From 431628b47e2162c341633727372da167db8e1c25 Mon Sep 17 00:00:00 2001 From: David van der Spek Date: Fri, 15 Sep 2023 15:43:42 +0200 Subject: [PATCH] update volumes + use upstream pvc viewer controller Signed-off-by: David van der Spek --- .../mutatingwebhookconfiguration.yaml | 6 +- kubeflow/helm/volumes/Chart.yaml | 2 +- kubeflow/helm/volumes/crds/volumes_crds.yaml | 3182 ++++++++++++++++- .../templates/controller/certificate.yaml | 15 + .../{clusterrole.yaml => cluster-role.yaml} | 39 +- .../controller/clusterrolebinding.yaml | 14 - .../templates/controller/configmap.yaml | 11 - .../templates/controller/deployment.yaml | 30 +- .../mutatingwebhookconfiguration.yaml | 28 + .../volumes/templates/controller/role.yaml | 9 +- .../volumes/templates/controller/service.yaml | 6 +- .../validatingwebhookconfiguration.yaml | 28 + .../templates/web-app/cluster-role.yaml | 81 + .../volumes/templates/web-app/configmap.yaml | 49 +- .../volumes/templates/web-app/deployment.yaml | 9 +- .../templates/web-app/destination-rule.yaml | 14 + ...rrole.yaml => kubeflow-cluster-roles.yaml} | 88 +- kubeflow/helm/volumes/values.yaml | 24 +- 18 files changed, 3420 insertions(+), 215 deletions(-) create mode 100644 kubeflow/helm/volumes/templates/controller/certificate.yaml rename kubeflow/helm/volumes/templates/controller/{clusterrole.yaml => cluster-role.yaml} (69%) delete mode 100644 kubeflow/helm/volumes/templates/controller/configmap.yaml create mode 100644 kubeflow/helm/volumes/templates/controller/mutatingwebhookconfiguration.yaml create mode 100644 kubeflow/helm/volumes/templates/controller/validatingwebhookconfiguration.yaml create mode 100644 kubeflow/helm/volumes/templates/web-app/cluster-role.yaml create mode 100644 kubeflow/helm/volumes/templates/web-app/destination-rule.yaml rename kubeflow/helm/volumes/templates/web-app/{clusterrole.yaml => kubeflow-cluster-roles.yaml} (52%) diff --git a/kubeflow/helm/notebooks/templates/pod-defaults/mutatingwebhookconfiguration.yaml b/kubeflow/helm/notebooks/templates/pod-defaults/mutatingwebhookconfiguration.yaml index 6e38679d9..27df36b7b 100644 --- a/kubeflow/helm/notebooks/templates/pod-defaults/mutatingwebhookconfiguration.yaml +++ b/kubeflow/helm/notebooks/templates/pod-defaults/mutatingwebhookconfiguration.yaml @@ -4,7 +4,7 @@ metadata: annotations: cert-manager.io/inject-ca-from: kubeflow/{{ include "notebooks.fullname" . }}-pod-defaults-certs labels: {{- include "notebooks.labels" . | nindent 4 }} - name: admission-webhook-mutating-webhook-configuration + name: poddefaults.kubeflow.org webhooks: - clientConfig: caBundle: "" @@ -12,8 +12,8 @@ webhooks: name: {{ include "notebooks.fullname" . }}-pod-defaults namespace: {{ .Release.Namespace }} path: /apply-poddefault - name: admission-webhook-deployment.kubeflow.org - admissionReviewVersions: ["v1beta1"] + name: {{ include "notebooks.fullname" . }}-pod-defaults.kubeflow.org + admissionReviewVersions: ["v1beta1", "v1"] sideEffects: None namespaceSelector: matchLabels: diff --git a/kubeflow/helm/volumes/Chart.yaml b/kubeflow/helm/volumes/Chart.yaml index 283027434..2ae85f54c 100644 --- a/kubeflow/helm/volumes/Chart.yaml +++ b/kubeflow/helm/volumes/Chart.yaml @@ -3,4 +3,4 @@ name: volumes description: A Helm chart for Kubernetes type: application version: 0.1.10 -appVersion: "1.3.0" +appVersion: "v1.8.0-rc.0" diff --git a/kubeflow/helm/volumes/crds/volumes_crds.yaml b/kubeflow/helm/volumes/crds/volumes_crds.yaml index 1ba226507..642540334 100644 --- a/kubeflow/helm/volumes/crds/volumes_crds.yaml +++ b/kubeflow/helm/volumes/crds/volumes_crds.yaml @@ -1,13 +1,11 @@ ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: pvcviewers.pvcviewer.kubeflow.org + controller-gen.kubebuilder.io/version: v0.10.0 + name: pvcviewers.kubeflow.org spec: - group: pvcviewer.kubeflow.org + group: kubeflow.org names: kind: PVCViewer listKind: PVCViewerList @@ -18,74 +16,3172 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: PVCViewer is the Schema for the pvcviewers API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: PVCViewerSpec defines the desired state of PVCViewer properties: - pvcname: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - viewerimage: + networking: + properties: + basePrefix: + type: string + rewrite: + type: string + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + timeout: + type: string + type: object + podSpec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostUsers: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + format: int32 + type: integer + minDomains: + format: int32 + type: integer + nodeAffinityPolicy: + type: string + nodeTaintsPolicy: + type: string + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + pvc: type: string + rwoScheduling: + default: false + type: boolean required: - - pvcname - - viewerimage + - pvc + - rwoScheduling type: object status: - description: PVCViewerStatus defines the observed state of PVCViewer properties: conditions: - description: Conditions is an array of current conditions items: - description: PVCViewerCondition defines the observed state of PVCViewer properties: - deploymentState: - description: Deployment status, 'Available', 'Progressing', - 'ReplicaFailure' . + lastTransitionTime: + format: date-time type: string - lastProbeTime: - description: Last time we probed the condition. + lastUpdateTime: format: date-time type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string required: - - deploymentState + - status + - type type: object type: array ready: + default: false type: boolean - readyReplicas: - description: ReadyReplicas defines the number of PVCViewer Servers - that are available to connect. The value of ReadyReplicas can be - either 0 or 1 - format: int32 - type: integer + url: + type: string required: - - conditions - ready - - readyReplicas type: object type: object served: true storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kubeflow/helm/volumes/templates/controller/certificate.yaml b/kubeflow/helm/volumes/templates/controller/certificate.yaml new file mode 100644 index 000000000..47772d9a6 --- /dev/null +++ b/kubeflow/helm/volumes/templates/controller/certificate.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: {{- include "volumes.labels" . | nindent 4 }} + name: {{ include "volumes.fullname" . }}-controller-certs +spec: + commonName: {{ include "volumes.fullname" . }}-controller.{{ .Release.Namespace }}.svc + dnsNames: + - {{ include "volumes.fullname" . }}-controller.{{ .Release.Namespace }}.svc + - {{ include "volumes.fullname" . }}-controller.{{ .Release.Namespace }}.svc.cluster.local + isCA: true + issuerRef: + kind: ClusterIssuer + name: kubeflow-self-signing-issuer + secretName: {{ include "volumes.fullname" . }}-controller-certs diff --git a/kubeflow/helm/volumes/templates/controller/clusterrole.yaml b/kubeflow/helm/volumes/templates/controller/cluster-role.yaml similarity index 69% rename from kubeflow/helm/volumes/templates/controller/clusterrole.yaml rename to kubeflow/helm/volumes/templates/controller/cluster-role.yaml index 0aa6f0f13..e167c8724 100644 --- a/kubeflow/helm/volumes/templates/controller/clusterrole.yaml +++ b/kubeflow/helm/volumes/templates/controller/cluster-role.yaml @@ -41,51 +41,38 @@ rules: - update - watch - apiGroups: - - networking.istio.io + - kubeflow.org resources: - - virtualservices + - pvcviewers verbs: - create + - delete - get - list + - patch - update - watch - apiGroups: - - pvcviewer.kubeflow.org + - kubeflow.org resources: - - pvcviewers + - pvcviewers/finalizers verbs: - - create - - delete - - get - - list - - patch - update - - watch - apiGroups: - - pvcviewer.kubeflow.org + - kubeflow.org resources: - pvcviewers/status verbs: - get - patch - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: {{- include "volumes.labels" . | nindent 4 }} - name: {{ include "volumes.fullname" . }}-controller-proxy-cluster-role -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - apiGroups: - - authorization.k8s.io + - networking.istio.io resources: - - subjectaccessreviews + - virtualservices verbs: - create + - get + - list + - update + - watch diff --git a/kubeflow/helm/volumes/templates/controller/clusterrolebinding.yaml b/kubeflow/helm/volumes/templates/controller/clusterrolebinding.yaml index 0a58ec19d..3a0c1a0f2 100644 --- a/kubeflow/helm/volumes/templates/controller/clusterrolebinding.yaml +++ b/kubeflow/helm/volumes/templates/controller/clusterrolebinding.yaml @@ -11,17 +11,3 @@ subjects: - kind: ServiceAccount name: {{ include "volumes.serviceAccountName" . }}-controller namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: {{- include "volumes.labels" . | nindent 4 }} - name: {{ include "volumes.fullname" . }}-controller-proxy-cluster-role-role-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "volumes.fullname" . }}-controller-proxy-cluster-role -subjects: - - kind: ServiceAccount - name: {{ include "volumes.serviceAccountName" . }}-controller - namespace: {{ .Release.Namespace }} diff --git a/kubeflow/helm/volumes/templates/controller/configmap.yaml b/kubeflow/helm/volumes/templates/controller/configmap.yaml deleted file mode 100644 index 90f1409fe..000000000 --- a/kubeflow/helm/volumes/templates/controller/configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -data: - {{ if eq .Values.controller.rwoScheduling.enabled false }} - RWO_PVC_SCHEDULING: "False" - {{ else }} - RWO_PVC_SCHEDULING: "True" - {{ end }} -kind: ConfigMap -metadata: - name: {{ include "volumes.fullname" . }}-controller-config - labels: {{- include "volumes.labels" . | nindent 4 }} diff --git a/kubeflow/helm/volumes/templates/controller/deployment.yaml b/kubeflow/helm/volumes/templates/controller/deployment.yaml index f7de6721e..dc092b1e8 100644 --- a/kubeflow/helm/volumes/templates/controller/deployment.yaml +++ b/kubeflow/helm/volumes/templates/controller/deployment.yaml @@ -35,27 +35,39 @@ spec: image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.controller.image.pullPolicy }} args: - - --metrics-addr=0.0.0.0:8080 - - --enable-leader-election + - --metrics-bind-address=0.0.0.0:8080 + - --leader-elect command: - /manager ports: + - name: webhook + containerPort: 9443 + protocol: TCP - name: metrics containerPort: 8080 protocol: TCP + - name: probe + containerPort: 8081 + protocol: TCP livenessProbe: httpGet: - path: /metrics - port: metrics + path: /healthz + port: probe readinessProbe: httpGet: - path: /metrics - port: metrics + path: /readyz + port: probe resources: {{- toYaml .Values.controller.resources | nindent 12 }} - envFrom: - - configMapRef: - name: {{ include "volumes.fullname" . }}-controller-config + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "volumes.fullname" . }}-controller-certs {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/kubeflow/helm/volumes/templates/controller/mutatingwebhookconfiguration.yaml b/kubeflow/helm/volumes/templates/controller/mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..b71978559 --- /dev/null +++ b/kubeflow/helm/volumes/templates/controller/mutatingwebhookconfiguration.yaml @@ -0,0 +1,28 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/{{ include "volumes.fullname" . }}-controller-certs + name: pvcviewers.kubeflow.org + labels: {{- include "volumes.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "volumes.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + path: /mutate-kubeflow-org-v1alpha1-pvcviewer + failurePolicy: Fail + name: mpvcviewer.kb.io + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pvcviewers + sideEffects: None diff --git a/kubeflow/helm/volumes/templates/controller/role.yaml b/kubeflow/helm/volumes/templates/controller/role.yaml index 9c65e465f..b51271389 100644 --- a/kubeflow/helm/volumes/templates/controller/role.yaml +++ b/kubeflow/helm/volumes/templates/controller/role.yaml @@ -17,16 +17,21 @@ rules: - patch - delete - apiGroups: - - "" + - coordination.k8s.io resources: - - configmaps/status + - leases verbs: - get + - list + - watch + - create - update - patch + - delete - apiGroups: - "" resources: - events verbs: - create + - patch diff --git a/kubeflow/helm/volumes/templates/controller/service.yaml b/kubeflow/helm/volumes/templates/controller/service.yaml index dc01341c4..1f9f5666a 100644 --- a/kubeflow/helm/volumes/templates/controller/service.yaml +++ b/kubeflow/helm/volumes/templates/controller/service.yaml @@ -7,7 +7,11 @@ metadata: spec: type: ClusterIP ports: - - port: {{ .Values.controller.service.port }} + - port: {{ .Values.controller.service.webhook.port }} + targetPort: webhook + protocol: TCP + name: https-webhook + - port: {{ .Values.controller.service.metrics.port }} targetPort: metrics protocol: TCP name: http-metrics diff --git a/kubeflow/helm/volumes/templates/controller/validatingwebhookconfiguration.yaml b/kubeflow/helm/volumes/templates/controller/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..eed4c9be2 --- /dev/null +++ b/kubeflow/helm/volumes/templates/controller/validatingwebhookconfiguration.yaml @@ -0,0 +1,28 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/{{ include "volumes.fullname" . }}-controller-certs + name: pvcviewers.kubeflow.org + labels: {{- include "volumes.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "volumes.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + path: /validate-kubeflow-org-v1alpha1-pvcviewer + failurePolicy: Fail + name: vpvcviewer.kb.io + rules: + - apiGroups: + - kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - pvcviewers + sideEffects: None diff --git a/kubeflow/helm/volumes/templates/web-app/cluster-role.yaml b/kubeflow/helm/volumes/templates/web-app/cluster-role.yaml new file mode 100644 index 000000000..78fed2908 --- /dev/null +++ b/kubeflow/helm/volumes/templates/web-app/cluster-role.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: {{- include "volumes.labels" . | nindent 4 }} + name: {{ include "volumes.fullname" . }}-web-app-cluster-role +rules: + - apiGroups: + - "" + resources: + - namespaces + - pods + verbs: + - get + - list + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - watch + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - apiGroups: + - kubeflow.org + resources: + - notebooks + verbs: + - list + - apiGroups: + - kubeflow.org + resources: + - pvcviewers + verbs: + - get + - list + - create + - delete diff --git a/kubeflow/helm/volumes/templates/web-app/configmap.yaml b/kubeflow/helm/volumes/templates/web-app/configmap.yaml index 3644db239..66e8c146c 100644 --- a/kubeflow/helm/volumes/templates/web-app/configmap.yaml +++ b/kubeflow/helm/volumes/templates/web-app/configmap.yaml @@ -1,14 +1,43 @@ apiVersion: v1 data: - pvcviewer.yaml: | - apiVersion: pvcviewer.kubeflow.org/v1alpha1 - kind: PVCViewer - metadata: - name: {name} - namespace: {namespace} - spec: - viewerimage: davidspek/kubeflow-filebrowser:0.31 - pvcname: {name} + viewer-spec.yaml: | + # Note: the volumes-web-app allows expanding strings using ${VAR_NAME} + # You may use any environment variable. This lets us e.g. specify images that can be modified using kustomize's image transformer. + # Additionally, 'PVC_NAME', 'NAME' and 'NAMESPACE' are defined + # Name of the pvc is set by the volumes web app + pvc: $NAME + podTemplate: + containers: + - name: main + image: $VOLUME_VIEWER_IMAGE + env: + - name: FB_ADDRESS + value: "0.0.0.0" + - name: FB_PORT + value: "8080" + - name: FB_DATABASE + value: /tmp/filebrowser.db + - name: FB_NOAUTH + value: "true" + - name: FB_BASEURL + value: /pvcviewers/$NAMESPACE/$NAME/ # TODO: should this be configurable? + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 2 + periodSeconds: 10 + # viewer-volume is provided automatically by the volumes web app + volumeMounts: + - name: viewer-volume + mountPath: /data + workingDir: /data + serviceAccountName: default-editor + networking: + targetPort: 8080 + basePrefix: "/pvcviewers" # TODO: should this be configurable? + rewrite: "/" + timeout: 30s + rwoScheduling: {{ .Values.config.rwoScheduling.enabled }} kind: ConfigMap metadata: labels: {{- include "volumes.labels" . | nindent 4 }} @@ -19,6 +48,8 @@ data: APP_PREFIX: {{ .Values.webApp.virtualService.prefix }} USERID_HEADER: {{ .Values.global.userIDHeader }} USERID_PREFIX: {{ .Values.global.userIDPrefix | quote }} + VOLUME_VIEWER_IMAGE: {{ .Values.config.volumeViewerImage.repository }}:{{ .Values.config.volumeViewerImage.tag }} + APP_SECURE_COOKIES: "true" # TODO: don't hardcode this kind: ConfigMap metadata: labels: {{- include "volumes.labels" . | nindent 4 }} diff --git a/kubeflow/helm/volumes/templates/web-app/deployment.yaml b/kubeflow/helm/volumes/templates/web-app/deployment.yaml index 4e5d1b8b2..020a52297 100644 --- a/kubeflow/helm/volumes/templates/web-app/deployment.yaml +++ b/kubeflow/helm/volumes/templates/web-app/deployment.yaml @@ -51,12 +51,13 @@ spec: - configMapRef: name: {{ include "volumes.fullname" . }}-web-app-parameters volumeMounts: - - mountPath: /etc/config - name: config-volume + - name: viewer-spec + mountPath: /etc/config/viewer-spec.yaml + subPath: viewer-spec.yaml volumes: - - configMap: + - name: viewer-spec + configMap: name: {{ include "volumes.fullname" . }}-web-app-config - name: config-volume {{- with .Values.webApp.