Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: introduces OSSM plugin for KfDef #515

Closed
wants to merge 41 commits into from
Closed
Show file tree
Hide file tree
Changes from 39 commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
a0c3710
chore: moves secret generation to its own package
bartoszmajsak Sep 6, 2023
09f889f
feat(kfdef): introduces OSSMPlugin to handle infra setup
bartoszmajsak Jun 7, 2023
9d44088
chore: bundle update
bartoszmajsak Jun 28, 2023
e1b784d
chore: renames authorino topic to label
bartoszmajsak Jun 28, 2023
0781cbf
feat: introduces auth cfg map creation
bartoszmajsak Jul 7, 2023
1b7c664
chore: migrate pre-existing data science projects (#1)
cam-garrison Jul 10, 2023
f518efb
feat(test): sets up testing for ossm plugin (#3)
bartoszmajsak Jul 12, 2023
d2ae6bf
feat: handles cleanup by using owner ref and cleanup hook (#4)
bartoszmajsak Jul 14, 2023
2b24dbe
fix: extracts port from URL (#6)
bartoszmajsak Jul 26, 2023
d86f75e
feat: embed templates into operator plugin (#5)
cam-garrison Jul 31, 2023
a95952e
fix: add port field to oauth2 filter
cam-garrison Jul 31, 2023
93ce890
fix(test): adds missing commas when constructing assertions
bartoszmajsak Aug 7, 2023
caf1ace
chore: renames data-science related func
bartoszmajsak Aug 7, 2023
79f5f54
feat: check pre-requisites on OSSM plugin init (#7)
cam-garrison Aug 8, 2023
dbecd77
improvement:rework dashboard config patching
cam-garrison Aug 8, 2023
3043502
feat: introduces Features DSL (#8)
bartoszmajsak Aug 24, 2023
e3cd297
feat: introduces conditional control plane installation (#10)
bartoszmajsak Sep 1, 2023
1f84738
feat: allows to define token audience
bartoszmajsak Sep 4, 2023
80b9da6
feat: creates ns as precondition
bartoszmajsak Sep 4, 2023
d741133
chore: waits for smcp after patching
bartoszmajsak Sep 4, 2023
2b72020
chore: adds doc to plugin structs
bartoszmajsak Sep 4, 2023
d763462
chore: adds tests for ns creation
bartoszmajsak Sep 5, 2023
468a52f
feat: automatically adds service-mesh overlay if app has it
bartoszmajsak Sep 5, 2023
22e5653
chore: removes fixed version from SMCP template
bartoszmajsak Sep 5, 2023
1d45f75
feat: splits authz and mesh dashboard config into two features
bartoszmajsak Sep 5, 2023
788cc3f
chore: waits for control plane to be ready
bartoszmajsak Sep 5, 2023
85ae14e
chore: adds owner reference to created namespace
bartoszmajsak Sep 5, 2023
1da1b38
chore: removes unnecessary changes
bartoszmajsak Sep 5, 2023
0f4b6bd
fix: disables autoinject (#9)
cam-garrison Sep 5, 2023
3489840
chore: temporarily removes @camgarrison from OWNERS
bartoszmajsak Sep 6, 2023
0c0f754
chore: improves resource tracker godoc
bartoszmajsak Sep 6, 2023
720e69b
fix(dashboard): fetches config for modifaction from a ns instead of a…
bartoszmajsak Sep 7, 2023
eecc744
fix(routing): makes host prefixed with namespace name
bartoszmajsak Sep 7, 2023
76455ce
feat: exposes kubeflow env vars in a custom file
bartoszmajsak Sep 7, 2023
56bd16a
chore: updates bundle
bartoszmajsak Sep 6, 2023
6cf1a73
chore: minor improvements in the docs
bartoszmajsak Sep 8, 2023
3c1b35d
feat: enables certain features only if relevant app is defined
bartoszmajsak Sep 13, 2023
5e061a4
chore: removes dead code (TODO)
bartoszmajsak Sep 13, 2023
e409f17
feat(cert): uses self-signed certificate as default
bartoszmajsak Sep 13, 2023
5fad574
chore: adds Cameron back to OWNERS
bartoszmajsak Sep 19, 2023
35460f5
chore: adds Cameron back to OWNERS
bartoszmajsak Sep 19, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,15 @@ components/gcp-click-to-deploy/src/user_config/**
**/reg_tmp
scripts/gke/build/**

# test artifacts
**/ginkgo-test-results.xml

## test binary, build with `go test -c`
*.test

## output of the go coverage tools
*.out

# test data
tests/data/test-data.tar.gz
# Ignore downloaded odh manifests
Expand Down
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,11 @@ vet: ## Run go vet against code.
test: manifests generate fmt vet envtest ## Run tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out

.PHONY: test-ossm
test-ossm: manifests generate fmt vet envtest ## Run tests.
go test ./pkg/kfapp/ossm/... -coverprofile cover.out
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./tests/integration/... -coverprofile cover.out

##@ Build

.PHONY: build
Expand Down
1 change: 1 addition & 0 deletions apis/apps/group.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,7 @@ const (
GCP = "gcp"
MINIKUBE = "minikube"
EXISTING_ARRIKTO = "existing_arrikto"
OSSM = "ossm"
)

// PackageManagers
Expand Down
2 changes: 2 additions & 0 deletions apis/kfdef.apps.kubeflow.org/v1/kfdef_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ type Plugin struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

// +optional
// +kubebuilder:pruning:PreserveUnknownFields
Spec *runtime.RawExtension `json:"spec,omitempty"`
Comment on lines +92 to 94
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without this option we are not able to use custom structs for configuration.

}

Expand Down
36 changes: 36 additions & 0 deletions apis/ossm.plugins.kubeflow.org/v1alpha1/groupversion_info.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
/*
Copyright 2023.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// Package v1alpha1 contains API Schema definitions for the gcp.plugins.kubeflow.org v1alpha1 API group
// +kubebuilder:object:generate=true
// +groupName=ossm.plugins.kubeflow.org
package v1alpha1

import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)

var (
// GroupVersion is group version used to register these objects
GroupVersion = schema.GroupVersion{Group: "ossm.plugins.kubeflow.org", Version: "v1alpha1"}

// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

// AddToScheme adds the types in this group-version to the given scheme.
AddToScheme = SchemeBuilder.AddToScheme
)
154 changes: 154 additions & 0 deletions apis/ossm.plugins.kubeflow.org/v1alpha1/ossm_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// +k8s:openapi-gen=true
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
type OssmPlugin struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec OssmPluginSpec `json:"spec,omitempty"`
Status OssmPluginStatus `json:"status,omitempty"`
}

// OssmPluginSpec defines configuration needed for Openshift Service Mesh
// for integration with Opendatahub.
type OssmPluginSpec struct {
// Mesh holds configuration of Service Mesh used by Opendatahub.
Mesh MeshSpec `json:"mesh,omitempty"`
// Auth holds configuration of authentication and authorization services
// used by Service Mesh in Opendatahub.
Auth AuthSpec `json:"auth,omitempty"`
}

// InstallationMode defines how the plugin should handle OpenShift Service Mesh installation.
// If not specified `pre-installed` is assumed.
type InstallationMode string

var (
// PreInstalled indicates that KfDef plugin for Openshift Service Mesh will use existing
// installation and patch Service Mesh Control Plane.
PreInstalled InstallationMode = "pre-installed"

// Minimal results in installing Openshift Service Mesh Control Plane
// in defined namespace with minimal required configuration.
Minimal InstallationMode = "minimal"
)

// MeshSpec holds information on how Service Mesh should be configured.
type MeshSpec struct {
// Name is a name Service Mesh Control Plan. Defaults to "basic".
Name string `json:"name,omitempty"`
// Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system".
Namespace string `json:"namespace,omitempty"`
// InstallationMode defines how the plugin should handle OpenShift Service Mesh installation.
// If not specified `pre-installed` is assumed.
// +kubebuilder:validation:Enum=minimal;pre-installed
InstallationMode InstallationMode `json:"installationMode,omitempty"`
// Certificate allows to define how to use certificates for the Service Mesh communication.
Certificate CertSpec `json:"certificate,omitempty"`
}

type CertSpec struct {
// Name of the certificate to be used by Service Mesh.
Name string `json:"name,omitempty"`
// Generate indicates if the certificate should be generated. If set to false
// it will assume certificate with the given name is made available as a secret
// in Service Mesh namespace.
Generate bool `json:"generate,omitempty"`
}

type AuthSpec struct {
// Name of the authorization provider used for Service Mesh.
Name string `json:"name,omitempty"`
// Namespace where it is deployed.
Namespace string `json:"namespace,omitempty"`
// Authorino holds configuration of Authorino service used as external authorization provider.
Authorino AuthorinoSpec `json:"authorino,omitempty"`
}

type AuthorinoSpec struct {
// Name specifies how external authorization provider should be called.
Name string `json:"name,omitempty"`
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will verify
// that the token was intended for at least one of the audiences in this list.
// If no audiences are provided, the audience will default to the audience of the
// Kubernetes apiserver (kubernetes.default.svc).
Audiences []string `json:"audiences,omitempty"`
// Label narrows amount of AuthConfigs to process by Authorino service.
Label string `json:"label,omitempty"`
// Image allows to define a custom container image to be used when deploying Authorino's instance.
Image string `json:"image,omitempty"`
}

// OssmPluginStatus defines the observed state of OssmPlugin
type OssmPluginStatus struct {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
// TODO model conditions
}

//+kubebuilder:object:root=true

// OssmPluginList contains a list of OssmPlugins
type OssmPluginList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OssmPlugin `json:"items"`
}

// OssmResourceTracker is a cluster-scoped resource for tracking objects
// created by Ossm plugin. It's primarily used as owner reference
// for resources created across namespaces so that they can be
// garbage collected by Kubernetes when they're not needed anymore.
// +kubebuilder:object:root=true
// +kubebuilder:resource:scope=Cluster
type OssmResourceTracker struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec OssmResourceTrackerSpec `json:"spec,omitempty"`
Status OssmResourceTrackerStatus `json:"status,omitempty"`
}

func (o *OssmResourceTracker) ToOwnerReference() metav1.OwnerReference {
return metav1.OwnerReference{
APIVersion: o.APIVersion,
Kind: o.Kind,
Name: o.Name,
UID: o.UID,
}
}

// OssmResourceTrackerSpec defines the desired state of OssmResourceTracker
type OssmResourceTrackerSpec struct {
}

// OssmResourceTrackerStatus defines the observed state of OssmResourceTracker
type OssmResourceTrackerStatus struct {
}

// +kubebuilder:object:root=true

// OssmResourceTrackerList contains a list of OssmResourceTracker
type OssmResourceTrackerList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []OssmResourceTracker `json:"items"`
}

func init() {
SchemeBuilder.Register(
&OssmPlugin{},
&OssmPluginList{},
&OssmResourceTracker{},
&OssmResourceTrackerList{},
)
}
Loading