From a9d1b2faa0d403065f0ab86be3829d8353f6a0f3 Mon Sep 17 00:00:00 2001 From: Humair Khan Date: Mon, 19 Aug 2024 14:12:15 -0400 Subject: [PATCH 01/14] add kuberoot-ca to sample Signed-off-by: Humair Khan --- config/samples/v2/dspa-simple/dspa_simple.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/samples/v2/dspa-simple/dspa_simple.yaml b/config/samples/v2/dspa-simple/dspa_simple.yaml index e80ebc92..5d28ff0a 100644 --- a/config/samples/v2/dspa-simple/dspa_simple.yaml +++ b/config/samples/v2/dspa-simple/dspa_simple.yaml @@ -6,6 +6,9 @@ spec: dspVersion: v2 apiServer: enableSamplePipeline: true + cABundle: + configMapKey: ca.crt + configMapName: kube-root-ca.crt objectStorage: # Need to enable this for artifact download links to work # i.e. for when requesting /apis/v2beta1/artifacts/{id}?share_url=true From 778497c9f816dc4a4a5f79e0ee7e07b96402bcb2 Mon Sep 17 00:00:00 2001 From: hbelmiro Date: Thu, 29 Aug 2024 11:18:43 -0300 Subject: [PATCH 02/14] chore: Improved logs for tests Signed-off-by: hbelmiro --- controllers/testutil/util.go | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/controllers/testutil/util.go b/controllers/testutil/util.go index d6a2c7f4..f5d1c962 100644 --- a/controllers/testutil/util.go +++ b/controllers/testutil/util.go @@ -21,7 +21,9 @@ import ( "fmt" dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "os" + ctrl "sigs.k8s.io/controller-runtime" "testing" "time" @@ -121,22 +123,25 @@ func DeleteResource(uc UtilContext, path string, t *testing.T) { // See testutil.CompareResourceProcs for supported procedures. func CompareResources(uc UtilContext, path string, t *testing.T) { manifest, err := mf.NewManifest(path, uc.Opts) - assert.NoError(t, err) + require.NoError(t, err) manifest, err = manifest.Transform(mf.InjectNamespace(uc.Ns)) - assert.NoError(t, err) + require.NoError(t, err) expected := &manifest.Resources()[0] var actual *unstructured.Unstructured - assert.Eventually(t, func() bool { + require.Eventually(t, func() bool { var err error actual, err = manifest.Client.Get(expected) + if err != nil { + ctrl.Log.Info("Error when trying to get " + expected.GetName() + " (will keep trying until reaching timeout): " + err.Error()) + } return err == nil }, timeout, interval) rest := expected.Object["kind"].(string) result, err := CompareResourceProcs[rest](expected, actual) - assert.NoError(t, err) - assert.True(t, result) + require.NoError(t, err) + require.True(t, result) } // DirExists checks whether dir at path exists From 3f9f9ff6628165a5ecb28da00a8bccfd21829981 Mon Sep 17 00:00:00 2001 From: hbelmiro Date: Wed, 4 Sep 2024 15:52:02 -0300 Subject: [PATCH 03/14] Removed imagePullPolicy: IfNotPresent Signed-off-by: hbelmiro --- .github/resources/minio/deployment.yaml | 2 +- .github/resources/pypiserver/base/pypiserver.yaml | 2 +- config/internal/apiserver/default/deployment.yaml.tmpl | 2 +- config/internal/mlpipelines-ui/deployment.yaml.tmpl | 2 +- config/internal/persistence-agent/deployment.yaml.tmpl | 2 +- config/internal/scheduled-workflow/deployment.yaml.tmpl | 2 +- config/internal/workflow-controller/configmap.yaml.tmpl | 2 +- config/manager/manager.yaml | 2 +- .../custom-workflow-controller-configmap.yaml | 2 +- .../case_0/expected/created/apiserver_deployment.yaml | 2 +- .../case_0/expected/created/persistence-agent_deployment.yaml | 2 +- .../case_0/expected/created/scheduled-workflow_deployment.yaml | 2 +- .../case_2/expected/created/apiserver_deployment.yaml | 2 +- .../case_2/expected/created/mlpipelines-ui_deployment.yaml | 2 +- .../case_2/expected/created/persistence-agent_deployment.yaml | 2 +- .../case_2/expected/created/scheduled-workflow_deployment.yaml | 2 +- .../case_3/expected/created/apiserver_deployment.yaml | 2 +- .../case_4/expected/created/apiserver_deployment.yaml | 2 +- .../case_4/expected/created/mlpipelines-ui_deployment.yaml | 2 +- .../case_4/expected/created/persistence-agent_deployment.yaml | 2 +- .../case_4/expected/created/scheduled-workflow_deployment.yaml | 2 +- .../case_5/expected/created/apiserver_deployment.yaml | 2 +- .../case_5/expected/created/mlpipelines-ui_deployment.yaml | 2 +- .../case_5/expected/created/persistence-agent_deployment.yaml | 2 +- .../case_5/expected/created/scheduled-workflow_deployment.yaml | 2 +- .../case_6/expected/created/apiserver_deployment.yaml | 2 +- .../case_7/expected/created/apiserver_deployment.yaml | 2 +- .../case_7/expected/created/mlpipelines-ui_deployment.yaml | 2 +- .../case_7/expected/created/persistence-agent_deployment.yaml | 2 +- .../case_7/expected/created/scheduled-workflow_deployment.yaml | 2 +- .../case_8/expected/created/apiserver_deployment.yaml | 2 +- .../case_9/expected/created/apiserver_deployment.yaml | 2 +- .../case_9/expected/created/mlpipelines-ui_deployment.yaml | 2 +- .../case_9/expected/created/persistence-agent_deployment.yaml | 2 +- 34 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/resources/minio/deployment.yaml b/.github/resources/minio/deployment.yaml index 61f98f01..127c11cc 100644 --- a/.github/resources/minio/deployment.yaml +++ b/.github/resources/minio/deployment.yaml @@ -55,7 +55,7 @@ spec: ports: - containerPort: 9000 protocol: TCP - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting volumeMounts: - name: data mountPath: /data diff --git a/.github/resources/pypiserver/base/pypiserver.yaml b/.github/resources/pypiserver/base/pypiserver.yaml index 901410f8..61cb31c9 100644 --- a/.github/resources/pypiserver/base/pypiserver.yaml +++ b/.github/resources/pypiserver/base/pypiserver.yaml @@ -14,7 +14,7 @@ spec: spec: containers: - image: "quay.io/harshad16/pypi-server" - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: pypi-server command: - pypi-server diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index 4ec655ec..dc49edf8 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -176,7 +176,7 @@ spec: value: "{{.APIServer.TerminateStatus}}" {{ end }} image: {{.APIServer.Image}} - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/config/internal/mlpipelines-ui/deployment.yaml.tmpl b/config/internal/mlpipelines-ui/deployment.yaml.tmpl index 3fd21c3b..e6926a76 100644 --- a/config/internal/mlpipelines-ui/deployment.yaml.tmpl +++ b/config/internal/mlpipelines-ui/deployment.yaml.tmpl @@ -79,7 +79,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: {{.MlPipelineUI.Image}} - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: httpGet: port: 3000 diff --git a/config/internal/persistence-agent/deployment.yaml.tmpl b/config/internal/persistence-agent/deployment.yaml.tmpl index 705d5620..9c91bc8d 100644 --- a/config/internal/persistence-agent/deployment.yaml.tmpl +++ b/config/internal/persistence-agent/deployment.yaml.tmpl @@ -45,7 +45,7 @@ spec: value: "/etc/pki/tls/certs:/var/run/secrets/kubernetes.io/serviceaccount/" {{ end }} image: "{{.PersistenceAgent.Image}}" - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/config/internal/scheduled-workflow/deployment.yaml.tmpl b/config/internal/scheduled-workflow/deployment.yaml.tmpl index dd7febf7..241b3e40 100644 --- a/config/internal/scheduled-workflow/deployment.yaml.tmpl +++ b/config/internal/scheduled-workflow/deployment.yaml.tmpl @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: "{{.ScheduledWorkflow.Image}}" - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/config/internal/workflow-controller/configmap.yaml.tmpl b/config/internal/workflow-controller/configmap.yaml.tmpl index 7d7788bc..49aab8a2 100644 --- a/config/internal/workflow-controller/configmap.yaml.tmpl +++ b/config/internal/workflow-controller/configmap.yaml.tmpl @@ -38,4 +38,4 @@ data: key: "{{.ObjectStorageConnection.CredentialsSecret.SecretKey}}" containerRuntimeExecutor: emissary # TODO executor: | - imagePullPolicy: IfNotPresent # TODO + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # TODO diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index ad88f1a5..f028ff04 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -34,7 +34,7 @@ spec: - /home/config image: $(IMAGES_DSPO) name: manager - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting env: # Env vars are prioritized over --config - name: IMAGES_APISERVER diff --git a/config/samples/v2/custom-workflow-controller-config/custom-workflow-controller-configmap.yaml b/config/samples/v2/custom-workflow-controller-config/custom-workflow-controller-configmap.yaml index c7302cc9..940ba78b 100644 --- a/config/samples/v2/custom-workflow-controller-config/custom-workflow-controller-configmap.yaml +++ b/config/samples/v2/custom-workflow-controller-config/custom-workflow-controller-configmap.yaml @@ -27,7 +27,7 @@ data: key: "secretkey" containerRuntimeExecutor: emissary executor: | - imagePullPolicy: IfNotPresent # TODO + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # TODO kind: ConfigMap metadata: name: custom-workflow-controller-configmap diff --git a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml index 8b92f211..8aeb7c67 100644 --- a/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_0/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: TERMINATE_STATUS value: "Cancelled" image: api-server:test0 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_0/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/persistence-agent_deployment.yaml index ecce799a..30b58463 100644 --- a/controllers/testdata/declarative/case_0/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_0/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: persistenceagent:test0 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/controllers/testdata/declarative/case_0/expected/created/scheduled-workflow_deployment.yaml b/controllers/testdata/declarative/case_0/expected/created/scheduled-workflow_deployment.yaml index e5aee424..e25e252a 100644 --- a/controllers/testdata/declarative/case_0/expected/created/scheduled-workflow_deployment.yaml +++ b/controllers/testdata/declarative/case_0/expected/created/scheduled-workflow_deployment.yaml @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: scheduledworkflow:test0 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml index 810ddfc1..ce8956c8 100644 --- a/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: TERMINATE_STATUS value: "Cancelled" image: api-server:test2 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_2/expected/created/mlpipelines-ui_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/mlpipelines-ui_deployment.yaml index 444851cc..53b19793 100644 --- a/controllers/testdata/declarative/case_2/expected/created/mlpipelines-ui_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/mlpipelines-ui_deployment.yaml @@ -72,7 +72,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: frontend:test2 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: exec: command: diff --git a/controllers/testdata/declarative/case_2/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/persistence-agent_deployment.yaml index db064397..6db4d107 100644 --- a/controllers/testdata/declarative/case_2/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: persistenceagent:test2 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/controllers/testdata/declarative/case_2/expected/created/scheduled-workflow_deployment.yaml b/controllers/testdata/declarative/case_2/expected/created/scheduled-workflow_deployment.yaml index 78b8b382..f49e4341 100644 --- a/controllers/testdata/declarative/case_2/expected/created/scheduled-workflow_deployment.yaml +++ b/controllers/testdata/declarative/case_2/expected/created/scheduled-workflow_deployment.yaml @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: scheduledworkflow:test2 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml index c7981966..875a79f7 100644 --- a/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_3/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: TERMINATE_STATUS value: "Cancelled" image: api-server:test3 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml index 16131faa..e26220ec 100644 --- a/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: TERMINATE_STATUS value: "Cancelled" image: this-apiserver-image-from-cr-should-be-used:test4 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] volumeMounts: diff --git a/controllers/testdata/declarative/case_4/expected/created/mlpipelines-ui_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/mlpipelines-ui_deployment.yaml index 1b759701..62022305 100644 --- a/controllers/testdata/declarative/case_4/expected/created/mlpipelines-ui_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/mlpipelines-ui_deployment.yaml @@ -72,7 +72,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: this-frontend-image-from-cr-should-be-used:test4 