fix (#2122)
This commit is contained in:
IronPan
GitHub
parent
3ec743a3e4
commit
d0bf18d83b
|
|
@ -12,7 +12,7 @@ metadata:
|
|||
spec:
|
||||
descriptor:
|
||||
type: Kubeflow Pipelines
|
||||
version: '0.1.29'
|
||||
version: '0.2'
|
||||
description: |-
|
||||
Machine Learning Pipeline on Kubernetes
|
||||
maintainers:
|
||||
|
|
|
|||
|
|
@ -15,6 +15,76 @@ spec:
|
|||
version: v1alpha1
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: argo
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: argo-role
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
- workflows/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: argo-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: argo-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: argo
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: v1
|
||||
data:
|
||||
config: |
|
||||
{
|
||||
|
|
@ -105,5 +175,5 @@ spec:
|
|||
dnsPolicy: ClusterFirst
|
||||
restartPolicy: Always
|
||||
schedulerName: default-scheduler
|
||||
serviceAccountName: {{ .Values.serviceAccount.argo}}
|
||||
serviceAccountName: argo
|
||||
terminationGracePeriodSeconds: 30
|
||||
|
|
|
|||
|
|
@ -36,7 +36,9 @@ spec:
|
|||
containers:
|
||||
- name: container
|
||||
image: {{ .Values.images.metadataserver }}
|
||||
imagePullPolicy: 'Always'
|
||||
env:
|
||||
{{ if .Values.managedstorage.enabled }}
|
||||
- name: DBCONFIG_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
|
|
@ -47,6 +49,12 @@ spec:
|
|||
secretKeyRef:
|
||||
name: mysql-credential
|
||||
key: password
|
||||
{{ else }}
|
||||
- name: DBCONFIG_USER
|
||||
value: 'root'
|
||||
- name: DBCONFIG_PASSWORD
|
||||
value: ''
|
||||
{{ end }}
|
||||
command: ["/bin/metadata_store_server"]
|
||||
args: ["--grpc_port=8080",
|
||||
"--mysql_config_host=mysql",
|
||||
|
|
|
|||
|
|
@ -41,6 +41,375 @@ spec:
|
|||
storage: true
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ml-pipeline-persistenceagent
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ml-pipeline-scheduledworkflow
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ml-pipeline-ui
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ml-pipeline-viewer-crd-service-account
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ml-pipeline
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: pipeline-runner
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ml-pipeline-persistenceagent-role
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: ml-pipeline-scheduledworkflow-role
|
||||
name: ml-pipeline-scheduledworkflow-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: ml-pipeline-ui
|
||||
name: ml-pipeline-ui
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- viewers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: ml-pipeline-viewer-controller-role
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- deployments
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- viewers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: ml-pipeline
|
||||
name: ml-pipeline
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: pipeline-runner
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- snapshot.storage.k8s.io
|
||||
resources:
|
||||
- volumesnapshots
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
- pods/log
|
||||
- services
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- deployments
|
||||
- replicasets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ml-pipeline-persistenceagent-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ml-pipeline-persistenceagent-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ml-pipeline-persistenceagent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ml-pipeline-scheduledworkflow-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ml-pipeline-scheduledworkflow-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ml-pipeline-scheduledworkflow
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: ml-pipeline-ui
|
||||
name: ml-pipeline-ui
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ml-pipeline-ui
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ml-pipeline-ui
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: ml-pipeline
|
||||
name: ml-pipeline
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ml-pipeline
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ml-pipeline
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: pipeline-runner-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: pipeline-runner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: pipeline-runner
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: ml-pipeline-viewer-crd-binding
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: ml-pipeline-viewer-controller-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ml-pipeline-viewer-crd-service-account
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
|
|
@ -114,7 +483,7 @@ spec:
|
|||
image: {{ .Values.images.persistenceagent }}
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: ml-pipeline-persistenceagent
|
||||
serviceAccountName: {{ .Values.serviceAccount.mlPipelinePersistenceAgent}}
|
||||
serviceAccountName: ml-pipeline-persistenceagent
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
|
|
@ -141,7 +510,7 @@ spec:
|
|||
image: {{ .Values.images.scheduledworkflow }}
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: ml-pipeline-scheduledworkflow
|
||||
serviceAccountName: {{ .Values.serviceAccount.mlPipelineScheduledWorkflow}}
|
||||
serviceAccountName: ml-pipeline-scheduledworkflow
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
|
|
@ -170,7 +539,7 @@ spec:
|
|||
name: ml-pipeline-ui
|
||||
ports:
|
||||
- containerPort: 3000
|
||||
serviceAccountName: {{ .Values.serviceAccount.mlPipelineUI}}
|
||||
serviceAccountName: ml-pipeline-ui
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
|
|
@ -199,7 +568,7 @@ spec:
|
|||
image: {{ .Values.images.viewercrd }}
|
||||
imagePullPolicy: Always
|
||||
name: ml-pipeline-viewer-crd
|
||||
serviceAccountName: {{ .Values.serviceAccount.mlPipelineViewerCrd}}
|
||||
serviceAccountName: ml-pipeline-viewer-crd-service-account
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
|
|
@ -251,7 +620,7 @@ spec:
|
|||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: DEFAULTPIPELINERUNNERSERVICEACCOUNT
|
||||
value: '{{ .Values.serviceAccount.pipelineRunner }}'
|
||||
value: 'pipeline-runner'
|
||||
# Following environment variables are only needed when using Cloud SQL and GCS.
|
||||
{{ if .Values.managedstorage.enabled }}
|
||||
- name: OBJECTSTORECONFIG_BUCKETNAME
|
||||
|
|
@ -283,4 +652,4 @@ spec:
|
|||
ports:
|
||||
- containerPort: 8888
|
||||
- containerPort: 8887
|
||||
serviceAccountName: {{ .Values.serviceAccount.mlPipeline}}
|
||||
serviceAccountName: ml-pipeline
|
||||
|
|
|
|||
|
|
@ -1,3 +1,41 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: proxy-agent-runner
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app: proxy-agent-runner
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
name: proxy-agent-runner
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}
|
||||
app: proxy-agent-runner
|
||||
name: proxy-agent-runner
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: proxy-agent-runner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: proxy-agent-runner
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
|
@ -20,4 +58,4 @@ spec:
|
|||
- image: {{ .Values.images.proxyagent }}
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: proxy-agent
|
||||
serviceAccountName: {{ .Values.serviceAccount.proxyAgentRunner}}
|
||||
serviceAccountName: proxy-agent-runner
|
||||
|
|
|
|||
|
|
@ -17,16 +17,6 @@ images:
|
|||
gcpSecretName: "user-gcp-sa"
|
||||
serviceAccountCredential: null
|
||||
|
||||
serviceAccount:
|
||||
argo: null
|
||||
mlPipeline: null
|
||||
mlPipelinePersistenceAgent: null
|
||||
mlPipelineScheduledWorkflow: null
|
||||
mlPipelineUI: null
|
||||
mlPipelineViewerCrd: null
|
||||
pipelineRunner: null
|
||||
proxyAgentRunner: null
|
||||
|
||||
managedstorage:
|
||||
enabled: false
|
||||
cloudsqlInstanceConnectionName: null
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
x-google-marketplace:
|
||||
schemaVersion: v2
|
||||
applicationApiVersion: v1beta1
|
||||
publishedVersion: '0.1.29'
|
||||
publishedVersion: '0.2'
|
||||
publishedVersionMetadata:
|
||||
releaseNote: >-
|
||||
Initial release.
|
||||
|
|
@ -81,6 +81,15 @@ x-google-marketplace:
|
|||
- apiGroups: ['apiextensions.k8s.io']
|
||||
resources: ['customresourcedefinitions']
|
||||
verbs: ['*']
|
||||
clusterConstraints:
|
||||
resources:
|
||||
- replicas: 3
|
||||
requests:
|
||||
cpu: 2
|
||||
memory: 4Gi
|
||||
affinity:
|
||||
simpleNodeAffinity:
|
||||
type: REQUIRE_ONE_NODE_PER_REPLICA
|
||||
|
||||
properties:
|
||||
name:
|
||||
|
|
@ -92,7 +101,7 @@ properties:
|
|||
x-google-marketplace:
|
||||
type: NAMESPACE
|
||||
serviceAccountCredential:
|
||||
title: Service Account credentials used to call other GCP services, such as CloudSQL.
|
||||
title: Service Account credentials used to call other GCP services.
|
||||
description: |-
|
||||
To be able to call other GCP services, we need to be
|
||||
authenticated. This field is used to store the content of the service account
|
||||
|
|
@ -103,7 +112,7 @@ properties:
|
|||
type: STRING
|
||||
managedstorage.enabled:
|
||||
type: boolean
|
||||
title: Enable managed storage
|
||||
title: Use managed storage
|
||||
description: Use Cloud SQL and GCS for storing the data
|
||||
default: false
|
||||
managedstorage.cloudsqlInstanceConnectionName:
|
||||
|
|
@ -119,314 +128,6 @@ properties:
|
|||
type: string
|
||||
title: database name prefix
|
||||
|
||||
serviceAccount.proxyAgentRunner:
|
||||
type: string
|
||||
title: ProxyAgentRunnerServiceAccount
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups: ['']
|
||||
resources: ['configmaps']
|
||||
verbs: ['*']
|
||||
serviceAccount.mlPipelinePersistenceAgent:
|
||||
type: string
|
||||
title: mlPipelinePersistenceAgent
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
serviceAccount.mlPipelineScheduledWorkflow:
|
||||
type: string
|
||||
title: mlPipelineScheduledWorkflow
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
serviceAccount.mlPipelineUI:
|
||||
type: string
|
||||
title: mlPipelineUI
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/log
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- viewers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
serviceAccount.mlPipelineViewerCrd:
|
||||
type: string
|
||||
title: mlPipelineViewerCrd
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
resources:
|
||||
- deployments
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- viewers
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
serviceAccount.mlPipeline:
|
||||
type: string
|
||||
title: mlPipeline
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- scheduledworkflows
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
serviceAccount.pipelineRunner:
|
||||
type: string
|
||||
title: pipelineRunner
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- snapshot.storage.k8s.io
|
||||
resources:
|
||||
- volumesnapshots
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
- pods/log
|
||||
- services
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- deployments
|
||||
- replicasets
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- kubeflow.org
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- '*'
|
||||
serviceAccount.argo:
|
||||
type: string
|
||||
title: argo
|
||||
x-google-marketplace:
|
||||
type: SERVICE_ACCOUNT
|
||||
serviceAccount:
|
||||
roles:
|
||||
- type: Role
|
||||
rulesType: CUSTOM
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- apiGroups:
|
||||
- argoproj.io
|
||||
resources:
|
||||
- workflows
|
||||
- workflows/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
|
||||
required:
|
||||
- name
|
||||
- namespace
|
||||
|
|
|
|||
Loading…
Reference in New Issue