From 8e6076f7768e73f90303efa758279ef8b8c34309 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Wed, 31 Jul 2024 19:09:04 +0200 Subject: [PATCH 01/13] Add seaweedfs to contrib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- contrib/seaweedfs/OWNERS | 3 + contrib/seaweedfs/README.md | 45 +++++++++++++ contrib/seaweedfs/UPDGRADE.md | 3 + contrib/seaweedfs/base/kustomization.yaml | 8 +++ .../seaweedfs/base/seaweedfs-deployment.yaml | 63 +++++++++++++++++++ contrib/seaweedfs/base/seaweedfs-pvc.yaml | 10 +++ contrib/seaweedfs/base/seaweedfs-service.yaml | 12 ++++ contrib/seaweedfs/test.sh | 17 +++++ 8 files changed, 161 insertions(+) create mode 100644 contrib/seaweedfs/OWNERS create mode 100644 contrib/seaweedfs/README.md create mode 100644 contrib/seaweedfs/UPDGRADE.md create mode 100644 contrib/seaweedfs/base/kustomization.yaml create mode 100644 contrib/seaweedfs/base/seaweedfs-deployment.yaml create mode 100644 contrib/seaweedfs/base/seaweedfs-pvc.yaml create mode 100644 contrib/seaweedfs/base/seaweedfs-service.yaml create mode 100644 contrib/seaweedfs/test.sh diff --git a/contrib/seaweedfs/OWNERS b/contrib/seaweedfs/OWNERS new file mode 100644 index 0000000000..929e36ecf5 --- /dev/null +++ b/contrib/seaweedfs/OWNERS @@ -0,0 +1,3 @@ +approvers: + - pschoen-itsc + - juliusvonkohout diff --git a/contrib/seaweedfs/README.md b/contrib/seaweedfs/README.md new file mode 100644 index 0000000000..caa0715b05 --- /dev/null +++ b/contrib/seaweedfs/README.md @@ -0,0 +1,45 @@ +# SeaweedFS + +- [Official documentation](https://github.com/seaweedfs/seaweedfs/wiki) +- [Official repository](https://github.com/seaweedfs/seaweedfs) + +SeaweedFS is a simple and highly scalable distributed file system. It has an S3 interface which makes it usable as an object store for kubeflow. + +## Prerequisites + +- Kubernetes (any recent Version should work) +- You should have `kubectl` available and configured to talk to the desired cluster. +- `kustomize`. + +## Compile manifests + +```bash +kubectl kustomize ./base/ +``` + +## Install SeaweedFS + +**WARNING** +This replaces the service `minio-service` and will redirect the traffic to seaweedfs. + +```bash +kubectl kustomize ./base/ | kubectl apply -f - +``` + +## Verify deployment + +Run +```bash +./test.sh +``` +With the ready check on the container it already verifies that the S3 starts correctly. +You can then use it with the endpoint at http://localhost:8333. +To activate authentication open a shell on the pod and use `weed shell` to configure your instance. +Create a user with the command `s3.configure -user -access_key -secret-key -actions Read:/,Write::/` +Documentation for this can also be found [here](https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API). + +## Uninstall SeaweedFS + +```bash +kubectl kustomize ./base/ | kubectl delete -f - +``` diff --git a/contrib/seaweedfs/UPDGRADE.md b/contrib/seaweedfs/UPDGRADE.md new file mode 100644 index 0000000000..9d75575dd9 --- /dev/null +++ b/contrib/seaweedfs/UPDGRADE.md @@ -0,0 +1,3 @@ +# Upgrade SeaweedFS + +No special process. Just apply the new manifests. diff --git a/contrib/seaweedfs/base/kustomization.yaml b/contrib/seaweedfs/base/kustomization.yaml new file mode 100644 index 0000000000..fc31272690 --- /dev/null +++ b/contrib/seaweedfs/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: +- seaweedfs-deployment.yaml +- seaweedfs-pvc.yaml +- seaweedfs-service.yaml diff --git a/contrib/seaweedfs/base/seaweedfs-deployment.yaml b/contrib/seaweedfs/base/seaweedfs-deployment.yaml new file mode 100644 index 0000000000..7cea722bab --- /dev/null +++ b/contrib/seaweedfs/base/seaweedfs-deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: seaweedfs + labels: + app: seaweedfs +spec: + selector: + matchLabels: + app: seaweedfs + strategy: + type: Recreate + # Single container setup not scalable + replicas: 1 + template: + metadata: + labels: + app: seaweedfs + spec: + containers: + - name: seaweedfs + image: 'chrislusf/seaweedfs:3.69' + args: + - 'server' + - '-dir=/data' + - '-s3' + ports: + - containerPort: 8333 + readinessProbe: + httpGet: + path: /status + port: 8333 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 100 + timeoutSeconds: 10 + securityContext: # Using restricted profile + allowPrivilegeEscalation: false + runAsNonRoot: true + # image defaults to root user + runAsUser: 1001 + runAsGroup: 1001 