-
Notifications
You must be signed in to change notification settings - Fork 893
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added tests to tests/gh-actions to enable baseline and restricted PSS #2819
Conversation
The profile-controller deployment does fail for PSS labels enforce=baseline and enforce=restricted as follows: Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "restricted:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, runAsUser=0, seccompProfile
namespace/kubeflow labeled and Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "baseline:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: non-default capabilities
namespace/kubeflow labeled I suppose we will configure these labels as components or patches for the deployment. |
kustomize build common/networkpolicies/base | kubectl apply -f - | ||
|
||
echo "Enabling pod security standards for kubeflow namespace" | ||
kubectl label namespace kubeflow pod-security.kubernetes.io/enforce=restricted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should apply all the patches for all namespaces from what you added to example/kustomization.yaml
So what you referenced here.
# Pod Security Standards
# https://kubernetes.io/docs/concepts/security/pod-security-standards/
# Uncomment to enable baseline level standards
# - ../contrib/security/PSS/static/baseline
# Uncomment to enable restricted level standards
# - ../contrib/security/PSS/static/restricted
# Uncomment to enable baseline level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/baseline
# Uncomment to enable restricted level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/restricted
Since they are components you need to link to all the patches referenced in the components.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the rest of the patches in PSS/static/baseline are of istio-system, auth and oauth2-proxy; let's maybe add only apply the patch for the kubeflow namespace in the ./tests/gh-actions/install_multi_tenancy.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, then please add them to the other workflows. E.g. Istio to the istio Workflow.
Very interesting, please post
Please post the yaml from the cluster including the securitycontext i need to see which capabilities are set. Please also check https://github.com/kubeflow/manifests/blob/master/apps/profiles/upstream/manager/manager.yaml |
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Below is the yaml generated for the deployment profiles-deployment apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
labels:
kustomize.component: profiles
name: profiles-deployment
namespace: kubeflow
resourceVersion: "1475"
uid: 11d662da-0459-4de3-910a-96ef9e3b8d92
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
kustomize.component: profiles
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
sidecar.istio.io/inject: "true"
creationTimestamp: null
labels:
kustomize.component: profiles
spec:
containers:
- command:
- /access-management
- -cluster-admin
- $(ADMIN)
- -userid-header
- $(USERID_HEADER)
- -userid-prefix
- $(USERID_PREFIX)
envFrom:
- configMapRef:
name: profiles-config-5h9m86f79f
image: docker.io/kubeflownotebookswg/kfam:v1.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /metrics
port: 8081
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 1
name: kfam
ports:
- containerPort: 8081
name: kfam-http
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
- command:
- /manager
- -userid-header
- $(USERID_HEADER)
- -userid-prefix
- $(USERID_PREFIX)
- -workload-identity
- $(WORKLOAD_IDENTITY)
envFrom:
- configMapRef:
name: profiles-config-5h9m86f79f
image: docker.io/kubeflownotebookswg/profile-controller:v1.9.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 9876
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 1
name: manager
ports:
- containerPort: 9876
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: 9876
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/profile-controller
name: namespace-labels
readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: profiles-controller-service-account
serviceAccountName: profiles-controller-service-account
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 420
name: namespace-labels-data-4df5t8mdgf
name: namespace-labels |
Both kfam and manager seem to be missing the securityContext option. Added securityContext.allowPrivilegeEscalation: false to manager.yaml and it does counter the warnings as follows: $ kubectl rollout restart deployment profiles-deployment -n kubeflow
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kfam" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "kfam", "manager" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "kfam", "manager" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "kfam", "manager" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/profiles-deployment restarted |
Then please patch this in contrib/security for the time being and create an upstream PR in kubeflow/kubeflow to properly set the Security context. |
@@ -10,3 +10,6 @@ kustomize build common/kubeflow-roles/base | kubectl apply -f - | |||
|
|||
echo "Installing Multitenancy Network policies" | |||
kustomize build common/networkpolicies/base | kubectl apply -f - | |||
|
|||
echo "Enabling restricted levels Pod Security Standards to kubeflow namespace" | |||
kubectl patch namespace kubeflow --patch-file contrib/security/PSS/static/restricted/patches/kubeflow-labels.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check if the namespace if it exists, if yes patch it. Start with baseline (static + dynamic) now and deal with restricted later in follow up PRs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The patch for the securitycontext of the profile controller belongs to /contrib/security/PSS/patches as well and needs to be applied here. And list the patches in example/kustomization.yaml
Let me push the scripts in this PR itself for baseline labels of static and dynamic namespaces. |
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you should loop over the array instead of writing it 5 times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay
…amespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Our security/PSS/dynamic directory structure looks as follows: dynamic/
├── baseline/
│ ├── kustomization.yaml <--- component with configMapGeneraotr
│ ├── namespace-labels.yaml
├── restricted/
│ ├── kustomization.yaml <--- component with configMapGeneraotr
│ ├── namespace-labels.yaml The above kustomization.yaml files are what we use in the components: section of example/kustomization.yaml. Do you think it would be a good idea to modify the above directory structure as follows: dynamic/
├── baseline/
│ ├─-components/
│ │ ├-─kustomization.yaml <--- merging the configMapGeneraotr
│ │ ├── namespace-labels.yaml
│ ├── kustomization.yaml <--- kustomization file
├── restricted/
│ ├─-components/
│ │ ├-─kustomization.yaml <--- merging the configMapGeneraotr
│ │ ├── namespace-labels.yaml
│ ├── kustomization.yaml <--- kustomization file After changing the structure, we can now apply the PSS labels by applying the dynamic/baseline/kustomization.yaml in scripts at tests/gh-actions and can place dynamic/baseline/components in our components: section of example/kustomization.yaml |
I am confused. Now I see twice as many kustomization.yamls. |
Yes, they're kustomize components indeed. But, testing it locally doesn't override the workloads to point to the new configMap so maybe it's not a good idea. I thought of restructuring so as to apply our dynamic components in tests/gh-actions |
