Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Upgrade Kubeflow to 1.8 #850

Draft
wants to merge 32 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
ba4542f
tmp
davidspek Sep 13, 2023
7bb4ca6
make recipes private
davidspek Sep 13, 2023
ec00c16
feat: use dedicated gateway + remove oauth2proxy
davidspek Sep 14, 2023
09e0e97
first pass of general cleanup
davidspek Sep 14, 2023
9741948
cleanup virtual service hosts
davidspek Sep 14, 2023
f37b9b5
fix passing auth header for downstream validation
davidspek Sep 14, 2023
f1254e5
add some comments + oidc scopes
davidspek Sep 14, 2023
f1cb50a
upgrade central dashboard + some general fixes
davidspek Sep 15, 2023
9e7f324
upgrade notebooks + don't hardcode namespace in istio
davidspek Sep 15, 2023
90d8690
update tensorboards
davidspek Sep 15, 2023
431628b
update volumes + use upstream pvc viewer controller
davidspek Sep 15, 2023
c66821c
update training operator to latest version
davidspek Sep 15, 2023
dbbeb06
update katib
davidspek Sep 15, 2023
ec20573
pipelines first pass without rbac changes
davidspek Sep 15, 2023
0f92f08
last initial pipelines changes for update
davidspek Sep 18, 2023
b2575b1
fix userIDPrefix templating
davidspek Sep 18, 2023
095c9c8
use cert manager for pipelines cache server instead
davidspek Sep 18, 2023
4b0b9f2
small pipelines cleanup
davidspek Sep 18, 2023
a081c43
pipelines per component resources etc
davidspek Sep 18, 2023
47db8da
fix pipelines version
davidspek Sep 19, 2023
197901f
quick update for mysql v8
davidspek Sep 19, 2023
ff271a0
partly working pipelines (s3 auth error for artifact)
davidspek Sep 21, 2023
0acd507
fix missing rbac for argo workflows
davidspek Sep 21, 2023
be196ee
update notebooks config
davidspek Sep 21, 2023
2886668
bump notebook images again
davidspek Sep 22, 2023
750ca4e
bump notebook images
davidspek Sep 27, 2023
2935da6
update profile controller to use argo cd appset
davidspek Dec 18, 2023
a05befc
init upgrade of knative and kserve
davidspek Dec 19, 2023
bba1eb6
init working knative
davidspek Jan 2, 2024
20b356c
fix(istio): update to latest and remove proxy protocol
davidspek Jan 2, 2024
b333cea
fix(profile-controller): remove unused volume mount
davidspek Jan 2, 2024
00ca70b
changes before abandoning
davidspek Jan 11, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
8 changes: 4 additions & 4 deletions istio-cni/helm/istio-cni/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
dependencies:
- name: cni
repository: https://istio-release.storage.googleapis.com/charts
version: 1.19.0
version: 1.20.1
- name: ztunnel
repository: https://istio-release.storage.googleapis.com/charts
version: 1.19.0
digest: sha256:5f9e835cde6c2cda3a01add30d38cee44a3c2595306f17914015c3ee3ed6e0d8
generated: "2023-09-11T12:24:33.670239+02:00"
version: 1.20.1
digest: sha256:8b8e82bd564ae60e514e263ab189d9adb8950ea96328455b8db6942414296dcf
generated: "2024-01-02T12:39:06.271052+01:00"
6 changes: 3 additions & 3 deletions istio-cni/helm/istio-cni/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ name: istio-cni
description: helm chart for istio-cni
type: application
version: 0.1.1
appVersion: "1.19.0"
appVersion: "1.20.1"
dependencies:
- name: cni
version: 1.19.0
version: 1.20.1
repository: https://istio-release.storage.googleapis.com/charts
condition: cni.enabled
- name: ztunnel
version: 1.19.0
version: 1.20.1
repository: https://istio-release.storage.googleapis.com/charts
condition: ztunnel.enabled
Binary file removed istio-cni/helm/istio-cni/charts/cni-1.19.0.tgz
Binary file not shown.
Binary file added istio-cni/helm/istio-cni/charts/cni-1.20.1.tgz
Binary file not shown.
Binary file removed istio-cni/helm/istio-cni/charts/ztunnel-1.19.0.tgz
Binary file not shown.
Binary file not shown.
6 changes: 3 additions & 3 deletions istio-ingress/helm/istio-ingress/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: gateway
repository: https://istio-release.storage.googleapis.com/charts
version: 1.19.0
digest: sha256:518d9b00690f92ce7a833150409637c6ad5b96a7fe203114e53c265166f702f3
generated: "2023-09-11T12:39:30.936515+02:00"
version: 1.20.1
digest: sha256:3102d001678122a5133dd1ef858f955f05b5aa033c7b6e95e4e6172602f61033
generated: "2024-01-02T12:41:38.313944+01:00"
4 changes: 2 additions & 2 deletions istio-ingress/helm/istio-ingress/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ name: istio-ingress
description: helm chart for istio-ingress
type: application
version: 0.1.1
appVersion: "1.19.0"
appVersion: "1.20.1"
dependencies:
- name: gateway
version: 1.19.0
version: 1.20.1
repository: https://istio-release.storage.googleapis.com/charts
condition: gateway.enabled
Binary file not shown.
Binary file not shown.

