Skip to content

Commit

Permalink
istio-cni by default
Browse files Browse the repository at this point in the history
Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
  • Loading branch information
juliusvonkohout committed Dec 9, 2024
1 parent 2ebc576 commit 1ac914c
Show file tree
Hide file tree
Showing 15 changed files with 37 additions and 122 deletions.
62 changes: 0 additions & 62 deletions .github/workflows/kserve_cni_test.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/notebook_controller_m2m_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
run: ./tests/gh-actions/install_oauth2-proxy.sh

- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

- name: Install KF Multi Tenancy
run: ./tests/gh-actions/install_multi_tenancy.sh
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pipeline_run_from_notebook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -

- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

- name: Install KF Pipelines
run: ./tests/gh-actions/install_pipelines.sh
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pipeline_swfs_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
run: ./tests/gh-actions/install_multi_tenancy.sh

- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

- name: Create KF Profile
run: kustomize build common/user-namespace/base | kubectl apply -f -
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pipeline_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
run: ./tests/gh-actions/install_multi_tenancy.sh

- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

- name: Create KF Profile
run: kustomize build common/user-namespace/base | kubectl apply -f -
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/training_operator_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
run: ./tests/gh-actions/install_multi_tenancy.sh

- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
run: kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

- name: Create KF Profile
run: kustomize build common/user-namespace/base | kubectl apply -f -
Expand Down
14 changes: 7 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -207,13 +207,13 @@ network authorization and implement routing policies.
If you use Cilium CNI on your cluster, you have to configure it properly for Istio as shown [here](https://docs.cilium.io/en/latest/network/servicemesh/istio/), otherwise you will get RBAC access denied on the central dashboard.


Install Istio:
Install Istio-CNI:

```sh
echo "Installing Istio configured with external authorization..."
kustomize build common/istio-1-23/istio-crds/base | kubectl apply -f -
kustomize build common/istio-1-23/istio-namespace/base | kubectl apply -f -
kustomize build common/istio-1-23/istio-install/overlays/oauth2-proxy | kubectl apply -f -
echo "Installing Istio-CNI configured with external authorization..."
kustomize build common/istio-cni-1-23/istio-crds/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/istio-namespace/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/istio-install/overlays/oauth2-proxy | kubectl apply -f -

echo "Waiting for all Istio Pods to become ready..."
kubectl wait --for=condition=Ready pods --all -n istio-system --timeout 300s
Expand Down Expand Up @@ -343,7 +343,7 @@ Install Knative Serving:
```sh
kustomize build common/knative/knative-serving/overlays/gateways | kubectl apply -f -
kustomize build common/istio-1-23/cluster-local-gateway/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/cluster-local-gateway/base | kubectl apply -f -
```

Optionally, you can install Knative Eventing which can be used for inference request logging:
Expand Down Expand Up @@ -390,7 +390,7 @@ Create the Kubeflow Gateway, `kubeflow-gateway` and ClusterRole,
Install kubeflow istio resources:

```sh
kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -
```

#### Kubeflow Pipelines
Expand Down
12 changes: 6 additions & 6 deletions common/oauth2-proxy/components/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,9 @@ make the following changes to the `example/kustomization.yaml` file:
* use `oauth2-proxy` overlay for istio-install
```
# from
- ../common/istio-1-23/istio-install/base
- ../common/istio-cni-1-23/istio-install/base
# to
- ../common/istio-1-23/istio-install/overlays/oauth2-proxy
- ../common/istio-cni-1-23/istio-install/overlays/oauth2-proxy
```
* change `OIDC Authservice` to `oauth2-proxy for OIDC` and use overlay for m2m
bearer tokens with self-signed in-cluster issuer
Expand Down Expand Up @@ -189,12 +189,12 @@ index c1a85789..4a50440c 100644
+++ b/example/kustomization.yaml
@@ -38,11 +38,11 @@ resources:
# Istio
- ../common/istio-1-23/istio-crds/base
- ../common/istio-1-23/istio-namespace/base
-- ../common/istio-1-23/istio-install/base
- ../common/istio-cni-1-23/istio-crds/base
- ../common/istio-cni-1-23/istio-namespace/base
-- ../common/istio-cni-1-23/istio-install/base
-# OIDC Authservice
-- ../common//oidc-authservice/base
+- ../common/istio-1-23/istio-install/overlays/oauth2-proxy
+- ../common/istio-cni-1-23/istio-install/overlays/oauth2-proxy
+# oauth2-proxy for OIDC
+- ../common/oauth2-proxy/overlays/m2m-dex-and-kind
# Dex
Expand Down
10 changes: 5 additions & 5 deletions contrib/kserve/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,15 @@ For upgrading see [UPGRADE.md](UPGRADE.md)
```
5. Install Istio
```sh
kubectl apply -k ../../common/istio-1-23/istio-crds/base
kubectl apply -k ../../common/istio-1-23/istio-namespace/base
kubectl apply -k ../../common/istio-1-23/istio-install/base
kubectl apply -k ../../common/istio-cni-1-23/istio-crds/base
kubectl apply -k ../../common/istio-cni-1-23/istio-namespace/base
kubectl apply -k ../../common/istio-cni-1-23/istio-install/base
```
6. Install knative
```sh
kubectl apply -k ../../common/knative/knative-serving/overlays/gateways
kubectl apply -k ../../common/istio-1-23/cluster-local-gateway/base
kubectl apply -k ../../common/istio-1-23/kubeflow-istio-resources/base
kubectl apply -k ../../common/istio-cni-1-23/cluster-local-gateway/base
kubectl apply -k ../../common/istio-cni-1-23/kubeflow-istio-resources/base
```
7. Install kserve
```sh
Expand Down
10 changes: 5 additions & 5 deletions example/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,9 @@ resources:
- ../common/cert-manager/base
- ../common/cert-manager/kubeflow-issuer/base
# Istio
- ../common/istio-1-23/istio-crds/base
- ../common/istio-1-23/istio-namespace/base
- ../common/istio-1-23/istio-install/overlays/oauth2-proxy
- ../common/istio-cni-1-23/istio-crds/base
- ../common/istio-cni-1-23/istio-namespace/base
- ../common/istio-cni-1-23/istio-install/overlays/oauth2-proxy
# oauth2-proxy
# NOTE: only uncomment ONE of the following overlays, depending on your cluster type
- ../common/oauth2-proxy/overlays/m2m-dex-only # for all clusters
Expand All @@ -52,15 +52,15 @@ resources:
- ../common/knative/knative-serving/overlays/gateways
# Uncomment the following line if `knative-eventing` is required
# - ../common/knative/knative-eventing/base
- ../common/istio-1-23/cluster-local-gateway/base
- ../common/istio-cni-1-23/cluster-local-gateway/base
# Kubeflow namespace
- ../common/kubeflow-namespace/base
# NetworkPolicies
- ../common/networkpolicies/base
# Kubeflow Roles
- ../common/kubeflow-roles/base
# Kubeflow Istio Resources
- ../common/istio-1-23/kubeflow-istio-resources/base
- ../common/istio-cni-1-23/kubeflow-istio-resources/base


# Kubeflow Pipelines
Expand Down
2 changes: 1 addition & 1 deletion hack/trivy_scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"automl": "../apps/katib/upstream/installs",
"pipelines": "../apps/pipeline/upstream/env ../apps/kfp-tekton/upstream/env",
"training": "../apps/training-operator/upstream/overlays",
