Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ksonnet package for WeaveFlux #1232

Merged
merged 5 commits into from
Aug 8, 2018
Merged

ksonnet package for WeaveFlux #1232

merged 5 commits into from
Aug 8, 2018

Conversation

jasonsmithio
Copy link
Contributor

@jasonsmithio jasonsmithio commented Jul 18, 2018

This is v0.1 of the KubeFlow ksonnet package, enabling Weaveworks Flux on Kubeflow clusters.


This change is Reviewable

@jlewi
Copy link
Contributor

jlewi commented Jul 18, 2018

/unassign @jimexist
/unassign @wbuchwalter
/assign jlewi

@jlewi
Copy link
Contributor

jlewi commented Jul 18, 2018

/ok-to-test


local giturl = updatedParams.giturl;
local namespace = updatedParams.namespace;
//local imageTag = import "param://imageTag";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please delete commented out code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

// updatedParams uses the environment namespace if
// the namespace parameter is not explicitly set
local updatedParams = params {
namespace: if params.namespace == "null" then env.namespace else params.namespace,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use the env namespace always you should not take namespace as a parameter.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think I got it

// the namespace parameter is not explicitly set
local updatedParams = params {
namespace: if params.namespace == "null" then env.namespace else params.namespace,
giturl: if params.giturl == "null" then env.giturl else params.giturl,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can't get giturl from env. It will always come from params.
env refers to values set as part of your ksonnet enviornment like namespace.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This SHOULD be fixed

"selector": {
"name": "flux"
},
"type": "LoadBalancer"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would expose a port by default that's open to the world. We don't want to do this. This should be a parameter and users should have to explicitly choose to set the type to LoadBalancer in order to open up a port.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestions on how to fix this? I am thinking of a

ks param set LoadBalancer Deploy

I am just not sure how the code would look in the parameters and all.libsonnet

Also, should we give them more than one option for say a proxy?

ks param set port (Proxy/LoadBalancer)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would probably just add a parameter for the ServiceType that defaults to ClusterIP
See here
https://github.com/kubeflow/kubeflow/blob/master/kubeflow/core/prototypes/jupyterhub.jsonnet#L8

We could probably get away with out adding port for now.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this still needs to be fixed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to expose the flux service to the outside world so that the "fluxctl" CLI tool can access the tool. The LoadBalancer was to prevent a user from having to do a portforward. I think a better option may be a proxy option as the service does need to be exposed

}
},

nodeport:: {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we have two different services?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may just be a remnant from the conversion of Flux from yaml to ksonnet. Removed

"containers": [
{
"args": [
"--ssh-keygen-dir=/var/fluxd/keygen",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How are keys handled? Can the user provide a deploy key via a K8s secret?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why they couldn't create an additional secret for the key.
I am looking at the documentation here: https://github.com/weaveworks/flux/blob/master/site/standalone/setup.md

There are two options
"fluxctl identity" can generate one after deployment

kubectl create secret generic flux-git-deploy --from-file=identity=/path/to/private_key

Maybe create a parameter for option two?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right; They can create a key but they need some to specify that the provided secret should be added to the pod. So you probably need a parameter (secret name) and if that is set mount that into the pod.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is an existing "flux-git-deploy" secret created in this process. It looks like it mounts to a volume. Should we add a secret in addition to that or is there a reason we should create a new one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the user has to download the key and then add it to their GITHUB repository as a deploy key? Is that documented somewhere.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I am looking here:
https://github.com/weaveworks/flux/blob/master/site/daemon.md

and "flux-git-deploy" seems to be used to store the private SSH key as a secret for GitHub.

This documentation (https://www.weave.works/docs/cloud/latest/tasks/deploy/manual-configuration/) suggests that one use "fluxctl identity" to generate a public key while the private key is stored in "flux-git-deploy". You then go to Github and add the Key in the settings.

@jlewi
Copy link
Contributor

jlewi commented Jul 19, 2018

Can you update the PR title please.

@jasonsmithio jasonsmithio changed the title commit for v0.1 commit for KubeFlux Jul 19, 2018
@jlewi jlewi changed the title commit for KubeFlux ksonnet package for KubeFlux Jul 20, 2018
@jlewi
Copy link
Contributor

jlewi commented Jul 20, 2018

Took a quick look; seems like some comments still need to be addressed. Let me know when this is ready for another look.

@jasonsmithio
Copy link
Contributor Author

The comments should be removed.

Copy link
Contributor

@jlewi jlewi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r5.
Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)


kubeflow/kubeflux/all.libsonnet, line 216 at r1 (raw file):

Previously, TheJaySmith (Jay Smith) wrote…

We need to expose the flux service to the outside world so that the "fluxctl" CLI tool can access the tool. The LoadBalancer was to prevent a user from having to do a portforward. I think a better option may be a proxy option as the service does need to be exposed

Can you open an issue for this? How WeaveFlux recommend securing the exposed service when exposing it outside the cluster.


kubeflow/kubeflux/README.md, line 3 at r5 (raw file):

KubeFlux

Is there really such a thing as Kubeflux? This is just WeaveFlux deployed via ksonnet. Why introduce the term KubeFlux; Why not just call it WeaveFlux?


kubeflow/kubeflux/README.md, line 30 at r5 (raw file):

We will then setup our FLUX_URL and test fluxctl
=======
KubeFlux is an integration allowing Kubeflow users to leverage [WeaveWorks ® Flux]("https://www.weave.works/oss/flux/") for GitOps. KubeFlux utilizes the [stand-alone]("https://github.com/weaveworks/flux/tree/master/site/standalone") implementation. Being stand-alone, most of the maintenance is manual. If you are looking for a more managed solution, we recommend you look at [Weave Cloud ®]("https://www.weave.works/product/cloud/").