"I thought of restructuring so as to apply our dynamic components in tests/gh-actions" Yes lets try to not duplicate code or manifests. In the end we need to have this ready soon and proper patches for all misbehaving pods/deployments |
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
/lgtm Lets continue in a new PR, this one here is too old. In the next PR you should check in the test whether pods are blocked by PSS. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: juliusvonkohout The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
…kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
…kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
* Training operator CICD improvements (#2779) * Add the networkpolicies Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * rework the training operator tests Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix the comments Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix filename Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * change to the user namespace Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * update the image to rc.1 Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * make sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove reduntant codes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * combine kind, kuztomize and kind-cluster create sh files into one file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issues with combined file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix configurations issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix linting issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow file bentoml Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made modifications in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * deleted redundant files from tests folder Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add kustomize installation file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made install_kustomize.sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made a fix Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issue with linting of YAML files (#2825) * fix issue with linting of YAML files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * delete a file to check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add the after checking the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add folders to yaml linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting changes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting functionality by chnaging different files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add github, hack and tests folders also for linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Check functionality by deleting sh from hack and yaml file common Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Added deleted files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Expose Ray and Seldon to example kustomization.yaml file (#2834) * Expose Ray and Seldon to example kustomization.yaml file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add internal documentations for ray and seldon Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Increase the time out of notebook and katib test Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase the timout time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add code to calculate time taken to pull a docker image Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix syntax error in yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase pipeline time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove one step in action Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Added tests to tests/gh-actions to enable baseline and restricted PSS (#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * add kind cluster step into pss test yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * change time pot time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
* Training operator CICD improvements (kubeflow#2779) * Add the networkpolicies Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * rework the training operator tests Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix the comments Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix filename Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * change to the user namespace Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * update the image to rc.1 Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * make sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove reduntant codes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * combine kind, kuztomize and kind-cluster create sh files into one file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issues with combined file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix configurations issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix linting issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow file bentoml Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made modifications in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * deleted redundant files from tests folder Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add kustomize installation file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made install_kustomize.sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made a fix Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issue with linting of YAML files (kubeflow#2825) * fix issue with linting of YAML files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * delete a file to check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add the after checking the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add folders to yaml linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting changes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting functionality by chnaging different files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add github, hack and tests folders also for linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Check functionality by deleting sh from hack and yaml file common Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Added deleted files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834) * Expose Ray and Seldon to example kustomization.yaml file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add internal documentations for ray and seldon Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Increase the time out of notebook and katib test Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase the timout time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add code to calculate time taken to pull a docker image Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix syntax error in yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase pipeline time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove one step in action Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * add kind cluster step into pss test yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * change time pot time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
* Training operator CICD improvements (kubeflow#2779) * Add the networkpolicies Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * rework the training operator tests Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix the comments Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix filename Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * change to the user namespace Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * update the image to rc.1 Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * make sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove reduntant codes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * combine kind, kuztomize and kind-cluster create sh files into one file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issues with combined file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix configurations issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix linting issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow file bentoml Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made modifications in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * deleted redundant files from tests folder Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add kustomize installation file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made install_kustomize.sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made a fix Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issue with linting of YAML files (kubeflow#2825) * fix issue with linting of YAML files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * delete a file to check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add the after checking the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add folders to yaml linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting changes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting functionality by chnaging different files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add github, hack and tests folders also for linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Check functionality by deleting sh from hack and yaml file common Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Added deleted files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834) * Expose Ray and Seldon to example kustomization.yaml file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add internal documentations for ray and seldon Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Increase the time out of notebook and katib test Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase the timout time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add code to calculate time taken to pull a docker image Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix syntax error in yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase pipeline time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove one step in action Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * add kind cluster step into pss test yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * change time pot time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
…kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: Patrick Schönthaler <patrick.schoenthaler@itsc.de>
* Training operator CICD improvements (kubeflow#2779) * Add the networkpolicies Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * rework the training operator tests Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix the comments Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fix filename Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * try to fix the permissions Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * change to the user namespace Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * update the image to rc.1 Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> * fixes Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * make sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove reduntant codes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * combine kind, kuztomize and kind-cluster create sh files into one file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issues with combined file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix configurations issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix linting issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix trailing issues in workflow file bentoml Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made modifications in workflow files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * deleted redundant files from tests folder Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add kustomize installation file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made install_kustomize.sh file executable Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * made a fix Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix issue with linting of YAML files (kubeflow#2825) * fix issue with linting of YAML files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * delete a file to check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add the after checking the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add folders to yaml linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting issues Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting changes Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * check linting functionality by chnaging different files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * made some fixes in linting YAML file and check the functionality Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add github, hack and tests folders also for linting Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Check functionality by deleting sh from hack and yaml file common Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Added deleted files Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834) * Expose Ray and Seldon to example kustomization.yaml file Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> * Add internal documentations for ray and seldon Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --------- Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Increase the time out of notebook and katib test Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase the timout time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Add code to calculate time taken to pull a docker image Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * fix syntax error in yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * increase pipeline time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * remove one step in action Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819) * Patched PSS labels to multi_tenancy Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added script in gh-actions to patch PSS/static/baseline/pacthes Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added tests to enable PSS in gh-actions Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Added workflow test for PSS labels Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> * Fixed indentation Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> --------- Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * add kind cluster step into pss test yaml file Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> * change time pot time Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> --------- Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk> Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com> Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com> Signed-off-by: Patrick Schönthaler <patrick.schoenthaler@itsc.de>
Pull Request Template for Kubeflow manifests Issues
✏️ A brief description of the changes
📦 List any dependencies that are required for this change
🐛 If this PR is related to an issue, please put the link to the issue here.
✅ Contributor checklist
DCO
check)cla/google
check)