanager/kustomizeconfig.yaml
View File

@ -1,16 +0,0 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: certmanager.k8s.io
fieldSpecs:
- kind: Certificate
group: certmanager.k8s.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: certmanager.k8s.io
path: spec/commonName
- kind: Certificate
group: certmanager.k8s.io
path: spec/dnsNames

2913
components/notebook-controller/config/crd/bases/kubeflow.org_notebooks.yaml
View File

File diff suppressed because it is too large Load Diff

11
components/notebook-controller/config/crd/kustomization.yaml
View File

@ -7,6 +7,17 @@ resources:
patchesStrategicMerge: patchesStrategicMerge:
- patches/trivial_conversion_patch.yaml - patches/trivial_conversion_patch.yaml
patchesJson6902:
# Remove once the following issue is resolved:
# https://github.com/kubeflow/kubeflow/issues/5722
- path: patches/old_crd.yaml
target:
group: apiextensions.k8s.io
version: v1beta1
kind: CustomResourceDefinition
name: notebooks.kubeflow.org
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD # patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_notebooks.yaml #- patches/webhook_in_notebooks.yaml

64
components/notebook-controller/config/crd/patches/old_crd.yaml Normal file
View File

@ -0,0 +1,64 @@
# Use the old CRD because of the quantity validation issue:
# https://github.com/kubeflow/kubeflow/issues/5722
- op: replace
path: /spec
value:
group: kubeflow.org
names:
kind: Notebook
plural: notebooks
singular: notebook
scope: Namespaced
subresources:
status: {}
versions:
- name: v1alpha1
served: true
storage: false
- name: v1beta1
served: true
storage: false
- name: v1
served: true
storage: true
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
template:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "make" to regenerate code after modifying this file'
properties:
spec:
type: object
type: object
type: object
status:
properties:
conditions:
description: Conditions is an array of current conditions
items:
properties:
type:
description: Type of the confition/
type: string
required:
- type
type: object
type: array
required:
- conditions
type: object

6
components/notebook-controller/config/default/kustomization.yaml
View File

@ -9,8 +9,10 @@ namespace: notebook-controller-system
namePrefix: notebook-controller- namePrefix: notebook-controller-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
#commonLabels: commonLabels:
# someName: someValue app: notebook-controller
kustomize.component: notebook-controller
bases: bases:
- ../crd - ../crd

7
components/notebook-controller/config/manager/kustomization.yaml
View File

@ -1,2 +1,9 @@
resources: resources:
- manager.yaml - manager.yaml
- service-account.yaml
- service.yaml
configMapGenerator:
- name: config
literals:
- USE_ISTIO=true
- ISTIO_GATEWAY=kubeflow/kubeflow-gateway

49
components/notebook-controller/config/manager/manager.yaml
View File

@ -8,32 +8,37 @@ metadata:
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: controller-manager name: deployment
namespace: system
labels:
control-plane: controller-manager
spec: spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template: template:
metadata: metadata:
labels: labels:
control-plane: controller-manager app: notebook-controller
kustomize.component: notebook-controller
annotations:
sidecar.istio.io/inject: "false"
spec: spec:
containers: containers:
- command: - name: manager
image: gcr.io/kubeflow-images-public/notebook-controller:vmaster-g6eb007d0
command:
- /manager - /manager
args: env:
- --enable-leader-election - name: USE_ISTIO
image: controller:latest valueFrom:
name: manager configMapKeyRef:
resources: name: config
limits: key: USE_ISTIO
cpu: 100m - name: ISTIO_GATEWAY
memory: 30Mi valueFrom:
requests: configMapKeyRef:
cpu: 100m name: config
memory: 20Mi key: ISTIO_GATEWAY
terminationGracePeriodSeconds: 10 imagePullPolicy: Always
livenessProbe:
httpGet:
path: /metrics
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
serviceAccountName: service-account

37
components/notebook-controller/config/overlays/application/application.yaml
View File

@ -1,37 +0,0 @@
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: notebook-controller
spec:
selector:
matchLabels:
app.kubernetes.io/component: notebook-controller
app.kubernetes.io/name: notebook-controller
componentKinds:
- group: core
kind: ConfigMap
- group: apps
kind: Deployment
- group: core
kind: Service
- group: core
kind: ServiceAccount
descriptor:
type: notebook-controller
version: v1beta1
description: Notebooks controller allows users to create a custom resource \"Notebook\" (jupyter notebook).
maintainers:
- name: Lun-kai Hsu
email: lunkai@google.com
owners:
- name: Lun-kai Hsu
email: lunkai@gogle.com
keywords:
- jupyter
- notebook
- notebook-controller
- jupyterhub
links:
- description: About
url: "https://github.com/kubeflow/kubeflow/tree/master/components/notebook-controller"
addOwnerRef: true

9
components/notebook-controller/config/overlays/application/kustomization.yaml
View File

@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
bases:
- ../../base
commonLabels:
app.kubernetes.io/component: notebook-controller
app.kubernetes.io/name: notebook-controller
kind: Kustomization
resources:
- application.yaml

14
components/notebook-controller/config/overlays/istio/deployment.yaml
View File

@ -1,14 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment
spec:
template:
spec:
containers:
- name: manager
env:
- name: USE_ISTIO
value: $(USE_ISTIO)
- name: ISTIO_GATEWAY
value: $(ISTIO_GATEWAY)

13
components/notebook-controller/config/overlays/istio/kustomization.yaml
View File

@ -1,13 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- ../../base
patchesStrategicMerge:
- deployment.yaml
configMapGenerator:
- name: parameters
behavior: merge
envs:
- params.env
generatorOptions:
disableNameSuffixHash: true

2
components/notebook-controller/config/overlays/istio/params.env
View File

@ -1,2 +0,0 @@
USE_ISTIO=true
ISTIO_GATEWAY=kubeflow/kubeflow-gateway

13
components/notebook-controller/config/overlays/kubeflow/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namespace: kubeflow
patchesStrategicMerge:
- patches/remove-namespace.yaml
configMapGenerator:
- name: config
behavior: merge
literals:
- USE_ISTIO=true
- ISTIO_GATEWAY=kubeflow/kubeflow-gateway

5
components/notebook-controller/config/overlays/kubeflow/patches/remove-namespace.yaml Normal file
View File

@ -0,0 +1,5 @@
$patch: delete
apiVersion: v1
kind: Namespace
metadata:
name: notebook-controller-system

10
components/notebook-controller/config/overlays/standalone/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
namespace: notebook-controller-system
configMapGenerator:
- name: config
behavior: merge
literals:
- USE_ISTIO=false

3
components/notebook-controller/config/rbac/auth_proxy_role_binding.yaml
View File

@ -8,5 +8,4 @@ roleRef:
name: proxy-role name: proxy-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: service-account
namespace: system

1
components/notebook-controller/config/rbac/kustomization.yaml
View File

@ -3,6 +3,7 @@ resources:
- role_binding.yaml - role_binding.yaml
- leader_election_role.yaml - leader_election_role.yaml
- leader_election_role_binding.yaml - leader_election_role_binding.yaml
- user_cluster_roles.yaml
# Comment the following 3 lines if you want to disable # Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy) # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint. # which protects your /metrics endpoint.

3
components/notebook-controller/config/rbac/leader_election_role_binding.yaml
View File

@ -8,5 +8,4 @@ roleRef:
name: leader-election-role name: leader-election-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: service-account
namespace: system

57
components/notebook-controller/config/rbac/role.yaml
View File

@ -4,65 +4,48 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: manager-role name: role
rules: rules:
- apiGroups: - apiGroups:
- apps - apps
resources: resources:
- statefulsets - statefulsets
verbs: verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create - create
- delete
- get - get
- list - list
- patch
- update
- watch - watch
- apiGroups: - apiGroups:
- apps - ""
resources: resources:
- statefulsets/status - pods
verbs: verbs:
- get - get
- patch - list
- update - watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- services - services
verbs: verbs:
- create - '*'
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups: - apiGroups:
- kubeflow.org - kubeflow.org
resources: resources:
- notebooks - notebooks
verbs: - notebooks/finalizers
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- kubeflow.org
resources:
- notebooks/status - notebooks/status
verbs: verbs:
- get - '*'
- patch - apiGroups:
- update - networking.istio.io
resources:
- virtualservices
verbs:
- '*'

7
components/notebook-controller/config/rbac/role_binding.yaml
View File

@ -1,12 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: manager-rolebinding name: role-binding
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: manager-role name: role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: default name: service-account
namespace: system

52
components/notebook-controller/config/base/cluster-role.yaml → components/notebook-controller/config/rbac/user_cluster_roles.yaml
View File

@ -1,55 +1,3 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: role
rules:
- apiGroups:
- apps
resources:
- statefulsets
- deployments
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- apiGroups:
- kubeflow.org
resources:
- notebooks
- notebooks/status
- notebooks/finalizers
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- virtualservices
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:

7
components/notebook-controller/config/samples/v1alpha1_notebook.yaml
View File

@ -1,7 +0,0 @@
apiVersion: kubeflow.org/v1alpha1
kind: Notebook
metadata:
name: notebook-sample
spec:
# Add fields here
foo: bar

7
components/notebook-controller/config/samples/v1beta1_notebook.yaml
View File

@ -1,7 +0,0 @@
apiVersion: kubeflow.org/v1beta1
kind: Notebook
metadata:
name: notebook-sample
spec:
# Add fields here
foo: bar

6
components/notebook-controller/config/webhook/kustomization.yaml
View File

@ -1,6 +0,0 @@
resources:
- manifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml

25
components/notebook-controller/config/webhook/kustomizeconfig.yaml
View File

@ -1,25 +0,0 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations

0
components/notebook-controller/config/webhook/manifests.yaml
View File

12
components/notebook-controller/config/webhook/service.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 443
selector:
control-plane: controller-manager

12
components/notebook-controller/controllers/notebook_controller.go
View File

@ -75,12 +75,12 @@ type NotebookReconciler struct {
EventRecorder record.EventRecorder EventRecorder record.EventRecorder
} }
// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch
// +kubebuilder:rbac:groups=apps,resources=statefulsets/status,verbs=get;update;patch // +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create
// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core,resources=services,verbs="*"
// +kubebuilder:rbac:groups=core,resources=services/status,verbs=get;update;patch // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs="*"
// +kubebuilder:rbac:groups=kubeflow.org,resources=notebooks,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kubeflow.org,resources=notebooks;notebooks/status;notebooks/finalizers,verbs="*"
// +kubebuilder:rbac:groups=kubeflow.org,resources=notebooks/status,verbs=get;update;patch // +kubebuilder:rbac:groups="networking.istio.io",resources=virtualservices,verbs="*"
func (r *NotebookReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { func (r *NotebookReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background() ctx := context.Background()