* add option to deploy mysql
* fix deployment errors
* remove temp code in development
* keep mysql deployment path same as before
* change the generic folder
* manifest error
* revert default cache path
* address comments
* Enable auth between pesistence agent and pipelineAPI (ReportServer)
1. Add authentication and authorization logic to PipelineAPI's PeportServer &
2. Make Persistence Agent authenticate itself through Service Account Token
Volume Projection.
Signed-off-by: diana <difince@gmail.com>
* Do not use MULTIUSER on report weorkflows
Only Persistent agent can KFPipeline API "Report (Scheduled)Workflows" no matter
the namespace workflows belongs to.
Signed-off-by: diana <difince@gmail.com>
* Add unit tests
- unit tests added
- do not stop the ticker on stopCh
Signed-off-by: diana <difince@gmail.com>
---------
Signed-off-by: diana <difince@gmail.com>
Updated the env variable from MINIO_NAMESPACE to NAMESPACE as in `backend/Dockerfile.viewercontroller`. This fixes an error that happens when you use a custom namespace instead of the default kubeflow, and the ml-pipeline-viewer-crd deployment goes into CrashLoopBackOff.
* Authorize readArtifacts and ReportMetrics endpoints
New Verbs (reportMetrics and readArtifact) are added to ClusterRole with name: aggregate-to-kubeflow-pipelines-edit
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
* Add authorization when Persistent Agent communicate with the api-server
Persistent Agent authorize itself based ot the namespace and the current user
Fixes: #7818
* Update persistence_agent.csv license file
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
* Fix lexical error in persistent agent cluster role
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
* Fix integration tests/Fix MULTIUSER= false usecase
Cover MULTIUSER=false usecase/Standalone pipeline installation.
In this case the namespace doesn't have `user` annotation and
there is no need to provide `kubeflow-userid` Header when making
a request against kfp-api-server
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
* rebase: fix conflixt in license file
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
* rebase add new line in the end of licensing file
Signed-off-by: Diana Atanasova <dianaa@vmware.com>
The apiserver config parser uses `viper.GetDuration` to parse the mysql
connection lifetime variable. The `viper.GetDuration` function uses
`cast.ToDuration`, which uses `cast.ToDurationE`, which assumes
durations to be in nanoseconds if they don't explictly include a unit.
Since the default lifetime in the kustomize manifest is `120`, we
expire connections after 120ns, which is probably unintended. To make
this more clear, this patch includes duration units in the default
values, and drops the `Secs` suffix from the configuration variables,
since the code doesn't assume that durations are in seconds.
See
22b2b540ce/caste.go (L68-L72).
* adding config for SetConnMaxLifetimeSec
making dbConMaxLifetime configurable
nit add time value
change the actual variable
* standardizing and documenting
* switched to getdurationconfig
Dharmit Dalvi
Chen Sun
Diana Atanasova
James Liu
Lingqing Gan
Diana Atanasova
Joe Li
Mark Gee
Ablai Akhazhanov
Alex
juliusvonkohout
Yuan Gong
Joshua Carp
alexeykaplin
XiyueYu
Yuan (Bob) Gong
Luis Magana