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + volumeMounts: + - mountPath: /data + name: data + resources: + # Benchmark this, just taken from minio + requests: + cpu: 20m + memory: 100Mi + volumes: + - name: data + persistentVolumeClaim: + claimName: seaweedfs-pvc diff --git a/contrib/seaweedfs/base/seaweedfs-pvc.yaml b/contrib/seaweedfs/base/seaweedfs-pvc.yaml new file mode 100644 index 0000000000..ee7a894ea8 --- /dev/null +++ b/contrib/seaweedfs/base/seaweedfs-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: seaweedfs-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/contrib/seaweedfs/base/seaweedfs-service.yaml b/contrib/seaweedfs/base/seaweedfs-service.yaml new file mode 100644 index 0000000000..39c87a1e0b --- /dev/null +++ b/contrib/seaweedfs/base/seaweedfs-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 8333 + selector: + app: seaweedfs diff --git a/contrib/seaweedfs/test.sh b/contrib/seaweedfs/test.sh new file mode 100644 index 0000000000..3b9d9114c7 --- /dev/null +++ b/contrib/seaweedfs/test.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -xe + +kubectl create ns kubeflow || echo "namespace kubeflow already exists" +kustomize build base/ | kubectl apply --server-side -f - +kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs + +kubectl -n kubeflow port-forward svc/minio-service 8333:9000 +echo "S3 endpoint available on localhost:8333" & + +function trap_handler { + kubectl -n kubeflow logs -l app=seaweedfs --tail=100 + kustomize build base/ | kubectl delete -f - +} + +trap trap_handler EXIT From 43e4e1f00b0a2212ba21881346acb0f3a5e839dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Fri, 30 Aug 2024 11:46:15 +0200 Subject: [PATCH 02/13] Review changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- contrib/seaweedfs/OWNERS | 5 +++- contrib/seaweedfs/README.md | 12 ++++++-- contrib/seaweedfs/UPDGRADE.md | 2 +- .../seaweedfs/base/seaweedfs-deployment.yaml | 6 ++-- contrib/seaweedfs/base/seaweedfs-pvc.yaml | 1 + contrib/seaweedfs/base/seaweedfs-service.yaml | 1 + .../istio/istio-authorization-policy.yaml | 30 +++++++++++++++++++ contrib/seaweedfs/istio/kustomization.yaml | 6 ++++ .../seaweedfs/svc-minio-service-backup.json | 1 + contrib/seaweedfs/test.sh | 7 +++-- 10 files changed, 62 insertions(+), 9 deletions(-) create mode 100644 contrib/seaweedfs/istio/istio-authorization-policy.yaml create mode 100644 contrib/seaweedfs/istio/kustomization.yaml create mode 100644 contrib/seaweedfs/svc-minio-service-backup.json mode change 100644 => 100755 contrib/seaweedfs/test.sh diff --git a/contrib/seaweedfs/OWNERS b/contrib/seaweedfs/OWNERS index 929e36ecf5..82967fbf54 100644 --- a/contrib/seaweedfs/OWNERS +++ b/contrib/seaweedfs/OWNERS @@ -1,3 +1,6 @@ approvers: - - pschoen-itsc +# - pschoen-itsc + - juliusvonkohout +reviewers: +# - pschoen-itsc - juliusvonkohout diff --git a/contrib/seaweedfs/README.md b/contrib/seaweedfs/README.md index caa0715b05..619b677cb0 100644 --- a/contrib/seaweedfs/README.md +++ b/contrib/seaweedfs/README.md @@ -9,7 +9,8 @@ SeaweedFS is a simple and highly scalable distributed file system. It has an S3 - Kubernetes (any recent Version should work) - You should have `kubectl` available and configured to talk to the desired cluster. -- `kustomize`. +- `kustomize` +- If you installed kubeflow with minio, use the `istio` dir instead of `base` for the kustomize commands. ## Compile manifests @@ -23,6 +24,9 @@ kubectl kustomize ./base/ This replaces the service `minio-service` and will redirect the traffic to seaweedfs. ```bash +# Optional, but recommended to backup existing minio-service +kubectl get -n kubeflow svc minio-service -o=jsonpath='{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}' > svc-minio-service-backup.json + kubectl kustomize ./base/ | kubectl apply -f - ``` @@ -34,12 +38,14 @@ Run ``` With the ready check on the container it already verifies that the S3 starts correctly. You can then use it with the endpoint at http://localhost:8333. -To activate authentication open a shell on the pod and use `weed shell` to configure your instance. -Create a user with the command `s3.configure -user -access_key -secret-key -actions Read:/,Write::/` +To create access keys open a shell on the pod and use `weed shell` to configure your instance. +Create a user with the command `s3.configure -user -access_key -secret-key -actions Read:/,Write::/ -apply` Documentation for this