-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ksonnet package for WeaveFlux #1232
Conversation
/unassign @jimexist |
/ok-to-test |
|
||
local giturl = updatedParams.giturl; | ||
local namespace = updatedParams.namespace; | ||
//local imageTag = import "param://imageTag"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please delete commented out code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
// updatedParams uses the environment namespace if | ||
// the namespace parameter is not explicitly set | ||
local updatedParams = params { | ||
namespace: if params.namespace == "null" then env.namespace else params.namespace, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use the env namespace always you should not take namespace as a parameter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Think I got it
// the namespace parameter is not explicitly set | ||
local updatedParams = params { | ||
namespace: if params.namespace == "null" then env.namespace else params.namespace, | ||
giturl: if params.giturl == "null" then env.giturl else params.giturl, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can't get giturl from env. It will always come from params.
env refers to values set as part of your ksonnet enviornment like namespace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This SHOULD be fixed
kubeflow/kubeflux/all.libsonnet
Outdated
"selector": { | ||
"name": "flux" | ||
}, | ||
"type": "LoadBalancer" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would expose a port by default that's open to the world. We don't want to do this. This should be a parameter and users should have to explicitly choose to set the type to LoadBalancer in order to open up a port.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestions on how to fix this? I am thinking of a
ks param set LoadBalancer Deploy
I am just not sure how the code would look in the parameters and all.libsonnet
Also, should we give them more than one option for say a proxy?
ks param set port (Proxy/LoadBalancer)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would probably just add a parameter for the ServiceType that defaults to ClusterIP
See here
https://github.com/kubeflow/kubeflow/blob/master/kubeflow/core/prototypes/jupyterhub.jsonnet#L8
We could probably get away with out adding port for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this still needs to be fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to expose the flux service to the outside world so that the "fluxctl" CLI tool can access the tool. The LoadBalancer was to prevent a user from having to do a portforward. I think a better option may be a proxy option as the service does need to be exposed
kubeflow/kubeflux/all.libsonnet
Outdated
} | ||
}, | ||
|
||
nodeport:: { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we have two different services?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may just be a remnant from the conversion of Flux from yaml to ksonnet. Removed
kubeflow/kubeflux/all.libsonnet
Outdated
"containers": [ | ||
{ | ||
"args": [ | ||
"--ssh-keygen-dir=/var/fluxd/keygen", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How are keys handled? Can the user provide a deploy key via a K8s secret?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see why they couldn't create an additional secret for the key.
I am looking at the documentation here: https://github.com/weaveworks/flux/blob/master/site/standalone/setup.md
There are two options
"fluxctl identity" can generate one after deployment
kubectl create secret generic flux-git-deploy --from-file=identity=/path/to/private_key
Maybe create a parameter for option two?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right; They can create a key but they need some to specify that the provided secret should be added to the pod. So you probably need a parameter (secret name) and if that is set mount that into the pod.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is an existing "flux-git-deploy" secret created in this process. It looks like it mounts to a volume. Should we add a secret in addition to that or is there a reason we should create a new one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So the user has to download the key and then add it to their GITHUB repository as a deploy key? Is that documented somewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I am looking here:
https://github.com/weaveworks/flux/blob/master/site/daemon.md
and "flux-git-deploy" seems to be used to store the private SSH key as a secret for GitHub.
This documentation (https://www.weave.works/docs/cloud/latest/tasks/deploy/manual-configuration/) suggests that one use "fluxctl identity" to generate a public key while the private key is stored in "flux-git-deploy". You then go to Github and add the Key in the settings.
Can you update the PR title please. |
Took a quick look; seems like some comments still need to be addressed. Let me know when this is ready for another look. |
The comments should be removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 1 of 1 files at r5.
Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)
kubeflow/kubeflux/all.libsonnet, line 216 at r1 (raw file):
Previously, TheJaySmith (Jay Smith) wrote…
We need to expose the flux service to the outside world so that the "fluxctl" CLI tool can access the tool. The LoadBalancer was to prevent a user from having to do a portforward. I think a better option may be a proxy option as the service does need to be exposed
Can you open an issue for this? How WeaveFlux recommend securing the exposed service when exposing it outside the cluster.
kubeflow/kubeflux/README.md, line 3 at r5 (raw file):
KubeFlux
Is there really such a thing as Kubeflux? This is just WeaveFlux deployed via ksonnet. Why introduce the term KubeFlux; Why not just call it WeaveFlux?
kubeflow/kubeflux/README.md, line 30 at r5 (raw file):
We will then setup our FLUX_URL and test fluxctl ======= KubeFlux is an integration allowing Kubeflow users to leverage [WeaveWorks ® Flux]("https://www.weave.works/oss/flux/") for GitOps. KubeFlux utilizes the [stand-alone]("https://github.com/weaveworks/flux/tree/master/site/standalone") implementation. Being stand-alone, most of the maintenance is manual. If you are looking for a more managed solution, we recommend you look at [Weave Cloud ®]("https://www.weave.works/product/cloud/").
