Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added tests to tests/gh-actions to enable baseline and restricted PSS #2819

Merged
merged 6 commits into from
Aug 12, 2024

Conversation

biswajit-9776
Copy link
Contributor

@biswajit-9776 biswajit-9776 commented Jul 25, 2024

Pull Request Template for Kubeflow manifests Issues

✏️ A brief description of the changes

I added PSS labels to kubeflow namespace install_multi_tenancy.sh and fixed indentation.

📦 List any dependencies that are required for this change

My PR depends on #

🐛 If this PR is related to an issue, please put the link to the issue here.

The following issues are related, because ...

✅ Contributor checklist


You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

@biswajit-9776 biswajit-9776 changed the title Added PSS to install_multi_tenancy.sh and fixed indentation Added PSS and networkpolicies to tests/gh-actions/install_multi_tenancy.sh Jul 25, 2024
@google-oss-prow google-oss-prow bot added size/S and removed size/XS labels Jul 25, 2024
@biswajit-9776 biswajit-9776 changed the title Added PSS and networkpolicies to tests/gh-actions/install_multi_tenancy.sh Added PSS and networkpolicies to tests/gh-actions/install_multi_tenancy.sh and fixed indentation Jul 25, 2024
@biswajit-9776
Copy link
Contributor Author

biswajit-9776 commented Jul 25, 2024

The profile-controller deployment does fail for PSS labels enforce=baseline and enforce=restricted as follows:

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "restricted:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, runAsUser=0, seccompProfile
namespace/kubeflow labeled

and

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "baseline:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: non-default capabilities
namespace/kubeflow labeled

I suppose we will configure these labels as components or patches for the deployment.

kustomize build common/networkpolicies/base | kubectl apply -f -

echo "Enabling pod security standards for kubeflow namespace"
kubectl label namespace kubeflow pod-security.kubernetes.io/enforce=restricted
Copy link
Member

@juliusvonkohout juliusvonkohout Jul 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should apply all the patches for all namespaces from what you added to example/kustomization.yaml

So what you referenced here.

# Pod Security Standards
# https://kubernetes.io/docs/concepts/security/pod-security-standards/
# Uncomment to enable baseline level standards
# - ../contrib/security/PSS/static/baseline
# Uncomment to enable restricted level standards
# - ../contrib/security/PSS/static/restricted
# Uncomment to enable baseline level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/baseline
# Uncomment to enable restricted level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/restricted

Since they are components you need to link to all the patches referenced in the components.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

@biswajit-9776 biswajit-9776 Jul 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the rest of the patches in PSS/static/baseline are of istio-system, auth and oauth2-proxy; let's maybe add only apply the patch for the kubeflow namespace in the ./tests/gh-actions/install_multi_tenancy.sh

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, then please add them to the other workflows. E.g. Istio to the istio Workflow.

@juliusvonkohout
Copy link
Member

juliusvonkohout commented Jul 25, 2024

The profile-controller deployment does fail for PSS labels enforce=baseline and enforce=restricted as follows:

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "restricted:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, runAsUser=0, seccompProfile
namespace/kubeflow labeled

and

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "baseline:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: non-default capabilities
namespace/kubeflow labeled

I suppose we will configure these labels as components or patches for the deployment.

Very interesting,

please post

The profile-controller deployment does fail for PSS labels enforce=baseline and enforce=restricted as follows:

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "restricted:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: allowPrivilegeEscalation != false, unrestricted capabilities, runAsNonRoot != true, runAsUser=0, seccompProfile
namespace/kubeflow labeled

and

Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "baseline:latest"
Warning: profiles-deployment-79f5cf977d-vfmhb: non-default capabilities
namespace/kubeflow labeled

I suppose we will configure these labels as components or patches for the deployment.

Please post the yaml from the cluster including the securitycontext i need to see which capabilities are set.

Please also check https://github.com/kubeflow/manifests/blob/master/apps/profiles/upstream/manager/manager.yaml

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@biswajit-9776
Copy link
Contributor Author

biswajit-9776 commented Jul 28, 2024

Below is the yaml generated for the deployment profiles-deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  labels:
    kustomize.component: profiles
  name: profiles-deployment
  namespace: kubeflow
  resourceVersion: "1475"
  uid: 11d662da-0459-4de3-910a-96ef9e3b8d92
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      kustomize.component: profiles
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      annotations:
        sidecar.istio.io/inject: "true"
      creationTimestamp: null
      labels:
        kustomize.component: profiles
    spec:
      containers:
      - command:
        - /access-management
        - -cluster-admin
        - $(ADMIN)
        - -userid-header
        - $(USERID_HEADER)
        - -userid-prefix
        - $(USERID_PREFIX)
        envFrom:
        - configMapRef:
            name: profiles-config-5h9m86f79f
        image: docker.io/kubeflownotebookswg/kfam:v1.9.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /metrics
            port: 8081
            scheme: HTTP
          initialDelaySeconds: 30
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        name: kfam
        ports:
        - containerPort: 8081
          name: kfam-http
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      - command:
        - /manager
        - -userid-header
        - $(USERID_HEADER)
        - -userid-prefix
        - $(USERID_PREFIX)
        - -workload-identity
        - $(WORKLOAD_IDENTITY)
        envFrom:
        - configMapRef:
            name: profiles-config-5h9m86f79f
        image: docker.io/kubeflownotebookswg/profile-controller:v1.9.0
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 9876
            scheme: HTTP
          initialDelaySeconds: 15
          periodSeconds: 20
          successThreshold: 1
          timeoutSeconds: 1
        name: manager
        ports:
        - containerPort: 9876
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: 9876
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        volumeMounts:
        - mountPath: /etc/profile-controller
          name: namespace-labels
          readOnly: true
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      serviceAccount: profiles-controller-service-account
      serviceAccountName: profiles-controller-service-account
      terminationGracePeriodSeconds: 30
      volumes:
      - configMap:
          defaultMode: 420
          name: namespace-labels-data-4df5t8mdgf
        name: namespace-labels

@biswajit-9776
Copy link
Contributor Author

biswajit-9776 commented Jul 28, 2024

Both kfam and manager seem to be missing the securityContext option. Added securityContext.allowPrivilegeEscalation: false to manager.yaml and it does counter the warnings as follows:

$ kubectl rollout restart deployment profiles-deployment -n kubeflow
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kfam" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "kfam", "manager" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "kfam", "manager" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "kfam", "manager" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/profiles-deployment restarted

@juliusvonkohout
Copy link
Member

Both kfam and manager seem to be missing the securityContext option. Added securityContext.allowPrivilegeEscalation: false to manager.yaml and it does counter the warnings as follows:

$ kubectl rollout restart deployment profiles-deployment -n kubeflow
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kfam" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "kfam", "manager" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "kfam", "manager" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "kfam", "manager" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/profiles-deployment restarted

Then please patch this in contrib/security for the time being and create an upstream PR in kubeflow/kubeflow to properly set the Security context.

@juliusvonkohout juliusvonkohout self-assigned this Jul 30, 2024
@juliusvonkohout juliusvonkohout linked an issue Jul 30, 2024 that may be closed by this pull request
@@ -10,3 +10,6 @@ kustomize build common/kubeflow-roles/base | kubectl apply -f -

echo "Installing Multitenancy Network policies"
kustomize build common/networkpolicies/base | kubectl apply -f -

echo "Enabling restricted levels Pod Security Standards to kubeflow namespace"
kubectl patch namespace kubeflow --patch-file contrib/security/PSS/static/restricted/patches/kubeflow-labels.yaml
Copy link
Member

@juliusvonkohout juliusvonkohout Jul 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check if the namespace if it exists, if yes patch it. Start with baseline (static + dynamic) now and deal with restricted later in follow up PRs

Copy link
Member

@juliusvonkohout juliusvonkohout Jul 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch for the securitycontext of the profile controller belongs to /contrib/security/PSS/patches as well and needs to be applied here. And list the patches in example/kustomization.yaml

@biswajit-9776
Copy link
Contributor Author

Let me push the scripts in this PR itself for baseline labels of static and dynamic namespaces.

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@google-oss-prow google-oss-prow bot added size/M and removed size/XS labels Jul 30, 2024
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should loop over the array instead of writing it 5 times.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay

…amespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@juliusvonkohout juliusvonkohout changed the title Added PSS and networkpolicies to tests/gh-actions/install_multi_tenancy.sh and fixed indentation Added PSS to tests/gh-actions/install_multi_tenancy.sh and fixed indentation Jul 31, 2024
@biswajit-9776
Copy link
Contributor Author

biswajit-9776 commented Jul 31, 2024

Our security/PSS/dynamic directory structure looks as follows:

dynamic/
├── baseline/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml
├── restricted/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml

The above kustomization.yaml files are what we use in the components: section of example/kustomization.yaml.

Do you think it would be a good idea to modify the above directory structure as follows:

dynamic/
├── baseline/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file
├── restricted/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file

After changing the structure, we can now apply the PSS labels by applying the dynamic/baseline/kustomization.yaml in scripts at tests/gh-actions and can place dynamic/baseline/components in our components: section of example/kustomization.yaml

@juliusvonkohout
Copy link
Member

Our security/PSS/dynamic directory structure looks as follows:

dynamic/
├── baseline/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml
├── restricted/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml

The above kustomization.yaml files are what we use in the components: section of example/kustomization.yaml.

Do you think it would be a good idea to modify the above directory structure as follows:

dynamic/
├── baseline/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file
├── restricted/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file

After changing the structure, we can now apply the PSS labels by applying the dynamic/baseline/kustomization.yaml in scripts at tests/gh-actions and can place dynamic/baseline/components in our components: section of example/kustomization.yaml

I am confused. Now I see twice as many kustomization.yamls.
Are these files under the proposed components folder really kustomize components? If not, then the name does not fit. If they are patches, then use the name patches for the folder.

@biswajit-9776
Copy link
Contributor Author

biswajit-9776 commented Aug 5, 2024

Our security/PSS/dynamic directory structure looks as follows:

dynamic/
├── baseline/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml
├── restricted/
│   ├── kustomization.yaml   <--- component with configMapGeneraotr
│   ├── namespace-labels.yaml

The above kustomization.yaml files are what we use in the components: section of example/kustomization.yaml.
Do you think it would be a good idea to modify the above directory structure as follows:

dynamic/
├── baseline/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file
├── restricted/
│   ├─-components/
│   │    ├-─kustomization.yaml   <--- merging the configMapGeneraotr
│   │    ├── namespace-labels.yaml
│   ├── kustomization.yaml   <--- kustomization file

After changing the structure, we can now apply the PSS labels by applying the dynamic/baseline/kustomization.yaml in scripts at tests/gh-actions and can place dynamic/baseline/components in our components: section of example/kustomization.yaml

I am confused. Now I see twice as many kustomization.yamls. Are these files under the proposed components folder really kustomize components? If not, then the name does not fit. If they are patches, then use the name patches for the folder.

Yes, they're kustomize components indeed. But, testing it locally doesn't override the workloads to point to the new configMap so maybe it's not a good idea. I thought of restructuring so as to apply our dynamic components in tests/gh-actions

@juliusvonkohout
Copy link
Member

"I thought of restructuring so as to apply our dynamic components in tests/gh-actions" Yes lets try to not duplicate code or manifests. In the end we need to have this ready soon and proper patches for all misbehaving pods/deployments

@biswajit-9776 biswajit-9776 changed the title Added PSS to tests/gh-actions/install_multi_tenancy.sh and fixed indentation Added tests to tests/gh-actions to enable baseline and restricted PSS Aug 5, 2024
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
@juliusvonkohout
Copy link
Member

/lgtm
/approve

Lets continue in a new PR, this one here is too old. In the next PR you should check in the test whether pods are blocked by PSS.

@google-oss-prow google-oss-prow bot added the lgtm label Aug 12, 2024
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juliusvonkohout

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@google-oss-prow google-oss-prow bot merged commit ef73b64 into kubeflow:master Aug 12, 2024
6 of 7 checks passed
hansinikarunarathne pushed a commit to hansinikarunarathne/kubeflow-manifests that referenced this pull request Aug 14, 2024
…kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
hansinikarunarathne pushed a commit to hansinikarunarathne/kubeflow-manifests that referenced this pull request Aug 14, 2024
…kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
google-oss-prow bot pushed a commit that referenced this pull request Aug 21, 2024
* Training operator  CICD improvements (#2779)

* Add the networkpolicies

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* rework the training operator tests

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix the comments

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix filename

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* change to the user namespace

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update the image to rc.1

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* make sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove reduntant codes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* combine kind, kuztomize and kind-cluster create sh files into one file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issues with combined file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix configurations issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix linting issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow file bentoml

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made modifications in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* deleted redundant files from tests folder

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add kustomize installation file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made install_kustomize.sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made a fix

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issue with linting of YAML files (#2825)

* fix issue with linting of YAML files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* delete a file to check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add the after checking the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add folders to yaml linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting changes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting functionality by chnaging different files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add github, hack and tests folders also for linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Check functionality by deleting sh from hack and yaml file common

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Added deleted files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Expose Ray and Seldon to example kustomization.yaml file (#2834)

* Expose Ray and Seldon to example kustomization.yaml file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add internal documentations for ray and seldon

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Increase the time out of notebook and katib test

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase the timout time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add code to calculate time taken to pull a docker image

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix syntax error in yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase pipeline time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove one step in action

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Added tests to tests/gh-actions to enable baseline and restricted PSS (#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* add kind cluster step into pss test yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* change time pot time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
hansinikarunarathne added a commit to hansinikarunarathne/kubeflow-manifests that referenced this pull request Aug 26, 2024
* Training operator  CICD improvements (kubeflow#2779)

* Add the networkpolicies

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* rework the training operator tests

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix the comments

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix filename

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* change to the user namespace

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update the image to rc.1

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* make sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove reduntant codes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* combine kind, kuztomize and kind-cluster create sh files into one file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issues with combined file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix configurations issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix linting issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow file bentoml

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made modifications in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* deleted redundant files from tests folder

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add kustomize installation file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made install_kustomize.sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made a fix

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issue with linting of YAML files (kubeflow#2825)

* fix issue with linting of YAML files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* delete a file to check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add the after checking the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add folders to yaml linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting changes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting functionality by chnaging different files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add github, hack and tests folders also for linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Check functionality by deleting sh from hack and yaml file common

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Added deleted files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834)

* Expose Ray and Seldon to example kustomization.yaml file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add internal documentations for ray and seldon

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Increase the time out of notebook and katib test

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase the timout time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add code to calculate time taken to pull a docker image

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix syntax error in yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase pipeline time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove one step in action

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* add kind cluster step into pss test yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* change time pot time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
hansinikarunarathne added a commit to hansinikarunarathne/kubeflow-manifests that referenced this pull request Aug 26, 2024
* Training operator  CICD improvements (kubeflow#2779)

* Add the networkpolicies

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* rework the training operator tests

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix the comments

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix filename

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* change to the user namespace

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update the image to rc.1

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* make sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove reduntant codes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* combine kind, kuztomize and kind-cluster create sh files into one file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issues with combined file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix configurations issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix linting issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow file bentoml

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made modifications in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* deleted redundant files from tests folder

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add kustomize installation file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made install_kustomize.sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made a fix

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issue with linting of YAML files (kubeflow#2825)

* fix issue with linting of YAML files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* delete a file to check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add the after checking the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add folders to yaml linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting changes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting functionality by chnaging different files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add github, hack and tests folders also for linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Check functionality by deleting sh from hack and yaml file common

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Added deleted files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834)

* Expose Ray and Seldon to example kustomization.yaml file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add internal documentations for ray and seldon

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Increase the time out of notebook and katib test

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase the timout time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add code to calculate time taken to pull a docker image

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix syntax error in yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase pipeline time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove one step in action

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* add kind cluster step into pss test yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* change time pot time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
pschoen-itsc pushed a commit to pschoen-itsc/kf-manifests that referenced this pull request Sep 3, 2024
…kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: Patrick Schönthaler <patrick.schoenthaler@itsc.de>
pschoen-itsc pushed a commit to pschoen-itsc/kf-manifests that referenced this pull request Sep 3, 2024
* Training operator  CICD improvements (kubeflow#2779)

* Add the networkpolicies

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* rework the training operator tests

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix the comments

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fix filename

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* try to fix the permissions

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* change to the user namespace

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* update the image to rc.1

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* fixes

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* create seperate file for install_KinD_create_KinD_cluster_install_kustomize.sh to avoid code repitition

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* make sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove reduntant codes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* combine kind, kuztomize and kind-cluster create sh files into one file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issues with combined file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix configurations issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix linting issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix trailing issues in workflow file bentoml

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh executable and removed chmod command from the workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made modifications in workflow files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* deleted redundant files from tests folder

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add kustomize installation file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made install_kustomize.sh file executable

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* made a fix

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix issue with linting of YAML files (kubeflow#2825)

* fix issue with linting of YAML files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* delete a file to check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add the after checking the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add folders to yaml linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting issues

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting changes

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* check linting functionality by chnaging different files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* made some fixes in linting YAML file and check the functionality

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add github, hack and tests folders also for linting

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Check functionality by deleting sh from hack and yaml file common

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Added deleted files

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Expose Ray and Seldon to example kustomization.yaml file (kubeflow#2834)

* Expose Ray and Seldon to example kustomization.yaml file

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

* Add internal documentations for ray and seldon

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>

---------

Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Increase the time out of notebook and katib test

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase the timout time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase timeout of the create pipeline Run from Kubeflow Notebook to 2400s

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Add code to calculate time taken to pull a docker image

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* fix syntax error in yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* increase pipeline time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* remove one step in action

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* Added tests to tests/gh-actions to enable baseline and restricted PSS (kubeflow#2819)

* Patched PSS labels to multi_tenancy

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added script in gh-actions to patch PSS/static/baseline/pacthes

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added PSS scripts for both baseline and restricted labels of static namespaces and renamed directories

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added tests to enable PSS in gh-actions

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Added workflow test for PSS labels

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

* Fixed indentation

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>

---------

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* add kind cluster step into pss test yaml file

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

* change time pot time

Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>

---------

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <107214435+hansinikarunarathne@users.noreply.github.com>
Signed-off-by: hansinikarunarathne <hansini.20@cse.mrt.ac.lk>
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: biswajit-9776 <115724497+biswajit-9776@users.noreply.github.com>
Signed-off-by: Patrick Schönthaler <patrick.schoenthaler@itsc.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rootless Kubeflow
2 participants