It looks like you are duplicating the same text as above. e.g. the description of KubeFlux and the installation guide appear to be repeated.


kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 15 at r1 (raw file):

Previously, TheJaySmith (Jay Smith) wrote…

Think I got it

Delete updatedParams you aren't using it anymore.


kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 6 at r5 (raw file):

// @shortDescription A Flux meets Kubeflow
// @param name string Name to give to each of the components
// @optionalParam namespace string null Namespace to use for the components. It is automatically inherited from the environment if not set.

Remove namespace as a parameter; namespace will be set by env.

Copy link
Contributor Author

@jasonsmithio jasonsmithio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)


kubeflow/kubeflux/all.libsonnet, line 216 at r1 (raw file):

Opened this issue fluxcd/flux#1244
Let's see what results we get

Copy link
Contributor Author

@jasonsmithio jasonsmithio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @thejaysmith, @wbuchwalter, and @jimexist)


kubeflow/kubeflux/README.md, line 3 at r5 (raw file):

Previously, jlewi (Jeremy Lewi) wrote…
KubeFlux

Is there really such a thing as Kubeflux? This is just WeaveFlux deployed via ksonnet. Why introduce the term KubeFlux; Why not just call it WeaveFlux?

Was going for a fun name. I have fixed it. I am still referring to the package as kubeflux though.


kubeflow/kubeflux/README.md, line 30 at r5 (raw file):

Previously, jlewi (Jeremy Lewi) wrote…

It looks like you are duplicating the same text as above. e.g. the description of KubeFlux and the installation guide appear to be repeated.

Duplicates fixed

Copy link
Contributor Author

@jasonsmithio jasonsmithio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 1 of 5 files reviewed, 6 unresolved discussions (waiting on @jlewi, @wbuchwalter, and @jimexist)


kubeflow/kubeflux/README.md, line 3 at r5 (raw file):

Previously, TheJaySmith (Jay Smith) wrote…

Was going for a fun name. I have fixed it. I am still referring to the package as kubeflux though.

Done.


kubeflow/kubeflux/README.md, line 30 at r5 (raw file):

Previously, TheJaySmith (Jay Smith) wrote…

Duplicates fixed

Done.


kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 15 at r1 (raw file):

Previously, jlewi (Jeremy Lewi) wrote…

Delete updatedParams you aren't using it anymore.

Done.


kubeflow/kubeflux/prototypes/kubeflux.jsonnet, line 6 at r5 (raw file):

Previously, jlewi (Jeremy Lewi) wrote…

Remove namespace as a parameter; namespace will be set by env.

Done.

@jlewi
Copy link
Contributor

jlewi commented Jul 24, 2018

Jay it looks like the package is still named Kubeflux and not WeaveFlux. While I do like the name Kubeflux I think it will lead to confusion and we should just call it WeaveFlux because that's what it is.

Also Can rebase off of master and squash your changes. This will pull in the latest changes on master which should pull in some fixes to the E2E tests.

You will also need to run scripts/autoformat_jsonnet.sh to autoformat the jsonnet.

Copy link
Contributor Author

@jasonsmithio jasonsmithio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

autoformat_jsonnet
I went ahead and changed "KubeFlux" to "WeaveFlux" and the package is now "weaveflux". I also squashed the commits.

I ran scripts/autoformat_jsonnet.sh so it should have worked but we will see. If it doesn't work, best practices for using it?

Reviewable status: 0 of 5 files reviewed, all discussions resolved (waiting on @jlewi, @wbuchwalter, and @jimexist)

@jlewi
Copy link
Contributor

jlewi commented Jul 25, 2018

@thejaysmith It looks like the autoformat worked. But it doesn't look like you rebased off the latest code of master because the minikube and tf serving tests are running. If you do that it will probably fix the tests.

@@ -0,0 +1,38 @@
# KubeFlux
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you missed this "Kubeflox"

@jasonsmithio
Copy link
Contributor Author

Hello,

I rebased and removed all KubeFlux!

@jasonsmithio jasonsmithio changed the title ksonnet package for KubeFlux ksonnet package for WeaveFlux Jul 25, 2018
@googlebot
Copy link

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

@googlebot
Copy link

CLAs look good, thanks!

@jlewi
Copy link
Contributor

jlewi commented Aug 1, 2018

/retest

Copy link
Contributor

@jlewi jlewi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: 0 of 5 files reviewed, all discussions resolved (waiting on @jlewi, @wbuchwalter, and @jimexist)

@jlewi
Copy link
Contributor

jlewi commented Aug 1, 2018

/lgtm

@googlebot
Copy link

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

@jasonsmithio
Copy link
Contributor Author

/retest

rebase and fix

Updated Commit

rebased

rebase and fix
rebase and fix

Updated Commit

rebased

rebase and fix
@googlebot
Copy link

CLAs look good, thanks!

@jlewi
Copy link
Contributor

jlewi commented Aug 8, 2018

/lgtm
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jlewi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 58b3b61 into kubeflow:master Aug 8, 2018
saffaalvi pushed a commit to StatCan/kubeflow that referenced this pull request Feb 11, 2021
* rebase and fix

rebase and fix

Updated Commit

rebased

rebase and fix

* rebase and fix

rebase and fix

Updated Commit

rebased

rebase and fix

* fixed format

* autoformat all.libsonnet
yanniszark pushed a commit to arrikto/kubeflow that referenced this pull request Feb 15, 2021
* UI improvements

* Add db-manager-addr flag
Modify README

* Fix graphviz

* Modify README

* Remove ID

* Add zoom to graphviz

* Remove unused scripts from index

* Fix doc

* Change npm install to npm ci
Commit package-lock

* fix npm version

* Increase max_old_space_size

* Set react-scripts to 3.2.0

* Modify doc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants