Skip to content

chore: Add securitycontext for PSS PoC (rootless Kubeflow) #215

chore: Add securitycontext for PSS PoC (rootless Kubeflow)

chore: Add securitycontext for PSS PoC (rootless Kubeflow) #215

name: Create Pipeline Run from Kubeflow Notebook
on:
pull_request:
paths:
- tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
- .github/workflows/pipeline_run_from_notebook.yaml
- apps/jupyter/notebook-controller/upstream/**
- apps/pipeline/upstream/**
- tests/gh-actions/install_istio.sh
- tests/gh-actions/install_cert_manager.sh
- common/cert-manager/**
- common/oauth2-proxy/**
- common/istio*/**
- common/kubeflow-namespace/**
- apps/jupyter/**
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install KinD, Create KinD cluster and Install kustomize
run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
- name: Install Istio
run: ./tests/gh-actions/install_istio.sh
- name: Install oauth2-proxy
run: ./tests/gh-actions/install_oauth2-proxy.sh
- name: Install cert-manager
run: ./tests/gh-actions/install_cert_manager.sh
- name: Create kubeflow namespace
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f -
- name: Install kubeflow-istio-resources
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f -
- name: Install KF Pipelines
run: ./tests/gh-actions/install_pipelines.sh
- name: Install KF Multi Tenancy
run: ./tests/gh-actions/install_multi_tenancy.sh
- name: Build & Apply manifests
run: |
kustomize build apps/jupyter/jupyter-web-app/upstream/overlays/istio/ | kubectl apply -f -
kustomize build apps/jupyter/notebook-controller/upstream/overlays/kubeflow/ | kubectl apply -f -
kustomize build apps/admission-webhook/upstream/overlays/cert-manager | kubectl apply -f -
kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 300s \
--field-selector=status.phase!=Succeeded
- name: Create KF Profile
run: kustomize build common/user-namespace/base | kubectl apply -f -
- name: Apply PodDefaults to access ml-pipeline with projected token
run: kubectl apply -f tests/gh-actions/kf-objects/poddefaults.access-ml-pipeline.kubeflow-user-example-com.yaml
- name: Create Kubeflow Notebook with PodDefaults
run: |
kubectl apply -f tests/gh-actions/kf-objects/notebook.test.kubeflow-user-example.com.yaml
kubectl wait --for=jsonpath='{.status.readyReplicas}'=1 \
-f tests/gh-actions/kf-objects/notebook.test.kubeflow-user-example.com.yaml \
--timeout 600s
- name: Copy and execute the pipeline run script in KF Notebook
run: |
kubectl -n kubeflow-user-example-com cp \
./tests/gh-actions/run_and_wait_kubeflow_pipeline.py \
test-0:/home/jovyan/run_and_wait_kubeflow_pipeline.py
kubectl -n kubeflow-user-example-com exec -ti \
test-0 -- python /home/jovyan/run_and_wait_kubeflow_pipeline.py