diff --git a/Makefile b/Makefile index bb5837e27f..016f716d7f 100644 --- a/Makefile +++ b/Makefile @@ -16,7 +16,7 @@ # - The help target was derived from https://stackoverflow.com/a/35730328/5601796 VENV ?= .venv -KFP_TEKTON_RELEASE ?= v0.6.0 +KFP_TEKTON_RELEASE ?= v0.7.0 export VIRTUAL_ENV := $(abspath ${VENV}) export PATH := ${VIRTUAL_ENV}/bin:${PATH} DOCKER_REGISTRY ?= aipipeline diff --git a/VERSION b/VERSION index a918a2aa18..faef31a435 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.6.0 +0.7.0 diff --git a/guides/kfp_tekton_install.md b/guides/kfp_tekton_install.md index d71f372db6..67f1fcb813 100644 --- a/guides/kfp_tekton_install.md +++ b/guides/kfp_tekton_install.md @@ -35,18 +35,24 @@ To install the standalone Kubeflow Pipelines with Tekton, run the following step 1. Install [Tekton v0.21.0](https://github.com/tektoncd/pipeline/releases/tag/v0.21.0) -2. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v0.6.0` [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)(CRDs). +2. Enable custom task for pipeline loops and other feature flags for kfp-tekton + ```shell + kubectl patch cm feature-flags -n tekton-pipelines \ + -p '{"data":{"disable-home-env-overwrite":"true","disable-working-directory-overwrite":"true", "enable-custom-tasks": "true"}}' + ``` + +3. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v0.7.0` [custom resource definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)(CRDs). > Note: You can ignore the error `no matches for kind "Application" in version "app.k8s.io/v1beta1"` since it's a warning saying `application` CRD is not yet ready. ```shell - kubectl apply --selector kubeflow/crd-install=true -f install/v0.6.0/kfp-tekton.yaml + kubectl apply --selector kubeflow/crd-install=true -f install/v0.7.0/kfp-tekton.yaml ``` -3. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v0.6.0` deployment +4. Install Kubeflow Pipelines with Tekton backend (`kfp-tekton`) `v0.7.0` deployment ```shell - kubectl apply -f install/v0.6.0/kfp-tekton.yaml + kubectl apply -f install/v0.7.0/kfp-tekton.yaml ``` -4. Then, if you want to expose the Kubeflow Pipelines endpoint outside the cluster, run the following commands: +5. Then, if you want to expose the Kubeflow Pipelines endpoint outside the cluster, run the following commands: ```shell kubectl patch svc ml-pipeline-ui -n kubeflow -p '{"spec": {"type": "LoadBalancer"}}' ``` diff --git a/install/v0.7.0/kfp-tekton.yaml b/install/v0.7.0/kfp-tekton.yaml new file mode 100644 index 0000000000..14ccb7d4d3 --- /dev/null +++ b/install/v0.7.0/kfp-tekton.yaml @@ -0,0 +1,2825 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + application-crd-id: kubeflow-pipelines + controller-tools.k8s.io: "1.0" + kubeflow/crd-install: "true" + name: applications.app.k8s.io +spec: + group: app.k8s.io + names: + kind: Application + plural: applications + scope: Namespaced + validation: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + addOwnerRef: + type: boolean + assemblyPhase: + type: string + componentKinds: + items: + type: object + type: array + descriptor: + properties: + description: + type: string + icons: + items: + properties: + size: + type: string + src: + type: string + type: + type: string + required: + - src + type: object + type: array + keywords: + items: + type: string + type: array + links: + items: + properties: + description: + type: string + url: + type: string + type: object + type: array + maintainers: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + notes: + type: string + owners: + items: + properties: + email: + type: string + name: + type: string + url: + type: string + type: object + type: array + type: + type: string + version: + type: string + type: object + info: + items: + properties: + name: + type: string + type: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + ingressRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + host: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + secretKeyRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + key: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + resourceVersion: + type: string + uid: + type: string + type: object + serviceRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + path: + type: string + port: + format: int32 + type: integer + resourceVersion: + type: string + uid: + type: string + type: object + type: + type: string + type: object + type: object + type: array + selector: + type: object + type: object + status: + properties: + components: + items: + properties: + group: + type: string + kind: + type: string + link: + type: string + name: + type: string + status: + type: string + type: object + type: array + conditions: + items: + properties: + lastTransitionTime: + format: date-time + type: string + lastUpdateTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + required: + - type + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + type: object + version: v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + version: devel + name: pipelineloops.custom.tekton.dev +spec: + group: custom.tekton.dev + names: + categories: + - tekton + - tekton-pipelines + kind: PipelineLoop + plural: pipelineloops + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + application-crd-id: kubeflow-pipelines + kubeflow/crd-install: "true" + name: scheduledworkflows.kubeflow.org +spec: + group: kubeflow.org + names: + kind: ScheduledWorkflow + listKind: ScheduledWorkflowList + plural: scheduledworkflows + shortNames: + - swf + singular: scheduledworkflow + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + labels: + application-crd-id: kubeflow-pipelines + kubeflow/crd-install: "true" + name: viewers.kubeflow.org +spec: + group: kubeflow.org + names: + kind: Viewer + listKind: ViewerList + plural: viewers + shortNames: + - vi + singular: viewer + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: webhook.pipelineloop.custom.tekton.