kubeflow
/
pipelines
mirror of https://github.com/kubeflow/pipelines.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix (#2122)

This commit is contained in:
IronPan 2019-09-15 08:46:17 +08:00 committed by GitHub
parent 3ec743a3e4
commit d0bf18d83b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 514 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/application.yaml
View File

@ -12,7 +12,7 @@ metadata:
spec:
descriptor:
type: Kubeflow Pipelines
version: '0.1.29'
version: '0.2'
description: |-
Machine Learning Pipeline on Kubernetes
maintainers:

72
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/argo.yaml
View File

@ -15,6 +15,76 @@ spec:
version: v1alpha1
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argo
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: argo-role
labels:
app.kubernetes.io/name: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: argo-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argo-role
subjects:
- kind: ServiceAccount
name: argo
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
data:
config: |
{
@ -105,5 +175,5 @@ spec:
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
serviceAccountName: {{ .Values.serviceAccount.argo}}
serviceAccountName: argo
terminationGracePeriodSeconds: 30

24
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/metadata.yaml
View File

@ -36,17 +36,25 @@ spec:
containers:
- name: container
image: {{ .Values.images.metadataserver }}
imagePullPolicy: 'Always'
env:
{{ if .Values.managedstorage.enabled }}
- name: DBCONFIG_USER
valueFrom:
secretKeyRef:
name: mysql-credential
key: username
valueFrom:
secretKeyRef:
name: mysql-credential
key: username
- name: DBCONFIG_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-credential
key: password
valueFrom:
secretKeyRef:
name: mysql-credential
key: password
{{ else }}
- name: DBCONFIG_USER
value: 'root'
- name: DBCONFIG_PASSWORD
value: ''
{{ end }}
command: ["/bin/metadata_store_server"]
args: ["--grpc_port=8080",
"--mysql_config_host=mysql",

381
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/pipeline.yaml
View File

@ -41,6 +41,375 @@ spec:
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline-persistenceagent
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline-scheduledworkflow
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline-ui
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline-viewer-crd-service-account
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ml-pipeline
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pipeline-runner
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ml-pipeline-persistenceagent-role
labels:
app.kubernetes.io/name: {{ .Release.Name }}
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: ml-pipeline-scheduledworkflow-role
name: ml-pipeline-scheduledworkflow-role
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: ml-pipeline-ui
name: ml-pipeline-ui
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- create
- get
- list
- apiGroups:
- kubeflow.org
resources:
- viewers
verbs:
- create
- get
- list
- watch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ml-pipeline-viewer-controller-role
labels:
app.kubernetes.io/name: {{ .Release.Name }}
rules:
- apiGroups:
- '*'
resources:
- deployments
- services
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- viewers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: ml-pipeline
name: ml-pipeline
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- create
- get
- list
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pipeline-runner
labels:
app.kubernetes.io/name: {{ .Release.Name }}
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumes
- persistentvolumeclaims
verbs:
- '*'
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
- services
verbs:
- '*'
- apiGroups:
- ""
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ml-pipeline-persistenceagent-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline-persistenceagent-role
subjects:
- kind: ServiceAccount
name: ml-pipeline-persistenceagent
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ml-pipeline-scheduledworkflow-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline-scheduledworkflow-role
subjects:
- kind: ServiceAccount
name: ml-pipeline-scheduledworkflow
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: ml-pipeline-ui
name: ml-pipeline-ui
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline-ui
subjects:
- kind: ServiceAccount
name: ml-pipeline-ui
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: ml-pipeline
name: ml-pipeline
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline
subjects:
- kind: ServiceAccount
name: ml-pipeline
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: pipeline-runner-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: pipeline-runner
subjects:
- kind: ServiceAccount
name: pipeline-runner
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ml-pipeline-viewer-crd-binding
labels:
app.kubernetes.io/name: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ml-pipeline-viewer-controller-role
subjects:
- kind: ServiceAccount
name: ml-pipeline-viewer-crd-service-account
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: Service
metadata:
labels:
@ -114,7 +483,7 @@ spec:
image: {{ .Values.images.persistenceagent }}
imagePullPolicy: IfNotPresent
name: ml-pipeline-persistenceagent
serviceAccountName: {{ .Values.serviceAccount.mlPipelinePersistenceAgent}}
serviceAccountName: ml-pipeline-persistenceagent
---
apiVersion: apps/v1beta2
kind: Deployment
@ -141,7 +510,7 @@ spec:
image: {{ .Values.images.scheduledworkflow }}
imagePullPolicy: IfNotPresent
name: ml-pipeline-scheduledworkflow
serviceAccountName: {{ .Values.serviceAccount.mlPipelineScheduledWorkflow}}
serviceAccountName: ml-pipeline-scheduledworkflow
---
apiVersion: apps/v1beta2
kind: Deployment
@ -170,7 +539,7 @@ spec:
name: ml-pipeline-ui
ports:
- containerPort: 3000
serviceAccountName: {{ .Values.serviceAccount.mlPipelineUI}}
serviceAccountName: ml-pipeline-ui
---
apiVersion: apps/v1beta2
kind: Deployment
@ -199,7 +568,7 @@ spec:
image: {{ .Values.images.viewercrd }}
imagePullPolicy: Always
name: ml-pipeline-viewer-crd
serviceAccountName: {{ .Values.serviceAccount.mlPipelineViewerCrd}}
serviceAccountName: ml-pipeline-viewer-crd-service-account
---
apiVersion: apps/v1beta2
kind: Deployment
@ -251,7 +620,7 @@ spec:
fieldRef:
fieldPath: metadata.namespace
- name: DEFAULTPIPELINERUNNERSERVICEACCOUNT
value: '{{ .Values.serviceAccount.pipelineRunner }}'
value: 'pipeline-runner'
# Following environment variables are only needed when using Cloud SQL and GCS.
{{ if .Values.managedstorage.enabled }}
- name: OBJECTSTORECONFIG_BUCKETNAME
@ -283,4 +652,4 @@ spec:
ports:
- containerPort: 8888
- containerPort: 8887
serviceAccountName: {{ .Values.serviceAccount.mlPipeline}}
serviceAccountName: ml-pipeline

