chore: Add securitycontext for PSS PoC (rootless Kubeflow) #215
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Pipeline Run from Kubeflow Notebook | |
on: | |
pull_request: | |
paths: | |
- tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- .github/workflows/pipeline_run_from_notebook.yaml | |
- apps/jupyter/notebook-controller/upstream/** | |
- apps/pipeline/upstream/** | |
- tests/gh-actions/install_istio.sh | |
- tests/gh-actions/install_cert_manager.sh | |
- common/cert-manager/** | |
- common/oauth2-proxy/** | |
- common/istio*/** | |
- common/kubeflow-namespace/** | |
- apps/jupyter/** | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install KinD, Create KinD cluster and Install kustomize | |
run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- name: Install Istio | |
run: ./tests/gh-actions/install_istio.sh | |
- name: Install oauth2-proxy | |
run: ./tests/gh-actions/install_oauth2-proxy.sh | |
- name: Install cert-manager | |
run: ./tests/gh-actions/install_cert_manager.sh | |
- name: Create kubeflow namespace | |
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
- name: Install kubeflow-istio-resources | |
run: kustomize build common/istio-1-23/kubeflow-istio-resources/base | kubectl apply -f - | |
- name: Install KF Pipelines | |
run: ./tests/gh-actions/install_pipelines.sh | |
- name: Install KF Multi Tenancy | |
run: ./tests/gh-actions/install_multi_tenancy.sh | |
- name: Build & Apply manifests | |
run: | | |
kustomize build apps/jupyter/jupyter-web-app/upstream/overlays/istio/ | kubectl apply -f - | |
kustomize build apps/jupyter/notebook-controller/upstream/overlays/kubeflow/ | kubectl apply -f - | |
kustomize build apps/admission-webhook/upstream/overlays/cert-manager | kubectl apply -f - | |
kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 300s \ | |
--field-selector=status.phase!=Succeeded | |
- name: Create KF Profile | |
run: kustomize build common/user-namespace/base | kubectl apply -f - | |
- name: Apply PodDefaults to access ml-pipeline with projected token | |
run: kubectl apply -f tests/gh-actions/kf-objects/poddefaults.access-ml-pipeline.kubeflow-user-example-com.yaml | |
- name: Create Kubeflow Notebook with PodDefaults | |
run: | | |
kubectl apply -f tests/gh-actions/kf-objects/notebook.test.kubeflow-user-example.com.yaml | |
kubectl wait --for=jsonpath='{.status.readyReplicas}'=1 \ | |
-f tests/gh-actions/kf-objects/notebook.test.kubeflow-user-example.com.yaml \ | |
--timeout 600s | |
- name: Copy and execute the pipeline run script in KF Notebook | |
run: | | |
kubectl -n kubeflow-user-example-com cp \ | |
./tests/gh-actions/run_and_wait_kubeflow_pipeline.py \ | |
test-0:/home/jovyan/run_and_wait_kubeflow_pipeline.py | |
kubectl -n kubeflow-user-example-com exec -ti \ | |
test-0 -- python /home/jovyan/run_and_wait_kubeflow_pipeline.py |