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + name: webhook.pipelineloop.custom.tekton.dev + sideEffects: None +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: application + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-container-builder + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-viewer + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: application-manager-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - app.k8s.io + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-role + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-cache-role + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - taskruns + - taskruns/status + verbs: + - get + - list + - watch + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: kubeflow-pipelines-metadata-writer-role + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-role + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - get + - list + - watch + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - update + - patch + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - get + - list + - watch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-scheduledworkflow-role + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-role + namespace: kubeflow +rules: +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - scheduledworkflows + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get +- apiGroups: + - "" + resources: + - events + verbs: + - list +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - delete +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-controller-role + namespace: kubeflow +rules: +- apiGroups: + - '*' + resources: + - deployments + - services + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - kubeflow.org + resources: + - viewers + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner + namespace: kubeflow +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list +- apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - '*' +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - pods + - pods/exec + - pods/log + - services + verbs: + - '*' +- apiGroups: + - "" + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - '*' + verbs: + - '*' +- apiGroups: + - batch + resources: + - jobs + verbs: + - '*' +- apiGroups: + - machinelearning.seldon.io + resources: + - seldondeployments + verbs: + - '*' +- apiGroups: + - tekton.dev + resources: + - pipelineruns + - taskruns + - conditions + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - config-leader-election + - config-logging + - config-observability + resources: + - configmaps + verbs: + - get +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - config-logging + - config-observability + - config-leader-election + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch +- apiGroups: + - "" + resourceNames: + - tekton-pipelineloop-webhook-certs + resources: + - secrets + verbs: + - get + - update +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kubeflow-pipelines-cache-deployer-clusterrole + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrole +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - create + - delete + - get + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch +- apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/* + resources: + - signers + verbs: + - approve +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-cluster-access +rules: +- apiGroups: + - tekton.dev + resources: + - runs + - taskruns + - pipelineruns + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - tekton.dev + resources: + - runs/status + - taskruns/status + - pipelineruns/status + - runs/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - custom.tekton.dev + resources: + - pipelineloops + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-tenant-access +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-leader-election +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-cluster-access +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - customresourcedefinitions/status + verbs: + - get + - list + - update + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - webhook.pipelineloop.custom.tekton.dev + resources: + - mutatingwebhookconfigurations + verbs: + - get + - update +- apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - validation.webhook.pipelineloop.custom.tekton.dev + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +- apiGroups: + - policy + resourceNames: + - tekton-pipelines + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: application-manager-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: application-manager-role +subjects: +- kind: ServiceAccount + name: application + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-rolebinding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-cache-deployer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-metadata-writer-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeflow-pipelines-metadata-writer-role +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-metadata-writer + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline +subjects: +- kind: ServiceAccount + name: ml-pipeline + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-persistenceagent-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-persistenceagent + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-scheduledworkflow-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-ui +subjects: +- kind: ServiceAccount + name: ml-pipeline-ui + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ml-pipeline-viewer-controller-role +subjects: +- kind: ServiceAccount + name: ml-pipeline-viewer-crd-service-account + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-runner-binding + namespace: kubeflow +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipeline-runner +subjects: +- kind: ServiceAccount + name: pipeline-runner + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelineloop-controller +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelineloop-webhook +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeflow-pipelines-cache-deployer-clusterrole +subjects: +- kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + namespace: kubeflow +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-cluster-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-controller-cluster-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-leaderelection +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-leader-election +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-controller-tenant-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-controller-tenant-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-cluster-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-webhook-cluster-access +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + name: tekton-pipelineloop-webhook-leaderelection +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: tekton-pipelineloop-leader-election +subjects: +- kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +--- +apiVersion: v1 +data: + archive_logs: "false" + artifact_bucket: mlpipeline + artifact_endpoint: minio-service.kubeflow:9000 + artifact_endpoint_scheme: http:// + artifact_image: minio/mc:RELEASE.2020-11-25T23-04-07Z + artifact_script: |- + #!/usr/bin/env sh + push_artifact() { + tar -cvzf $1.tgz $2 + mc cp $1.tgz storage/$ARTIFACT_BUCKET/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz + } + push_log() { + cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log + push_artifact main-log step-main.log + } + strip_eof() { + awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 + } + mc config host add storage ${ARTIFACT_ENDPOINT_SCHEME}${ARTIFACT_ENDPOINT} $AWS_ACCESS_KEY_ID $AWS_SECRET_ACCESS_KEY + inject_default_script: "true" + strip_eof: "false" + track_artifacts: "true" +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: kfp-tekton-config + namespace: kubeflow +--- +apiVersion: v1 +data: + METADATA_GRPC_SERVICE_HOST: metadata-grpc-service + METADATA_GRPC_SERVICE_PORT: "8080" +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + viewer-pod-template.json: |- + { + "spec": { + "serviceAccountName": "kubeflow-pipelines-viewer" + } + } +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui-configmap + namespace: kubeflow +--- +apiVersion: v1 +data: + appName: pipeline + appVersion: 1.4.0 + autoUpdatePipelineDefaultVersion: "true" + bucketName: mlpipeline + cacheDb: cachedb + containerRuntimeExecutor: docker + cronScheduleTimezone: '''UTC''' + dbHost: mysql + dbPort: "3306" + mlmdDb: metadb + pipelineDb: mlpipeline +kind: ConfigMap +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: pipeline-install-config-dbgfc67m6c + namespace: kubeflow +--- +apiVersion: v1 +data: + accesskey: bWluaW8= + secretkey: bWluaW8xMjM= +kind: Secret +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mlpipeline-minio-artifact + namespace: kubeflow +type: Opaque +--- +apiVersion: v1 +data: + password: "" + username: cm9vdA== +kind: Secret +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql-secret-fd5gktm75t + namespace: kubeflow +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: tekton-pipelineloop-webhook-certs + namespace: tekton-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + ports: + - port: 443 + targetPort: webhook-api + selector: + app: cache-server + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: controller-manager-service + namespace: kubeflow +spec: + ports: + - port: 443 + selector: + application-crd-id: kubeflow-pipelines + control-plane: controller-manager + controller-tools.k8s.io: "1.0" +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata-envoy + application-crd-id: kubeflow-pipelines + name: metadata-envoy-service + namespace: kubeflow +spec: + ports: + - name: md-envoy + port: 9090 + protocol: TCP + selector: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: metadata + application-crd-id: kubeflow-pipelines + name: metadata-grpc-service + namespace: kubeflow +spec: + ports: + - name: grpc-api + port: 8080 + protocol: TCP + selector: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: minio-service + namespace: kubeflow +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + - name: grpc + port: 8887 + protocol: TCP + targetPort: 8887 + selector: + app: ml-pipeline + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 3000 + selector: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + ports: + - name: http + port: 8888 + protocol: TCP + targetPort: 8888 + selector: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql + namespace: kubeflow +spec: + ports: + - port: 3306 + protocol: TCP + targetPort: 3306 + selector: + app: mysql + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + name: cache-deployer-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: cache-deployer + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/cache-deployer:1.4.0 + imagePullPolicy: Always + name: main + restartPolicy: Always + serviceAccountName: kubeflow-pipelines-cache-deployer-sa +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + name: cache-server + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: cache-server + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: cache-server + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - --db_driver=$(DBCONFIG_DRIVER) + - --db_host=$(DBCONFIG_HOST_NAME) + - --db_port=$(DBCONFIG_PORT) + - --db_name=$(DBCONFIG_DB_NAME) + - --db_user=$(DBCONFIG_USER) + - --db_password=$(DBCONFIG_PASSWORD) + - --namespace_to_watch=$(NAMESPACE_TO_WATCH) + env: + - name: DBCONFIG_DRIVER + value: mysql + - name: DBCONFIG_DB_NAME + valueFrom: + configMapKeyRef: + key: cacheDb + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_HOST_NAME + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: docker.io/aipipeline/cache-server:0.7.0 + imagePullPolicy: Always + name: server + ports: + - containerPort: 8443 + name: webhook-api + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-tls-certs + readOnly: true + serviceAccountName: kubeflow-pipelines-cache + volumes: + - name: webhook-tls-certs + secret: + secretName: webhook-server-tls +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application-crd-id: kubeflow-pipelines + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: controller-manager + namespace: kubeflow +spec: + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + application-crd-id: kubeflow-pipelines + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - command: + - /root/manager + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + imagePullPolicy: IfNotPresent + name: manager + resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: application +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + name: metadata-envoy-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + template: + metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-envoy + spec: + containers: + - image: gcr.io/ml-pipeline/metadata-envoy:1.4.0 + name: container + ports: + - containerPort: 9090 + name: md-envoy + - containerPort: 9901 + name: envoy-admin +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + name: metadata-grpc-deployment + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + template: + metadata: + labels: + application-crd-id: kubeflow-pipelines + component: metadata-grpc-server + spec: + containers: + - args: + - --grpc_port=8080 + - --mysql_config_database=$(MYSQL_DATABASE) + - --mysql_config_host=$(MYSQL_HOST) + - --mysql_config_port=$(MYSQL_PORT) + - --mysql_config_user=$(DBCONFIG_USER) + - --mysql_config_password=$(DBCONFIG_PASSWORD) + - --enable_database_upgrade=true + command: + - /bin/metadata_store_server + env: + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + key: mlmdDb + name: pipeline-install-config-dbgfc67m6c + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-dbgfc67m6c + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-dbgfc67m6c + image: gcr.io/tfx-oss-public/ml_metadata_store_server:0.25.1 + livenessProbe: + initialDelaySeconds: 3 + periodSeconds: 5 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 + name: container + ports: + - containerPort: 8080 + name: grpc-api + readinessProbe: + initialDelaySeconds: 3 + periodSeconds: 5 + tcpSocket: + port: grpc-api + timeoutSeconds: 2 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + name: metadata-writer + namespace: kubeflow +spec: + replicas: 1 + selector: + matchLabels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: metadata-writer + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE_TO_WATCH + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PIPELINE_RUNTIME + value: tekton + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + key: archive_logs + name: kfp-tekton-config + image: docker.io/aipipeline/metadata-writer:0.7.0 + name: main + serviceAccountName: kubeflow-pipelines-metadata-writer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + application-crd-id: kubeflow-pipelines + name: minio + namespace: kubeflow +spec: + selector: + matchLabels: + app: minio + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: minio + application-crd-id: kubeflow-pipelines + spec: + containers: + - args: + - server + - /data + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + image: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + name: minio + ports: + - containerPort: 9000 + volumeMounts: + - mountPath: /data + name: data + subPath: minio + volumes: + - name: data + persistentVolumeClaim: + claimName: minio-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + name: ml-pipeline + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION + valueFrom: + configMapKeyRef: + key: autoUpdatePipelineDefaultVersion + name: pipeline-install-config-dbgfc67m6c + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OBJECTSTORECONFIG_SECURE + value: "false" + - name: OBJECTSTORECONFIG_BUCKETNAME + valueFrom: + configMapKeyRef: + key: bucketName + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_USER + valueFrom: + secretKeyRef: + key: username + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: mysql-secret-fd5gktm75t + - name: DBCONFIG_DBNAME + valueFrom: + configMapKeyRef: + key: pipelineDb + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_HOST + valueFrom: + configMapKeyRef: + key: dbHost + name: pipeline-install-config-dbgfc67m6c + - name: DBCONFIG_PORT + valueFrom: + configMapKeyRef: + key: dbPort + name: pipeline-install-config-dbgfc67m6c + - name: OBJECTSTORECONFIG_ACCESSKEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: OBJECTSTORECONFIG_SECRETACCESSKEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: PIPELINE_RUNTIME + value: tekton + - name: ARTIFACT_BUCKET + valueFrom: + configMapKeyRef: + key: artifact_bucket + name: kfp-tekton-config + - name: ARTIFACT_ENDPOINT + valueFrom: + configMapKeyRef: + key: artifact_endpoint + name: kfp-tekton-config + - name: ARTIFACT_ENDPOINT_SCHEME + valueFrom: + configMapKeyRef: + key: artifact_endpoint_scheme + name: kfp-tekton-config + - name: ARCHIVE_LOGS + valueFrom: + configMapKeyRef: + key: archive_logs + name: kfp-tekton-config + - name: TRACK_ARTIFACTS + valueFrom: + configMapKeyRef: + key: track_artifacts + name: kfp-tekton-config + - name: STRIP_EOF + valueFrom: + configMapKeyRef: + key: strip_eof + name: kfp-tekton-config + - name: ARTIFACT_SCRIPT + valueFrom: + configMapKeyRef: + key: artifact_script + name: kfp-tekton-config + - name: ARTIFACT_IMAGE + valueFrom: + configMapKeyRef: + key: artifact_image + name: kfp-tekton-config + - name: INJECT_DEFAULT_SCRIPT + valueFrom: + configMapKeyRef: + key: inject_default_script + name: kfp-tekton-config + image: docker.io/aipipeline/api-server:0.7.0 + imagePullPolicy: Always + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-api-server + ports: + - containerPort: 8888 + name: http + - containerPort: 8887 + name: grpc + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + name: ml-pipeline-persistenceagent + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-persistenceagent + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TTL_SECONDS_AFTER_WORKFLOW_FINISH + value: "86400" + - name: NUM_WORKERS + value: "2" + image: docker.io/aipipeline/persistenceagent:0.7.0 + imagePullPolicy: IfNotPresent + name: ml-pipeline-persistenceagent + serviceAccountName: ml-pipeline-persistenceagent +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + name: ml-pipeline-scheduledworkflow + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-scheduledworkflow + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CRON_SCHEDULE_TIMEZONE + valueFrom: + configMapKeyRef: + key: cronScheduleTimezone + name: pipeline-install-config-dbgfc67m6c + image: docker.io/aipipeline/scheduledworkflow:0.7.0 + imagePullPolicy: IfNotPresent + name: ml-pipeline-scheduledworkflow + serviceAccountName: ml-pipeline-scheduledworkflow +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + name: ml-pipeline-ui + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-ui + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH + value: /etc/config/viewer-pod-template.json + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + key: accesskey + name: mlpipeline-minio-artifact + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + key: secretkey + name: mlpipeline-minio-artifact + - name: ALLOW_CUSTOM_VISUALIZATIONS + value: "true" + image: docker.io/aipipeline/frontend:0.7.0 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-ui + ports: + - containerPort: 3000 + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:3000/apis/v1beta1/healthz + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + serviceAccountName: ml-pipeline-ui + volumes: + - configMap: + name: ml-pipeline-ui-configmap + name: config-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + name: ml-pipeline-viewer-crd + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-viewer-crd + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: MAX_NUM_VIEWERS + value: "50" + - name: MINIO_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: gcr.io/ml-pipeline/viewer-crd-controller:1.4.0 + imagePullPolicy: Always + name: ml-pipeline-viewer-crd + serviceAccountName: ml-pipeline-viewer-crd-service-account +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + name: ml-pipeline-visualizationserver + namespace: kubeflow +spec: + selector: + matchLabels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + template: + metadata: + labels: + app: ml-pipeline-visualizationserver + application-crd-id: kubeflow-pipelines + spec: + containers: + - image: gcr.io/ml-pipeline/visualization-server:1.4.0 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + name: ml-pipeline-visualizationserver + ports: + - containerPort: 8888 + name: http + readinessProbe: + exec: + command: + - wget + - -q + - -S + - -O + - '-' + - http://localhost:8888/ + initialDelaySeconds: 3 + periodSeconds: 5 + timeoutSeconds: 2 + serviceAccountName: ml-pipeline-visualizationserver +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: mysql + application-crd-id: kubeflow-pipelines + name: mysql + namespace: kubeflow +spec: + selector: + matchLabels: + app: mysql + application-crd-id: kubeflow-pipelines + strategy: + type: Recreate + template: + metadata: + labels: + app: mysql + application-crd-id: kubeflow-pipelines + spec: + containers: + - env: + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + image: gcr.io/ml-pipeline/mysql:5.6 + name: mysql + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - mountPath: /var/lib/mysql + name: mysql-persistent-storage + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelineloop-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + image: docker.io/aipipeline/pipelineloop-controller:0.7.0 + name: tekton-pipelineloop-controller + serviceAccountName: tekton-pipelineloop-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipeline-loops + app.kubernetes.io/version: devel + pipeline.tekton.dev/release: devel + version: devel + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelineloop-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-pipelineloop-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + image: docker.io/aipipeline/pipelineloop-webhook:0.7.0 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8443 + name: https-webhook + serviceAccountName: tekton-pipelineloop-webhook +--- +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + annotations: + kubernetes-engine.cloud.google.com/icon: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADMAAAAyCAYAAADx/eOPAAALuUlEQVRogd2afWxd9XnHP99bK4pS3yhiGUIRiiJUVVVqbq8ppdR20ibqpuIMtDRkUYERp29J57gMZVuxsrZiK7oZXVv5re1AiOuoG+N1DMkuytprsGPEVMouxqQZJVHEWIdQlGVxZlmZdb/747zcc869jpMO+seOdPz7nd/L83tev89zzjX8Bq795Rq9o17zXp+Tey+Ijkyboela29DRWkhffyT733pH/Z3este9F2cC6N0kNjxtjD+FdRD8UF9X7u97y7UbQFPAivC0BdllS381slun3s3z3xVhhqeds90tqR/oMB7u68z19ZZra0E/l1if3WOziPx3skrDPTr+bvDxfxImEIJbgX6gGBJ7EfHJX/ySReDHwO9KYAenyWCMFKw21GSeslwa2Z17+TcuzPBRr7B8m6Df5oOJqdPAR/u6cm/2lmv3At+IT3GiXZqbcaxSLsfRoTsvn7XL2jE87ZXGnwf+VGiDY86ETM1wU1+XjvSW/RlgTJADQ2QaCZKWcX1/aDIcjE8i3SdzZLjn0lm8pJXD02417BM+gLmq2Rqjr/d16Vu95dp6wc8Ra5O8NrPIcoZCvIR1H+KZkd2qLcfnRYUZOuorJO+3uQt0RerolGYZR7r5+C9ZATwPviGyQprd6Liszy3bnwVKwGMjPbnFyxJmeNpX2T4gaR/QmmSpyYZTho/2depMb9k/kNh3KawuJ1bWauHzUcyXRpZAv5Zmg7aHBLcmNN9ECAFeAO3s69KZ3nLtDuF9dnBs0IT9JO24rbPb0JfP2syCZpFfE5q1mRWcvlgMNcwMTRq9z/+OWXdx4AGjvX1deqC37DbwPwOrMgsufol5mWMWs1ivEbjTrOCtLNNb+udygqsNbUBtopR/NkuuwTJ6Hxsw67KSuvH5MPDA/nJttfGTdUFCMUlp/ALwOtIs9muBxpnFnBzuSQf21oP/BbXclVvumWuTaDN8WNBm2GizJkxPM0CDMA2WGZ72bbb/Njue2TRj9Il/PcG87SeBz4ZTNaSTsmctHcO8SqDp14d7dCFLZ2v/3OpQ023Ah4n65kohvETUCdcsfmuilD+bpNdgGZvOODuHqYGIVGCec9g7+7o031v2jaBTiD0ysxbHRnZrPktzyz1zK7f0z10nh5pWwLRhvZro1KqznVJhNB8UyDeSsU4zAOiIXV1OuEqQ2AR79nflXgcY6dGLwIvR8q39cy1b+uc2Emo6dI824BpMSxz8iVhy4m/2WiYHdV5UmOHp2mpwm52ESCdwRn+9v0tPAWzpn9sAFAQbMdc60PaHsFZEWd9uxk4z8G3seykECfObTEd2KmuZG4CWyLXkYLMwtiYt+hMsTUdAEZQzjs9apv66SHJRk73ZjBQ+iRu29s+1VEr5OImmXs4MHUahVoLWgK23wbv6OrU4OulcuHYehWsVHhpXwpE2FNRayTszX2cwDpQEzTB+QvrJHCXUaigk+c++aXZiE98YmUVgV19X7u3ypH/fgfUA5h2usY2jNjmWoGVn50nvC9T2NviA5OPBGPW91OlG+0Xa1WJhhqadk3WjpKCilQIQFP19XZocnfIHgIeFWyNh6goXyX6gdNWfU8aJ5tNjEheAHZVS/ruGj0s8k6VPhh6ms6kwgoLl1aGuCEuSpwXfHZ2qrTJ+HHkNCpOjmbdFcEcGUIhUSj/H65rPO6j+766U8i/QXV0z8cqJc4btwF8AtWgtMb1wj+j41Df/s1EYQwdEDiqM3hDes9quGY3IKoYOvCrU7HlCoZtEWapPkzEpsU8uq8b36a6uBqaBv5l45URLpZT/pmGH8LnkvlAdAOt1oeXqRsuYTjlEMJiXvWN/Z+5szfqioKcOKo7qr/nAEesKiOyv2A/q88rOx8+8bPhK5dUTAA8jbUT6MuKnbKteNVHKP23xCeD1LC0F2TWOmzoAKEiWxmC+sr8rN1OerF2HGaqXFcZhDWaYj11S4ZxcXxVqyKqPZOeNTwM7Jkr5BeDPQJ8NFQaoC/gZ26rXT5TyxxAfRx6P94d0gU0pYYama+tsbwix/AHM4fKUrwAeB68kRJ5AZsWWieGTjLipsVCgrKCwKHF7pZQ/RXf104j76i4ZMmquxkzRXb2zUsqfxdxsfCiA70hRjZbpCDHmJcRdeZPDHkVck0Ul5PeHZ81DgHxKtglXaHCxVN9fr5TyR9hW3QA8Amqp5526SyKtBEbZVv1eZeZkbqKU7xfsFJwPqRW29s+11oUxnUhnkHf2dWoB+R5Jv5dNaGHh1wog8d/ZAI+0GgVpFPTp4AfJT2Hup7u6EvMk0tpkboutEz0HMPzHyD+mu3pFpZR/Aug0Pgm0RLkvFzLWYfjDvs7cqfKUt2LuXTLhue5mdWhVDJdEzxDDcRKawceN9lRePVkDfgBcR/LKVqNpz/s08DO6q4VKKT8j8zHgJ1HyzA1P11YZjfV1arw85auBR4RalDB5lEjDKi0CgPPphKZ0QiNRwUQeg88B2ydKreew9yH1NCxe/r4GaZpt1Vsrh/JnDDcBLwPkbLVgf6s86RXYj4KvtJKJM8KsGLkSlsmUL6mSg1RJY1xD7KmU8sfprnYgBqJsGVsiEfupsca7FfMo26p/OfHKiVqllB8HyPV16VxfV66G/G1QBwY5xvCgTT7X3/MTaBbFVr0fJvqw2ASZ+yul/FN0V68CHsesiDl3UopM3CwhDZDD/Dnwj3S/sjoYAMqTtc1YX02jVqYOiuuqsAKIkqZCfFIz/IrfFY8gDrKt2gI8irSuwQezyTeNaOl+6qYb+fpYGKEXJE9GSTObK5ItrheaLHE5/XRKcHul+kYN8x2kzWlLNNuVtUqibzKW5CBjxUoszO7NWrS1E/xWvMeJjck2WQHEKJeMD+qH4gWCSvg00m3AVxv5TMRKsp9Cs0Q/Ka/1BOZQNBSXMz2b9Q5oO9JCKgkqg2aKofl8uvTPeE1w3t5KKf8y26pFxINhLRa5R9JV6huT/aZuFu7Ds+A9jBdj+VIvZz2b9BL2Xi5yJQEgUFqinI9SZBDx358o5Q/HiRGtquOEmxJu6DcbC/afQWxnvHg+Odrwm2bP5txh5OEYjOM3vaiu8qqHJw1mPmK/Xs7HJf0LRncDMF5cAL6NWUxDrX/duwbczljxjSzvTX+gtXU3MBlrRCltrsxBTgorACKrRGf5bczOiVLrhUL74B2F9oHVjBd/iLwTWEhr+CIWaLYumDjIWLHha+aSwvRs1iJmJ9Kb9ZJRETS3ACsMC8i1ZNwgXZDYWTmU/1WhfeAW8Cjo+UL7wDrGik8jfid0kYz/Z2ODepv+GPIY+FAznpcUJhAo9w5mh81CFtEsWieCTzwXkogmfKBSyh8ttA98EDPqoPouYqYLxYEPMVY8itmEeTM+KEaqZhVAkiPPIL6QDPhLFiYQSC9J7M3mGlF/24zWSvwIM1xoH2gF/sFiTcSPxQakqUJxsIPx4jGCr0AzCUYTbROJ7DPAdsbSAX9ZwgDs3qTDiMGUOxF/1DgfekLVsPf0sw8DPARsDNwy8iYBXov4p0L7wC2MF99CfBJ4rqmbJbO/qYE+x1jx5HK8Xtp/aFgHDM/FX+RM9FFjHjjj4NV3HvlPsP4g+SqQgm6zCuvJQnHgi4wVz2JuAj8RnLGEVaCf8Y8cuRQ2L0mYEBB2Gb8ZHKD4NQBx+0Qpf7LQPrAVVGqiiWTpCcEn4QcLxcF7C7+aXMDahT1YX5IS5DHE/ZfC4yULEwr0DtIOWwuuvwZ8rVLKP1soDqzHPGJoyRao9b4SXiQQ30A8eO1/PJ8D7gK+BtQSJcQM8AXGlg747LUkmi91lad8J3CuZ5OeBii0D64ET2FdH1N0omWJvgLPkvwM8LmZf7lrnm3VO4CHsM4DH2P8I8vGSfK67P9q8v9wWPAcQLH4PbBHbK6Pq+3M9+Ml+6FL2dyC+WmhOLiWseKPMDeDd12uIPBrWCZ5Xds++AHsAwGlBKnoB5747c2J+aSJEuvRL8CDv/2Zz+cqh/LL/gPD//vrfwFjcI5oX6jDBwAAAABJRU5ErkJggg== + marketplace.cloud.google.com/deploy-info: '{"partner_id": "google-cloud-ai-platform", + "product_id": "kubeflow-pipelines", "partner_name": "Google Cloud AI Platform"}' + labels: + application-crd-id: kubeflow-pipelines + name: pipeline + namespace: kubeflow +spec: + addOwnerRef: true + componentKinds: + - group: v1 + kind: ServiceAccount + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding + - group: v1 + kind: Service + - group: v1 + kind: ConfigMap + - group: v1 + kind: Secret + - group: apps/v1 + kind: Deployment + descriptor: + description: Reusable end-to-end ML workflow + links: + - description: Kubeflow Pipelines Documentation + url: https://www.kubeflow.org/docs/pipelines/ + maintainers: + - name: Google Cloud AI Platform + url: https://cloud.google.com/ai-platform/ + - name: Kubeflow Pipelines + url: https://github.com/kubeflow/pipelines + notes: Please go to [Hosted Kubeflow Pipelines Console](https://console.cloud.google.com/ai-platform/pipelines/clusters). + type: Kubeflow Pipelines + version: 1.4.0 + info: + - name: Console + value: https://console.cloud.google.com/ai-platform/pipelines/clusters + selector: + matchLabels: + application-crd-id: kubeflow-pipelines +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: minio-pvc + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + application-crd-id: kubeflow-pipelines + name: mysql-pv-claim + namespace: kubeflow +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: devel + name: validation.webhook.pipelineloop.custom.tekton.dev +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + name: validation.webhook.pipelineloop.custom.tekton.dev + sideEffects: None diff --git a/manifests/kustomize/base/kustomization.yaml b/manifests/kustomize/base/kustomization.yaml index cc870019e9..4e490a9903 100644 --- a/manifests/kustomize/base/kustomization.yaml +++ b/manifests/kustomize/base/kustomization.yaml @@ -7,7 +7,6 @@ bases: - metadata - cache - cache-deployer -- tekton resources: - pipeline-application.yaml diff --git a/manifests/kustomize/base/tekton/catalog-condition.yaml b/manifests/kustomize/base/tekton/catalog-condition.yaml deleted file mode 100644 index 592b03fd08..0000000000 --- a/manifests/kustomize/base/tekton/catalog-condition.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Condition -metadata: - name: super-condition -spec: - check: - image: python:alpine3.6 - script: "python -c 'import sys\ninput1=str.rstrip(sys.argv[1])\ninput2=str.rstrip(sys.argv[2])\n\ - try:\n input1=int(input1)\n input2=int(input2)\nexcept:\n input1=str(input1)\n\ - sys.exit(0) if (input1 $(params.operator) input2) else sys.exit(1)' '$(params.operand1)'\ - \ '$(params.operand2)'" - params: - - name: operand1 - - name: operand2 - - name: operator diff --git a/manifests/kustomize/env/kfp-template/kustomization.yaml b/manifests/kustomize/env/kfp-template/kustomization.yaml index bfd4c76397..2615dbcbe8 100644 --- a/manifests/kustomize/env/kfp-template/kustomization.yaml +++ b/manifests/kustomize/env/kfp-template/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization bases: - ../platform-agnostic + - ./tekton resources: - namespace.yaml @@ -14,14 +15,18 @@ patchesStrategicMerge: images: - name: docker.io/aipipeline/api-server - newTag: 0.6.0 + newTag: 0.7.0 - name: docker.io/aipipeline/persistenceagent - newTag: 0.6.0 + newTag: 0.7.0 - name: docker.io/aipipeline/frontend - newTag: 0.6.0 + newTag: 0.7.0 - name: docker.io/aipipeline/metadata-writer - newTag: 0.6.0 + newTag: 0.7.0 - name: docker.io/aipipeline/scheduledworkflow - newTag: 0.6.0 + newTag: 0.7.0 - name: docker.io/aipipeline/cache-server - newTag: 0.6.0 + newTag: 0.7.0 + - name: docker.io/aipipeline/pipelineloop-controller + newTag: 0.7.0 + - name: docker.io/aipipeline/pipelineloop-webhook + newTag: 0.7.0 diff --git a/manifests/kustomize/base/tekton/kustomization.yaml b/manifests/kustomize/env/kfp-template/tekton/kustomization.yaml similarity index 55% rename from manifests/kustomize/base/tekton/kustomization.yaml rename to manifests/kustomize/env/kfp-template/tekton/kustomization.yaml index ce142398bc..dd39e8aed5 100644 --- a/manifests/kustomize/base/tekton/kustomization.yaml +++ b/manifests/kustomize/env/kfp-template/tekton/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -resources: - - catalog-condition.yaml +bases: +- pipeline-loops + +namespace: tekton-pipelines diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/200-serviceaccount.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/200-serviceaccount.yaml new file mode 100644 index 0000000000..c995e80bd6 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/200-serviceaccount.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-clusterrole.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-clusterrole.yaml new file mode 100644 index 0000000000..c4514eeaf6 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-clusterrole.yaml @@ -0,0 +1,92 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # Controller needs cluster access to all of the CRDs that it is responsible for managing. + - apiGroups: ["tekton.dev"] + resources: ["runs", "taskruns", "pipelineruns"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["runs/status", "taskruns/status", "pipelineruns/status", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["custom.tekton.dev"] + resources: ["pipelineloops"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelineloop-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipelineloop.custom.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["apps"] + resources: ["deployments", "deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipelineloop.custom.tekton.dev performs schema validation when you, for example, create PipelineLoops. + resourceNames: ["validation.webhook.pipelineloop.custom.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-leader-election + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-role.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-role.yaml new file mode 100644 index 0000000000..2bc0f84a11 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-role.yaml @@ -0,0 +1,54 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-leader-election", "config-logging", "config-observability"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on tekton-pipelineloop-webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["tekton-pipelineloop-webhook-certs"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-rolebinding.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-rolebinding.yaml new file mode 100644 index 0000000000..49336a7016 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/201-rolebinding.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelineloop-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelineloop-webhook + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/202-clusterrolebinding.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/202-clusterrolebinding.yaml new file mode 100644 index 0000000000..a5403bbef4 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/202-clusterrolebinding.yaml @@ -0,0 +1,88 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelineloop-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-controller-leaderelection + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelineloop-webhook-leaderelection + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops +subjects: + - kind: ServiceAccount + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelineloop-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/300-pipelineloop.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/300-pipelineloop.yaml new file mode 100644 index 0000000000..0b982494a5 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/300-pipelineloop.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineloops.custom.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + version: "devel" +spec: + group: custom.tekton.dev + preserveUnknownFields: false + validation: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1alpha1 + served: true + storage: true + names: + kind: PipelineLoop + plural: pipelineloops + categories: + - tekton + - tekton-pipelines + scope: Namespaced + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-controller.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-controller.yaml new file mode 100644 index 0000000000..9b71b96479 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-controller.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelineloop-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + version: "devel" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "devel" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelineloop-controller + version: "devel" + spec: + serviceAccountName: tekton-pipelineloop-controller + containers: + - name: tekton-pipelineloop-controller + image: docker.io/aipipeline/pipelineloop-controller:nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: tekton.dev/pipeline diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook-configuration.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook-configuration.yaml new file mode 100644 index 0000000000..6833bd28c9 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook-configuration.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Secret +metadata: + name: tekton-pipelineloop-webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +# The data is populated at install time. + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipelineloop.custom.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipelineloop.custom.tekton.dev + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipelineloop.custom.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipelineloop.custom.tekton.dev diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook.yaml new file mode 100644 index 0000000000..08b5728f93 --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/500-webhook.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + version: "devel" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + app: tekton-pipelines-webhook + version: "devel" + spec: + serviceAccountName: tekton-pipelineloop-webhook + containers: + - name: webhook + image: docker.io/aipipeline/pipelineloop-webhook:nightly + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelineloop-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-pipelineloop-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "devel" + app.kubernetes.io/part-of: tekton-pipeline-loops + pipeline.tekton.dev/release: "devel" + app: tekton-pipelines-webhook + version: "devel" + name: tekton-pipelineloop-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipeline-loops diff --git a/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/kustomization.yaml b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/kustomization.yaml new file mode 100644 index 0000000000..48d13ed58e --- /dev/null +++ b/manifests/kustomize/env/kfp-template/tekton/pipeline-loops/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - 200-serviceaccount.yaml + - 201-clusterrole.yaml + - 201-role.yaml + - 201-rolebinding.yaml + - 202-clusterrolebinding.yaml + - 300-pipelineloop.yaml + - 500-controller.yaml + - 500-webhook-configuration.yaml + - 500-webhook.yaml diff --git a/sdk/python/kfp_tekton/__init__.py b/sdk/python/kfp_tekton/__init__.py index 802ef4df71..a40450bbed 100644 --- a/sdk/python/kfp_tekton/__init__.py +++ b/sdk/python/kfp_tekton/__init__.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -__version__ = '0.6.0' +__version__ = '0.7.0' from ._client import TektonClient # noqa F401 from .k8s_client_helper import env_from_secret # noqa F401