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: exec: command: diff --git a/controllers/testdata/declarative/case_4/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/persistence-agent_deployment.yaml index c4118d68..b25c4471 100644 --- a/controllers/testdata/declarative/case_4/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: this-persistenceagent-image-from-cr-should-be-used:test4 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/controllers/testdata/declarative/case_4/expected/created/scheduled-workflow_deployment.yaml b/controllers/testdata/declarative/case_4/expected/created/scheduled-workflow_deployment.yaml index 80e2084a..c85f687e 100644 --- a/controllers/testdata/declarative/case_4/expected/created/scheduled-workflow_deployment.yaml +++ b/controllers/testdata/declarative/case_4/expected/created/scheduled-workflow_deployment.yaml @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: this-scheduledworkflow-image-from-cr-should-be-used:test4 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml index 8f193788..2af6993a 100644 --- a/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/apiserver_deployment.yaml @@ -117,7 +117,7 @@ spec: - name: TERMINATE_STATUS value: "Cancelled" image: api-server:test5 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_5/expected/created/mlpipelines-ui_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/mlpipelines-ui_deployment.yaml index abec9309..a549d1d5 100644 --- a/controllers/testdata/declarative/case_5/expected/created/mlpipelines-ui_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/mlpipelines-ui_deployment.yaml @@ -72,7 +72,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: frontend:test5 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: exec: command: diff --git a/controllers/testdata/declarative/case_5/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/persistence-agent_deployment.yaml index 2a22a22a..faad5b73 100644 --- a/controllers/testdata/declarative/case_5/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: persistenceagent:test5 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/controllers/testdata/declarative/case_5/expected/created/scheduled-workflow_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/scheduled-workflow_deployment.yaml index ab88f8de..f315e6cc 100644 --- a/controllers/testdata/declarative/case_5/expected/created/scheduled-workflow_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/scheduled-workflow_deployment.yaml @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: scheduledworkflow:test5 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml index 03828eb2..73b2b7f1 100644 --- a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: DBCONFIG_MYSQLCONFIG_PORT value: "test6" image: api-server:test6 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml index b9603e2d..2458af03 100644 --- a/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/apiserver_deployment.yaml @@ -103,7 +103,7 @@ spec: - name: DBCONFIG_MYSQLCONFIG_PORT value: "3306" image: api-server:test7 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_7/expected/created/mlpipelines-ui_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/mlpipelines-ui_deployment.yaml index 2c0c82d6..abf2d040 100644 --- a/controllers/testdata/declarative/case_7/expected/created/mlpipelines-ui_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/mlpipelines-ui_deployment.yaml @@ -72,7 +72,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: frontend:test7 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: exec: command: diff --git a/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml index abcb70d3..a5f4e31f 100644 --- a/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: Workflow image: persistenceagent:test7 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent diff --git a/controllers/testdata/declarative/case_7/expected/created/scheduled-workflow_deployment.yaml b/controllers/testdata/declarative/case_7/expected/created/scheduled-workflow_deployment.yaml index 03d14f33..2a0d4fd0 100644 --- a/controllers/testdata/declarative/case_7/expected/created/scheduled-workflow_deployment.yaml +++ b/controllers/testdata/declarative/case_7/expected/created/scheduled-workflow_deployment.yaml @@ -31,7 +31,7 @@ spec: - name: EXECUTIONTYPE value: PipelineRun image: scheduledworkflow:test7 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-scheduledworkflow command: - controller diff --git a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml index ae01ded7..ebbd6721 100644 --- a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml @@ -113,7 +113,7 @@ spec: - name: DBCONFIG_MYSQLCONFIG_PORT value: "3306" image: api-server:test8 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_9/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_9/expected/created/apiserver_deployment.yaml index be53d39b..86a7c730 100644 --- a/controllers/testdata/declarative/case_9/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_9/expected/created/apiserver_deployment.yaml @@ -103,7 +103,7 @@ spec: - name: DBCONFIG_MYSQLCONFIG_PORT value: "3306" image: api-server:test9 - imagePullPolicy: Always + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-api-server command: ['/bin/apiserver'] args: diff --git a/controllers/testdata/declarative/case_9/expected/created/mlpipelines-ui_deployment.yaml b/controllers/testdata/declarative/case_9/expected/created/mlpipelines-ui_deployment.yaml index a34edeb0..d8bf9c83 100644 --- a/controllers/testdata/declarative/case_9/expected/created/mlpipelines-ui_deployment.yaml +++ b/controllers/testdata/declarative/case_9/expected/created/mlpipelines-ui_deployment.yaml @@ -72,7 +72,7 @@ spec: - name: DISABLE_GKE_METADATA value: 'true' image: frontend:test9 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting livenessProbe: exec: command: diff --git a/controllers/testdata/declarative/case_9/expected/created/persistence-agent_deployment.yaml b/controllers/testdata/declarative/case_9/expected/created/persistence-agent_deployment.yaml index 46d622e3..27fcf135 100644 --- a/controllers/testdata/declarative/case_9/expected/created/persistence-agent_deployment.yaml +++ b/controllers/testdata/declarative/case_9/expected/created/persistence-agent_deployment.yaml @@ -37,7 +37,7 @@ spec: - name: EXECUTIONTYPE value: Workflow image: persistenceagent:test9 - imagePullPolicy: IfNotPresent + # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting name: ds-pipeline-persistenceagent command: - persistence_agent From 4e140bd40a0fd6cfa734ac179618de26e37b6f99 Mon Sep 17 00:00:00 2001 From: Anish Asthana Date: Thu, 5 Sep 2024 11:22:26 -0400 Subject: [PATCH 04/14] OWNERS updates Add anishasthana Move accorvin to emeritus Remove amudhusu from reviewers --- OWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 46c6d857..447c1227 100644 --- a/OWNERS +++ b/OWNERS @@ -1,5 +1,5 @@ approvers: - - accorvin + - anishasthana - DharmitD - dsp-developers - gmfrasca @@ -7,7 +7,6 @@ approvers: - HumairAK - rimolive reviewers: - - amadhusu - DharmitD - gmfrasca - gregsheremeta @@ -16,4 +15,5 @@ reviewers: - rimolive - VaniHaripriya emeritus_approvers: + - accorvin - harshad16 From 145f3ca54cdaa79b117726ad60898c6420ccb04f Mon Sep 17 00:00:00 2001 From: Helber Belmiro Date: Tue, 17 Sep 2024 11:46:35 -0300 Subject: [PATCH 05/14] Bumped actions/upload-artifact to v4 Signed-off-by: Helber Belmiro --- .github/workflows/build-prs-trigger.yaml | 3 ++- .github/workflows/release_trigger.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-prs-trigger.yaml b/.github/workflows/build-prs-trigger.yaml index 383ae4bf..ddea2b16 100644 --- a/.github/workflows/build-prs-trigger.yaml +++ b/.github/workflows/build-prs-trigger.yaml @@ -2,6 +2,7 @@ name: Trigger build images for PRs on: pull_request: paths: + - .github/workflows/build-prs-trigger.yaml - go.mod - go.sum - controllers/** @@ -28,7 +29,7 @@ jobs: echo ${{ github.event.pull_request.state }} >> ./pr/pr_state echo ${{ github.event.pull_request.head.sha }} >> ./pr/head_sha echo ${{ github.event.action }} >> ./pr/event_action - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v4 with: name: pr path: pr/ diff --git a/.github/workflows/release_trigger.yaml b/.github/workflows/release_trigger.yaml index 1ae551f1..37a4017c 100644 --- a/.github/workflows/release_trigger.yaml +++ b/.github/workflows/release_trigger.yaml @@ -22,7 +22,7 @@ jobs: PR_STATE: ${{ github.event.pull_request.state }} PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} run: ./.github/scripts/release_trigger/upload-data.sh - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v4 with: name: pr path: pr/ From b616f69e765f8e9492dec3605664454467fd49a4 Mon Sep 17 00:00:00 2001 From: Diego Lovison Date: Tue, 17 Sep 2024 12:00:24 -0300 Subject: [PATCH 06/14] Move kind-integration.sh content to tests.sh and target environment for testing The goal of test.sh is to be the starting point for allowing a test be running to the following target: kind, fresh OpenShift, an OpenShift cluster with RHOAI installed. --- .github/scripts/tests/kind-integration.sh | 135 ------------- .github/scripts/tests/tests.sh | 221 +++++++++++++++++++++- .github/workflows/kind-integration.yml | 2 +- 3 files changed, 219 insertions(+), 139 deletions(-) delete mode 100755 .github/scripts/tests/kind-integration.sh diff --git a/.github/scripts/tests/kind-integration.sh b/.github/scripts/tests/kind-integration.sh deleted file mode 100755 index ab005018..00000000 --- a/.github/scripts/tests/kind-integration.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/bash -set -e - -if [ "$GIT_WORKSPACE" = "" ]; then - echo "GIT_WORKSPACE variable not defined. Should be the root of the source code. Example GIT_WORKSPACE=/home/dev/git/data-science-pipelines-operator" && exit -fi - -if [ "$REGISTRY_ADDRESS" = "" ]; then - echo "REGISTRY_ADDRESS variable not defined." && exit -fi - -# Env vars -IMAGE_REPO_DSPO="data-science-pipelines-operator" -DSPA_NAMESPACE="test-dspa" -DSPA_EXTERNAL_NAMESPACE="dspa-ext" -MINIO_NAMESPACE="test-minio" -MARIADB_NAMESPACE="test-mariadb" -PYPISERVER_NAMESPACE="test-pypiserver" -DSPA_NAME="test-dspa" -DSPA_EXTERNAL_NAME="dspa-ext" -DSPA_DEPLOY_WAIT_TIMEOUT="300" -INTEGRATION_TESTS_DIR="${GIT_WORKSPACE}/tests" -DSPA_PATH="${GIT_WORKSPACE}/tests/resources/dspa-lite.yaml" -DSPA_EXTERNAL_PATH="${GIT_WORKSPACE}/tests/resources/dspa-external-lite.yaml" -CONFIG_DIR="${GIT_WORKSPACE}/config" -RESOURCES_DIR_CRD="${GIT_WORKSPACE}/.github/resources" -DSPO_IMAGE="${REGISTRY_ADDRESS}/data-science-pipelines-operator" -OPENDATAHUB_NAMESPACE="opendatahub" -RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" - -# TODO: Consolidate testing CRDS (2 locations) -echo "---------------------------------" -echo "# Apply OCP CRDs" -echo "---------------------------------" -kubectl apply -f ${RESOURCES_DIR_CRD}/crds -kubectl apply -f "${CONFIG_DIR}/crd/external/route.openshift.io_routes.yaml" - -echo "---------------------------------" -echo "Build image" -echo "---------------------------------" -( cd $GIT_WORKSPACE && make podman-build -e IMG="${DSPO_IMAGE}" ) - -echo "---------------------------------" -echo "Create opendatahub namespace" -echo "---------------------------------" -kubectl create namespace $OPENDATAHUB_NAMESPACE - -echo "---------------------------------" -echo "Deploy Argo Lite" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/argo-lite" && kustomize build . | kubectl -n $OPENDATAHUB_NAMESPACE apply -f - ) - -echo "---------------------------------" -echo "Deploy DSPO" -echo "---------------------------------" -( cd $GIT_WORKSPACE && make podman-push -e IMG="${DSPO_IMAGE}" ) -( cd $GIT_WORKSPACE && make deploy-kind -e IMG="${DSPO_IMAGE}" ) - -echo "---------------------------------" -echo "Create Minio Namespace" -echo "---------------------------------" -kubectl create namespace $MINIO_NAMESPACE - -echo "---------------------------------" -echo "Deploy Minio" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/minio" && kustomize build . | kubectl -n $MINIO_NAMESPACE apply -f - ) - -echo "---------------------------------" -echo "Create MariaDB Namespace" -echo "---------------------------------" -kubectl create namespace $MARIADB_NAMESPACE - -echo "---------------------------------" -echo "Deploy MariaDB" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/mariadb" && kustomize build . | kubectl -n $MARIADB_NAMESPACE apply -f - ) - -echo "---------------------------------" -echo "Create Pypiserver Namespace" -echo "---------------------------------" -kubectl create namespace $PYPISERVER_NAMESPACE - -echo "---------------------------------" -echo "Deploy