This file was deleted.

This file was deleted.

2 changes: 2 additions & 0 deletions istio-ingress/helm/istio-ingress/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ gateway:
labelSelector:
matchLabels:
istio: ingress
service:
externalTrafficPolicy: Local

istioGateway:
enabled: true
Expand Down
2 changes: 0 additions & 2 deletions istio-ingress/helm/istio-ingress/values.yaml.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,9 @@ gateway:
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-name: {{ .Cluster }}-istio-nlb
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-type: external
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
proxy.istio.io/config: '{"gatewayTopology" : { "numTrustedProxies": 2 } }'
{{- end }}

provider: {{ .Provider }}
Expand Down
8 changes: 4 additions & 4 deletions istio/helm/istio/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
dependencies:
- name: base
repository: https://istio-release.storage.googleapis.com/charts
version: 1.19.0
version: 1.20.1
- name: istiod
repository: https://istio-release.storage.googleapis.com/charts
version: 1.19.0
digest: sha256:9af8a05504305c68c87dd6195b63f1c2cf82e9fec521335bba19da353cee743e
generated: "2023-09-11T12:24:02.323413+02:00"
version: 1.20.1
digest: sha256:487709530fb91937122f1d8d202129e8d4b0216c5b6af86f86fa772761f8163c
generated: "2024-01-02T12:36:34.799986+01:00"
6 changes: 3 additions & 3 deletions istio/helm/istio/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@ name: istio
description: A chart bundling the istio operator for plural
type: application
version: 0.2.1
appVersion: "1.19.0"
appVersion: "1.20.1"
dependencies:
- name: base
version: 1.19.0
version: 1.20.1
repository: https://istio-release.storage.googleapis.com/charts
condition: base.enabled
- name: istiod
version: 1.19.0
version: 1.20.1
repository: https://istio-release.storage.googleapis.com/charts
condition: istiod.enabled
Binary file removed istio/helm/istio/charts/base-1.19.0.tgz
Binary file not shown.
Binary file added istio/helm/istio/charts/base-1.20.1.tgz
Binary file not shown.
Binary file removed istio/helm/istio/charts/istiod-1.19.0.tgz
Binary file not shown.
Binary file added istio/helm/istio/charts/istiod-1.20.1.tgz
Binary file not shown.
1 change: 1 addition & 0 deletions istio/helm/istio/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ istiod:
memory: 2048Mi
env:
PILOT_ENABLE_STATUS: "true" # Needed for KNative
PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING: "true" # Needed for KNative
VERIFY_CERTIFICATE_AT_CLIENT: "true" # More secure
# ENABLE_AUTO_SNI: "true" # Possibly needed for ambient mode
# PILOT_ENABLE_HBONE: "true" # Needed for ambient mode
Expand Down
6 changes: 3 additions & 3 deletions kiali/helm/kiali/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: kiali-server
repository: https://kiali.org/helm-charts
version: 1.73.0
digest: sha256:ae1594c1ad4ef754c30fbda9583da93c08fdf8b904d75cbd9f7c46117c39119d
generated: "2023-09-01T15:42:45.406451+02:00"
version: 1.78.0
digest: sha256:19be4849402ff6785ad59a773f331a908e637311c8dba51c14735118dc9fdbc5
generated: "2024-01-02T15:06:49.894319+01:00"
4 changes: 2 additions & 2 deletions kiali/helm/kiali/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ name: kiali
description: helm chart for kiali
type: application
version: 0.1.1
appVersion: "v1.73.0"
appVersion: v1.78.0
dependencies:
- name: kiali-server
version: 1.73.0
version: 1.78.0
repository: https://kiali.org/helm-charts
condition: kiali-server.enabled
Binary file removed kiali/helm/kiali/charts/kiali-server-1.73.0.tgz
Binary file not shown.
Binary file not shown.
6 changes: 6 additions & 0 deletions knative/helm/knative-serving/Chart.lock
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: knative-serving
repository: oci://ghcr.io/davidspek/charts
version: 0.1.17
digest: sha256:7305a706142cd119f96f3a77ea47d426712c97a579172498ff672447a16d07f0
generated: "2023-12-20T17:18:44.037453+01:00"
6 changes: 5 additions & 1 deletion knative/helm/knative-serving/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,8 @@ name: knative-serving
description: Installs knative for plural
type: application
version: 0.1.25
appVersion: "0.26.0"
appVersion: "1.12.2"
dependencies:
- name: knative-serving
repository: oci://ghcr.io/davidspek/charts
version: 0.1.17
Binary file not shown.
132 changes: 132 additions & 0 deletions knative/helm/knative-serving/crds/certificate-crd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: certificates.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.12.2"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: Certificate is responsible for provisioning a SSL certificate for the given hosts. It is a Knative abstraction for various SSL certificate provisioning solutions (such as cert-manager or self-signed SSL certificate).
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Spec is the desired state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
required:
- dnsNames
- secretName
properties:
dnsNames:
description: DNSNames is a list of DNS names the Certificate could support. The wildcard format of DNSNames (e.g. *.default.example.com) is supported.
type: array
items:
type: string
domain:
description: Domain is the top level domain of the values for DNSNames.
type: string
secretName:
description: SecretName is the name of the secret resource to store the SSL certificate in.
type: string
status:
description: 'Status is the current state of the Certificate. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
properties:
annotations:
description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
type: object
additionalProperties:
type: string
conditions:
description: Conditions the latest available observations of a resource's current state.
type: array
items:
description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties'
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).
type: string
message:
description: A human readable message indicating details about the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
severity:
description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
http01Challenges:
description: HTTP01Challenges is a list of HTTP01 challenges that need to be fulfilled in order to get the TLS certificate..
type: array
items:
description: HTTP01Challenge defines the status of a HTTP01 challenge that a certificate needs to fulfill.
type: object
properties:
serviceName:
description: ServiceName is the name of the service to serve HTTP01 challenge requests.
type: string
serviceNamespace:
description: ServiceNamespace is the namespace of the service to serve HTTP01 challenge requests.
type: string
servicePort:
description: ServicePort is the port of the service to serve HTTP01 challenge requests.
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
url:
description: URL is the URL that the HTTP01 challenge is expected to serve on.
type: string
notAfter:
description: The expiration time of the TLS certificate stored in the secret named by this resource in spec.secretName.
type: string
format: date-time
observedGeneration:
description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.
type: integer
format: int64
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason"
names:
kind: Certificate
plural: certificates
singular: certificate
categories:
- knative-internal
- networking
shortNames:
- kcert
scope: Namespaced
49 changes: 49 additions & 0 deletions knative/helm/knative-serving/crds/clusterdomainclaim-crd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterdomainclaims.networking.internal.knative.dev
labels:
app.kubernetes.io/name: knative-serving
app.kubernetes.io/component: networking
app.kubernetes.io/version: "1.12.2"
knative.dev/crd-install: "true"
spec:
group: networking.internal.knative.dev
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
description: ClusterDomainClaim is a cluster-wide reservation for a particular domain name.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Spec is the desired state of the ClusterDomainClaim. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
type: object
required:
- namespace
properties:
namespace:
description: Namespace is the namespace which is allowed to create a DomainMapping using this ClusterDomainClaim's name.
type: string
names:
kind: ClusterDomainClaim
plural: clusterdomainclaims
singular: clusterdomainclaim
categories:
- knative-internal
- networking
shortNames:
- cdc
scope: Cluster
Loading
Loading