diff --git a/workspaces/backend/Makefile b/workspaces/backend/Makefile index d139d313..ed264a7a 100644 --- a/workspaces/backend/Makefile +++ b/workspaces/backend/Makefile @@ -1,5 +1,5 @@ # Image URL to use all building/pushing image targets -IMG ?= nbv2-backend:latest +IMG ?= nb-backend:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.31.0 @@ -124,11 +124,13 @@ $(LOCALBIN): ## Tool Binaries KUBECTL ?= kubectl +KUSTOMIZE := $(LOCALBIN)/kustomize ENVTEST ?= $(LOCALBIN)/setup-envtest GOLANGCI_LINT = $(LOCALBIN)/golangci-lint SWAGGER = $(LOCALBIN)/swag ## Tool Versions +KUSTOMIZE_VERSION ?= v5.5.0 ENVTEST_VERSION ?= release-0.19 GOLANGCI_LINT_VERSION ?= v1.61.0 SWAGGER_VERSION ?= v1.16.6 @@ -148,6 +150,26 @@ golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. $(GOLANGCI_LINT): $(LOCALBIN) $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) + +##@ deployment + +.PHONY: deploy +deploy: kustomize ## Deploy backend to the K8s cluster specified in ~/.kube/config. + cd manifests/kustomize/overlays/istio && $(KUSTOMIZE) edit set image workspaces-backend=${IMG} + $(KUBECTL) apply -k manifests/kustomize/overlays/istio + +.PHONY: undeploy +undeploy: kustomize ## Undeploy backend from the K8s cluster specified in ~/.kube/config. + $(KUBECTL) delete -k manifests/kustomize/overlays/istio --ignore-not-found=true + + +##@ Dependencies + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist # $1 - target path with name of binary # $2 - package url which can be installed diff --git a/workspaces/backend/manifests/kustomize/base/deployment.yaml b/workspaces/backend/manifests/kustomize/base/deployment.yaml new file mode 100644 index 00000000..db4a891c --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: workspaces-backend +spec: + replicas: 1 + selector: + matchLabels: {} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + template: + metadata: + labels: {} + spec: + serviceAccountName: workspaces-backend + securityContext: + runAsNonRoot: true + terminationGracePeriodSeconds: 30 + containers: + - name: workspaces-backend + image: workspaces-backend + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + ports: + - name: http-api + containerPort: 4000 + env: + - name: PORT + value: "4000" + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi + livenessProbe: + httpGet: + path: /api/v1/healthcheck + port: http-api + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + httpGet: + path: /api/v1/healthcheck + port: http-api + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/base/kustomization.yaml b/workspaces/backend/manifests/kustomize/base/kustomization.yaml new file mode 100644 index 00000000..876f59d3 --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kubeflow-workspaces + +resources: +- namespace.yaml +- service_account.yaml +- rbac.yaml +- service.yaml +- deployment.yaml \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/base/namespace.yaml b/workspaces/backend/manifests/kustomize/base/namespace.yaml new file mode 100644 index 00000000..0076fabf --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: kubeflow-workspaces \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/base/rbac.yaml b/workspaces/backend/manifests/kustomize/base/rbac.yaml new file mode 100644 index 00000000..4a9cd586 --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/rbac.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: workspaces-backend +rules: +- apiGroups: + - kubeflow.org + resources: + - workspaces + - workspacekinds + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: workspaces-backend +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: workspaces-backend +subjects: +- kind: ServiceAccount + name: workspaces-backend + namespace: kubeflow-workspaces \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/base/service.yaml b/workspaces/backend/manifests/kustomize/base/service.yaml new file mode 100644 index 00000000..8189c39d --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: workspaces-backend +spec: + selector: {} + ports: + - name: http-api + port: 4000 + targetPort: http-api + type: ClusterIP \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/base/service_account.yaml b/workspaces/backend/manifests/kustomize/base/service_account.yaml new file mode 100644 index 00000000..5e211753 --- /dev/null +++ b/workspaces/backend/manifests/kustomize/base/service_account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: workspaces-backend \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/components/common/kustomization.yaml b/workspaces/backend/manifests/kustomize/components/common/kustomization.yaml new file mode 100644 index 00000000..df7a878d --- /dev/null +++ b/workspaces/backend/manifests/kustomize/components/common/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +labels: +- includeSelectors: true + pairs: + app.kubernetes.io/component: workspaces-backend + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: kubeflow-workspaces + app.kubernetes.io/part-of: kubeflow \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/components/istio/authorization-policy.yaml b/workspaces/backend/manifests/kustomize/components/istio/authorization-policy.yaml new file mode 100644 index 00000000..9e7527fa --- /dev/null +++ b/workspaces/backend/manifests/kustomize/components/istio/authorization-policy.yaml @@ -0,0 +1,10 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: workspaces-backend +spec: + action: ALLOW + selector: + matchLabels: {} + rules: + - {} \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/components/istio/destination-rule.yaml b/workspaces/backend/manifests/kustomize/components/istio/destination-rule.yaml new file mode 100644 index 00000000..545c821c --- /dev/null +++ b/workspaces/backend/manifests/kustomize/components/istio/destination-rule.yaml @@ -0,0 +1,9 @@ +apiVersion: networking.istio.io/v1beta1 +kind: DestinationRule +metadata: + name: workspaces-backend +spec: + host: workspaces-backend.kubeflow-workspaces.svc.cluster.local + trafficPolicy: + tls: + mode: DISABLE \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/components/istio/kustomization.yaml b/workspaces/backend/manifests/kustomize/components/istio/kustomization.yaml new file mode 100644 index 00000000..91ebfc1f --- /dev/null +++ b/workspaces/backend/manifests/kustomize/components/istio/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: +- destination-rule.yaml +- virtual-service.yaml +- authorization-policy.yaml \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/components/istio/virtual-service.yaml b/workspaces/backend/manifests/kustomize/components/istio/virtual-service.yaml new file mode 100644 index 00000000..a73f511a --- /dev/null +++ b/workspaces/backend/manifests/kustomize/components/istio/virtual-service.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1beta1 +kind: VirtualService +metadata: + name: workspaces-backend +spec: + gateways: + - kubeflow/kubeflow-gateway + hosts: + - '*' + http: + - match: + - uri: + prefix: /workspaces/api/ + rewrite: + uri: /api/ + route: + - destination: + host: workspaces-backend.kubeflow-workspaces.svc.cluster.local + port: + number: 4000 \ No newline at end of file diff --git a/workspaces/backend/manifests/kustomize/overlays/istio/kustomization.yaml b/workspaces/backend/manifests/kustomize/overlays/istio/kustomization.yaml new file mode 100644 index 00000000..b8f959c0 --- /dev/null +++ b/workspaces/backend/manifests/kustomize/overlays/istio/kustomization.yaml @@ -0,0 +1,114 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kubeflow-workspaces + +resources: +- ../../base + +components: +- ../../components/istio +- ../../components/common + +replacements: +- source: + fieldPath: metadata.namespace + kind: ServiceAccount + name: workspaces-backend + targets: + - fieldPaths: + - metadata.name + select: + kind: Namespace + name: kubeflow-workspaces + - fieldPaths: + - subjects.[kind=ServiceAccount].namespace + select: + kind: ClusterRoleBinding + name: workspaces-backend +- source: + fieldPath: metadata.name + kind: Service + name: workspaces-backend + version: v1 + targets: + - fieldPaths: + - spec.http.0.route.0.destination.host + options: + delimiter: . + select: + group: networking.istio.io + kind: VirtualService + name: workspaces-backend + version: v1beta1 + - fieldPaths: + - spec.host + options: + delimiter: . + select: + group: networking.istio.io + kind: DestinationRule + name: workspaces-backend + version: v1beta1 +- source: + fieldPath: metadata.namespace + kind: Service + name: workspaces-backend + version: v1 + targets: + - fieldPaths: + - spec.http.0.route.0.destination.host + options: + delimiter: . + index: 1 + select: + group: networking.istio.io + kind: VirtualService + name: workspaces-backend + version: v1beta1 + - fieldPaths: + - spec.host + options: + delimiter: . + index: 1 + select: + group: networking.istio.io + kind: DestinationRule + name: workspaces-backend + version: v1beta1 +- source: + fieldPath: spec.ports.[name=http-api].port + kind: Service + name: workspaces-backend + version: v1 + targets: + - fieldPaths: + - spec.http.0.route.0.destination.port.number + select: + group: networking.istio.io + kind: VirtualService + name: workspaces-backend + version: v1beta1 +- source: + fieldPath: spec.selector.matchLabels + kind: Deployment + name: workspaces-backend + targets: + - fieldPaths: + - spec.selector.matchLabels + select: + kind: AuthorizationPolicy + name: workspaces-backend + +patches: +- patch: |- + - op: remove + path: /metadata/labels/app.kubernetes.io~1component + - op: remove + path: /metadata/labels/app.kubernetes.io~1name + - op: add + path: /metadata/labels/istio-injection + value: enabled + target: + kind: Namespace + name: kubeflow-workspaces \ No newline at end of file