It looks like you are duplicating the same text as above. e.g. the description of KubeFlux and the installation guide appear to be repeated.
kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 15 at r1 (raw file):
Previously, TheJaySmith (Jay Smith) wrote…
Think I got it
Delete updatedParams you aren't using it anymore.
kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 6 at r5 (raw file):
// @shortDescription A Flux meets Kubeflow // @param name string Name to give to each of the components // @optionalParam namespace string null Namespace to use for the components. It is automatically inherited from the environment if not set.
Remove namespace as a parameter; namespace will be set by env.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)
kubeflow/kubeflux/all.libsonnet, line 216 at r1 (raw file):
Opened this issue fluxcd/flux#1244
Let's see what results we get
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)
kubeflow/kubeflux/README.md, line 3 at r5 (raw file):
Previously, jlewi (Jeremy Lewi) wrote…
KubeFlux
Is there really such a thing as Kubeflux? This is just WeaveFlux deployed via ksonnet. Why introduce the term KubeFlux; Why not just call it WeaveFlux?
Was going for a fun name. I have fixed it. I am still referring to the package as kubeflux though.
kubeflow/kubeflux/README.md, line 30 at r5 (raw file):
Previously, jlewi (Jeremy Lewi) wrote…
It looks like you are duplicating the same text as above. e.g. the description of KubeFlux and the installation guide appear to be repeated.
Duplicates fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @wbuchwalter, and @jimexist)
kubeflow/kubeflux/README.md, line 3 at r5 (raw file):
Previously, TheJaySmith (Jay Smith) wrote…
Was going for a fun name. I have fixed it. I am still referring to the package as kubeflux though.
Done.
kubeflow/kubeflux/README.md, line 30 at r5 (raw file):
Previously, TheJaySmith (Jay Smith) wrote…
Duplicates fixed
Done.
kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 15 at r1 (raw file):
Previously, jlewi (Jeremy Lewi) wrote…
Delete updatedParams you aren't using it anymore.
Done.
kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 6 at r5 (raw file):
Previously, jlewi (Jeremy Lewi) wrote…
Remove namespace as a parameter; namespace will be set by env.
Done.
Jay it looks like the package is still named Kubeflux and not WeaveFlux. While I do like the name Kubeflux I think it will lead to confusion and we should just call it WeaveFlux because that's what it is. Also Can rebase off of master and squash your changes. This will pull in the latest changes on master which should pull in some fixes to the E2E tests. You will also need to run scripts/autoformat_jsonnet.sh to autoformat the jsonnet. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
autoformat_jsonnet
I went ahead and changed "KubeFlux" to "WeaveFlux" and the package is now "weaveflux". I also squashed the commits.
I ran scripts/autoformat_jsonnet.sh so it should have worked but we will see. If it doesn't work, best practices for using it?
Reviewable status: 0 of 5 files reviewed, all discussions resolved (waiting on @jlewi, @wbuchwalter, and @jimexist)
@thejaysmith It looks like the autoformat worked. But it doesn't look like you rebased off the latest code of master because the minikube and tf serving tests are running. If you do that it will probably fix the tests. |
kubeflow/weaveflux/README.md
Outdated
@@ -0,0 +1,38 @@ | |||
# KubeFlux |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you missed this "Kubeflox"
Hello, I rebased and removed all KubeFlux! |
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
CLAs look good, thanks! |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: 0 of 5 files reviewed, all discussions resolved (waiting on @jlewi, @wbuchwalter, and @jimexist)
/lgtm |
So there's good news and bad news. 👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there. 😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request. Note to project maintainer: This is a terminal state, meaning the |
/retest |
rebase and fix Updated Commit rebased rebase and fix
rebase and fix Updated Commit rebased rebase and fix
CLAs look good, thanks! |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jlewi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* rebase and fix rebase and fix Updated Commit rebased rebase and fix * rebase and fix rebase and fix Updated Commit rebased rebase and fix * fixed format * autoformat all.libsonnet
* UI improvements * Add db-manager-addr flag Modify README * Fix graphviz * Modify README * Remove ID * Add zoom to graphviz * Remove unused scripts from index * Fix doc * Change npm install to npm ci Commit package-lock * fix npm version * Increase max_old_space_size * Set react-scripts to 3.2.0 * Modify doc
This is v0.1 of the KubeFlow ksonnet package, enabling Weaveworks Flux on Kubeflow clusters.
This change is