-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: introduces OSSM plugin for KfDef #515
Closed
Closed
Changes from 39 commits
Commits
Show all changes
41 commits
Select commit
Hold shift + click to select a range
a0c3710
chore: moves secret generation to its own package
bartoszmajsak 09f889f
feat(kfdef): introduces OSSMPlugin to handle infra setup
bartoszmajsak 9d44088
chore: bundle update
bartoszmajsak e1b784d
chore: renames authorino topic to label
bartoszmajsak 0781cbf
feat: introduces auth cfg map creation
bartoszmajsak 1b7c664
chore: migrate pre-existing data science projects (#1)
cam-garrison f518efb
feat(test): sets up testing for ossm plugin (#3)
bartoszmajsak d2ae6bf
feat: handles cleanup by using owner ref and cleanup hook (#4)
bartoszmajsak 2b24dbe
fix: extracts port from URL (#6)
bartoszmajsak d86f75e
feat: embed templates into operator plugin (#5)
cam-garrison a95952e
fix: add port field to oauth2 filter
cam-garrison 93ce890
fix(test): adds missing commas when constructing assertions
bartoszmajsak caf1ace
chore: renames data-science related func
bartoszmajsak 79f5f54
feat: check pre-requisites on OSSM plugin init (#7)
cam-garrison dbecd77
improvement:rework dashboard config patching
cam-garrison 3043502
feat: introduces Features DSL (#8)
bartoszmajsak e3cd297
feat: introduces conditional control plane installation (#10)
bartoszmajsak 1f84738
feat: allows to define token audience
bartoszmajsak 80b9da6
feat: creates ns as precondition
bartoszmajsak d741133
chore: waits for smcp after patching
bartoszmajsak 2b72020
chore: adds doc to plugin structs
bartoszmajsak d763462
chore: adds tests for ns creation
bartoszmajsak 468a52f
feat: automatically adds service-mesh overlay if app has it
bartoszmajsak 22e5653
chore: removes fixed version from SMCP template
bartoszmajsak 1d45f75
feat: splits authz and mesh dashboard config into two features
bartoszmajsak 788cc3f
chore: waits for control plane to be ready
bartoszmajsak 85ae14e
chore: adds owner reference to created namespace
bartoszmajsak 1da1b38
chore: removes unnecessary changes
bartoszmajsak 0f4b6bd
fix: disables autoinject (#9)
cam-garrison 3489840
chore: temporarily removes @camgarrison from OWNERS
bartoszmajsak 0c0f754
chore: improves resource tracker godoc
bartoszmajsak 720e69b
fix(dashboard): fetches config for modifaction from a ns instead of a…
bartoszmajsak eecc744
fix(routing): makes host prefixed with namespace name
bartoszmajsak 76455ce
feat: exposes kubeflow env vars in a custom file
bartoszmajsak 56bd16a
chore: updates bundle
bartoszmajsak 6cf1a73
chore: minor improvements in the docs
bartoszmajsak 3c1b35d
feat: enables certain features only if relevant app is defined
bartoszmajsak 5e061a4
chore: removes dead code (TODO)
bartoszmajsak e409f17
feat(cert): uses self-signed certificate as default
bartoszmajsak 5fad574
chore: adds Cameron back to OWNERS
bartoszmajsak 35460f5
chore: adds Cameron back to OWNERS
bartoszmajsak File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
apis/ossm.plugins.kubeflow.org/v1alpha1/groupversion_info.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
Copyright 2023. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Package v1alpha1 contains API Schema definitions for the gcp.plugins.kubeflow.org v1alpha1 API group | ||
// +kubebuilder:object:generate=true | ||
// +groupName=ossm.plugins.kubeflow.org | ||
package v1alpha1 | ||
|
||
import ( | ||
"k8s.io/apimachinery/pkg/runtime/schema" | ||
"sigs.k8s.io/controller-runtime/pkg/scheme" | ||
) | ||
|
||
var ( | ||
// GroupVersion is group version used to register these objects | ||
GroupVersion = schema.GroupVersion{Group: "ossm.plugins.kubeflow.org", Version: "v1alpha1"} | ||
|
||
// SchemeBuilder is used to add go types to the GroupVersionKind scheme | ||
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} | ||
|
||
// AddToScheme adds the types in this group-version to the given scheme. | ||
AddToScheme = SchemeBuilder.AddToScheme | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object | ||
|
||
// +k8s:openapi-gen=true | ||
// +kubebuilder:object:root=true | ||
// +kubebuilder:subresource:status | ||
type OssmPlugin struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec OssmPluginSpec `json:"spec,omitempty"` | ||
Status OssmPluginStatus `json:"status,omitempty"` | ||
} | ||
|
||
// OssmPluginSpec defines configuration needed for Openshift Service Mesh | ||
// for integration with Opendatahub. | ||
type OssmPluginSpec struct { | ||
// Mesh holds configuration of Service Mesh used by Opendatahub. | ||
Mesh MeshSpec `json:"mesh,omitempty"` | ||
// Auth holds configuration of authentication and authorization services | ||
// used by Service Mesh in Opendatahub. | ||
Auth AuthSpec `json:"auth,omitempty"` | ||
} | ||
|
||
// InstallationMode defines how the plugin should handle OpenShift Service Mesh installation. | ||
// If not specified `pre-installed` is assumed. | ||