"manifests": "../common/cert-manager/cert-manager/base ../common/cert-manager/kubeflow-issuer/base ../common/istio-1-23/istio-crds/base ../common/istio-1-23/istio-namespace/base ../common/istio-1-23/istio-install/overlays/oauth2-proxy ../common/oauth2-proxy/overlays/m2m-self-signed ../common/dex/overlays/oauth2-proxy ../common/knative/knative-serving/overlays/gateways ../common/knative/knative-eventing/base ../common/istio-1-23/cluster-local-gateway/base ../common/kubeflow-namespace/base ../common/kubeflow-roles/base ../common/istio-1-23/kubeflow-istio-resources/base",
"manifests": "../common/cert-manager/cert-manager/base ../common/cert-manager/kubeflow-issuer/base ../common/istio-cni-1-23/istio-crds/base ../common/istio-cni-1-23/istio-namespace/base ../common/istio-cni-1-23/istio-install/overlays/oauth2-proxy ../common/oauth2-proxy/overlays/m2m-self-signed ../common/dex/overlays/oauth2-proxy ../common/knative/knative-serving/overlays/gateways ../common/knative/knative-eventing/base ../common/istio-cni-1-23/cluster-local-gateway/base ../common/kubeflow-namespace/base ../common/kubeflow-roles/base ../common/istio-cni-1-23/kubeflow-istio-resources/base",
"workbenches": "../apps/pvcviewer-controller/upstream/base ../apps/admission-webhook/upstream/overlays ../apps/centraldashboard/overlays ../apps/jupyter/jupyter-web-app/upstream/overlays ../apps/volumes-web-app/upstream/overlays ../apps/tensorboard/tensorboards-web-app/upstream/overlays ../apps/profiles/upstream/overlays ../apps/jupyter/notebook-controller/upstream/overlays ../apps/tensorboard/tensorboard-controller/upstream/overlays",
"serving": "../contrib/kserve - ../contrib/kserve/models-web-app/overlays/kubeflow",
"model-registry": "../apps/model-registry/upstream",
Expand Down
10 changes: 5 additions & 5 deletions tests/gh-actions/deploy-dex-login-environment/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,22 +34,22 @@ sortOptions:

resources:
# Istio
- ../../../common/istio-1-23/istio-crds/base
- ../../../common/istio-1-23/istio-namespace/base
- ../../../common/istio-1-23/istio-install/overlays/oauth2-proxy
- ../../../common/istio-cni-1-23/istio-crds/base
- ../../../common/istio-cni-1-23/istio-namespace/base
- ../../../common/istio-cni-1-23/istio-install/overlays/oauth2-proxy
# oauth2-proxy
- ../../../common/oauth2-proxy/overlays/m2m-dex-and-kind
# Dex
- ../../../common/dex/overlays/oauth2-proxy
- ../../../common/istio-1-23/cluster-local-gateway/base
- ../../../common/istio-cni-1-23/cluster-local-gateway/base
# Kubeflow namespace
- ../../../common/kubeflow-namespace/base
# NetworkPolicies
- ../../../common/networkpolicies/base
# Kubeflow Roles
- ../../../common/kubeflow-roles/base
# Kubeflow Istio Resources
- ../../../common/istio-1-23/kubeflow-istio-resources/base
- ../../../common/istio-cni-1-23/kubeflow-istio-resources/base
# Central Dashboard
- ../../../apps/centraldashboard/overlays/oauth2-proxy
# Profiles + KFAM
Expand Down
2 changes: 1 addition & 1 deletion tests/gh-actions/install_istio.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash
set -e
echo "Installing Istio (with ExtAuthZ from oauth2-proxy) ..."
cd common/istio-1-23
cd common/istio-cni-1-23
kustomize build istio-crds/base | kubectl apply -f -
kustomize build istio-namespace/base | kubectl apply -f -
kustomize build istio-install/overlays/oauth2-proxy | kubectl apply -f -
Expand Down
23 changes: 0 additions & 23 deletions tests/gh-actions/install_knative-cni.sh

This file was deleted.

4 changes: 2 additions & 2 deletions tests/gh-actions/install_knative.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ for i in {1..5}; do
done
set -e

kustomize build common/istio-1-23/cluster-local-gateway/base | kubectl apply -f -
kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/cluster-local-gateway/base | kubectl apply -f -
kustomize build common/istio-cni-1-23/kubeflow-istio-resources/base | kubectl apply -f -

kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout=300s \
--field-selector=status.phase!=Succeeded
Expand Down

0 comments on commit 1ac914c

Please sign in to comment.