Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Common Component: oidc-authservice #115

Closed
rohank07 opened this issue Jan 17, 2022 · 0 comments · Fixed by #129
Closed

Common Component: oidc-authservice #115

rohank07 opened this issue Jan 17, 2022 · 0 comments · Fixed by #129
Assignees
@rohank07
Labels
size/S ~1 day

Comments

@rohank07
Copy link
Contributor

rohank07 commented Jan 17, 2022
edited
Loading

Overview

EPIC: Kubeflow Upgrade Planning

Component Local Manifests Path Upstream Initial Work
oidc-authservice common/oidc-authservice v1.3.1

Adjustments

  • Configmap which stores all of the OIDC secrets
  • The EnvoyFilter with slight customizations to the auth request
  • Our custom image of the oidc-authservice and image pull secrets

Kubeflow V2 Manifests

The following is the kustomize that was used in Kubeflow V2:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patchesStrategicMerge:
- configmap.yaml
- envoy-filter.yaml
- statefulset.yaml
resources:
- ../../.cache/manifests/manifests-1.2-branch/stacks/azure/application/oidc-authservice

AAW Dev / Prod Live Manifests

At the moment there is no difference in state then what is overridden above.

Note: While most everything 95% would have been automated, stored as config and is using what is referenced above. I believe a few things could have been done as manual adjustments that we should make sure we are keeping. Largely any manual yaml adjustments would have been documented in high level GitHub issues or tracked in the YAML repository under the AAW group.

Kubeflow V3 Manifests

The following is the P.R. that will be merged into the main branch for Kubeflow V3:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- github.com/kubeflow/manifests/common/oidc-authservice/base?ref=v1.3.1

patchesStrategicMerge:
- configmap.yaml
- envoy-filter.yaml
- statefulset.yaml

Testing

Usually a good idea to make sure all of the overrides are working is to run the following command and verify all of the yaml output for the component is what you expect and all of the overrides are taken into account.

  • The oidc-authservice configmap (oidc-authservice-parameters) has been modified correctly
  • The oidc-authservice enovy-filter has been modified correctly
  • The oidc-authservice statefulset (image, envar, imagepullSecrets) has been modified correctly
task stack:aaw:preview

Note: The command above will render all of the manifests into manifests top level folder with the name aaw.yaml. A trick to keep the yaml output small is under stacks/aaw/kustomization.yaml to only have the component you wish to test referenced.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rohank07 rohank07

Labels
size/S ~1 day
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(component): Add common component oidc-authservice StatCan/aaw-kubeflow-manifests
2 participants
@sylus @rohank07