40
manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/proxy.yaml
View File

@ -1,3 +1,41 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: proxy-agent-runner
labels:
app.kubernetes.io/name: {{ .Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: proxy-agent-runner
app.kubernetes.io/name: {{ .Release.Name }}
name: proxy-agent-runner
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: {{ .Release.Name }}
app: proxy-agent-runner
name: proxy-agent-runner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: proxy-agent-runner
subjects:
- kind: ServiceAccount
name: proxy-agent-runner
namespace: {{ .Release.Namespace }}
---
apiVersion: apps/v1beta2
kind: Deployment
metadata:
@ -20,4 +58,4 @@ spec:
- image: {{ .Values.images.proxyagent }}
imagePullPolicy: IfNotPresent
name: proxy-agent
serviceAccountName: {{ .Values.serviceAccount.proxyAgentRunner}}
serviceAccountName: proxy-agent-runner

10
manifests/gcp_marketplace/chart/kubeflow-pipelines/values.yaml
View File

@ -17,16 +17,6 @@ images:
gcpSecretName: "user-gcp-sa"
serviceAccountCredential: null
serviceAccount:
argo: null
mlPipeline: null
mlPipelinePersistenceAgent: null
mlPipelineScheduledWorkflow: null
mlPipelineUI: null
mlPipelineViewerCrd: null
pipelineRunner: null
proxyAgentRunner: null
managedstorage:
enabled: false
cloudsqlInstanceConnectionName: null

323
manifests/gcp_marketplace/schema.yaml
View File

@ -1,7 +1,7 @@
x-google-marketplace:
schemaVersion: v2
applicationApiVersion: v1beta1
publishedVersion: '0.1.29'
publishedVersion: '0.2'
publishedVersionMetadata:
releaseNote: >-
Initial release.
@ -81,6 +81,15 @@ x-google-marketplace:
- apiGroups: ['apiextensions.k8s.io']
resources: ['customresourcedefinitions']
verbs: ['*']
clusterConstraints:
resources:
- replicas: 3
requests:
cpu: 2
memory: 4Gi
affinity:
simpleNodeAffinity:
type: REQUIRE_ONE_NODE_PER_REPLICA
properties:
name:
@ -92,7 +101,7 @@ properties:
x-google-marketplace:
type: NAMESPACE
serviceAccountCredential:
title: Service Account credentials used to call other GCP services, such as CloudSQL.
title: Service Account credentials used to call other GCP services.
description: |-
To be able to call other GCP services, we need to be
authenticated. This field is used to store the content of the service account
@ -103,7 +112,7 @@ properties:
type: STRING
managedstorage.enabled:
type: boolean
title: Enable managed storage
title: Use managed storage
description: Use Cloud SQL and GCS for storing the data
default: false
managedstorage.cloudsqlInstanceConnectionName:
@ -119,314 +128,6 @@ properties:
type: string
title: database name prefix
serviceAccount.proxyAgentRunner:
type: string
title: ProxyAgentRunnerServiceAccount
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups: ['']
resources: ['configmaps']
verbs: ['*']
serviceAccount.mlPipelinePersistenceAgent:
type: string
title: mlPipelinePersistenceAgent
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- get
- list
- watch
serviceAccount.mlPipelineScheduledWorkflow:
type: string
title: mlPipelineScheduledWorkflow
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
serviceAccount.mlPipelineUI:
type: string
title: mlPipelineUI
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- create
- get
- list
- apiGroups:
- kubeflow.org
resources:
- viewers
verbs:
- create
- get
- list
- watch
- delete
serviceAccount.mlPipelineViewerCrd:
type: string
title: mlPipelineViewerCrd
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- '*'
resources:
- deployments
- services
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- viewers
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
serviceAccount.mlPipeline:
type: string
title: mlPipeline
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- kubeflow.org
resources:
- scheduledworkflows
verbs:
- create
- get
- list
- update
- patch
- delete
serviceAccount.pipelineRunner:
type: string
title: pipelineRunner
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumes
- persistentvolumeclaims
verbs:
- '*'
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- create
- delete
- get
- apiGroups:
- argoproj.io
resources:
- workflows
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
- services
verbs:
- '*'
- apiGroups:
- ""
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- kubeflow.org
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'
serviceAccount.argo:
type: string
title: argo
x-google-marketplace:
type: SERVICE_ACCOUNT
serviceAccount:
roles:
- type: Role
rulesType: CUSTOM
rules:
- apiGroups:
- ""
resources:
- pods
- pods/exec
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- apiGroups:
- argoproj.io
resources:
- workflows
- workflows/finalizers
verbs:
- get
- list
- watch
- update
- patch
- delete
required:
- name
- namespace