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/kubeflow/helm/volumes/templates/web-app/destination-rule.yaml b/kubeflow/helm/volumes/templates/web-app/destination-rule.yaml new file mode 100644 index 000000000..eb4889756 --- /dev/null +++ b/kubeflow/helm/volumes/templates/web-app/destination-rule.yaml @@ -0,0 +1,14 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: {{ include "volumes.fullname" . }}-web-app + labels: {{- include "volumes.labels" . | nindent 4 }} + {{- with .Values.webApp.virtualService.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + host: {{ include "volumes.fullname" . }}-web-app.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDomain }} + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/kubeflow/helm/volumes/templates/web-app/clusterrole.yaml b/kubeflow/helm/volumes/templates/web-app/kubeflow-cluster-roles.yaml similarity index 52% rename from kubeflow/helm/volumes/templates/web-app/clusterrole.yaml rename to kubeflow/helm/volumes/templates/web-app/kubeflow-cluster-roles.yaml index 0b80d208a..2f7cb2f13 100644 --- a/kubeflow/helm/volumes/templates/web-app/clusterrole.yaml +++ b/kubeflow/helm/volumes/templates/web-app/kubeflow-cluster-roles.yaml @@ -1,86 +1,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: - labels: {{- include "volumes.labels" . | nindent 4 }} - name: {{ include "volumes.fullname" . }}-web-app-cluster-role -rules: - - apiGroups: - - "" - resources: - - namespaces - - pods - verbs: - - get - - list - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - watch - - update - - patch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - watch - - update - - patch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - list - - apiGroups: - - pvcviewer.kubeflow.org - resources: - - pvcviewers - - pvcviewers/finalizers - verbs: - - get - - list - - create - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole metadata: labels: {{- include "volumes.labels" . | nindent 4 }} rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" - name: volumes-web-app-kubeflow-volume-ui-admin + name: {{ include "volumes.fullname" . }}-web-app-kubeflow-volume-ui-admin rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 @@ -88,7 +11,7 @@ kind: ClusterRole metadata: labels: {{- include "volumes.labels" . | nindent 4 }} rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" - name: volumes-web-app-kubeflow-volume-ui-edit + name: {{ include "volumes.fullname" . }}-web-app-kubeflow-volume-ui-edit rules: - apiGroups: - "" @@ -115,10 +38,9 @@ rules: - update - patch - apiGroups: - - pvcviewer.kubeflow.org + - kubeflow.org resources: - pvcviewers - - pvcviewers/finalizers verbs: - get - list @@ -130,7 +52,7 @@ kind: ClusterRole metadata: labels: {{- include "volumes.labels" . | nindent 4 }} rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" - name: volumes-web-app-kubeflow-volume-ui-view + name: {{ include "volumes.fullname" . }}-web-app-kubeflow-volume-ui-view rules: - apiGroups: - "" @@ -165,7 +87,7 @@ rules: - list - watch - apiGroups: - - pvcviewer.kubeflow.org + - kubeflow.org resources: - pvcviewers - pvcviewers/finalizers diff --git a/kubeflow/helm/volumes/values.yaml b/kubeflow/helm/volumes/values.yaml index 9942cbf60..efa0feaab 100644 --- a/kubeflow/helm/volumes/values.yaml +++ b/kubeflow/helm/volumes/values.yaml @@ -27,14 +27,21 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +config: + volumeViewerImage: + repository: filebrowser/filebrowser + tag: v2.25.0 # TODO: check if we want to use the s6 image variant + rwoScheduling: + enabled: true + webApp: replicaCount: 1 image: - repository: davidspek/volumes-web-app + repository: docker.io/kubeflownotebookswg/volumes-web-app pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 0.5.2 # newer version with snapshot support causes error due to missing snapshot class + tag: v1.8.0-rc.0 # TODO: possibly contribute snapshot support upstream podAnnotations: sidecar.istio.io/inject: "true" @@ -84,20 +91,19 @@ webApp: affinity: {} controller: - - rwoScheduling: - enabled: true - replicaCount: 1 image: - repository: davidspek/kubeflow-pvcviewer-controller + repository: docker.io/kubeflownotebookswg/pvcviewer-controller pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: 0.7 + tag: v1.8.0-rc.0 service: - port: 8080 + metrics: + port: 8080 + webhook: + port: 443 podAnnotations: sidecar.istio.io/inject: "true"