Closed codablock closed 5 months ago
Hey @codablock , this is very reasonable. I deployed that in my environment with vcluster
, run a few tests based on this gist and can confirm that from functionality perspective all is working correctly
https://gist.github.com/kromanow94/3a40e45f4f5777734e67ac3da683354e
$ export ISTIO_INGRESSGATEWAY_NAMESPACE=istio-system
$ export ISTIO_INGRESSGATEWAY_ENDPOINT=localhost:8080
$ export KF_PROFILE=kubeflow-user-example-com
$ export EXPERIMENT_NAME=m2m-experiment
$ nohup kubectl port-forward --namespace $ISTIO_INGRESSGATEWAY_NAMESPACE svc/istio-ingressgateway 8080:80 &
$ curl -XPOST "$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/experiments" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" \
-d "{\"display_name\": \"$EXPERIMENT_NAME\", \"namespace\": \"$KF_PROFILE\"}" | jq
{
"experiment_id": "950b5d75-382f-4b81-8da1-af58cf9c3878",
"display_name": "m2m-experiment",
"created_at": "2024-04-05T15:27:09Z",
"namespace": "kubeflow-user-example-com",
"storage_state": "AVAILABLE"
}
$ curl "$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/experiments?namespace=$KF_PROFILE" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" | jq
{
"experiments": [
{
"experiment_id": "950b5d75-382f-4b81-8da1-af58cf9c3878",
"display_name": "m2m-experiment",
"created_at": "2024-04-05T15:27:09Z",
"namespace": "kubeflow-user-example-com",
"storage_state": "AVAILABLE"
}
],
"total_size": 1
}
$ curl "$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/pipelines" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" | jq
{
"pipelines": [
{
"pipeline_id": "53f86345-3c2c-4c7a-8a90-6ba83c80b4d1",
"display_name": "[Tutorial] Data passing in python components",
"description": "[source code](https://github.com/kubeflow/pipelines/tree/c5658f09ec38e82730a8eca0a1aabf0876087eec/samples/tutorials/Data%20passing%20in%20python%20components) Shows how to pass data between python components.",
"created_at": "2024-04-05T15:16:58Z"
},
{
"pipeline_id": "a44f5b06-124f-46f0-8fbf-3e383ba4152b",
"display_name": "[Tutorial] DSL - Control structures",
"description": "[source code](https://github.com/kubeflow/pipelines/tree/c5658f09ec38e82730a8eca0a1aabf0876087eec/samples/tutorials/DSL%20-%20Control%20structures) Shows how to use conditional execution and exit handlers. This pipeline will randomly fail to demonstrate that the exit handler gets executed even in case of failure.",
"created_at": "2024-04-05T15:16:59Z"
}
],
"total_size": 2
}
$ export EXPERIMENT_ID="$(curl -qs \
"$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/experiments?namespace=$KF_PROFILE" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" \
| jq --arg display_name $EXPERIMENT_NAME '.experiments[] | select(.display_name == $display_name)|.experiment_id' -r
)"
$ export PIPELINE_ID="$(curl -qs \
"$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/pipelines" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" \
| jq '.pipelines[0].pipeline_id' -r
)"
$ curl -XPOST \
"$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/runs?namespace=$KF_PROFILE" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" \
-d "{
\"experiment_id\":\"$EXPERIMENT_ID\",
\"display_name\": \"Pipeline created with M2M Token\",
\"pipeline_version_reference\": {\"pipeline_id\": \"$PIPELINE_ID\"}
}" | jq
{
"experiment_id": "950b5d75-382f-4b81-8da1-af58cf9c3878",
"run_id": "d3706aed-0595-4802-a954-f92719f1ded2",
"display_name": "Pipeline created with M2M Token",
"storage_state": "AVAILABLE",
"pipeline_version_reference": {
"pipeline_id": "53f86345-3c2c-4c7a-8a90-6ba83c80b4d1",
"pipeline_version_id": "e3eaf0c3-83a0-424e-ba3f-a92ee1ef1d91"
},
"service_account": "default-editor",
"created_at": "2024-04-05T15:27:47Z",
"scheduled_at": "2024-04-05T15:27:47Z",
"finished_at": "1970-01-01T00:00:00Z",
"state": "PENDING",
"state_history": [
{
"update_time": "2024-04-05T15:27:47Z",
"state": "PENDING"
}
]
}
$ curl "$ISTIO_INGRESSGATEWAY_ENDPOINT/pipeline/apis/v2beta1/runs?namespace=$KF_PROFILE" \
-H "Authorization: Bearer $(kubectl -n kubeflow-user-example-com create token default-editor)" | jq
{
"runs": [
{
"experiment_id": "950b5d75-382f-4b81-8da1-af58cf9c3878",
"run_id": "d3706aed-0595-4802-a954-f92719f1ded2",
"display_name": "Pipeline created with M2M Token",
"storage_state": "AVAILABLE",
"pipeline_version_reference": {
"pipeline_id": "53f86345-3c2c-4c7a-8a90-6ba83c80b4d1",
"pipeline_version_id": "e3eaf0c3-83a0-424e-ba3f-a92ee1ef1d91"
},
"service_account": "default-editor",
"created_at": "2024-04-05T15:27:47Z",
"scheduled_at": "2024-04-05T15:27:47Z",
"finished_at": "1970-01-01T00:00:00Z",
"state": "RUNNING",
"run_details": {
"task_details": [
{
"run_id": "d3706aed-0595-4802-a954-f92719f1ded2",
"task_id": "ab562944-eab1-4118-a505-5f6ab23c1bf9",
"display_name": "tutorial-data-passing-6tvx2",
"create_time": "2024-04-05T15:27:47Z",
"start_time": "2024-04-05T15:27:47Z",
"end_time": "0001-01-01T00:00:00Z",
"state": "RUNNING",
"state_history": [
{
"update_time": "2024-04-05T15:27:49Z",
"state": "RUNNING"
}
],
"child_tasks": [
{
"pod_name": "tutorial-data-passing-6tvx2-3819678768"
}
]
},
{
"run_id": "d3706aed-0595-4802-a954-f92719f1ded2",
"task_id": "62b4a391-92eb-41da-9672-39e4a4cfaf56",
"display_name": "root-driver",
"create_time": "2024-04-05T15:27:47Z",
"start_time": "2024-04-05T15:27:47Z",
"end_time": "0001-01-01T00:00:00Z",
"state": "PENDING",
"state_history": [
{
"update_time": "2024-04-05T15:27:49Z",
"state": "PENDING"
}
]
}
]
},
"state_history": [
{
"update_time": "2024-04-05T15:27:47Z",
"state": "PENDING"
},
{
"update_time": "2024-04-05T15:27:48Z"
},
{
"update_time": "2024-04-05T15:27:49Z",
"state": "RUNNING"
}
]
}
],
"total_size": 1
}
@codablock what about istio-cni?
/hold
@juliusvonkohout Indeed, forgot about that one, thanks. Fixed and force-pushed.
Sorry, our CICD is currently too slow for some tests.
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: codablock, juliusvonkohout
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/unhold
the cicd seems to be healthy again
Description of your changes: First component contains only the patches. This is meant to be used from the istio deployment.
The second component contains the AuthorizationPolicy and RequestAuthentication, which must always be deployed when oauth2-proxy is deployed, so it doesn't make sense to pull these in from the istio oauth2-proxy overlay.
Checklist:
make generate-changed-only
make test