can also be found [here](https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API). ## Uninstall SeaweedFS ```bash kubectl kustomize ./base/ | kubectl delete -f - +# Restore minio-service from backup +kubectl apply -f svc-minio-service-backup.json ``` diff --git a/contrib/seaweedfs/UPDGRADE.md b/contrib/seaweedfs/UPDGRADE.md index 9d75575dd9..0193a91844 100644 --- a/contrib/seaweedfs/UPDGRADE.md +++ b/contrib/seaweedfs/UPDGRADE.md @@ -1,3 +1,3 @@ # Upgrade SeaweedFS -No special process. Just apply the new manifests. +Change the image tag in the Deployment to the desired version. You can find the available images [here](https://hub.docker.com/r/chrislusf/seaweedfs). diff --git a/contrib/seaweedfs/base/seaweedfs-deployment.yaml b/contrib/seaweedfs/base/seaweedfs-deployment.yaml index 7cea722bab..002c4eef9d 100644 --- a/contrib/seaweedfs/base/seaweedfs-deployment.yaml +++ b/contrib/seaweedfs/base/seaweedfs-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: seaweedfs + namespace: kubeflow labels: app: seaweedfs spec: @@ -38,6 +39,7 @@ spec: timeoutSeconds: 10 securityContext: # Using restricted profile allowPrivilegeEscalation: false + privileged: false runAsNonRoot: true # image defaults to root user runAsUser: 1001 @@ -46,9 +48,9 @@ spec: type: RuntimeDefault capabilities: drop: - - ALL + - ALL add: - - NET_BIND_SERVICE + - NET_BIND_SERVICE volumeMounts: - mountPath: /data name: data diff --git a/contrib/seaweedfs/base/seaweedfs-pvc.yaml b/contrib/seaweedfs/base/seaweedfs-pvc.yaml index ee7a894ea8..b0302f9cb7 100644 --- a/contrib/seaweedfs/base/seaweedfs-pvc.yaml +++ b/contrib/seaweedfs/base/seaweedfs-pvc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: seaweedfs-pvc + namespace: kubeflow spec: accessModes: - ReadWriteOnce diff --git a/contrib/seaweedfs/base/seaweedfs-service.yaml b/contrib/seaweedfs/base/seaweedfs-service.yaml index 39c87a1e0b..d44ba3e614 100644 --- a/contrib/seaweedfs/base/seaweedfs-service.yaml +++ b/contrib/seaweedfs/base/seaweedfs-service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: minio-service + namespace: kubeflow spec: ports: - name: http diff --git a/contrib/seaweedfs/istio/istio-authorization-policy.yaml b/contrib/seaweedfs/istio/istio-authorization-policy.yaml new file mode 100644 index 0000000000..409b2c1b4c --- /dev/null +++ b/contrib/seaweedfs/istio/istio-authorization-policy.yaml @@ -0,0 +1,30 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: seaweedfs-service +spec: + action: ALLOW + selector: + matchLabels: + app: seaweedfs + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + # Allow traffic from User Pipeline Pods, which don't have a sidecar. + - {} +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-seaweedfs +spec: + host: minio-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/contrib/seaweedfs/istio/kustomization.yaml b/contrib/seaweedfs/istio/kustomization.yaml new file mode 100644 index 0000000000..6b821ec6bb --- /dev/null +++ b/contrib/seaweedfs/istio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../base/ +- istio-authorization-policy.yaml \ No newline at end of file diff --git a/contrib/seaweedfs/svc-minio-service-backup.json b/contrib/seaweedfs/svc-minio-service-backup.json new file mode 100644 index 0000000000..0b49632981 --- /dev/null +++ b/contrib/seaweedfs/svc-minio-service-backup.json @@ -0,0 +1 @@ +{"apiVersion":"v1","kind":"Service","metadata":{"name":"minio-service","namespace":"kubeflow"},"spec":{"ports":[{"name":"http","port":9000,"protocol":"TCP","targetPort":8333}],"selector":{"app":"minio"}}} diff --git a/contrib/seaweedfs/test.sh b/contrib/seaweedfs/test.sh old mode 100644 new mode 100755 index 3b9d9114c7..00792c3804 --- a/contrib/seaweedfs/test.sh +++ b/contrib/seaweedfs/test.sh @@ -3,15 +3,18 @@ set -xe kubectl create ns kubeflow || echo "namespace kubeflow already exists" -kustomize build base/ | kubectl apply --server-side -f - +kubectl get -n kubeflow svc minio-service -o=jsonpath='{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}' > svc-minio-service-backup.json +kustomize build istio/ | kubectl apply --server-side -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs +kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" kubectl -n kubeflow port-forward svc/minio-service 8333:9000 echo "S3 endpoint available on localhost:8333" & function trap_handler { kubectl -n kubeflow logs -l app=seaweedfs --tail=100 - kustomize build base/ | kubectl delete -f - + kustomize build istio/ | kubectl delete -f - + kubectl apply -f svc-minio-service-backup.json } trap trap_handler EXIT From f0b40ea92c8bc24ef5722de5ba26d1ebf0693bc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Mon, 2 Sep 2024 16:42:41 +0200 Subject: [PATCH 03/13] Add workflow for seaweedfs pipeline test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 108 ++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 .github/workflows/pipeline_swfs_test.yaml diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml new file mode 100644 index 0000000000..fbbd55fdf6 --- /dev/null +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -0,0 +1,108 @@ +name: Deploy and test Kubeflow Pipelines manifests with m2m auth in KinD +on: + pull_request: + paths: + - .github/workflows/pipeline_swfs_test.yaml + - apps/pipeline/upstream/** + - tests/gh-actions/kind-cluster.yaml + - tests/gh-actions/install_kind.sh + - tests/gh-actions/install_kustomize.sh + - tests/gh-actions/install_istio.sh + - tests/gh-actions/install_cert_manager.sh + - common/cert-manager/** + - common/oidc-client/oauth2-proxy/** + - common/istio*/** + - tests/gh-actions/install_istio_with_ext_auth.sh + - contrib/seaweedfs/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install kubectl + run: ./tests/gh-actions/install_kubectl.sh + + - name: Install Istio with ext auth + run: ./tests/gh-actions/install_istio_with_ext_auth.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Create kubeflow namespace + run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - + + - name: Install KF Pipelines + run: ./tests/gh-actions/install_pipelines.sh + + - name: Install KF Multi Tenancy + run: ./tests/gh-actions/install_multi_tenancy.sh + + - name: Install kubeflow-istio-resources + run: kustomize build common/istio-1-22/kubeflow-istio-resources/base | kubectl apply -f - + + - name: Create KF Profile + run: kustomize build common/user-namespace/base | kubectl apply -f - + + - name: Install seaweedfs + run: | + kustomize build contrib/seaweedfs/istio | kubectl apply -f - + kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs + + - name: port forward + run: | + ingress_gateway_service=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0].metadata.name}') + nohup kubectl port-forward --namespace istio-system svc/${ingress_gateway_service} 8080:80 & + while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready + + - name: Wait for the kubeflow-m2m-oidc-configurator Job + run: | + ./tests/gh-actions/wait_for_kubeflow_m2m_oidc_configurator.sh + + - name: List and deploy test pipeline with authorized ServiceAccount Token + run: | + pip3 install kfp==2.4.0 + KF_PROFILE=kubeflow-user-example-com + TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" + + python -c ' + from time import sleep + import kfp + import sys + + token = sys.argv[1] + namespace = sys.argv[2] + client = kfp.Client(host="http://localhost:8080/pipeline", existing_token=token) + + pipeline = client.list_pipelines().pipelines[0] + pipeline_name = pipeline.display_name + pipeline_id = pipeline.pipeline_id + pipeline_version_id = client.list_pipeline_versions(pipeline_id).pipeline_versions[0].pipeline_version_id + experiment_id = client.create_experiment("seaweedfs-test", namespace=namespace).experiment_id + + print(f"Starting pipeline {pipeline_name}.") + run_id = client.run_pipeline(experiment_id=experiment_id, job_name="m2m-test", pipeline_id=pipeline_id, version_id=pipeline_version_id).run_id + + while True: + status = client.get_run(run_id=run_id).state + if status in ["PENDING", "RUNNING"]: + print(f"Waiting for run_id: {run_id}, status: {status}.") + sleep(10) + else: + print(f"Run with id {run_id} finished with status: {status}.") + if status != "SUCCEEDED": + print("Pipeline failed") + raise SystemExit(1) + break + ' "${TOKEN}" "${KF_PROFILE}" From bb23749aa006c7137e7d57c8fe88d26c7e8abd9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Mon, 2 Sep 2024 16:47:47 +0200 Subject: [PATCH 04/13] Remove minio svc backup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- contrib/seaweedfs/svc-minio-service-backup.json | 1 - 1 file changed, 1 deletion(-) delete mode 100644 contrib/seaweedfs/svc-minio-service-backup.json diff --git a/contrib/seaweedfs/svc-minio-service-backup.json b/contrib/seaweedfs/svc-minio-service-backup.json deleted file mode 100644 index 