type InstallationMode string | ||
|
||
var ( | ||
// PreInstalled indicates that KfDef plugin for Openshift Service Mesh will use existing | ||
// installation and patch Service Mesh Control Plane. | ||
PreInstalled InstallationMode = "pre-installed" | ||
|
||
// Minimal results in installing Openshift Service Mesh Control Plane | ||
// in defined namespace with minimal required configuration. | ||
Minimal InstallationMode = "minimal" | ||
) | ||
|
||
// MeshSpec holds information on how Service Mesh should be configured. | ||
type MeshSpec struct { | ||
// Name is a name Service Mesh Control Plan. Defaults to "basic". | ||
Name string `json:"name,omitempty"` | ||
// Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system". | ||
Namespace string `json:"namespace,omitempty"` | ||
// InstallationMode defines how the plugin should handle OpenShift Service Mesh installation. | ||
// If not specified `pre-installed` is assumed. | ||
// +kubebuilder:validation:Enum=minimal;pre-installed | ||
InstallationMode InstallationMode `json:"installationMode,omitempty"` | ||
// Certificate allows to define how to use certificates for the Service Mesh communication. | ||
Certificate CertSpec `json:"certificate,omitempty"` | ||
} | ||
|
||
type CertSpec struct { | ||
// Name of the certificate to be used by Service Mesh. | ||
Name string `json:"name,omitempty"` | ||
// Generate indicates if the certificate should be generated. If set to false | ||
// it will assume certificate with the given name is made available as a secret | ||
// in Service Mesh namespace. | ||
Generate bool `json:"generate,omitempty"` | ||
} | ||
|
||
type AuthSpec struct { | ||
// Name of the authorization provider used for Service Mesh. | ||
Name string `json:"name,omitempty"` | ||
// Namespace where it is deployed. | ||
Namespace string `json:"namespace,omitempty"` | ||
// Authorino holds configuration of Authorino service used as external authorization provider. | ||
Authorino AuthorinoSpec `json:"authorino,omitempty"` | ||
} | ||
|
||
type AuthorinoSpec struct { | ||
// Name specifies how external authorization provider should be called. | ||
Name string `json:"name,omitempty"` | ||
// Audiences is a list of the identifiers that the resource server presented | ||
// with the token identifies as. Audience-aware token authenticators will verify | ||
// that the token was intended for at least one of the audiences in this list. | ||
// If no audiences are provided, the audience will default to the audience of the | ||
// Kubernetes apiserver (kubernetes.default.svc). | ||
Audiences []string `json:"audiences,omitempty"` | ||
// Label narrows amount of AuthConfigs to process by Authorino service. | ||
Label string `json:"label,omitempty"` | ||
// Image allows to define a custom container image to be used when deploying Authorino's instance. | ||
Image string `json:"image,omitempty"` | ||
} | ||
|
||
// OssmPluginStatus defines the observed state of OssmPlugin | ||
type OssmPluginStatus struct { | ||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
// TODO model conditions | ||
} | ||
|
||
//+kubebuilder:object:root=true | ||
|
||
// OssmPluginList contains a list of OssmPlugins | ||
type OssmPluginList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []OssmPlugin `json:"items"` | ||
} | ||
|
||
// OssmResourceTracker is a cluster-scoped resource for tracking objects | ||
// created by Ossm plugin. It's primarily used as owner reference | ||
// for resources created across namespaces so that they can be | ||
// garbage collected by Kubernetes when they're not needed anymore. | ||
// +kubebuilder:object:root=true | ||
// +kubebuilder:resource:scope=Cluster | ||
type OssmResourceTracker struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec OssmResourceTrackerSpec `json:"spec,omitempty"` | ||
Status OssmResourceTrackerStatus `json:"status,omitempty"` | ||
} | ||
|
||
func (o *OssmResourceTracker) ToOwnerReference() metav1.OwnerReference { | ||
return metav1.OwnerReference{ | ||
APIVersion: o.APIVersion, | ||
Kind: o.Kind, | ||
Name: o.Name, | ||
UID: o.UID, | ||
} | ||
} | ||
|
||
// OssmResourceTrackerSpec defines the desired state of OssmResourceTracker | ||
type OssmResourceTrackerSpec struct { | ||
} | ||
|
||
// OssmResourceTrackerStatus defines the observed state of OssmResourceTracker | ||
type OssmResourceTrackerStatus struct { | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
|
||
// OssmResourceTrackerList contains a list of OssmResourceTracker | ||
type OssmResourceTrackerList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []OssmResourceTracker `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register( | ||
&OssmPlugin{}, | ||
&OssmPluginList{}, | ||
&OssmResourceTracker{}, | ||
&OssmResourceTrackerList{}, | ||
) | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without this option we are not able to use custom
struct
s for configuration.