pypi-server" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/pypiserver/base" && kustomize build . | kubectl -n $PYPISERVER_NAMESPACE apply -f - ) - -echo "---------------------------------" -echo "Wait for Dependencies (DSPO, Minio, Mariadb, Pypi server)" -echo "---------------------------------" -kubectl wait -n $OPENDATAHUB_NAMESPACE --timeout=60s --for=condition=Available=true deployment data-science-pipelines-operator-controller-manager -kubectl wait -n $MARIADB_NAMESPACE --timeout=60s --for=condition=Available=true deployment mariadb -kubectl wait -n $MINIO_NAMESPACE --timeout=60s --for=condition=Available=true deployment minio -kubectl wait -n $PYPISERVER_NAMESPACE --timeout=60s --for=condition=Available=true deployment pypi-server - -echo "---------------------------------" -echo "Upload Python Packages to pypi-server" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/scripts/python_package_upload" && sh package_upload.sh ) - -echo "---------------------------------" -echo "Create DSPA Namespace" -echo "---------------------------------" -kubectl create namespace $DSPA_NAMESPACE - -echo "---------------------------------" -echo "Create Namespace for DSPA with External connections" -echo "---------------------------------" -kubectl create namespace $DSPA_EXTERNAL_NAMESPACE - -echo "---------------------------------" -echo "Apply MariaDB and Minio Secrets and Configmaps in the External Namespace" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/external-pre-reqs" && kustomize build . | oc -n $DSPA_EXTERNAL_NAMESPACE apply -f - ) - -echo "---------------------------------" -echo "Apply PIP Server ConfigMap" -echo "---------------------------------" -( cd "${GIT_WORKSPACE}/.github/resources/pypiserver/base" && kubectl apply -f $RESOURCES_DIR_PYPI/nginx-tls-config.yaml -n $DSPA_NAMESPACE ) - -echo "---------------------------------" -echo "Run tests" -echo "---------------------------------" -( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) - -echo "---------------------------------" -echo "Run tests for DSPA with External Connections" -echo "---------------------------------" -( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) - -echo "---------------------------------" -echo "Clean up" -echo "---------------------------------" -( cd $GIT_WORKSPACE && make undeploy-kind ) diff --git a/.github/scripts/tests/tests.sh b/.github/scripts/tests/tests.sh index a48aed0f..a92ebebb 100755 --- a/.github/scripts/tests/tests.sh +++ b/.github/scripts/tests/tests.sh @@ -1,5 +1,220 @@ -#!/usr/bin/env bash +#!/bin/bash +# This is script is defined as the following: +# 1 - We declare the required environment variables +# 2 - Has the functions defined +# 3 - Setup the environment and run the tests by using the appropriated functions -set -ex +set -e -echo "Perform any tests on the branch, confirm stability. If issues are found, they should be corrected in `main/master` and be cherry-picked into this branch." +# ------------------------------------ +# Env vars +if [ "$GIT_WORKSPACE" = "" ]; then + echo "GIT_WORKSPACE variable not defined. Should be the root of the source code. Example GIT_WORKSPACE=/home/dev/git/data-science-pipelines-operator" && exit +fi + +if [ "$REGISTRY_ADDRESS" = "" ]; then + echo "REGISTRY_ADDRESS variable not defined." && exit +fi + +IMAGE_REPO_DSPO="data-science-pipelines-operator" +DSPA_NAMESPACE="test-dspa" +DSPA_EXTERNAL_NAMESPACE="dspa-ext" +MINIO_NAMESPACE="test-minio" +MARIADB_NAMESPACE="test-mariadb" +PYPISERVER_NAMESPACE="test-pypiserver" +DSPA_NAME="test-dspa" +DSPA_EXTERNAL_NAME="dspa-ext" +DSPA_DEPLOY_WAIT_TIMEOUT="300" +INTEGRATION_TESTS_DIR="${GIT_WORKSPACE}/tests" +DSPA_PATH="${GIT_WORKSPACE}/tests/resources/dspa-lite.yaml" +DSPA_EXTERNAL_PATH="${GIT_WORKSPACE}/tests/resources/dspa-external-lite.yaml" +CONFIG_DIR="${GIT_WORKSPACE}/config" +RESOURCES_DIR_CRD="${GIT_WORKSPACE}/.github/resources" +DSPO_IMAGE="${REGISTRY_ADDRESS}/data-science-pipelines-operator" +OPENDATAHUB_NAMESPACE="opendatahub" +RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" +# ------------------------------------ + +# ------------------------------------ +# Functions +apply_crd() { + echo "---------------------------------" + echo "# Apply OCP CRDs" + echo "---------------------------------" + kubectl apply -f ${RESOURCES_DIR_CRD}/crds + kubectl apply -f "${CONFIG_DIR}/crd/external/route.openshift.io_routes.yaml" +} + +build_image() { + echo "---------------------------------" + echo "Build image" + echo "---------------------------------" + ( cd $GIT_WORKSPACE && make podman-build -e IMG="${DSPO_IMAGE}" ) +} + +create_opendatahub_namespace() { + echo "---------------------------------" + echo "Create opendatahub namespace" + echo "---------------------------------" + kubectl create namespace $OPENDATAHUB_NAMESPACE +} + +deploy_argo_lite() { + echo "---------------------------------" + echo "Deploy Argo Lite" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/argo-lite" && kustomize build . | kubectl -n $OPENDATAHUB_NAMESPACE apply -f - ) +} + +deploy_dspo() { + echo "---------------------------------" + echo "Deploy DSPO" + echo "---------------------------------" + ( cd $GIT_WORKSPACE && make podman-push -e IMG="${DSPO_IMAGE}" ) + ( cd $GIT_WORKSPACE && make deploy-kind -e IMG="${DSPO_IMAGE}" ) +} + +create_minio_namespace() { + echo "---------------------------------" + echo "Create Minio Namespace" + echo "---------------------------------" + kubectl create namespace $MINIO_NAMESPACE +} + +deploy_minio() { + echo "---------------------------------" + echo "Deploy Minio" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/minio" && kustomize build . | kubectl -n $MINIO_NAMESPACE apply -f - ) +} + +create_mariadb_namespace() { + echo "---------------------------------" + echo "Create MariaDB Namespace" + echo "---------------------------------" + kubectl create namespace $MARIADB_NAMESPACE +} + +deploy_mariadb() { + echo "---------------------------------" + echo "Deploy MariaDB" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/mariadb" && kustomize build . | kubectl -n $MARIADB_NAMESPACE apply -f - ) +} + +create_pypiserver_namespace() { + echo "---------------------------------" + echo "Create Pypiserver Namespace" + echo "---------------------------------" + kubectl create namespace $PYPISERVER_NAMESPACE +} + +deploy_pypi_server() { + echo "---------------------------------" + echo "Deploy pypi-server" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/pypiserver/base" && kustomize build . | kubectl -n $PYPISERVER_NAMESPACE apply -f - ) +} + +wait_for_dependencies() { + echo "---------------------------------" + echo "Wait for Dependencies (DSPO, Minio, Mariadb, Pypi server)" + echo "---------------------------------" + kubectl wait -n $OPENDATAHUB_NAMESPACE --timeout=60s --for=condition=Available=true deployment data-science-pipelines-operator-controller-manager + kubectl wait -n $MARIADB_NAMESPACE --timeout=60s --for=condition=Available=true deployment mariadb + kubectl wait -n $MINIO_NAMESPACE --timeout=60s --for=condition=Available=true deployment minio + kubectl wait -n $PYPISERVER_NAMESPACE --timeout=60s --for=condition=Available=true deployment pypi-server +} + +upload_python_packages_to_pypi_server() { + echo "---------------------------------" + echo "Upload Python Packages to pypi-server" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/scripts/python_package_upload" && sh package_upload.sh ) +} + +create_dspa_namespace() { + echo "---------------------------------" + echo "Create DSPA Namespace" + echo "---------------------------------" + kubectl create namespace $DSPA_NAMESPACE +} + +create_namespace_dspa_external_connections() { + echo "---------------------------------" + echo "Create Namespace for DSPA with External connections" + echo "---------------------------------" + kubectl create namespace $DSPA_EXTERNAL_NAMESPACE +} + +apply_mariadb_minio_secrets_configmaps_external_namespace() { + echo "---------------------------------" + echo "Apply MariaDB and Minio Secrets and Configmaps in the External Namespace" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/external-pre-reqs" && kustomize build . | oc -n $DSPA_EXTERNAL_NAMESPACE apply -f - ) +} + +apply_pip_server_configmap() { + echo "---------------------------------" + echo "Apply PIP Server ConfigMap" + echo "---------------------------------" + ( cd "${GIT_WORKSPACE}/.github/resources/pypiserver/base" && kubectl apply -f $RESOURCES_DIR_PYPI/nginx-tls-config.yaml -n $DSPA_NAMESPACE ) +} + +run_tests() { + echo "---------------------------------" + echo "Run tests" + echo "---------------------------------" + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) +} + +run_tests_dspa_external_connections() { + echo "---------------------------------" + echo "Run tests for DSPA with External Connections" + echo "---------------------------------" + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) +} + +clean_up() { + echo "---------------------------------" + echo "Clean up" + echo "---------------------------------" + ( cd $GIT_WORKSPACE && make undeploy-kind ) +} + +run_kind_tests() { + apply_crd + build_image + create_opendatahub_namespace + deploy_argo_lite + deploy_dspo + create_minio_namespace + deploy_minio + create_mariadb_namespace + deploy_mariadb + create_pypiserver_namespace + deploy_pypi_server + wait_for_dependencies + upload_python_packages_to_pypi_server + create_dspa_namespace + create_namespace_dspa_external_connections + apply_mariadb_minio_secrets_configmaps_external_namespace + apply_pip_server_configmap + run_tests + run_tests_dspa_external_connections + clean_up +} +# ------------------------------------ + +# ------------------------------------ +# Run +case "$1" in + --kind) + run_kind_tests + ;; + *) + echo "Usage: $0 [--kind]" + exit 1 + ;; +esac +# ------------------------------------ diff --git a/.github/workflows/kind-integration.yml b/.github/workflows/kind-integration.yml index 7d357101..b4d1b7f5 100644 --- a/.github/workflows/kind-integration.yml +++ b/.github/workflows/kind-integration.yml @@ -48,4 +48,4 @@ jobs: - name: Run test working-directory: ${{ github.workspace }}/.github/scripts/tests run: | - sh kind-integration.sh + sh tests.sh --kind From cca3cf02db1a46321e990a144e8399561288dc22 Mon Sep 17 00:00:00 2001 From: Diego Lovison Date: Wed, 18 Sep 2024 11:15:17 -0300 Subject: [PATCH 07/14] Allow DSPO test suite be running with RHOAI --- .github/scripts/tests/tests.sh | 87 ++++++++++++++++---------- .github/workflows/kind-integration.yml | 1 + .gitignore | 1 + 3 files changed, 57 insertions(+), 32 deletions(-) diff --git a/.github/scripts/tests/tests.sh b/.github/scripts/tests/tests.sh index a92ebebb..ee40f216 100755 --- a/.github/scripts/tests/tests.sh +++ b/.github/scripts/tests/tests.sh @@ -8,15 +8,11 @@ set -e # ------------------------------------ # Env vars +echo "GIT_WORKSPACE=$GIT_WORKSPACE" if [ "$GIT_WORKSPACE" = "" ]; then - echo "GIT_WORKSPACE variable not defined. Should be the root of the source code. Example GIT_WORKSPACE=/home/dev/git/data-science-pipelines-operator" && exit + echo "GIT_WORKSPACE variable not defined. Should be the root of the source code. Example GIT_WORKSPACE=/home/dev/git/data-science-pipelines-operator" && exit 1 fi -if [ "$REGISTRY_ADDRESS" = "" ]; then - echo "REGISTRY_ADDRESS variable not defined." && exit -fi - -IMAGE_REPO_DSPO="data-science-pipelines-operator" DSPA_NAMESPACE="test-dspa" DSPA_EXTERNAL_NAMESPACE="dspa-ext" MINIO_NAMESPACE="test-minio" @@ -30,13 +26,19 @@ DSPA_PATH="${GIT_WORKSPACE}/tests/resources/dspa-lite.yaml" DSPA_EXTERNAL_PATH="${GIT_WORKSPACE}/tests/resources/dspa-external-lite.yaml" CONFIG_DIR="${GIT_WORKSPACE}/config" RESOURCES_DIR_CRD="${GIT_WORKSPACE}/.github/resources" -DSPO_IMAGE="${REGISTRY_ADDRESS}/data-science-pipelines-operator" OPENDATAHUB_NAMESPACE="opendatahub" RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" # ------------------------------------ # ------------------------------------ # Functions +get_dspo_image() { + if [ "$REGISTRY_ADDRESS" = "" ]; then + echo "REGISTRY_ADDRESS variable not defined." && exit 1 + fi + echo "${REGISTRY_ADDRESS}/data-science-pipelines-operator" +} + apply_crd() { echo "---------------------------------" echo "# Apply OCP CRDs" @@ -49,7 +51,8 @@ build_image() { echo "---------------------------------" echo "Build image" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make podman-build -e IMG="${DSPO_IMAGE}" ) + IMG=$(get_dspo_image) + ( cd $GIT_WORKSPACE && make podman-build -e IMG="$IMG" ) } create_opendatahub_namespace() { @@ -70,57 +73,55 @@ deploy_dspo() { echo "---------------------------------" echo "Deploy DSPO" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make podman-push -e IMG="${DSPO_IMAGE}" ) - ( cd $GIT_WORKSPACE && make deploy-kind -e IMG="${DSPO_IMAGE}" ) + IMG=$(get_dspo_image) + ( cd $GIT_WORKSPACE && make podman-push -e IMG="$IMG" ) + ( cd $GIT_WORKSPACE && make deploy-kind -e IMG="$IMG" ) } -create_minio_namespace() { +deploy_minio() { echo "---------------------------------" echo "Create Minio Namespace" echo "---------------------------------" kubectl create namespace $MINIO_NAMESPACE -} - -deploy_minio() { echo "---------------------------------" echo "Deploy Minio" echo "---------------------------------" ( cd "${GIT_WORKSPACE}/.github/resources/minio" && kustomize build . | kubectl -n $MINIO_NAMESPACE apply -f - ) } -create_mariadb_namespace() { +deploy_mariadb() { echo "---------------------------------" echo "Create MariaDB Namespace" echo "---------------------------------" kubectl create namespace $MARIADB_NAMESPACE -} - -deploy_mariadb() { echo "---------------------------------" echo "Deploy MariaDB" echo "---------------------------------" ( cd "${GIT_WORKSPACE}/.github/resources/mariadb" && kustomize build . | kubectl -n $MARIADB_NAMESPACE apply -f - ) } -create_pypiserver_namespace() { +deploy_pypi_server() { echo "---------------------------------" echo "Create Pypiserver Namespace" echo "---------------------------------" kubectl create namespace $PYPISERVER_NAMESPACE -} - -deploy_pypi_server() { echo "---------------------------------" echo "Deploy pypi-server" echo "---------------------------------" ( cd "${GIT_WORKSPACE}/.github/resources/pypiserver/base" && kustomize build . | kubectl -n $PYPISERVER_NAMESPACE apply -f - ) } -wait_for_dependencies() { +wait_for_dspo_dependencies() { echo "---------------------------------" - echo "Wait for Dependencies (DSPO, Minio, Mariadb, Pypi server)" + echo "Wait for DSPO Dependencies" echo "---------------------------------" kubectl wait -n $OPENDATAHUB_NAMESPACE --timeout=60s --for=condition=Available=true deployment data-science-pipelines-operator-controller-manager +} + +wait_for_dependencies() { + echo "---------------------------------" + echo "Wait for Dependencies (Minio, Mariadb, Pypi server)" + echo "---------------------------------" kubectl wait -n $MARIADB_NAMESPACE --timeout=60s --for=condition=Available=true deployment mariadb kubectl wait -n $MINIO_NAMESPACE --timeout=60s --for=condition=Available=true deployment minio kubectl wait -n $PYPISERVER_NAMESPACE --timeout=60s --for=condition=Available=true deployment pypi-server @@ -151,7 +152,7 @@ apply_mariadb_minio_secrets_configmaps_external_namespace() { echo "---------------------------------" echo "Apply MariaDB and Minio Secrets and Configmaps in the External Namespace" echo "---------------------------------" - ( cd "${GIT_WORKSPACE}/.github/resources/external-pre-reqs" && kustomize build . | oc -n $DSPA_EXTERNAL_NAMESPACE apply -f - ) + ( cd "${GIT_WORKSPACE}/.github/resources/external-pre-reqs" && kustomize build . | kubectl -n $DSPA_EXTERNAL_NAMESPACE apply -f - ) } apply_pip_server_configmap() { @@ -165,34 +166,54 @@ run_tests() { echo "---------------------------------" echo "Run tests" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(kubectl whoami --show-server) DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) } run_tests_dspa_external_connections() { echo "---------------------------------" echo "Run tests for DSPA with External Connections" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(oc whoami --show-server) DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(kubectl whoami --show-server) DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) } -clean_up() { +undeploy_kind_resources() { echo "---------------------------------" echo "Clean up" echo "---------------------------------" ( cd $GIT_WORKSPACE && make undeploy-kind ) } +remove_namespace_created_for_rhoai() { + kubectl delete projects $MINIO_NAMESPACE --now || true + kubectl delete projects $MARIADB_NAMESPACE --now || true + kubectl delete projects $PYPISERVER_NAMESPACE --now || true +} + run_kind_tests() { apply_crd build_image create_opendatahub_namespace deploy_argo_lite deploy_dspo - create_minio_namespace deploy_minio - create_mariadb_namespace deploy_mariadb - create_pypiserver_namespace + deploy_pypi_server + wait_for_dspo_dependencies + wait_for_dependencies + upload_python_packages_to_pypi_server + create_dspa_namespace + create_namespace_dspa_external_connections + apply_mariadb_minio_secrets_configmaps_external_namespace + apply_pip_server_configmap + run_tests + run_tests_dspa_external_connections + undeploy_kind_resources +} + +run_rhoai_tests() { + remove_namespace_created_for_rhoai + deploy_minio + deploy_mariadb deploy_pypi_server wait_for_dependencies upload_python_packages_to_pypi_server @@ -202,7 +223,6 @@ run_kind_tests() { apply_pip_server_configmap run_tests run_tests_dspa_external_connections - clean_up } # ------------------------------------ @@ -212,6 +232,9 @@ case "$1" in --kind) run_kind_tests ;; + --rhoai) + run_rhoai_tests + ;; *) echo "Usage: $0 [--kind]" exit 1 diff --git a/.github/workflows/kind-integration.yml b/.github/workflows/kind-integration.yml index b4d1b7f5..f38c7506 100644 --- a/.github/workflows/kind-integration.yml +++ b/.github/workflows/kind-integration.yml @@ -12,6 +12,7 @@ on: - tests/** - .github/resources/** - '.github/workflows/kind-integration.yml' + - '.github/scripts/tests/tests.sh' - Makefile types: - opened diff --git a/.gitignore b/.gitignore index 5b64e0f9..e627bbff 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ Dockerfile.cross __pycache__/ *.py[cod] *$py.class +.github/scripts/python_package_upload/ From bbfa6c9b56bd3ce9cddfb9a55fae9b69a779c74c Mon Sep 17 00:00:00 2001 From: Diego Lovison Date: Wed, 18 Sep 2024 15:23:41 -0300 Subject: [PATCH 08/14] Fix suggestions --- .github/scripts/tests/tests.sh | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/scripts/tests/tests.sh b/.github/scripts/tests/tests.sh index ee40f216..9345947e 100755 --- a/.github/scripts/tests/tests.sh +++ b/.github/scripts/tests/tests.sh @@ -6,7 +6,6 @@ set -e -# ------------------------------------ # Env vars echo "GIT_WORKSPACE=$GIT_WORKSPACE" if [ "$GIT_WORKSPACE" = "" ]; then @@ -28,15 +27,15 @@ CONFIG_DIR="${GIT_WORKSPACE}/config" RESOURCES_DIR_CRD="${GIT_WORKSPACE}/.github/resources" OPENDATAHUB_NAMESPACE="opendatahub" RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" -# ------------------------------------ -# ------------------------------------ # Functions get_dspo_image() { if [ "$REGISTRY_ADDRESS" = "" ]; then echo "REGISTRY_ADDRESS variable not defined." && exit 1 fi - echo "${REGISTRY_ADDRESS}/data-science-pipelines-operator" + local image="${REGISTRY_ADDRESS}/data-science-pipelines-operator" + echo "Using $image for DSPO image" + echo $image } apply_crd() { @@ -178,12 +177,15 @@ run_tests_dspa_external_connections() { undeploy_kind_resources() { echo "---------------------------------" - echo "Clean up" + echo "Clean up resources created for testing on kind" echo "---------------------------------" ( cd $GIT_WORKSPACE && make undeploy-kind ) } remove_namespace_created_for_rhoai() { + echo "---------------------------------" + echo "Clean up resources created for testing on RHOAI" + echo "---------------------------------" kubectl delete projects $MINIO_NAMESPACE --now || true kubectl delete projects $MARIADB_NAMESPACE --now || true kubectl delete projects $PYPISERVER_NAMESPACE --now || true @@ -224,9 +226,7 @@ run_rhoai_tests() { run_tests run_tests_dspa_external_connections } -# ------------------------------------ -# ------------------------------------ # Run case "$1" in --kind) @@ -240,4 +240,3 @@ case "$1" in exit 1 ;; esac -# ------------------------------------ From a9974ff6e043c73fcb3abe74f4057339aaf1d8f6 Mon Sep 17 00:00:00 2001 From: Diego Lovison Date: Wed, 18 Sep 2024 15:33:54 -0300 Subject: [PATCH 09/14] Fix return value of get_dspo_image --- .github/scripts/tests/tests.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/scripts/tests/tests.sh b/.github/scripts/tests/tests.sh index 9345947e..a23c589b 100755 --- a/.github/scripts/tests/tests.sh +++ b/.github/scripts/tests/tests.sh @@ -28,13 +28,11 @@ RESOURCES_DIR_CRD="${GIT_WORKSPACE}/.github/resources" OPENDATAHUB_NAMESPACE="opendatahub" RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" -# Functions get_dspo_image() { if [ "$REGISTRY_ADDRESS" = "" ]; then echo "REGISTRY_ADDRESS variable not defined." && exit 1 fi local image="${REGISTRY_ADDRESS}/data-science-pipelines-operator" - echo "Using $image for DSPO image" echo $image } @@ -47,10 +45,10 @@ apply_crd() { } build_image() { + IMG=$(get_dspo_image) echo "---------------------------------" - echo "Build image" + echo "Building image: $IMG" echo "---------------------------------" - IMG=$(get_dspo_image) ( cd $GIT_WORKSPACE && make podman-build -e IMG="$IMG" ) } @@ -69,10 +67,10 @@ deploy_argo_lite() { } deploy_dspo() { + IMG=$(get_dspo_image) echo "---------------------------------" - echo "Deploy DSPO" + echo "Deploying DSPO: $IMG" echo "---------------------------------" - IMG=$(get_dspo_image) ( cd $GIT_WORKSPACE && make podman-push -e IMG="$IMG" ) ( cd $GIT_WORKSPACE && make deploy-kind -e IMG="$IMG" ) } From 7270713280c36f130d1e80a6acfc43200e0b1bc7 Mon Sep 17 00:00:00 2001 From: vmudadla Date: Thu, 29 Aug 2024 20:40:51 -0500 Subject: [PATCH 10/14] Updated mariadb to serve over tls --- .../mariadb/default/deployment.yaml.tmpl | 20 ++++ .../mariadb/default/service.yaml.tmpl | 4 + .../mariadb/default/tls-config.yaml.tmpl | 13 +++ controllers/database.go | 1 + controllers/dspipeline_params.go | 3 + .../expected/created/mariadb_deployment.yaml | 97 +++++++++++++++++++ 6 files changed, 138 insertions(+) create mode 100644 config/internal/mariadb/default/tls-config.yaml.tmpl create mode 100644 controllers/testdata/declarative/case_8/expected/created/mariadb_deployment.yaml diff --git a/config/internal/mariadb/default/deployment.yaml.tmpl b/config/internal/mariadb/default/deployment.yaml.tmpl index d1b9b714..c4f05f02 100644 --- a/config/internal/mariadb/default/deployment.yaml.tmpl +++ b/config/internal/mariadb/default/deployment.yaml.tmpl @@ -88,7 +88,27 @@ spec: volumeMounts: - name: mariadb-persistent-storage mountPath: /var/lib/mysql + {{ if .PodToPodTLS }} + - name: mariadb-tls + mountPath: /.mariadb/certs + - name: mariadb-tls-config + mountPath: /etc/my.cnf.d/mariadb-tls-config.cnf + subPath: mariadb-tls-config.cnf + {{ end }} volumes: - name: mariadb-persistent-storage persistentVolumeClaim: claimName: mariadb-{{.Name}} + {{ if .PodToPodTLS }} + - name: mariadb-tls + secret: + secretName: ds-pipelines-mariadb-tls-{{.Name}} + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - name: mariadb-tls-config + configMap: + name: ds-pipelines-mariadb-tls-config-{{.Name}} + {{ end }} diff --git a/config/internal/mariadb/default/service.yaml.tmpl b/config/internal/mariadb/default/service.yaml.tmpl index 5a660cea..a8bba6a9 100644 --- a/config/internal/mariadb/default/service.yaml.tmpl +++ b/config/internal/mariadb/default/service.yaml.tmpl @@ -3,6 +3,10 @@ kind: Service metadata: name: mariadb-{{.Name}} namespace: {{.Namespace}} + {{ if .PodToPodTLS }} + annotations: + service.beta.openshift.io/serving-cert-secret-name: ds-pipelines-mariadb-tls-{{.Name}} + {{ end }} labels: app: mariadb-{{.Name}} component: data-science-pipelines diff --git a/config/internal/mariadb/default/tls-config.yaml.tmpl b/config/internal/mariadb/default/tls-config.yaml.tmpl new file mode 100644 index 00000000..082f8245 --- /dev/null +++ b/config/internal/mariadb/default/tls-config.yaml.tmpl @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ds-pipelines-mariadb-tls-config-{{.Name}} + namespace: {{.Namespace}} + labels: + app: mariadb-{{.Name}} + component: data-science-pipelines +data: + mariadb-tls-config.cnf: | + [mariadb] + ssl_cert = /.mariadb/certs/tls.crt + ssl_key = /.mariadb/certs/tls.key diff --git a/controllers/database.go b/controllers/database.go index b8cd81db..ce15f1c4 100644 --- a/controllers/database.go +++ b/controllers/database.go @@ -44,6 +44,7 @@ var mariadbTemplates = []string{ "mariadb/default/service.yaml.tmpl", "mariadb/default/mariadb-sa.yaml.tmpl", "mariadb/default/networkpolicy.yaml.tmpl", + "mariadb/default/tls-config.yaml.tmpl", } func tLSClientConfig(pems [][]byte) (*cryptoTls.Config, error) { diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 2e45c893..96534316 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -325,6 +325,9 @@ func (p *DSPAParams) SetupDBParams(ctx context.Context, dsp *dspa.DataSciencePip tlsParams := config.DBExtraParams{ "tls": "false", } + if p.PodToPodTLS { + tlsParams["tls"] = "true" + } dbExtraParams, err := config.GetDefaultDBExtraParams(tlsParams, log) if err != nil { log.Error(err, "Unexpected error encountered while retrieving DBExtraparams") diff --git a/controllers/testdata/declarative/case_8/expected/created/mariadb_deployment.yaml b/controllers/testdata/declarative/case_8/expected/created/mariadb_deployment.yaml new file mode 100644 index 00000000..9a0b5a11 --- /dev/null +++ b/controllers/testdata/declarative/case_8/expected/created/mariadb_deployment.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mariadb-testdsp8 + namespace: default + labels: + app: mariadb-testdsp8 + component: data-science-pipelines + dspa: testdsp8 +spec: + strategy: + type: Recreate # Need this since backing PVC is ReadWriteOnce, which creates resource lock condition in default Rolling strategy + selector: + matchLabels: + app: mariadb-testdsp8 + component: data-science-pipelines + dspa: testdsp8 + template: + metadata: + labels: + app: mariadb-testdsp8 + component: data-science-pipelines + dspa: testdsp8 + spec: + containers: + - name: mariadb + image: mariadb:test8 + ports: + - containerPort: 3306 + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - "-i" + - "-c" + - >- + MYSQL_PWD=$MYSQL_PASSWORD mysql -h 127.0.0.1 -u $MYSQL_USER -D + $MYSQL_DATABASE -e 'SELECT 1' + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 3306 + timeoutSeconds: 1 + env: + - name: MYSQL_USER + value: "mlpipeline" + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + key: "password" + name: "ds-pipeline-db-testdsp8" + - name: MYSQL_DATABASE + value: "mlpipeline" + - name: MYSQL_ALLOW_EMPTY_PASSWORD + value: "true" + resources: + requests: + cpu: 300m + memory: 800Mi + limits: + cpu: "1" + memory: 1Gi + volumeMounts: + - name: mariadb-persistent-storage + mountPath: /var/lib/mysql + - name: mariadb-tls + mountPath: /.mariadb/certs + - name: mariadb-tls-config + mountPath: /etc/my.cnf.d/mariadb-tls-config.cnf + subPath: mariadb-tls-config.cnf + volumes: + - name: mariadb-persistent-storage + persistentVolumeClaim: + claimName: mariadb-testdsp8 + - name: mariadb-tls + secret: + secretName: ds-pipelines-mariadb-tls-testdsp8 + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + defaultMode: 420 + - name: mariadb-tls-config + configMap: + name: ds-pipelines-mariadb-tls-config-testdsp8 + defaultMode: 420 From b81616c17b10339f0c77675684adb4b8bd187b49 Mon Sep 17 00:00:00 2001 From: Diego Lovison Date: Thu, 19 Sep 2024 11:12:04 -0300 Subject: [PATCH 11/14] Support environment variables as parameter --- .github/scripts/tests/tests.sh | 118 +++++++++++++++++++++++++++------ 1 file changed, 96 insertions(+), 22 deletions(-) diff --git a/.github/scripts/tests/tests.sh b/.github/scripts/tests/tests.sh index a23c589b..47e44af3 100755 --- a/.github/scripts/tests/tests.sh +++ b/.github/scripts/tests/tests.sh @@ -12,13 +12,13 @@ if [ "$GIT_WORKSPACE" = "" ]; then echo "GIT_WORKSPACE variable not defined. Should be the root of the source code. Example GIT_WORKSPACE=/home/dev/git/data-science-pipelines-operator" && exit 1 fi +CLEANUP=false +K8SAPISERVERHOST="" DSPA_NAMESPACE="test-dspa" DSPA_EXTERNAL_NAMESPACE="dspa-ext" MINIO_NAMESPACE="test-minio" MARIADB_NAMESPACE="test-mariadb" PYPISERVER_NAMESPACE="test-pypiserver" -DSPA_NAME="test-dspa" -DSPA_EXTERNAL_NAME="dspa-ext" DSPA_DEPLOY_WAIT_TIMEOUT="300" INTEGRATION_TESTS_DIR="${GIT_WORKSPACE}/tests" DSPA_PATH="${GIT_WORKSPACE}/tests/resources/dspa-lite.yaml" @@ -30,7 +30,7 @@ RESOURCES_DIR_PYPI="${GIT_WORKSPACE}/.github/resources/pypiserver/base" get_dspo_image() { if [ "$REGISTRY_ADDRESS" = "" ]; then - echo "REGISTRY_ADDRESS variable not defined." && exit 1 + echo "REGISTRY_ADDRESS variable not defined." && exit 1 fi local image="${REGISTRY_ADDRESS}/data-science-pipelines-operator" echo $image @@ -163,14 +163,14 @@ run_tests() { echo "---------------------------------" echo "Run tests" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(kubectl whoami --show-server) DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=${K8SAPISERVERHOST} DSPANAMESPACE=${DSPA_NAMESPACE} DSPAPATH=${DSPA_PATH} ) } run_tests_dspa_external_connections() { echo "---------------------------------" echo "Run tests for DSPA with External Connections" echo "---------------------------------" - ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=$(kubectl whoami --show-server) DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) + ( cd $GIT_WORKSPACE && make integrationtest K8SAPISERVERHOST=${K8SAPISERVERHOST} DSPANAMESPACE=${DSPA_EXTERNAL_NAMESPACE} DSPAPATH=${DSPA_EXTERNAL_PATH} ) } undeploy_kind_resources() { @@ -184,12 +184,14 @@ remove_namespace_created_for_rhoai() { echo "---------------------------------" echo "Clean up resources created for testing on RHOAI" echo "---------------------------------" + kubectl delete projects $DSPA_NAMESPACE --now || true + kubectl delete projects $DSPA_EXTERNAL_NAMESPACE --now || true kubectl delete projects $MINIO_NAMESPACE --now || true kubectl delete projects $MARIADB_NAMESPACE --now || true kubectl delete projects $PYPISERVER_NAMESPACE --now || true } -run_kind_tests() { +setup_kind_requirements() { apply_crd build_image create_opendatahub_namespace @@ -205,13 +207,9 @@ run_kind_tests() { create_namespace_dspa_external_connections apply_mariadb_minio_secrets_configmaps_external_namespace apply_pip_server_configmap - run_tests - run_tests_dspa_external_connections - undeploy_kind_resources } -run_rhoai_tests() { - remove_namespace_created_for_rhoai +setup_rhoai_requirements() { deploy_minio deploy_mariadb deploy_pypi_server @@ -221,20 +219,96 @@ run_rhoai_tests() { create_namespace_dspa_external_connections apply_mariadb_minio_secrets_configmaps_external_namespace apply_pip_server_configmap - run_tests - run_tests_dspa_external_connections } # Run -case "$1" in +while [ "$#" -gt 0 ]; do + case "$1" in --kind) - run_kind_tests - ;; + TARGET="kind" + shift + ;; --rhoai) - run_rhoai_tests - ;; - *) - echo "Usage: $0 [--kind]" + TARGET="rhoai" + shift + ;; + --cleanup) + CLEANUP=true + shift + ;; + --k8s-api-server-host) + shift + if [[ -n "$1" ]]; then + K8SAPISERVERHOST="$1" + shift + else + echo "Error: --k8s-api-server-host requires a value" + exit 1 + fi + ;; + --dspa-namespace) + shift + if [[ -n "$1" ]]; then + DSPANAMESPACE="$1" + shift + else + echo "Error: --dspa-namespace requires a value" + exit 1 + fi + ;; + --dspa-external-namespace) + shift + if [[ -n "$1" ]]; then + DSPA_EXTERNAL_NAMESPACE="$1" + shift + else + echo "Error: --dspa-external-namespace requires a value" + exit 1 + fi + ;; + --dspa-path) + shift + if [[ -n "$1" ]]; then + DSPAPATH="$1" + shift + else + echo "Error: --dspa-path requires a value" exit 1 - ;; -esac + fi + ;; + --kube-config) + shift + if [[ -n "$1" ]]; then + KUBECONFIGPATH="$1" + shift + else + echo "Error: --kube-config requires a value" + exit 1 + fi + ;; + *) + echo "Unknown command line switch: $1" + exit 1 + ;; + esac +done + +if [ "$K8SAPISERVERHOST" = "" ]; then + echo "K8SAPISERVERHOST is empty. It will use suite_test.go::Defaultk8sApiServerHost" + echo "If the TARGET is OpenShift or RHOAI. You can use: oc whoami --show-server" +fi + +if [ "$TARGET" = "kind" ]; then + if [ "$CLEANUP" = true ] ; then + undeploy_kind_resources + fi + setup_kind_requirements +elif [ "$TARGET" = "rhoai" ]; then + if [ "$CLEANUP" = true ] ; then + remove_namespace_created_for_rhoai + fi + setup_rhoai_requirements +fi + +run_tests +run_tests_dspa_external_connections From 52bd7d165bd57d2e3de67c9b38690074e4ba6551 Mon Sep 17 00:00:00 2001 From: hbelmiro Date: Fri, 9 Aug 2024 14:54:45 -0300 Subject: [PATCH 12/14] Added support for TLS to MLMD GRPC Server Signed-off-by: hbelmiro --- .../apiserver/default/deployment.yaml.tmpl | 2 + ...etadata-grpc.ml-pipeline.service.yaml.tmpl | 0 .../metadata-grpc.service.yaml.tmpl | 5 + .../metadata-envoy.configmap.yaml.tmpl | 10 + .../metadata-envoy.deployment.yaml.tmpl | 7 + .../metadata-grpc-tls-config-secret.yaml.tmpl | 23 ++ .../metadata-grpc.deployment.yaml.tmpl | 22 ++ controllers/dspipeline_controller.go | 51 +++- controllers/dspipeline_params.go | 21 ++ controllers/mlmd.go | 25 +- controllers/mlmd_test.go | 20 +- .../created/metadata-envoy_deployment.yaml | 4 + .../testdata/declarative/case_6/config.yaml | 21 -- .../case_6/deploy/00_configmap.yaml | 70 ------ .../case_6/deploy/01_configmap.yaml | 38 --- .../case_6/deploy/02_configmap.yaml | 36 --- .../declarative/case_6/deploy/03_secret.yaml | 7 - .../declarative/case_6/deploy/04_cr.yaml | 37 --- .../created/apiserver_deployment.yaml | 217 ------------------ .../created/configmap_artifact_script.yaml | 42 ---- .../created/configmap_dspa_trusted_ca.yaml | 131 ----------- .../created/configmap_server_config.yaml | 28 --- .../created/metadata_grpc_deployment.yaml | 83 ------- .../created/apiserver_deployment.yaml | 2 + controllers/util/util.go | 13 ++ 25 files changed, 187 insertions(+), 728 deletions(-) rename config/internal/ml-metadata/{ => grpc-service}/metadata-grpc.ml-pipeline.service.yaml.tmpl (100%) rename config/internal/ml-metadata/{ => grpc-service}/metadata-grpc.service.yaml.tmpl (70%) create mode 100644 config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl delete mode 100644 controllers/testdata/declarative/case_6/config.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/00_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/01_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/02_configmap.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/03_secret.yaml delete mode 100644 controllers/testdata/declarative/case_6/deploy/04_cr.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml delete mode 100644 controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml diff --git a/config/internal/apiserver/default/deployment.yaml.tmpl b/config/internal/apiserver/default/deployment.yaml.tmpl index dc49edf8..8a8cdd76 100644 --- a/config/internal/apiserver/default/deployment.yaml.tmpl +++ b/config/internal/apiserver/default/deployment.yaml.tmpl @@ -121,6 +121,8 @@ spec: {{ if .PodToPodTLS }} - name: ML_PIPELINE_TLS_ENABLED value: "true" + - name: METADATA_TLS_ENABLED + value: "true" {{ end }} {{ if (eq .DSPVersion "v2") }} ## Argo-Specific Env Vars ## diff --git a/config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl b/config/internal/ml-metadata/grpc-service/metadata-grpc.ml-pipeline.service.yaml.tmpl similarity index 100% rename from config/internal/ml-metadata/metadata-grpc.ml-pipeline.service.yaml.tmpl rename to config/internal/ml-metadata/grpc-service/metadata-grpc.ml-pipeline.service.yaml.tmpl diff --git a/config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl b/config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl similarity index 70% rename from config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl rename to config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl index 608ebe62..a007b842 100644 --- a/config/internal/ml-metadata/metadata-grpc.service.yaml.tmpl +++ b/config/internal/ml-metadata/grpc-service/metadata-grpc.service.yaml.tmpl @@ -3,9 +3,14 @@ kind: Service metadata: name: ds-pipeline-metadata-grpc-{{.Name}} namespace: {{.Namespace}} + {{ if .PodToPodTLS }} + annotations: + service.beta.openshift.io/serving-cert-secret-name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + {{ end }} labels: app: ds-pipeline-metadata-grpc-{{.Name}} component: data-science-pipelines + dspa: {{.Name}} spec: ports: - name: grpc-api diff --git a/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl b/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl index 12fb1f5a..8ebeccf7 100644 --- a/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-envoy.configmap.yaml.tmpl @@ -69,3 +69,13 @@ data: socket_address: address: metadata-grpc-service port_value: 8080 + {{ if .PodToPodTLS }} + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + common_tls_context: + validation_context: + trusted_ca: + filename: /etc/ssl/certs/dsp-ca.crt + {{ end }} diff --git a/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl b/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl index edff20d9..5741dbbf 100644 --- a/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-envoy.deployment.yaml.tmpl @@ -71,6 +71,10 @@ spec: - mountPath: /etc/envoy.yaml name: envoy-config subPath: envoy.yaml + {{ if .PodToPodTLS }} + - name: proxy-tls-upstream + mountPath: "/etc/ssl/certs/" + {{ end }} {{ if .MLMD.Envoy.DeployRoute }} - name: oauth-proxy args: @@ -128,3 +132,6 @@ spec: - name: proxy-tls secret: secretName: ds-pipelines-envoy-proxy-tls-{{.Name}} + - name: proxy-tls-upstream + configMap: + name: dsp-trusted-ca-{{.Name}} diff --git a/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl new file mode 100644 index 00000000..83bf384c --- /dev/null +++ b/config/internal/ml-metadata/metadata-grpc-tls-config-secret.yaml.tmpl @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ds-pipeline-metadata-grpc-tls-config-secret-{{.Name}} + namespace: {{.Namespace}} + labels: + component: metadata-grpc-server +stringData: + config.proto: | + connection_config { + mysql { + host: "{{.DBConnection.Host}}" + port: {{.DBConnection.Port}} + database: "{{.DBConnection.DBName}}" + user: "{{.DBConnection.Username}}" + password: "{{.DBConnection.DecodedPassword}}" + } + } + ssl_config { + server_cert: "{{.MlmdGrpcCertificateContents}}" + server_key: "{{.MlmdGrpcPrivateKeyContents}}" + client_verify: false // controls mTLS, which we don't use, so hardcode to false + } diff --git a/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl b/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl index 1ceb1a7a..cba18f8d 100644 --- a/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl +++ b/config/internal/ml-metadata/metadata-grpc.deployment.yaml.tmpl @@ -30,6 +30,9 @@ spec: - --mysql_config_user=$(DBCONFIG_USER) - --mysql_config_password=$(DBCONFIG_PASSWORD) - --enable_database_upgrade=true + {{ if .PodToPodTLS }} + - --metadata_store_server_config_file=/mlmd-tls-config/config.proto + {{ end }} {{ if .CustomCABundle }} - --mysql_config_sslrootcert={{ .PiplinesCABundleMountPath }} {{ end }} @@ -90,6 +93,12 @@ spec: - mountPath: {{ .CustomCABundleRootMountPath }} name: ca-bundle {{ end }} + {{ if .PodToPodTLS }} + - name: ds-pipeline-metadata-grpc-tls-config-{{.Name}} + mountPath: /mlmd-tls-config + - name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + mountPath: "/etc/tls" + {{ end }} serviceAccountName: ds-pipeline-metadata-grpc-{{.Name}} volumes: {{ if .CustomCABundle }} @@ -97,3 +106,16 @@ spec: configMap: name: {{ .CustomCABundle.ConfigMapName }} {{ end }} + {{ if .PodToPodTLS }} + - name: ds-pipeline-metadata-grpc-tls-config-{{.Name}} + secret: + secretName: ds-pipeline-metadata-grpc-tls-config-secret-{{.Name}} + - name: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + secret: + secretName: ds-pipeline-metadata-grpc-tls-certs-{{.Name}} + items: + - key: tls.key + path: tls.key + - key: tls.crt + path: tls.crt + {{ end }} diff --git a/controllers/dspipeline_controller.go b/controllers/dspipeline_controller.go index 12e444e1..d6df1f27 100644 --- a/controllers/dspipeline_controller.go +++ b/controllers/dspipeline_controller.go @@ -304,18 +304,19 @@ func (r *DSPAReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl. return ctrl.Result{}, err } - err = r.ReconcileMLMD(dspa, params) + err = r.ReconcileWorkflowController(dspa, params) if err != nil { - r.setStatusAsNotReady(config.MLMDProxyReady, err, dspaStatus.SetMLMDProxyStatus) return ctrl.Result{}, err - } else { - r.setStatus(ctx, params.MlmdProxyDefaultResourceName, config.MLMDProxyReady, dspa, - dspaStatus.SetMLMDProxyStatus, log) } - err = r.ReconcileWorkflowController(dspa, params) + // MLMD should be the last to reconcile because it can cause an early exit due to the lack of the TLS secret, which may not have been created yet. + err = r.ReconcileMLMD(ctx, dspa, params) if err != nil { + r.setStatusAsNotReady(config.MLMDProxyReady, err, dspaStatus.SetMLMDProxyStatus) return ctrl.Result{}, err + } else { + r.setStatus(ctx, params.MlmdProxyDefaultResourceName, config.MLMDProxyReady, dspa, + dspaStatus.SetMLMDProxyStatus, log) } } @@ -635,6 +636,44 @@ func (r *DSPAReconciler) SetupWithManager(mgr ctrl.Manager) error { return []reconcile.Request{{NamespacedName: namespacedName}} }), ). + WatchesRawSource(source.Kind(mgr.GetCache(), &corev1.Secret{}), + handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, o client.Object) []reconcile.Request { + secret := o.(*corev1.Secret) + log := r.Log.WithValues("namespace", secret.Namespace) + + if secret.Annotations["openshift.io/owning-component"] != "service-ca" { + return nil + } + + log.V(1).Info(fmt.Sprintf("Reconcile event triggered by change on Secret owned by service-ca: %s", secret.Name)) + + serviceName := secret.Annotations["service.beta.openshift.io/originating-service-name"] + + namespacedServiceName := types.NamespacedName{ + Name: serviceName, + Namespace: secret.Namespace, + } + + service := &corev1.Service{} + + err := r.Get(ctx, namespacedServiceName, service) + if err != nil { + return nil + } + + dspaName, hasDSPALabel := service.Labels["dspa"] + if !hasDSPALabel { + return nil + } + + log.V(1).Info(fmt.Sprintf("Reconcile event triggered by [Service: %s] ", serviceName)) + namespacedDspaName := types.NamespacedName{ + Name: dspaName, + Namespace: secret.Namespace, + } + return []reconcile.Request{{NamespacedName: namespacedDspaName}} + }), + ). WithOptions(controller.Options{ MaxConcurrentReconciles: r.MaxConcurrentReconciles, }). diff --git a/controllers/dspipeline_params.go b/controllers/dspipeline_params.go index 96534316..4bba6dc0 100644 --- a/controllers/dspipeline_params.go +++ b/controllers/dspipeline_params.go @@ -66,6 +66,8 @@ type DSPAParams struct { Minio *dspa.Minio MLMD *dspa.MLMD MlmdProxyDefaultResourceName string + MlmdGrpcCertificateContents string + MlmdGrpcPrivateKeyContents string WorkflowController *dspa.WorkflowController CustomKfpLauncherConfigMapData string DBConnection @@ -101,6 +103,7 @@ type DBConnection struct { DBName string CredentialsSecret *dspa.SecretKeyValue Password string + DecodedPassword string ExtraParams string } type ObjectStorageConnection struct { @@ -290,6 +293,8 @@ func (p *DSPAParams) SetupDBParams(ctx context.Context, dsp *dspa.DataSciencePip return err } p.DBConnection.Password = password + decodedPasswordBytes, _ := base64.StdEncoding.DecodeString(password) + p.DBConnection.DecodedPassword = string(decodedPasswordBytes) } else { // If no externalDB or mariaDB is specified, DSPO assumes // MariaDB deployment with defaults. @@ -349,6 +354,8 @@ func (p *DSPAParams) SetupDBParams(ctx context.Context, dsp *dspa.DataSciencePip return err } p.DBConnection.Password = dbPassword + decodedPasswordBytes, _ := base64.StdEncoding.DecodeString(dbPassword) + p.DBConnection.DecodedPassword = string(decodedPasswordBytes) } // User specified custom Extra parameters will always take precedence @@ -582,6 +589,20 @@ func setResourcesDefault(defaultValue dspa.ResourceRequirements, value **dspa.Re } } +func (p *DSPAParams) LoadMlmdCertificates(ctx context.Context, client client.Client) (bool, error) { + secret, err := util.GetSecret(ctx, "ds-pipeline-metadata-grpc-tls-certs-"+p.Name, p.Namespace, client) + if err != nil { + if apierrs.IsNotFound(err) { + return false, nil + } else { + return false, err + } + } + p.MlmdGrpcCertificateContents = strings.ReplaceAll(string(secret.Data["tls.crt"]), "\n", "\\n") + p.MlmdGrpcPrivateKeyContents = strings.ReplaceAll(string(secret.Data["tls.key"]), "\n", "\\n") + return true, nil +} + func (p *DSPAParams) ExtractParams(ctx context.Context, dsp *dspa.DataSciencePipelinesApplication, client client.Client, loggr logr.Logger) error { p.Name = dsp.Name p.Namespace = dsp.Namespace diff --git a/controllers/mlmd.go b/controllers/mlmd.go index bd3f3f10..c6c639c8 100644 --- a/controllers/mlmd.go +++ b/controllers/mlmd.go @@ -16,6 +16,8 @@ limitations under the License. package controllers import ( + "context" + "errors" dspav1alpha1 "github.com/opendatahub-io/data-science-pipelines-operator/api/v1alpha1" ) @@ -23,9 +25,10 @@ const ( mlmdTemplatesDir = "ml-metadata" mlmdEnvoyRoute = mlmdTemplatesDir + "/route/metadata-envoy.route.yaml.tmpl" mlmdProxyDefaultResourceNamePrefix = "ds-pipeline-scheduledworkflow-" + mlmdGrpcService = "grpc-service" ) -func (r *DSPAReconciler) ReconcileMLMD(dsp *dspav1alpha1.DataSciencePipelinesApplication, +func (r *DSPAReconciler) ReconcileMLMD(ctx context.Context, dsp *dspav1alpha1.DataSciencePipelinesApplication, params *DSPAParams) error { log := r.Log.WithValues("namespace", dsp.Namespace).WithValues("dspa_name", dsp.Name) @@ -57,7 +60,25 @@ func (r *DSPAReconciler) ReconcileMLMD(dsp *dspav1alpha1.DataSciencePipelinesApp return err } } else { - err := r.ApplyDir(dsp, params, mlmdTemplatesDir) + // We need to create the service first so OpenShift creates the certificate that we'll use later. + err := r.ApplyDir(dsp, params, mlmdTemplatesDir+"/"+mlmdGrpcService) + if err != nil { + return err + } + + if params.PodToPodTLS { + var certificatesExist bool + certificatesExist, err = params.LoadMlmdCertificates(ctx, r.Client) + if err != nil { + return err + } + + if !certificatesExist { + return errors.New("secret containing the certificate for MLMD gRPC Server was not created yet") + } + } + + err = r.ApplyDir(dsp, params, mlmdTemplatesDir) if err != nil { return err } diff --git a/controllers/mlmd_test.go b/controllers/mlmd_test.go index 0fa941da..fc96c990 100644 --- a/controllers/mlmd_test.go +++ b/controllers/mlmd_test.go @@ -94,7 +94,7 @@ func TestDeployMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -189,7 +189,7 @@ func TestDeployMLMDV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -283,7 +283,7 @@ func TestDontDeployMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources still doesn't exist @@ -413,7 +413,7 @@ func TestDefaultDeployBehaviorMLMDV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources still doesn't exist @@ -505,7 +505,7 @@ func TestDefaultDeployBehaviorMLMDV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -588,7 +588,7 @@ func TestDeployEnvoyRouteV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -660,7 +660,7 @@ func TestDeployEnvoyRouteV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -731,7 +731,7 @@ func TestDontDeployEnvoyRouteV1(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -803,7 +803,7 @@ func TestDontDeployEnvoyRouteV2(t *testing.T) { assert.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) assert.Nil(t, err) // Ensure MLMD-Envoy resources now exists @@ -880,7 +880,7 @@ func TestGetEndpointsMLMDV2(t *testing.T) { require.Nil(t, err) // Run test reconciliation - err = reconciler.ReconcileMLMD(dspa, params) + err = reconciler.ReconcileMLMD(ctx, dspa, params) require.Nil(t, err) // Ensure MLMD-Envoy resources now exists diff --git a/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml b/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml index dc68c1e9..04175020 100644 --- a/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml +++ b/controllers/testdata/declarative/case_5/expected/created/metadata-envoy_deployment.yaml @@ -117,3 +117,7 @@ spec: secret: secretName: ds-pipelines-envoy-proxy-tls-testdsp5 defaultMode: 420 + - name: proxy-tls-upstream + configMap: + name: dsp-trusted-ca-testdsp5 + defaultMode: 420 diff --git a/controllers/testdata/declarative/case_6/config.yaml b/controllers/testdata/declarative/case_6/config.yaml deleted file mode 100644 index 50d576dc..00000000 --- a/controllers/testdata/declarative/case_6/config.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# When a minimal DSPA is deployed -Images: - ApiServer: api-server:test6 - Artifact: artifact-manager:test6 - PersistentAgent: persistenceagent:test6 - ScheduledWorkflow: scheduledworkflow:test6 - Cache: ubi-minimal:test6 - MoveResultsImage: busybox:test6 - MlPipelineUI: frontend:test6 - MariaDB: mariadb:test6 - Minio: minio:test6 - OAuthProxy: oauth-proxy:test6 -ImagesV2: - Argo: - ApiServer: api-server:test6 - ArgoLauncherImage: argolauncherimage:test6 - ArgoDriverImage: argodriverimage:test6 - MlmdGRPC: quay.io/opendatahub/mlmd-grpc-server:testdsp6 -DSPO: - ApiServer: - IncludeOwnerReference: false diff --git a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml deleted file mode 100644 index 7c1b2210..00000000 --- a/controllers/testdata/declarative/case_6/deploy/00_configmap.yaml +++ /dev/null @@ -1,70 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: odh-trusted-ca-bundle -data: - # the order the files are concatenated are not deterministic, so for testing we just use the same cert for - # both entries - ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - odh-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml deleted file mode 100644 index 6e950de3..00000000 --- a/controllers/testdata/declarative/case_6/deploy/01_configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: user-ca-bundle -data: - user-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY1MwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTIzMzM0OFoXDTM0MDMwMzIzMzM0OFowJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAxUS9rhHbrJUNYz3DIvSK3g7RMa7T+cxa0gWkSWqLWxOQR8Go7ouGi4hVsWlh - bXoaYMOkC/eKQ4LXCObXHg3ydr7Zmp5SrixroxQShoxFaw8uJzP7CrT9cZndys1U - KO58b3papvtEo8lxKHr1LRDQ3sN8hleEmjv90xdS/LUGXDqiwZHOaaNn2wjFK1Vv - NrflprjS5nxK571M9JPG941eR7W4opP7xEpRJPavX7r3FU3xShplAvxoruzZCeJO - a19uxRghKR95xKOAFvvYB+Q66kwfyX/njQarvUwLaeQKZhJrYluxh2vBMjk9cTge - WKbaJOFfFs6v9O2mE9ZcgreeVo+wsKPE+T+YRCwUv2/3XDB4tH8sXjBt6usdLTJF - fGfQofMq/rHQWx2JNGZGkxKU4RCFq+W9F8aSS/k6wc8Q9DBCvfyd85WMAN4NQ69E - FDZm74h8GmLIjncOYNCoeFyqA55g19NIq4ICRXR+1NArB5OS5AjihjFJuyaC+q7G - xMkSYjnWInuueM5dP5bNtMVXYKEAJkNOum6VwG60ACM7EWr9Lc427tKB7T9E3hRS - 43QsMD7mBt0uBYChgDDpi/w8U+J2nc3GB85Ek1Dx/m29eu6gr3uc6W4UWSaxOUzZ - QKecfszophJ5iHTlsyI2oGXPbdUKMRrFRl/6advMd14qbMkCAwEAAaOBujCBtzAf - BgNVHSMEGDAWgBR+eS4ZZgisrO77AKVsZp1LQfkrVTAJBgNVHRMEAjAAMGoGA1Ud - EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy - aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j - YWxob3N0MB0GA1UdDgQWBBR8+P2Dd7Y122uPoc6Q48tVXhB20zANBgkqhkiG9w0B - AQsFAAOCAgEAnWdbI5Vrz94070K+trQIwQpMLzgZaIw2/L3JCHvD7I0XhYIUDV9b - b22J7MZUOMq5xhX4bzsrywWR+VdYvxnPz4AqoT0APqm6NtU+i9z4VAb2u1PUVYGy - tB56M7DUg+3u/4rBLPniXZr6k01xQleCQvw3M3siuhjlHaRgm/e8sWpcAGKU63ri - s09RdAVsRxNVEdBDNpisHh/82Mildo1MspRNiOlurVyVKbOJVko3HbPvevq6UeTb - +HfFpmG9w0daJEyJX4wbq2ToZozwH6fdTD67jQMFooCofpGHsXIF9AZvO08gEKDt - KufvbJvguk12PUwoPxBcjxoPHaw9Fw8b8uncsysYIP7wkjxNEwlWqR8j6yZGJpB7 - 87/dgbxqlRWJ7DopLRD5QiVt74EZlhjfi4+B/0Ujg9AZl9IDROAjlcFluD/nV9d8 - I6LxIFALVjppbpXpPRPA/+hvFSqG1vbY2jvBnUYIjUEODKoxJKES1XG+chwzzn5K - i3PPFmyHU3YOgV8A6lp/evKA368hdrpdpcDVzUTBic1FJUK/L03xexM5NGQYCtgs - lsiMw+o9r32W0fzjQRwipTLNM0lEbgWyErsVXFb67vY/rjy9ybuFlKMMOIlZpmut - wcr1vUGA985Lhv2jire2GTlixOiqZtuQS08lGa7kkcO8sB+7MdRdgEI= - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml b/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml deleted file mode 100644 index bd166d2c..00000000 --- a/controllers/testdata/declarative/case_6/deploy/02_configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: openshift-service-ca.crt -data: - service-ca.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/deploy/03_secret.yaml b/controllers/testdata/declarative/case_6/deploy/03_secret.yaml deleted file mode 100644 index 55ffdab8..00000000 --- a/controllers/testdata/declarative/case_6/deploy/03_secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - name: testdbpswsecretname6 -stringData: - testpswkey6: testdbsecretpswvalue6 -type: Opaque diff --git a/controllers/testdata/declarative/case_6/deploy/04_cr.yaml b/controllers/testdata/declarative/case_6/deploy/04_cr.yaml deleted file mode 100644 index 6d3b025d..00000000 --- a/controllers/testdata/declarative/case_6/deploy/04_cr.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Test: -# When a user/odh provides a odh-trusted-ca-bundle, a configmap is created and mounted to mlmd grpc and apiserver -# When a user provides a cABundle in the DSPA, it is also included in the concatenated dsp custom ca cert configmap -# When external db is used the server config created for api server uses tls=true -# MLMD grpc server mounts the dspa cert and passes it into grpc server -# When a user provides a caBundleFileMountPath, it will be used to mount the ca bundle -# When a user provides ca bundle configmapkey, it will be used instead of default one -# When a user provides a ArtifactSignedURLExpirySeconds, it will be used instead of default -apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 -kind: DataSciencePipelinesApplication -metadata: - name: testdsp6 -spec: - dspVersion: v2 - podToPodTLS: true - apiServer: - deploy: true - enableSamplePipeline: false - caBundleFileMountPath: /dspa/custom-certs - caBundleFileName: user-ca-bundle.crt - cABundle: - configMapKey: user-ca-bundle.crt - configMapName: user-ca-bundle - artifactSignedURLExpirySeconds: 20 - database: - externalDB: - host: testdbhost6 - passwordSecret: - key: testpswkey6 - name: testdbpswsecretname6 - pipelineDBName: testdbname6 - port: test6 - username: testuser6 - objectStorage: - minio: - deploy: false - image: minio:test6 diff --git a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml deleted file mode 100644 index 73b2b7f1..00000000 --- a/controllers/testdata/declarative/case_6/expected/created/apiserver_deployment.yaml +++ /dev/null @@ -1,217 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ds-pipeline-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 -spec: - selector: - matchLabels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - template: - metadata: - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - spec: - containers: - - env: - - name: POD_NAMESPACE - value: "default" - - name: DBCONFIG_USER - value: "testuser6" - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: "testpswkey6" - name: "testdbpswsecretname6" - - name: DBCONFIG_DBNAME - value: "testdbname6" - - name: DBCONFIG_HOST - value: "testdbhost6" - - name: DBCONFIG_PORT - value: "test6" - - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_NAME - value: dsp-trusted-ca-testdsp6 - - name: ARTIFACT_COPY_STEP_CABUNDLE_CONFIGMAP_KEY - value: user-ca-bundle.crt - - name: ARTIFACT_COPY_STEP_CABUNDLE_MOUNTPATH - value: /dspa/custom-certs - - name: SSL_CERT_DIR - value: "/dspa/custom-certs:/etc/ssl/certs:/etc/pki/tls/certs" - - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION - value: "true" - - name: DBCONFIG_CONMAXLIFETIMESEC - value: "120" - - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_HOST - value: "ds-pipeline-visualizationserver" - - name: ML_PIPELINE_VISUALIZATIONSERVER_SERVICE_PORT - value: "8888" - - name: OBJECTSTORECONFIG_CREDENTIALSSECRET - value: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_CREDENTIALSACCESSKEYKEY - value: "accesskey" - - name: OBJECTSTORECONFIG_CREDENTIALSSECRETKEYKEY - value: "secretkey" - - name: DEFAULTPIPELINERUNNERSERVICEACCOUNT - value: "pipeline-runner-testdsp6" - - name: OBJECTSTORECONFIG_BUCKETNAME - value: "mlpipeline" - - name: OBJECTSTORECONFIG_ACCESSKEY - valueFrom: - secretKeyRef: - key: "accesskey" - name: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_SECRETACCESSKEY - valueFrom: - secretKeyRef: - key: "secretkey" - name: "ds-pipeline-s3-testdsp6" - - name: OBJECTSTORECONFIG_SECURE - value: "false" - - name: MINIO_SERVICE_SERVICE_HOST - value: "minio-testdsp6.default.svc.cluster.local" - - name: MINIO_SERVICE_SERVICE_PORT - value: "9000" - - name: V2_LAUNCHER_IMAGE - value: "argolauncherimage:test6" - - name: V2_DRIVER_IMAGE - value: "argodriverimage:test6" - - name: METADATA_GRPC_SERVICE_SERVICE_HOST - value: "ds-pipeline-metadata-grpc-testdsp6.default.svc.cluster.local" - - name: METADATA_GRPC_SERVICE_SERVICE_PORT - value: "8080" - - name: ML_PIPELINE_SERVICE_HOST - value: ds-pipeline-testdsp6.default.svc.cluster.local - - name: ML_PIPELINE_SERVICE_PORT_GRPC - value: "8887" - - name: SIGNED_URL_EXPIRY_TIME_SECONDS - value: "20" - - name: ML_PIPELINE_TLS_ENABLED - value: "true" - - name: EXECUTIONTYPE - value: Workflow - - name: DB_DRIVER_NAME - value: mysql - - name: DBCONFIG_MYSQLCONFIG_USER - value: testuser6 - - name: DBCONFIG_MYSQLCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: "testpswkey6" - name: "testdbpswsecretname6" - - name: DBCONFIG_MYSQLCONFIG_DBNAME - value: "testdbname6" - - name: DBCONFIG_MYSQLCONFIG_HOST - value: "testdbhost6" - - name: DBCONFIG_MYSQLCONFIG_PORT - value: "test6" - image: api-server:test6 - # imagePullPolicy: default - https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting - name: ds-pipeline-api-server - command: ['/bin/apiserver'] - args: - - --config=/config - - -logtostderr=true - - --tlsCertPath=/etc/tls/private/tls.crt - - --tlsCertKeyPath=/etc/tls/private/tls.key - ports: - - containerPort: 8888 - name: http - protocol: TCP - - containerPort: 8887 - name: grpc - protocol: TCP - livenessProbe: - httpGet: - path: /apis/v1beta1/healthz - port: http - scheme: HTTPS - readinessProbe: - httpGet: - path: /apis/v1beta1/healthz - port: http - scheme: HTTPS - resources: - requests: - cpu: 250m - memory: 500Mi - limits: - cpu: 500m - memory: 1Gi - volumeMounts: - - name: server-config - mountPath: /config/config.json - subPath: config.json - - mountPath: /etc/tls/private - name: proxy-tls - - name: ca-bundle - mountPath: /dspa/custom-certs - - name: oauth-proxy - args: - - --https-address=:8443 - - --provider=openshift - - --openshift-service-account=ds-pipeline-testdsp6 - - --upstream=https://ds-pipeline-testdsp6.default.svc.cluster.local:8888 - - --upstream-ca=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt - - --tls-cert=/etc/tls/private/tls.crt - - --tls-key=/etc/tls/private/tls.key - - --cookie-secret=SECRET - - '--openshift-delegate-urls={"/": {"group":"route.openshift.io","resource":"routes","verb":"get","name":"ds-pipeline-testdsp6","namespace":"default"}}' - - '--openshift-sar={"namespace":"default","resource":"routes","resourceName":"ds-pipeline-testdsp6","verb":"get","resourceAPIGroup":"route.openshift.io"}' - - --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)' - image: oauth-proxy:test6 - ports: - - containerPort: 8443 - name: oauth - protocol: TCP - livenessProbe: - httpGet: - path: /oauth/healthz - port: oauth - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /oauth/healthz - port: oauth - scheme: HTTPS - initialDelaySeconds: 5 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - resources: - limits: - cpu: 100m - memory: 256Mi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - mountPath: /etc/tls/private - name: proxy-tls - volumes: - - name: proxy-tls - secret: - secretName: ds-pipelines-proxy-tls-testdsp6 - defaultMode: 420 - - name: server-config - configMap: - name: ds-pipeline-server-config-testdsp6 - defaultMode: 420 - - name: ca-bundle - configMap: - name: dsp-trusted-ca-testdsp6 - defaultMode: 420 - serviceAccountName: ds-pipeline-testdsp6 diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml deleted file mode 100644 index c1b1a3bc..00000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_artifact_script.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -data: - artifact_script: |- - #!/usr/bin/env sh - push_artifact() { - workspace_dir=$(echo $(context.taskRun.name) | sed -e "s/$(context.pipeline.name)-//g") - workspace_dest=/workspace/${workspace_dir}/artifacts/$(context.pipelineRun.name)/$(context.taskRun.name) - artifact_name=$(basename $2) - - aws_cp() { - - aws s3 --endpoint http://minio-testdsp6.default.svc.cluster.local:9000 --ca-bundle /dspa/custom-certs/user-ca-bundle.crt cp $1.tgz s3://mlpipeline/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz - - } - - if [ -f "$workspace_dest/$artifact_name" ]; then - echo sending to: ${workspace_dest}/${artifact_name} - tar -cvzf $1.tgz -C ${workspace_dest} ${artifact_name} - aws_cp $1 - elif [ -f "$2" ]; then - tar -cvzf $1.tgz -C $(dirname $2) ${artifact_name} - aws_cp $1 - else - echo "$2 file does not exist. Skip artifact tracking for $1" - fi - } - push_log() { - cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log - push_artifact main-log step-main.log - } - strip_eof() { - if [ -f "$2" ]; then - awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 - fi - } -kind: ConfigMap -metadata: - name: ds-pipeline-artifact-script-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml deleted file mode 100644 index e662cb8b..00000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_dspa_trusted_ca.yaml +++ /dev/null @@ -1,131 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: dsp-trusted-ca-testdsp6 -data: - user-ca-bundle.crt: | - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFlTCCA32gAwIBAgIUQTPwwkR17jDrdIe4VqhzNQ6OY1MwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTIzMzM0OFoXDTM0MDMwMzIzMzM0OFowJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDioudGNwLm5ncm9rLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAxUS9rhHbrJUNYz3DIvSK3g7RMa7T+cxa0gWkSWqLWxOQR8Go7ouGi4hVsWlh - bXoaYMOkC/eKQ4LXCObXHg3ydr7Zmp5SrixroxQShoxFaw8uJzP7CrT9cZndys1U - KO58b3papvtEo8lxKHr1LRDQ3sN8hleEmjv90xdS/LUGXDqiwZHOaaNn2wjFK1Vv - NrflprjS5nxK571M9JPG941eR7W4opP7xEpRJPavX7r3FU3xShplAvxoruzZCeJO - a19uxRghKR95xKOAFvvYB+Q66kwfyX/njQarvUwLaeQKZhJrYluxh2vBMjk9cTge - WKbaJOFfFs6v9O2mE9ZcgreeVo+wsKPE+T+YRCwUv2/3XDB4tH8sXjBt6usdLTJF - fGfQofMq/rHQWx2JNGZGkxKU4RCFq+W9F8aSS/k6wc8Q9DBCvfyd85WMAN4NQ69E - FDZm74h8GmLIjncOYNCoeFyqA55g19NIq4ICRXR+1NArB5OS5AjihjFJuyaC+q7G - xMkSYjnWInuueM5dP5bNtMVXYKEAJkNOum6VwG60ACM7EWr9Lc427tKB7T9E3hRS - 43QsMD7mBt0uBYChgDDpi/w8U+J2nc3GB85Ek1Dx/m29eu6gr3uc6W4UWSaxOUzZ - QKecfszophJ5iHTlsyI2oGXPbdUKMRrFRl/6advMd14qbMkCAwEAAaOBujCBtzAf - BgNVHSMEGDAWgBR+eS4ZZgisrO77AKVsZp1LQfkrVTAJBgNVHRMEAjAAMGoGA1Ud - EQRjMGGCDHRjcC5uZ3Jvay5pb4IOKi50Y3Aubmdyb2suaW+CE21hcmlhZGIubWFy - aWFkYi5zdmOCIW1hcmlhZGIubWFyaWFkYi5zdmMuY2x1c3Rlci5sb2NhbIIJbG9j - YWxob3N0MB0GA1UdDgQWBBR8+P2Dd7Y122uPoc6Q48tVXhB20zANBgkqhkiG9w0B - AQsFAAOCAgEAnWdbI5Vrz94070K+trQIwQpMLzgZaIw2/L3JCHvD7I0XhYIUDV9b - b22J7MZUOMq5xhX4bzsrywWR+VdYvxnPz4AqoT0APqm6NtU+i9z4VAb2u1PUVYGy - tB56M7DUg+3u/4rBLPniXZr6k01xQleCQvw3M3siuhjlHaRgm/e8sWpcAGKU63ri - s09RdAVsRxNVEdBDNpisHh/82Mildo1MspRNiOlurVyVKbOJVko3HbPvevq6UeTb - +HfFpmG9w0daJEyJX4wbq2ToZozwH6fdTD67jQMFooCofpGHsXIF9AZvO08gEKDt - KufvbJvguk12PUwoPxBcjxoPHaw9Fw8b8uncsysYIP7wkjxNEwlWqR8j6yZGJpB7 - 87/dgbxqlRWJ7DopLRD5QiVt74EZlhjfi4+B/0Ujg9AZl9IDROAjlcFluD/nV9d8 - I6LxIFALVjppbpXpPRPA/+hvFSqG1vbY2jvBnUYIjUEODKoxJKES1XG+chwzzn5K - i3PPFmyHU3YOgV8A6lp/evKA368hdrpdpcDVzUTBic1FJUK/L03xexM5NGQYCtgs - lsiMw+o9r32W0fzjQRwipTLNM0lEbgWyErsVXFb67vY/rjy9ybuFlKMMOIlZpmut - wcr1vUGA985Lhv2jire2GTlixOiqZtuQS08lGa7kkcO8sB+7MdRdgEI= - -----END CERTIFICATE----- - - -----BEGIN CERTIFICATE----- - MIIFLTCCAxWgAwIBAgIUIvY4jV0212P/ddjuCZhcUyJfoocwDQYJKoZIhvcNAQEL - BQAwJjELMAkGA1UEBhMCWFgxFzAVBgNVBAMMDnJoLWRzcC1kZXZzLmlvMB4XDTI0 - MDMwNTAxMTExN1oXDTM0MDMwMzAxMTExN1owJjELMAkGA1UEBhMCWFgxFzAVBgNV - BAMMDnJoLWRzcC1kZXZzLmlvMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC - AgEAnCxNdQ0EUhswfu8/K6icQKc//2xpTvcp9Bn9QZ9UUy3f2UXv5hvd4W2PM/uX - FaZGoEzQsYagbjyuHDBxek8YOZvdRx9h7O+LLfN+DXeLbaY6tZ2AxNWwcaAmG0EH - nSDVORrk8/aZfFRoxgQigWyuK28YZn2SopjNyvOc8GkNjCFO4y7g4QuzWdGMgMIA - +whtt3EuYIwaRourKNFp4oR4InOVdPfuGezxbKRPcFfey1JEdTxGoWnHC+HDDMCf - R2vV8hAQB4fdvbOoz3+S7j7d8YiaFBK/P2us6Il5tsUw4kzhD2/OLzyERB7SloZk - NiIcSsU0USRGLb4/ybQsxu9UPIXUlKTK70HxIEIdPSPPMM84khIOuax0QXKORFHT - Ti9jgEfXjuX/2RPijQoCMDrqRQvDxExnTVMncqud6PeDxOWfvSG4oyZBr4HgNAap - wX7FWEY6SOH0e3GrH9ceI3afDO4A4YR+EE426GgHgYe8g4NTfD1D79+txmSY6VvV - MBwEvPo1LJVmvz23HBC60+e6Ld3WjwE+viOktt20R5Td3NPj7qcBlMDs105yiz+l - Ex1h/WDrAssETrelppg3Xgkkz+iY5RwiUB2BTzeiiDbN+AE6X+S5c61Izc2qAeH2 - gVrvMDlAK6t6bQ696TzItdAs5SnXauxPjfwmK+F65SYy7z8CAwEAAaNTMFEwHQYD - VR0OBBYEFDj7l4fu0pXChZsXU5Cgsmr5TYq7MB8GA1UdIwQYMBaAFDj7l4fu0pXC - hZsXU5Cgsmr5TYq7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB - AGr5DblOsH7JE9JM3M4p4eiXD40B/VIACEDMYJvyr6QjmcT8+XnHkiu7OV3OJV/G - S4NKhleBhfpaaP2ZPGO/vUTmqXwcK78jl0WEjPrMVjs1eDoSnUNi+KwFTBypIusD - gSEnICXa26v1CHCQG0QB+rUrIxJqjtq+bnlw/Ns1wxTYfZBFW1ykCJuMsekPo0pN - yTH1eWr0eSVWgljqHKaUjKbRRTSTWvk2Sewaq004W+6QOSb3nb1+GHVMov/Q6vsz - j6/3B7+7wybR80UTBI/1DfTlefQaOOgEPBjQZ92NXSxMKe2J7FPD+7NHvwTNzzVD - jg3cmW8pbtLEyxa+C+6EN8xnmklVfyzuzVsRJvrZvzYcOgLK2ji35oq9FYGXm0yH - HRpQPBFkcgNedD3qrJNYKkIBiAh2SSKKA+J8eP3uD9NUOScgl2aKVz/phU5rSDwt - NlhRuX8sS7q4gpL9qk4jWrMb8tNeN5nYRvmJj+Slf9sQSTfvukKo+2X8GpAecQNC - z6OeQyN+3C2zm4cLCHHWC0ZR/iHQyHIVKlFXznWe6qA64o4x1A0GurjVMAw0Pe0v - WBV3KJBsYK/wijtLeip1oKobU76oE0ML/bnhV10k6usvl4n8cDmcONo5FnGoT8Pk - 80htx6w5fanMFu4MnoBeyJhhzNfg7ywJcc2VZSM27s2B - -----END CERTIFICATE----- diff --git a/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml b/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml deleted file mode 100644 index f0ae5c3e..00000000 --- a/controllers/testdata/declarative/case_6/expected/created/configmap_server_config.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: ds-pipeline-server-config-testdsp6 - namespace: default - labels: - app: ds-pipeline-testdsp6 - component: data-science-pipelines -data: - config.json: | - - { - "DBConfig": { - "MySQLConfig": { - "ExtraParams": {"tls":"true"}, - "GroupConcatMaxLen": "4194304" - }, - "PostgreSQLConfig": {}, - "ConMaxLifeTime": "120s" - }, - "ObjectStoreConfig": { - "PipelinePath": "pipelines" - }, - "DBDriverName": "mysql", - "ARCHIVE_CONFIG_LOG_FILE_NAME": "main.log", - "ARCHIVE_CONFIG_LOG_PATH_PREFIX": "/artifacts", - "InitConnectionTimeout": "6m" - } diff --git a/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml b/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml deleted file mode 100644 index 7eeff5b0..00000000 --- a/controllers/testdata/declarative/case_6/expected/created/metadata_grpc_deployment.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ds-pipeline-metadata-grpc-testdsp6 - namespace: default - labels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 -spec: - replicas: 1 - selector: - matchLabels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - template: - metadata: - labels: - app: ds-pipeline-metadata-grpc-testdsp6 - component: data-science-pipelines - dspa: testdsp6 - spec: - containers: - - args: - - --grpc_port=8080 - - --mysql_config_database=$(MYSQL_DATABASE) - - --mysql_config_host=$(MYSQL_HOST) - - --mysql_config_port=$(MYSQL_PORT) - - --mysql_config_user=$(DBCONFIG_USER) - - --mysql_config_password=$(DBCONFIG_PASSWORD) - - --enable_database_upgrade=true - - --mysql_config_sslrootcert=/dspa/custom-certs/user-ca-bundle.crt - command: - - /bin/metadata_store_server - env: - - name: DBCONFIG_USER - value: testuser6 - - name: DBCONFIG_PASSWORD - valueFrom: - secretKeyRef: - key: testpswkey6 - name: testdbpswsecretname6 - - name: MYSQL_DATABASE - value: testdbname6 - - name: MYSQL_HOST - value: testdbhost6 - - name: MYSQL_PORT - value: test6 - image: quay.io/opendatahub/mlmd-grpc-server:testdsp6 - name: container - ports: - - containerPort: 8080 - name: grpc-api - protocol: TCP - livenessProbe: - initialDelaySeconds: 30 - periodSeconds: 5 - tcpSocket: - port: grpc-api - timeoutSeconds: 2 - readinessProbe: - initialDelaySeconds: 3 - periodSeconds: 5 - tcpSocket: - port: grpc-api - timeoutSeconds: 2 - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 100m - memory: 256Mi - volumeMounts: - - mountPath: /dspa/custom-certs - name: ca-bundle - serviceAccountName: ds-pipeline-metadata-grpc-testdsp6 - volumes: - - name: ca-bundle - configMap: - defaultMode: 420 - name: dsp-trusted-ca-testdsp6 diff --git a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml index ebbd6721..66a00206 100644 --- a/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml +++ b/controllers/testdata/declarative/case_8/expected/created/apiserver_deployment.yaml @@ -95,6 +95,8 @@ spec: value: "60" - name: ML_PIPELINE_TLS_ENABLED value: "true" + - name: METADATA_TLS_ENABLED + value: "true" - name: EXECUTIONTYPE value: Workflow - name: DB_DRIVER_NAME diff --git a/controllers/util/util.go b/controllers/util/util.go index f0f767b1..08276d52 100644 --- a/controllers/util/util.go +++ b/controllers/util/util.go @@ -198,3 +198,16 @@ func GetRouteIfAvailable(ctx context.Context, routeName, ns string, client clien } return true, route, nil } + +func GetSecret(ctx context.Context, secretName, ns string, client client.Client) (*v1.Secret, error) { + secret := &v1.Secret{} + namespacedName := types.NamespacedName{ + Name: secretName, + Namespace: ns, + } + err := client.Get(ctx, namespacedName, secret) + if err != nil { + return &v1.Secret{}, err + } + return secret, nil +} From a54d0a6451c379925f70e252c4fadcd60d005116 Mon Sep 17 00:00:00 2001 From: Humair Khan Date: Fri, 27 Sep 2024 15:18:16 -0400 Subject: [PATCH 13/14] update compatibility doc for 2.6 Signed-off-by: Humair Khan --- docs/release/compatibility.md | 1 + docs/release/compatibility.yaml | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/docs/release/compatibility.md b/docs/release/compatibility.md index 61eece9f..7a039547 100644 --- a/docs/release/compatibility.md +++ b/docs/release/compatibility.md @@ -6,6 +6,7 @@ Each row outlines the versions for individual subcomponents and images that are | dsp | kfp | argo | ml-metadata | envoy | ocp-pipelines | oauth-proxy | mariadb-103 | ubi-minimal | ubi-micro | openshift | |-----|-----|-----|-----|-----|-----|-----|-----|-----|-----|-----| +| 2.6 | 2.0.5 | 3.3.10 | 1.14.0 | 1.22.11 | N/A | v4.10 | 1 | N/A | N/A | 4.14,4.15,4.16 | | 2.5 | 2.0.5 | 3.3.10 | 1.14.0 | 1.22.11 | N/A | v4.10 | 1 | N/A | N/A | 4.14,4.15,4.16 | | 2.4 | 2.0.5 | 3.3.10 | 1.14.0 | 1.22.11 | N/A | v4.10 | 1 | N/A | N/A | 4.14,4.15,4.16 | | 2.3 | 2.0.5 | 3.3.10 | 1.14.0 | 1.22.11 | N/A | v4.10 | 1 | N/A | N/A | 4.13,4.14,4.15 | diff --git a/docs/release/compatibility.yaml b/docs/release/compatibility.yaml index b4974ba7..10b8b3c3 100644 --- a/docs/release/compatibility.yaml +++ b/docs/release/compatibility.yaml @@ -1,3 +1,14 @@ +- dsp: 2.6 + kfp: 2.0.5 + argo: 3.3.10 + ml-metadata: 1.14.0 + envoy: 1.22.11 + ocp-pipelines: "N/A" + oauth-proxy: v4.10 + mariadb-103: 1 + ubi-minimal: "N/A" + ubi-micro: "N/A" + openshift: 4.14,4.15,4.16 - dsp: 2.5 kfp: 2.0.5 argo: 3.3.10 From 70430e51a40a65cb6100a8a42ec56e1389ca7df9 Mon Sep 17 00:00:00 2001 From: dsp-developers <140449482+dsp-developers@users.noreply.github.com> Date: Sat, 28 Sep 2024 03:33:01 +0000 Subject: [PATCH 14/14] Generate params for 2.6 --- config/base/params.env | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/config/base/params.env b/config/base/params.env index f861cb30..71a57c65 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -1,19 +1,19 @@ -IMAGES_APISERVER=quay.io/opendatahub/ds-pipelines-api-server:v1.6.3 -IMAGES_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager:v1.6.3 -IMAGES_PERSISTENTAGENT=quay.io/opendatahub/ds-pipelines-persistenceagent:v1.6.3 -IMAGES_SCHEDULEDWORKFLOW=quay.io/opendatahub/ds-pipelines-scheduledworkflow:v1.6.3 -IMAGES_MLMDENVOY=quay.io/opendatahub/ds-pipelines-metadata-envoy:v1.6.3 -IMAGES_MLMDGRPC=quay.io/opendatahub/ds-pipelines-metadata-grpc:v1.6.3 -IMAGES_MLMDWRITER=quay.io/opendatahub/ds-pipelines-metadata-writer:v1.6.3 -IMAGES_DSPO=quay.io/opendatahub/data-science-pipelines-operator:latest -V2_LAUNCHER_IMAGE=quay.io/opendatahub/ds-pipelines-launcher:latest -V2_DRIVER_IMAGE=quay.io/opendatahub/ds-pipelines-driver:latest -IMAGESV2_ARGO_APISERVER=quay.io/opendatahub/ds-pipelines-api-server:latest -IMAGESV2_ARGO_PERSISTENCEAGENT=quay.io/opendatahub/ds-pipelines-persistenceagent:latest -IMAGESV2_ARGO_SCHEDULEDWORKFLOW=quay.io/opendatahub/ds-pipelines-scheduledworkflow:latest -IMAGESV2_ARGO_WORKFLOWCONTROLLER=quay.io/opendatahub/ds-pipelines-argo-workflowcontroller:3.3.10-upstream -IMAGESV2_ARGO_ARGOEXEC=quay.io/opendatahub/ds-pipelines-argo-argoexec:3.3.10-upstream -IMAGESV2_ARGO_MLMDGRPC=quay.io/opendatahub/mlmd-grpc-server:latest +IMAGES_APISERVER=quay.io/opendatahub/ds-pipelines-api-server@sha256:caca0638eef179e61c97878cc4adc1a39473b3c67f46c808175560cf824fac82 +IMAGES_ARTIFACT=quay.io/opendatahub/ds-pipelines-artifact-manager@sha256:1d322d5f72fe5b4599cb88810aa8b86da6af7859b395400543e24696cdfc3948 +IMAGES_PERSISTENTAGENT=quay.io/opendatahub/ds-pipelines-persistenceagent@sha256:02bca29b5e5bcde17d18d991d0893a1aef357dbd175729698fc246ec72ee967d +IMAGES_SCHEDULEDWORKFLOW=quay.io/opendatahub/ds-pipelines-scheduledworkflow@sha256:0c09b453151cf037b2055a8e94ec36716207da43cf99a9faa19dfc52ac8cb67f +IMAGES_MLMDENVOY=quay.io/opendatahub/ds-pipelines-metadata-envoy@sha256:c491e63c8885c7d59005f9305b77cd1fa776b50e63db90c4f8ccdee963759630 +IMAGES_MLMDGRPC=quay.io/opendatahub/ds-pipelines-metadata-grpc@sha256:4af88c246d77cce33099489090508734978aafa83a0a5745408ae8d139d5378a +IMAGES_MLMDWRITER=quay.io/opendatahub/ds-pipelines-metadata-writer@sha256:393ddb21afe13166e972022153479450bb66b2c9b1896e62a484aed2ac62b388 +IMAGES_DSPO=quay.io/opendatahub/data-science-pipelines-operator@sha256:762deff13cea8db45106f08285badd595d3c55f110ee002b3fcae238acbec326 +V2_LAUNCHER_IMAGE=quay.io/opendatahub/ds-pipelines-launcher@sha256:17f99e36bf98d27f9d89f63f01d5b5cd3adceeda7c789fd72fb1b95bfcc3c7f6 +V2_DRIVER_IMAGE=quay.io/opendatahub/ds-pipelines-driver@sha256:8666fbb4d147fbc5be288a8d5e83f209fc5d9a1fbcc7e28e55539ef8f822c781 +IMAGESV2_ARGO_APISERVER=quay.io/opendatahub/ds-pipelines-api-server@sha256:0f281292577fa3f266e43321441b9ab04ab3d40e7e5e22a531de1acaac177575 +IMAGESV2_ARGO_PERSISTENCEAGENT=quay.io/opendatahub/ds-pipelines-persistenceagent@sha256:82046d9d5bfb9a6590a2a1651087e305c1fbac80dd9a0e23efc94ab6fc3d6c26 +IMAGESV2_ARGO_SCHEDULEDWORKFLOW=quay.io/opendatahub/ds-pipelines-scheduledworkflow@sha256:6a2f7b2725b7eae46f262c8066b392d0769cf41f1ec6c5c767b4db0a5eb5a7fe +IMAGESV2_ARGO_WORKFLOWCONTROLLER=quay.io/opendatahub/ds-pipelines-argo-workflowcontroller@sha256:4a2ccfc397ae6f3470df09eaace4d568d27378085466a38e68a2b56981c3e5f9 +IMAGESV2_ARGO_ARGOEXEC=quay.io/opendatahub/ds-pipelines-argo-argoexec@sha256:b2b3bc54744d2780c32f1aa564361a1ae4a42532c6d16662e45ad1025acff1ea +IMAGESV2_ARGO_MLMDGRPC=quay.io/opendatahub/mlmd-grpc-server@sha256:9e905b2de2fb6801716a14ebd6e589cac82fef26741825d06717d695a37ff199 IMAGESV2_ARGO_MLMDENVOY=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8@sha256:a744c1b386fd5e4f94e43543e829df1bfdd1b564137917372a11da06872f4bcb IMAGES_MARIADB=registry.redhat.io/rhel8/mariadb-103@sha256:3d30992e60774f887c4e7959c81b0c41b0d82d042250b3b56f05ab67fd4cdee1 IMAGES_OAUTHPROXY=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33