0b49632981..0000000000 --- a/contrib/seaweedfs/svc-minio-service-backup.json +++ /dev/null @@ -1 +0,0 @@ -{"apiVersion":"v1","kind":"Service","metadata":{"name":"minio-service","namespace":"kubeflow"},"spec":{"ports":[{"name":"http","port":9000,"protocol":"TCP","targetPort":8333}],"selector":{"app":"minio"}}} From 1d2b5d46215eb49cd022e86d5ab69740fa0836b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Mon, 2 Sep 2024 16:52:22 +0200 Subject: [PATCH 05/13] Create user in workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index fbbd55fdf6..3f452d3a6a 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -59,6 +59,7 @@ jobs: run: | kustomize build contrib/seaweedfs/istio | kubectl apply -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs + kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" - name: port forward run: | From defa22ecfd3a7b27205b3b2830b0f928ff5266af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Tue, 3 Sep 2024 18:26:04 +0200 Subject: [PATCH 06/13] Fix yamllint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 200 +++++++++++----------- 1 file changed, 100 insertions(+), 100 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index 3f452d3a6a..700aaef3b3 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -2,108 +2,108 @@ name: Deploy and test Kubeflow Pipelines manifests with m2m auth in KinD on: pull_request: paths: - - .github/workflows/pipeline_swfs_test.yaml - - apps/pipeline/upstream/** - - tests/gh-actions/kind-cluster.yaml - - tests/gh-actions/install_kind.sh - - tests/gh-actions/install_kustomize.sh - - tests/gh-actions/install_istio.sh - - tests/gh-actions/install_cert_manager.sh - - common/cert-manager/** - - common/oidc-client/oauth2-proxy/** - - common/istio*/** - - tests/gh-actions/install_istio_with_ext_auth.sh - - contrib/seaweedfs/** + - .github/workflows/pipeline_swfs_test.yaml + - apps/pipeline/upstream/** + - tests/gh-actions/kind-cluster.yaml + - tests/gh-actions/install_kind.sh + - tests/gh-actions/install_kustomize.sh + - tests/gh-actions/install_istio.sh + - tests/gh-actions/install_cert_manager.sh + - common/cert-manager/** + - common/oidc-client/oauth2-proxy/** + - common/istio*/** + - tests/gh-actions/install_istio_with_ext_auth.sh + - contrib/seaweedfs/** jobs: build: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install KinD - run: ./tests/gh-actions/install_kind.sh - - - name: Create KinD Cluster - run: kind create cluster --config tests/gh-actions/kind-cluster.yaml - - - name: Install kustomize - run: ./tests/gh-actions/install_kustomize.sh - - - name: Install kubectl - run: ./tests/gh-actions/install_kubectl.sh - - - name: Install Istio with ext auth - run: ./tests/gh-actions/install_istio_with_ext_auth.sh - - - name: Install cert-manager - run: ./tests/gh-actions/install_cert_manager.sh - - - name: Create kubeflow namespace - run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - - - - name: Install KF Pipelines - run: ./tests/gh-actions/install_pipelines.sh - - - name: Install KF Multi Tenancy - run: ./tests/gh-actions/install_multi_tenancy.sh - - - name: Install kubeflow-istio-resources - run: kustomize build common/istio-1-22/kubeflow-istio-resources/base | kubectl apply -f - - - - name: Create KF Profile - run: kustomize build common/user-namespace/base | kubectl apply -f - - - - name: Install seaweedfs - run: | - kustomize build contrib/seaweedfs/istio | kubectl apply -f - - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs - kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" - - - name: port forward - run: | - ingress_gateway_service=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0].metadata.name}') - nohup kubectl port-forward --namespace istio-system svc/${ingress_gateway_service} 8080:80 & - while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready - - - name: Wait for the kubeflow-m2m-oidc-configurator Job - run: | - ./tests/gh-actions/wait_for_kubeflow_m2m_oidc_configurator.sh - - - name: List and deploy test pipeline with authorized ServiceAccount Token - run: | - pip3 install kfp==2.4.0 - KF_PROFILE=kubeflow-user-example-com - TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" - - python -c ' - from time import sleep - import kfp - import sys - - token = sys.argv[1] - namespace = sys.argv[2] - client = kfp.Client(host="http://localhost:8080/pipeline", existing_token=token) - - pipeline = client.list_pipelines().pipelines[0] - pipeline_name = pipeline.display_name - pipeline_id = pipeline.pipeline_id - pipeline_version_id = client.list_pipeline_versions(pipeline_id).pipeline_versions[0].pipeline_version_id - experiment_id = client.create_experiment("seaweedfs-test", namespace=namespace).experiment_id - - print(f"Starting pipeline {pipeline_name}.") - run_id = client.run_pipeline(experiment_id=experiment_id, job_name="m2m-test", pipeline_id=pipeline_id, version_id=pipeline_version_id).run_id - - while True: - status = client.get_run(run_id=run_id).state - if status in ["PENDING", "RUNNING"]: - print(f"Waiting for run_id: {run_id}, status: {status}.") - sleep(10) - else: - print(f"Run with id {run_id} finished with status: {status}.") - if status != "SUCCEEDED": - print("Pipeline failed") - raise SystemExit(1) - break - ' "${TOKEN}" "${KF_PROFILE}" + - name: Checkout + uses: actions/checkout@v4 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install kubectl + run: ./tests/gh-actions/install_kubectl.sh + + - name: Install Istio with ext auth + run: ./tests/gh-actions/install_istio_with_ext_auth.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Create kubeflow namespace + run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - + + - name: Install KF Pipelines + run: ./tests/gh-actions/install_pipelines.sh + + - name: Install KF Multi Tenancy + run: ./tests/gh-actions/install_multi_tenancy.sh + + - name: Install kubeflow-istio-resources + run: kustomize build common/istio-1-22/kubeflow-istio-resources/base | kubectl apply -f - + + - name: Create KF Profile + run: kustomize build common/user-namespace/base | kubectl apply -f - + + - name: Install seaweedfs + run: | + kustomize build contrib/seaweedfs/istio | kubectl apply -f - + kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs + kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" + + - name: port forward + run: | + ingress_gateway_service=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0].metadata.name}') + nohup kubectl port-forward --namespace istio-system svc/${ingress_gateway_service} 8080:80 & + while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready + + - name: Wait for the kubeflow-m2m-oidc-configurator Job + run: | + ./tests/gh-actions/wait_for_kubeflow_m2m_oidc_configurator.sh + + - name: List and deploy test pipeline with authorized ServiceAccount Token + run: | + pip3 install kfp==2.4.0 + KF_PROFILE=kubeflow-user-example-com + TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" + + python -c ' + from time import sleep + import kfp + import sys + + token = sys.argv[1] + namespace = sys.argv[2] + client = kfp.Client(host="http://localhost:8080/pipeline", existing_token=token) + + pipeline = client.list_pipelines().pipelines[0] + pipeline_name = pipeline.display_name + pipeline_id = pipeline.pipeline_id + pipeline_version_id = client.list_pipeline_versions(pipeline_id).pipeline_versions[0].pipeline_version_id + experiment_id = client.create_experiment("seaweedfs-test", namespace=namespace).experiment_id + + print(f"Starting pipeline {pipeline_name}.") + run_id = client.run_pipeline(experiment_id=experiment_id, job_name="m2m-test", pipeline_id=pipeline_id, version_id=pipeline_version_id).run_id + + while True: + status = client.get_run(run_id=run_id).state + if status in ["PENDING", "RUNNING"]: + print(f"Waiting for run_id: {run_id}, status: {status}.") + sleep(10) + else: + print(f"Run with id {run_id} finished with status: {status}.") + if status != "SUCCEEDED": + print("Pipeline failed") + raise SystemExit(1) + break + ' "${TOKEN}" "${KF_PROFILE}" From 31ddf0ece7ec3dcec8d1c1eae0f44d0215dfb322 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Tue, 3 Sep 2024 18:33:41 +0200 Subject: [PATCH 07/13] Use other action to create KinD cluster MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index 700aaef3b3..c754722977 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -22,14 +22,8 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Install KinD - run: ./tests/gh-actions/install_kind.sh - - - name: Create KinD Cluster - run: kind create cluster --config tests/gh-actions/kind-cluster.yaml - - - name: Install kustomize - run: ./tests/gh-actions/install_kustomize.sh + - name: Install KinD, Create KinD cluster and Install kustomize + run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh - name: Install kubectl run: ./tests/gh-actions/install_kubectl.sh From 105b0e17fd637f1b2b8432e71f6b6bdfb08cd249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Wed, 4 Sep 2024 14:30:35 +0200 Subject: [PATCH 08/13] Rename new workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index c754722977..64aa5d70c2 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -1,4 +1,4 @@ -name: Deploy and test Kubeflow Pipelines manifests with m2m auth in KinD +name: Deploy and test Kubeflow Pipelines manifests with seaweedfs and m2m auth in KinD on: pull_request: paths: From b09fc19605c8ea0834fd292f786899c8c418ef5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Wed, 4 Sep 2024 14:56:17 +0200 Subject: [PATCH 09/13] Add namespace to kubectl commands MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 2 +- contrib/seaweedfs/test.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index 64aa5d70c2..c2ae3ab99d 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -53,7 +53,7 @@ jobs: run: | kustomize build contrib/seaweedfs/istio | kubectl apply -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs - kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" + kubectl -n kubeflow exec deploy/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" - name: port forward run: | diff --git a/contrib/seaweedfs/test.sh b/contrib/seaweedfs/test.sh index 00792c3804..bff87f0abe 100755 --- a/contrib/seaweedfs/test.sh +++ b/contrib/seaweedfs/test.sh @@ -6,7 +6,7 @@ kubectl create ns kubeflow || echo "namespace kubeflow already exists" kubectl get -n kubeflow svc minio-service -o=jsonpath='{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}' > svc-minio-service-backup.json kustomize build istio/ | kubectl apply --server-side -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs -kubectl exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" +kubectl -n kubeflow exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" kubectl -n kubeflow port-forward svc/minio-service 8333:9000 echo "S3 endpoint available on localhost:8333" & From 3c73156e64c4ac0515e5c21d3e98601d26de48f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Tue, 17 Sep 2024 09:31:07 +0200 Subject: [PATCH 10/13] Add missing networkpolicy for seaweedfs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 2 +- contrib/seaweedfs/base/kustomization.yaml | 1 + .../base/seadweedfs-networkpolicy.yaml | 28 +++++++++++++++++++ contrib/seaweedfs/istio/kustomization.yaml | 1 + 4 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 contrib/seaweedfs/base/seadweedfs-networkpolicy.yaml diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index c2ae3ab99d..f3d52d1ad2 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -53,7 +53,7 @@ jobs: run: | kustomize build contrib/seaweedfs/istio | kubectl apply -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs - kubectl -n kubeflow exec deploy/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" + kubectl -n kubeflow exec deploy/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write,List -apply\" | /usr/bin/weed shell" - name: port forward run: | diff --git a/contrib/seaweedfs/base/kustomization.yaml b/contrib/seaweedfs/base/kustomization.yaml index fc31272690..fca6773739 100644 --- a/contrib/seaweedfs/base/kustomization.yaml +++ b/contrib/seaweedfs/base/kustomization.yaml @@ -6,3 +6,4 @@ resources: - seaweedfs-deployment.yaml - seaweedfs-pvc.yaml - seaweedfs-service.yaml +- seadweedfs-networkpolicy.yaml \ No newline at end of file diff --git a/contrib/seaweedfs/base/seadweedfs-networkpolicy.yaml b/contrib/seaweedfs/base/seadweedfs-networkpolicy.yaml new file mode 100644 index 0000000000..6d2cffbdc9 --- /dev/null +++ b/contrib/seaweedfs/base/seadweedfs-networkpolicy.yaml @@ -0,0 +1,28 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: seaweedfs +spec: + ingress: + - from: + - namespaceSelector: + matchExpressions: + - key: app.kubernetes.io/part-of + operator: In + values: + - kubeflow-profile + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - istio-system + - podSelector: {} + podSelector: + matchExpressions: + - key: app + operator: In + values: + - seaweedfs + policyTypes: + - Ingress diff --git a/contrib/seaweedfs/istio/kustomization.yaml b/contrib/seaweedfs/istio/kustomization.yaml index 6b821ec6bb..a8b34ac8b6 100644 --- a/contrib/seaweedfs/istio/kustomization.yaml +++ b/contrib/seaweedfs/istio/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: kubeflow resources: - ../base/ From 254b6f4c7aa9cf571b72d3db2785dde95644bce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Mon, 30 Sep 2024 09:35:32 +0200 Subject: [PATCH 11/13] Add missing newlines at end of files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- contrib/seaweedfs/base/kustomization.yaml | 2 +- contrib/seaweedfs/istio/kustomization.yaml | 2 +- contrib/seaweedfs/test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/seaweedfs/base/kustomization.yaml b/contrib/seaweedfs/base/kustomization.yaml index fca6773739..166c238dae 100644 --- a/contrib/seaweedfs/base/kustomization.yaml +++ b/contrib/seaweedfs/base/kustomization.yaml @@ -6,4 +6,4 @@ resources: - seaweedfs-deployment.yaml - seaweedfs-pvc.yaml - seaweedfs-service.yaml -- seadweedfs-networkpolicy.yaml \ No newline at end of file +- seadweedfs-networkpolicy.yaml diff --git a/contrib/seaweedfs/istio/kustomization.yaml b/contrib/seaweedfs/istio/kustomization.yaml index a8b34ac8b6..2dffd5d150 100644 --- a/contrib/seaweedfs/istio/kustomization.yaml +++ b/contrib/seaweedfs/istio/kustomization.yaml @@ -4,4 +4,4 @@ namespace: kubeflow resources: - ../base/ -- istio-authorization-policy.yaml \ No newline at end of file +- istio-authorization-policy.yaml diff --git a/contrib/seaweedfs/test.sh b/contrib/seaweedfs/test.sh index bff87f0abe..f55ca2135e 100755 --- a/contrib/seaweedfs/test.sh +++ b/contrib/seaweedfs/test.sh @@ -6,7 +6,7 @@ kubectl create ns kubeflow || echo "namespace kubeflow already exists" kubectl get -n kubeflow svc minio-service -o=jsonpath='{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}' > svc-minio-service-backup.json kustomize build istio/ | kubectl apply --server-side -f - kubectl -n kubeflow wait --for=condition=available --timeout=600s deploy/seaweedfs -kubectl -n kubeflow exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write -apply\" | /usr/bin/weed shell" +kubectl -n kubeflow exec deployments/seaweedfs -c seaweedfs -- sh -c "echo \"s3.configure -user minio -access_key minio -secret_key minio123 -actions Read,Write,List -apply\" | /usr/bin/weed shell" kubectl -n kubeflow port-forward svc/minio-service 8333:9000 echo "S3 endpoint available on localhost:8333" & From 453f1173c163464eb653bf753f9c9da4d1881194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Wed, 2 Oct 2024 14:57:22 +0200 Subject: [PATCH 12/13] Integrate changes from master MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index f3d52d1ad2..fe1c9bcc2c 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -28,8 +28,11 @@ jobs: - name: Install kubectl run: ./tests/gh-actions/install_kubectl.sh - - name: Install Istio with ext auth - run: ./tests/gh-actions/install_istio_with_ext_auth.sh + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Install oauth2-proxy + run: ./tests/gh-actions/install_oauth2-proxy.sh - name: Install cert-manager run: ./tests/gh-actions/install_cert_manager.sh @@ -61,10 +64,6 @@ jobs: nohup kubectl port-forward --namespace istio-system svc/${ingress_gateway_service} 8080:80 & while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready - - name: Wait for the kubeflow-m2m-oidc-configurator Job - run: | - ./tests/gh-actions/wait_for_kubeflow_m2m_oidc_configurator.sh - - name: List and deploy test pipeline with authorized ServiceAccount Token run: | pip3 install kfp==2.4.0 From 24c71424760ea3309a7098481774ce54867b4690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Wed, 2 Oct 2024 15:18:21 +0200 Subject: [PATCH 13/13] Adjust PR trigger paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Schönthaler --- .github/workflows/pipeline_swfs_test.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index fe1c9bcc2c..2489ee3201 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -2,17 +2,15 @@ name: Deploy and test Kubeflow Pipelines manifests with seaweedfs and m2m auth i on: pull_request: paths: + - tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh - .github/workflows/pipeline_swfs_test.yaml - apps/pipeline/upstream/** - - tests/gh-actions/kind-cluster.yaml - - tests/gh-actions/install_kind.sh - - tests/gh-actions/install_kustomize.sh - tests/gh-actions/install_istio.sh - tests/gh-actions/install_cert_manager.sh + - tests/gh-actions/install_oauth2-proxy.sh - common/cert-manager/** - - common/oidc-client/oauth2-proxy/** + - common/oauth2-proxy/** - common/istio*/** - - tests/gh-actions/install_istio_with_ext_auth.sh - contrib/seaweedfs/** jobs: