├── kubeflow └── pipelines │ ├── upstream │ ├── third-party │ │ ├── argo │ │ │ ├── .krmignore │ │ │ ├── base │ │ │ │ ├── params.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── workflow-controller-deployment-patch.yaml │ │ │ ├── upstream │ │ │ │ └── manifests │ │ │ │ │ ├── base │ │ │ │ │ ├── crds │ │ │ │ │ │ ├── minimal │ │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── full │ │ │ │ │ │ │ ├── README.md │ │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── argo-server │ │ │ │ │ │ ├── argo-server-sa.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── argo-server-service.yaml │ │ │ │ │ ├── workflow-controller │ │ │ │ │ │ ├── workflow-controller-sa.yaml │ │ │ │ │ │ ├── workflow-controller-configmap.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── workflow-controller-metrics-service.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── quick-start │ │ │ │ │ ├── sso │ │ │ │ │ │ ├── dex │ │ │ │ │ │ │ ├── dex-sa.yaml │ │ │ │ │ │ │ ├── dev-svc.yaml │ │ │ │ │ │ │ ├── dex-role.yaml │ │ │ │ │ │ │ ├── dex-rb.yaml │ │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ │ └── dex-deploy.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── overlays │ │ │ │ │ │ │ ├── argo-server-sa.yaml │ │ │ │ │ │ │ └── workflow-controller-configmap.yaml │ │ │ │ │ ├── minimal │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── base │ │ │ │ │ │ ├── webhooks │ │ │ │ │ │ │ ├── github.com-sa.yaml │ │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ │ ├── github.com-rolebinding.yaml │ │ │ │ │ │ │ ├── submit-workflow-template-role.yaml │ │ │ │ │ │ │ └── argo-workflows-webhook-clients-secret.yaml │ │ │ │ │ │ ├── minio │ │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ │ ├── my-minio-cred-secret.yaml │ │ │ │ │ │ │ ├── minio-service.yaml │ │ │ │ │ │ │ └── minio-pod.yaml │ │ │ │ │ │ ├── prometheus │ │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ │ ├── prometheus-service.yaml │ │ │ │ │ │ │ └── prometheus-config-cluster.yaml │ │ │ │ │ │ ├── argo-server-sso-secret.yaml │ │ │ │ │ │ ├── kubelet-executor-clusterrole.yaml │ │ │ │ │ │ ├── workflow-default-rolebinding.yaml │ │ │ │ │ │ ├── kubelet-executor-default-clusterrolebinding.yaml │ │ │ │ │ │ ├── overlays │ │ │ │ │ │ │ └── argo-server-deployment.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── mysql │ │ │ │ │ │ ├── argo-mysql-config-secret.yaml │ │ │ │ │ │ ├── mysql-service.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── overlays │ │ │ │ │ │ │ └── workflow-controller-configmap.yaml │ │ │ │ │ └── postgres │ │ │ │ │ │ ├── argo-postgres-config-secret.yaml │ │ │ │ │ │ ├── postgres-service.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── overlays │ │ │ │ │ │ └── workflow-controller-configmap.yaml │ │ │ │ │ │ └── postgres-deployment.yaml │ │ │ │ │ ├── namespace-install │ │ │ │ │ ├── overlays │ │ │ │ │ │ ├── argo-server-deployment.yaml │ │ │ │ │ │ └── workflow-controller-deployment.yaml │ │ │ │ │ ├── argo-server-rbac │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── argo-server-rolebinding.yaml │ │ │ │ │ ├── workflow-controller-rbac │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── workflow-controller-rolebinding.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster-install │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── argo-server-rbac │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── argo-server-clusterolebinding.yaml │ │ │ │ │ └── workflow-controller-rbac │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ ├── workflow-controller-rolebinding.yaml │ │ │ │ │ │ ├── workflow-controller-clusterrolebinding.yaml │ │ │ │ │ │ └── workflow-controller-role.yaml │ │ │ │ │ └── Kptfile │ │ │ ├── Kptfile │ │ │ ├── installs │ │ │ │ ├── cluster │ │ │ │ │ ├── workflow-controller-clusterrolebinding-patch.json │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── namespace │ │ │ │ │ ├── workflow-controller-deployment-patch.json │ │ │ │ │ ├── cluster-scoped │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ └── Makefile │ │ ├── grafana │ │ │ ├── grafana-sa.yaml │ │ │ ├── grafana-service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── grafana-rolebinding.yaml │ │ │ └── grafana-role.yaml │ │ ├── mysql │ │ │ ├── base │ │ │ │ ├── mysql-serviceaccount.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── mysql-pv-claim.yaml │ │ │ │ └── mysql-service.yaml │ │ │ └── options │ │ │ │ └── istio │ │ │ │ └── kustomization.yaml │ │ ├── prometheus │ │ │ ├── prometheus-sa.yaml │ │ │ ├── prometheus-service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── prometheus-rolebinding.yaml │ │ │ ├── prometheus-role.yaml │ │ │ └── prometheus-deployment.yaml │ │ ├── application │ │ │ ├── application-controller-sa.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── application-controller-rolebinding.yaml │ │ │ ├── application-controller-service.yaml │ │ │ ├── cluster-scoped │ │ │ │ └── kustomization.yaml │ │ │ └── application-controller-role.yaml │ │ ├── minio │ │ │ ├── options │ │ │ │ └── istio │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── istio-authorization-policy.yaml │ │ │ └── base │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── mlpipeline-minio-artifact-secret.yaml │ │ │ │ ├── minio-pvc.yaml │ │ │ │ └── minio-service.yaml │ │ └── metacontroller │ │ │ └── base │ │ │ ├── service-account.yaml │ │ │ ├── cluster-role-binding.yaml │ │ │ └── kustomization.yaml │ ├── sample │ │ ├── params-db-secret.env │ │ ├── params.env │ │ └── cluster-scoped-resources │ │ │ └── kustomization.yaml │ ├── env │ │ ├── aws │ │ │ ├── OWNERS │ │ │ ├── secret.env │ │ │ ├── minio-artifact-secret-patch.env │ │ │ ├── params.env │ │ │ ├── config │ │ │ ├── viewer-pod-template.json │ │ │ └── kustomization.yaml │ │ ├── azure │ │ │ ├── OWNERS │ │ │ ├── params.env │ │ │ ├── mysql-secret.env │ │ │ ├── minio-azure-gateway │ │ │ │ ├── minio-artifact-secret.env │ │ │ │ ├── minio-azure-gateway-service.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── kustomization.yaml │ │ │ └── readme.md │ │ ├── gcp │ │ │ ├── minio-gcs-gateway │ │ │ │ ├── minio-artifact-secret.env │ │ │ │ ├── minio-gcs-gateway-sa.yaml │ │ │ │ ├── minio-gcs-gateway-service.yaml │ │ │ │ └── kustomization.yaml │ │ │ ├── inverse-proxy │ │ │ │ ├── proxy-sa.yaml │ │ │ │ ├── proxy-configmap.yaml │ │ │ │ ├── proxy-role.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── proxy-rolebinding.yaml │ │ │ │ └── proxy-deployment.yaml │ │ │ ├── cloudsql-proxy │ │ │ │ ├── cloudsql-proxy-sa.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── mysql-service.yaml │ │ │ ├── params.env │ │ │ └── gcp-configurations-patch.yaml │ │ ├── platform-agnostic-pns │ │ │ ├── kustomization.yaml │ │ │ └── workflow-controller-configmap-patch.yaml │ │ ├── platform-agnostic-emissary │ │ │ ├── kustomization.yaml │ │ │ └── workflow-controller-configmap-patch.yaml │ │ ├── platform-agnostic-multi-user-pns │ │ │ ├── kustomization.yaml │ │ │ └── workflow-controller-configmap-patch.yaml │ │ ├── platform-agnostic-multi-user-emissary │ │ │ ├── kustomization.yaml │ │ │ └── workflow-controller-configmap-patch.yaml │ │ ├── platform-agnostic │ │ │ └── kustomization.yaml │ │ ├── dev │ │ │ └── kustomization.yaml │ │ ├── platform-agnostic-multi-user │ │ │ └── kustomization.yaml │ │ └── platform-agnostic-multi-user-legacy │ │ │ └── kustomization.yaml │ ├── OWNERS │ ├── base │ │ ├── metadata │ │ │ ├── overlays │ │ │ │ └── db │ │ │ │ │ ├── secrets.env │ │ │ │ │ ├── params.env │ │ │ │ │ ├── metadata-db-pvc.yaml │ │ │ │ │ ├── metadata-db-service.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── patches │ │ │ │ │ └── metadata-grpc-deployment.yaml │ │ │ ├── base │ │ │ │ ├── metadata-grpc-sa.yaml │ │ │ │ ├── metadata-grpc-configmap.yaml │ │ │ │ ├── metadata-envoy-service.yaml │ │ │ │ ├── metadata-grpc-service.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ └── metadata-envoy-deployment.yaml │ │ │ └── options │ │ │ │ └── istio │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── destination-rule.yaml │ │ │ │ ├── istio-authorization-policy.yaml │ │ │ │ └── virtual-service.yaml │ │ ├── installs │ │ │ ├── multi-user │ │ │ │ ├── pipelines-profile-controller │ │ │ │ │ ├── params.env │ │ │ │ │ ├── requirements-dev.txt │ │ │ │ │ ├── service.yaml │ │ │ │ │ ├── run_tests.sh │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── params.yaml │ │ │ │ ├── metadata-writer │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── persistence-agent │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── viewer-controller │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── api-service │ │ │ │ │ ├── params.env │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── scheduled-workflow │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── cache │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── deployment-patch.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ ├── pipelines-ui │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── cluster-role-binding.yaml │ │ │ │ │ ├── configmap-patch.yaml │ │ │ │ │ └── cluster-role.yaml │ │ │ │ └── virtual-service.yaml │ │ │ └── generic │ │ │ │ ├── mysql-secret.yaml │ │ │ │ └── params.yaml │ │ ├── application │ │ │ └── kustomization.yaml │ │ ├── pipeline │ │ │ ├── ml-pipeline-ui-sa.yaml │ │ │ ├── ml-pipeline-apiserver-sa.yaml │ │ │ ├── pipeline-runner-sa.yaml │ │ │ ├── viewer-sa.yaml │ │ │ ├── cluster-scoped │ │ │ │ ├── kustomization.yaml │ │ │ │ └── viewer-crd.yaml │ │ │ ├── ml-pipeline-persistenceagent-sa.yaml │ │ │ ├── ml-pipeline-scheduledworkflow-sa.yaml │ │ │ ├── ml-pipeline-visualization-sa.yaml │ │ │ ├── container-builder-sa.yaml │ │ │ ├── metadata-writer │ │ │ │ ├── metadata-writer-sa.yaml │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── metadata-writer-rolebinding.yaml │ │ │ │ ├── metadata-writer-role.yaml │ │ │ │ └── metadata-writer-deployment.yaml │ │ │ ├── ml-pipeline-viewer-crd-sa.yaml │ │ │ ├── kfp-launcher-configmap.yaml │ │ │ ├── ml-pipeline-ui-configmap.yaml │ │ │ ├── ml-pipeline-ui-service.yaml │ │ │ ├── ml-pipeline-visualization-service.yaml │ │ │ ├── pipeline-runner-rolebinding.yaml │ │ │ ├── ml-pipeline-apiserver-rolebinding.yaml │ │ │ ├── ml-pipeline-ui-rolebinding.yaml │ │ │ ├── ml-pipeline-viewer-crd-rolebinding.yaml │ │ │ ├── ml-pipeline-persistenceagent-rolebinding.yaml │ │ │ ├── ml-pipeline-scheduledworkflow-rolebinding.yaml │ │ │ ├── ml-pipeline-persistenceagent-role.yaml │ │ │ ├── ml-pipeline-apiserver-service.yaml │ │ │ ├── ml-pipeline-viewer-crd-role.yaml │ │ │ ├── ml-pipeline-ui-role.yaml │ │ │ ├── ml-pipeline-scheduledworkflow-role.yaml │ │ │ ├── ml-pipeline-apiserver-role.yaml │ │ │ └── ml-pipeline-viewer-crd-deployment.yaml │ │ ├── cache │ │ │ ├── cache-sa.yaml │ │ │ ├── cache-service.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── cache-rolebinding.yaml │ │ │ └── cache-role.yaml │ │ └── cache-deployer │ │ │ ├── cluster-scoped │ │ │ ├── cache-deployer-sa.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── cache-deployer-clusterrolebinding.yaml │ │ │ └── cache-deployer-clusterrole.yaml │ │ │ ├── kustomization.yaml │ │ │ ├── cache-deployer-role.yaml │ │ │ ├── cache-deployer-rolebinding.yaml │ │ │ └── cache-deployer-deployment.yaml │ ├── cluster-scoped-resources │ │ ├── params.yaml │ │ ├── namespace.yaml │ │ └── kustomization.yaml │ ├── Kptfile │ └── Makefile │ ├── kustomization.yaml │ └── patches │ └── ingress.yaml ├── cluster ├── gke │ ├── terraform.tfvars │ ├── versions.tf │ ├── providers.tf │ ├── outputs.tf │ └── vpc.tf └── kind │ └── teardown.sh ├── feast ├── feast-charts │ ├── charts │ │ └── feast │ │ │ ├── charts │ │ │ ├── redis │ │ │ │ ├── .helmignore │ │ │ │ ├── ci │ │ │ │ │ ├── default-values.yaml │ │ │ │ │ ├── dev-values.yaml │ │ │ │ │ ├── redisgraph-module-values.yaml │ │ │ │ │ ├── extra-flags-values.yaml │ │ │ │ │ └── redis-lib-values.yaml │ │ │ │ ├── templates │ │ │ │ │ ├── redis-serviceaccount.yaml │ │ │ │ │ ├── secret.yaml │ │ │ │ │ ├── redis-rolebinding.yaml │ │ │ │ │ ├── headless-svc.yaml │ │ │ │ │ ├── redis-role.yaml │ │ │ │ │ └── prometheusrule.yaml │ │ │ │ └── Chart.yaml │ │ │ ├── transformation-service │ │ │ │ ├── config │ │ │ │ │ └── feature_store.yaml │ │ │ │ ├── Chart.yaml │ │ │ │ └── templates │ │ │ │ │ └── service.yaml │ │ │ └── feature-server │ │ │ │ ├── Chart.yaml │ │ │ │ └── templates │ │ │ │ ├── ingress.yaml │ │ │ │ └── secret.yaml │ │ │ ├── Chart.yaml │ │ │ ├── .helmignore │ │ │ ├── requirements.yaml │ │ │ └── values.yaml │ └── kustomization.yaml ├── kustomization.yaml └── upstream │ ├── kustomization.yaml │ ├── secret-feast-0.19.3-feature-server.yaml │ ├── service-feast-0.19.3-transformation-service.yaml │ ├── service-feast-0.19.3-feature-server.yaml │ └── configmap-feast-0.19.3-feature-server.yaml ├── flyte-sandbox └── upstream │ ├── namespace-flyte.yaml │ ├── namespace-projectcontour.yaml │ ├── namespace-kubernetes-dashboard.yaml │ ├── serviceaccount-envoy.yaml │ ├── serviceaccount-flyteadmin.yaml │ ├── serviceaccount-contour.yaml │ ├── serviceaccount-datacatalog.yaml │ ├── serviceaccount-flytepropeller.yaml │ ├── secret-flyte-admin-auth.yaml │ ├── secret-flyte-pod-webhook.yaml │ ├── serviceaccount-flyte-pod-webhook.yaml │ ├── serviceaccount-contour-certgen.yaml │ ├── secret-db-pass-9dgchhk2bm.yaml │ ├── secret-flyte-secret-auth.yaml │ ├── service-postgres.yaml │ ├── configmap-flyte-console-config.yaml │ ├── serviceaccount-kubernetes-dashboard.yaml │ ├── configmap-kubernetes-dashboard-settings.yaml │ ├── secret-user-info.yaml │ ├── secret-kubernetes-dashboard-key-holder.yaml │ ├── secret-kubernetes-dashboard-csrf.yaml │ ├── service-flyteconsole.yaml │ ├── service-minio.yaml │ ├── role-contour-certgen.yaml │ ├── service-contour.yaml │ ├── service-minio-direct.yaml │ ├── service-postgres-direct.yaml │ ├── clusterrolebinding-contour.yaml │ ├── service-dashboard-metrics-scraper.yaml │ ├── rolebinding-contour.yaml │ ├── service-flyte-pod-webhook.yaml │ ├── clusterrole-kubernetes-dashboard.yaml │ ├── clusterrolebinding-flyteadmin-binding.yaml │ ├── clusterrolebinding-flytepropeller.yaml │ ├── clusterrolebinding-flyte-pod-webhook.yaml │ ├── clusterrolebinding-kubernetes-dashboard.yaml │ ├── clusterrolebinding-kubernetes-dashboard-admin.yaml │ ├── clusterrole-flyte-pod-webhook.yaml │ ├── customresourcedefinition-flyteworkflows.flyte.lyft.com.yaml │ ├── service-kubernetes-dashboard.yaml │ ├── service-datacatalog.yaml │ ├── rolebinding-kubernetes-dashboard.yaml │ ├── service-envoy.yaml │ ├── ingress-minio.yaml │ ├── service-flyteadmin.yaml │ ├── clusterrole-flyteadmin.yaml │ ├── configmap-clusterresource-template-dk5mbchdmt.yaml │ ├── deployment-postgres.yaml │ ├── configmap-flyte-scheduler-config.yaml │ ├── configmap-datacatalog-config-64k8dg9gck.yaml │ └── deployment-flyteconsole.yaml ├── kserve └── upstream │ ├── secret-kserve-webhook-server-secret.yaml │ ├── issuer-selfsigned-issuer.yaml │ ├── configmap-kserve-config.yaml │ ├── namespace-kserve.yaml │ ├── service-kserve-webhook-server-service.yaml │ ├── serviceaccount-kserve-controller-manager.yaml │ ├── clusterrolebinding-kserve-proxy-rolebinding.yaml │ ├── clusterrolebinding-kserve-manager-rolebinding.yaml │ ├── certificate-serving-cert.yaml │ ├── rolebinding-leader-election-rolebinding.yaml │ ├── clusterrole-kserve-proxy-role.yaml │ ├── service-kserve-controller-manager-service.yaml │ ├── service-kserve-controller-manager-metrics-service.yaml │ ├── role-leader-election-role.yaml │ ├── validatingwebhookconfiguration-trainedmodel.serving.kserve.io.yaml │ └── validatingwebhookconfiguration-inferenceservice.serving.kserve.io.yaml ├── prometheus-operator ├── kustomization.yaml └── upstream │ ├── serviceaccount-prometheus-operator.yaml │ ├── service-prometheus-operator.yaml │ ├── clusterrolebinding-prometheus-operator.yaml │ └── kustomization.yaml ├── knative ├── kustomization.yaml ├── core │ └── upstream │ │ ├── serviceaccount-controller.yaml │ │ ├── secret-webhook-certs.yaml │ │ ├── clusterrole-knative-serving-admin.yaml │ │ ├── clusterrolebinding-knative-serving-controller-admin.yaml │ │ ├── clusterrole-knative-serving-namespaced-admin.yaml │ │ ├── clusterrole-knative-serving-namespaced-edit.yaml │ │ ├── horizontalpodautoscaler-webhook.yaml │ │ ├── clusterrole-knative-serving-aggregated-addressable-resolver.yaml │ │ └── horizontalpodautoscaler-activator.yaml ├── net-istio │ └── upstream │ │ ├── peerauthentication-domainmapping-webhook.yaml │ │ ├── peerauthentication-webhook.yaml │ │ ├── kustomization.yaml │ │ ├── gateway-knative-local-gateway.yaml │ │ └── validatingwebhookconfiguration-config.webhook.istio.networking.internal.knative.dev.yaml └── crds │ └── upstream │ └── kustomization.yaml ├── hack └── deploy_mlops.sh ├── argocd └── applications │ ├── feast.yaml │ ├── kserve.yaml │ ├── flyte.yaml │ ├── kubeflow-pipelines.yaml │ ├── knative-net-istio.yaml │ ├── knative-serving-core.yaml │ ├── knative-serving-crds.yaml │ └── prometheus-operator.yaml └── .gitignore /kubeflow/pipelines/upstream/third-party/argo/.krmignore: -------------------------------------------------------------------------------- 1 | upstream 2 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/sample/params-db-secret.env: -------------------------------------------------------------------------------- 1 | username=root 2 | password= 3 | -------------------------------------------------------------------------------- /cluster/gke/terraform.tfvars: -------------------------------------------------------------------------------- 1 | project_id = "REPLACE_ME" 2 | region = "us-central1" 3 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - Jeffwan 3 | - PatrickXYS 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - dtzar 3 | - eedorenko 4 | - sudivate -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/params.env: -------------------------------------------------------------------------------- 1 | dbHost=[SQLSERVERNAME].mysql.database.azure.com 2 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/secret.env: -------------------------------------------------------------------------------- 1 | username=YOUR_RDS_USERNAME 2 | password=YOUR_RDS_PASSWORD 3 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/.helmignore: -------------------------------------------------------------------------------- 1 | .git 2 | # OWNERS file for Kubernetes 3 | OWNERS 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/mysql-secret.env: -------------------------------------------------------------------------------- 1 | username=[SQLUSER]@[SQLSERVERNAME] 2 | password=[SQLPASS] -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - zijianjoy 3 | reviewers: 4 | - Bobgy 5 | - zijianjoy 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/secrets.env: -------------------------------------------------------------------------------- 1 | MYSQL_USER_NAME=root 2 | MYSQL_ROOT_PASSWORD=test -------------------------------------------------------------------------------- /flyte-sandbox/upstream/namespace-flyte.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: flyte 5 | 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/minio-gcs-gateway/minio-artifact-secret.env: -------------------------------------------------------------------------------- 1 | accesskey=minio 2 | secretkey=minio123 3 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-profile-controller/params.env: -------------------------------------------------------------------------------- 1 | DISABLE_ISTIO_SIDECAR=false 2 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/namespace-projectcontour.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: projectcontour 5 | 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/minio-artifact-secret-patch.env: -------------------------------------------------------------------------------- 1 | accesskey=YOUR_AWS_ACCESS_ID 2 | secretkey=YOUR_AWS_SECRET_KEY 3 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: data/artifactRepository 3 | kind: ConfigMap 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/params.env: -------------------------------------------------------------------------------- 1 | MYSQL_DATABASE=metadb 2 | MYSQL_PORT=3306 3 | MYSQL_ALLOW_EMPTY_PASSWORD=true -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/minio-azure-gateway/minio-artifact-secret.env: -------------------------------------------------------------------------------- 1 | accesskey=[STORAGEACCOUNTNAME] 2 | secretkey=[STORAGEACCOUNTKEY] -------------------------------------------------------------------------------- /flyte-sandbox/upstream/namespace-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: kubernetes-dashboard 5 | 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-profile-controller/requirements-dev.txt: -------------------------------------------------------------------------------- 1 | pytest 2 | pytest-lazy-fixture 3 | requests 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/crds/minimal/README.md: -------------------------------------------------------------------------------- 1 | # Minimal CRDs 2 | 3 | These CRDs omit schema validation. 4 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-envoy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: envoy 5 | namespace: projectcontour 6 | 7 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-flyteadmin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: flyteadmin 5 | namespace: flyte 6 | 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/grafana/grafana-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /grafana 4 | name: grafana 5 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-contour.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: contour 5 | namespace: projectcontour 6 | 7 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-datacatalog.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: datacatalog 5 | namespace: flyte 6 | 7 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-flytepropeller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: flytepropeller 5 | namespace: flyte 6 | 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/mysql/base/mysql-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /mysql 4 | name: mysql 5 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/ci/default-values.yaml: -------------------------------------------------------------------------------- 1 | # Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. 2 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-flyte-admin-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: flyte-admin-auth 5 | namespace: flyte 6 | type: Opaque 7 | 8 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-flyte-pod-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: flyte-pod-webhook 5 | namespace: flyte 6 | type: Opaque 7 | 8 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-flyte-pod-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: flyte-pod-webhook 5 | namespace: flyte 6 | 7 | -------------------------------------------------------------------------------- /kserve/upstream/secret-kserve-webhook-server-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: kserve-webhook-server-secret 5 | namespace: kserve 6 | 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/application/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - application.yaml 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-ui-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | name: ml-pipeline-ui 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/prometheus-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /prometheus 4 | name: prometheus 5 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-contour-certgen.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: contour-certgen 5 | namespace: projectcontour 6 | 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-apiserver-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/pipeline-runner-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /pipeline-runner 4 | name: pipeline-runner 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache/cache-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache 4 | name: kubeflow-pipelines-cache 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/cluster-scoped-resources/params.yaml: -------------------------------------------------------------------------------- 1 | # Allow Kustomize var to replace following fields. 2 | varReference: 3 | - path: metadata/name 4 | kind: Namespace 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/proxy-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /proxy-agent-runner 4 | name: proxy-agent-runner 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/sample/params.env: -------------------------------------------------------------------------------- 1 | appName=mypipeline 2 | bucketName=mybucketname 3 | gcsProjectId=myprojectid 4 | gcsCloudSqlInstanceName=myprojectid:myregion:myinstance 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /dex 4 | name: dex 5 | -------------------------------------------------------------------------------- /prometheus-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: prometheus-operator 5 | 6 | resources: 7 | - ./upstream 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/viewer-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-viewer 4 | name: kubeflow-pipelines-viewer 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/params.env: -------------------------------------------------------------------------------- 1 | dbHost=YOUR_RDS_ENDPOINT 2 | 3 | bucketName=YOUR_S3_BUCKET_NAME 4 | minioServiceHost=s3.amazonaws.com 5 | minioServiceRegion=YOUR_AWS_REGION 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/proxy-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /inverse-proxy-config 4 | name: inverse-proxy-config 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/application-controller-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /application 4 | name: application 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/metadata-grpc-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /metadata-grpc-server 4 | name: metadata-grpc-server 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minimal 5 | -------------------------------------------------------------------------------- /kserve/upstream/issuer-selfsigned-issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: selfsigned-issuer 5 | namespace: kserve 6 | spec: 7 | selfSigned: {} 8 | 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/options/istio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - istio-authorization-policy.yaml 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/mysql/options/istio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - istio-authorization-policy.yaml 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1 2 | kind: Kptfile 3 | metadata: 4 | name: argo 5 | info: 6 | description: argo Kptfile in order to ignore upstream/ folder. 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /argo-server 4 | name: argo-server 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/ci/dev-values.yaml: -------------------------------------------------------------------------------- 1 | master: 2 | persistence: 3 | enabled: false 4 | 5 | cluster: 6 | enabled: true 7 | slaveCount: 1 8 | 9 | usePassword: false 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/params.yaml: -------------------------------------------------------------------------------- 1 | # Allow Kustomize var to replace following fields. 2 | varReference: 3 | - path: spec/http/route/destination/host 4 | kind: VirtualService 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/cluster-scoped-resources/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: # kpt-merge: /$(kfp-cluster-scoped-namespace) 4 | name: '$(kfp-cluster-scoped-namespace)' 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /argo 4 | name: argo 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/containers/0/args/- 3 | value: --namespaced 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/metacontroller/base/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /meta-controller-service 4 | name: meta-controller-service 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/cluster-scoped/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - scheduled-workflow-crd.yaml 5 | - viewer-crd.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /spec/template/spec/containers/0/args/- 3 | value: --namespaced 4 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /github.com 4 | name: github.com 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-persistenceagent-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent 4 | name: ml-pipeline-persistenceagent 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-scheduledworkflow-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow 4 | name: ml-pipeline-scheduledworkflow 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-visualization-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline-visualizationserver 4 | name: ml-pipeline-visualizationserver 5 | -------------------------------------------------------------------------------- /cluster/gke/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = "3.52.0" 6 | } 7 | } 8 | 9 | required_version = ">= 0.14" 10 | } 11 | -------------------------------------------------------------------------------- /kserve/upstream/configmap-kserve-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | ingressGateway: knative-serving/knative-ingress-gateway 4 | kind: ConfigMap 5 | metadata: 6 | name: kserve-config 7 | namespace: kserve 8 | 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/generic/mysql-secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: # kpt-merge: /mysql-secret 4 | name: mysql-secret 5 | stringData: 6 | username: root 7 | password: "" 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/container-builder-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-container-builder 4 | name: kubeflow-pipelines-container-builder 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-cloudsql-proxy 4 | name: kubeflow-pipelines-cloudsql-proxy 5 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-db-pass-9dgchhk2bm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | pass.txt: YXdlc29tZXNhdWNl 4 | kind: Secret 5 | metadata: 6 | name: db-pass-9dgchhk2bm 7 | namespace: flyte 8 | type: Opaque 9 | 10 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-flyte-secret-auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: flyte-secret-auth 5 | namespace: flyte 6 | stringData: 7 | client_secret: foobar 8 | type: Opaque 9 | 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/metadata-writer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-role.yaml 5 | - cluster-role-binding.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/persistence-agent/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-role.yaml 5 | - cluster-role-binding.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/viewer-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-role.yaml 5 | - cluster-role-binding.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/params.env: -------------------------------------------------------------------------------- 1 | pipelineDb=pipelinedb 2 | mlmdDb=metadb 3 | cacheDb=cachedb 4 | bucketName=yourGcsBucketName 5 | gcsProjectId=yourGcsProjectId 6 | gcsCloudSqlInstanceName=yourCloudSqlInstanceName 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/installs/cluster/workflow-controller-clusterrolebinding-patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "replace", 4 | "path": "/subjects/0/namespace", 5 | "value": "kubeflow" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - crds 5 | - workflow-controller 6 | - argo-server 7 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: postgres 5 | namespace: flyte 6 | spec: 7 | ports: 8 | - port: 5432 9 | selector: 10 | app: postgres 11 | 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/metadata-writer/metadata-writer-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-metadata-writer 4 | name: kubeflow-pipelines-metadata-writer 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-viewer-crd-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /ml-pipeline-viewer-crd-service-account 4 | name: ml-pipeline-viewer-crd-service-account 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-minio-gcs-gateway 4 | name: kubeflow-pipelines-minio-gcs-gateway 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/crds/full/README.md: -------------------------------------------------------------------------------- 1 | # Full CRDs 2 | 3 | These CRDs have full schema validation. As a result, they are large and probably not suitable to be used in your cluster. 4 | -------------------------------------------------------------------------------- /knative/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: knative-serving 5 | 6 | resources: 7 | - ./core/upstream 8 | - ./crds/upstream 9 | - ./net-istio/upstream 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cluster-scoped/cache-deployer-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-deployer-sa 4 | name: kubeflow-pipelines-cache-deployer-sa 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/kfp-launcher-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /kfp-launcher 4 | name: kfp-launcher 5 | data: 6 | defaultPipelineRoot: $(kfp-default-pipeline-root) 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/api-service/params.env: -------------------------------------------------------------------------------- 1 | MULTIUSER=true 2 | DEFAULTPIPELINERUNNERSERVICEACCOUNT=default-editor 3 | VISUALIZATIONSERVICE_NAME=ml-pipeline-visualizationserver 4 | VISUALIZATIONSERVICE_PORT=8888 5 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/cloudsql-proxy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cloudsql-proxy-deployment.yaml 5 | - cloudsql-proxy-sa.yaml 6 | - mysql-service.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/installs/namespace/workflow-controller-deployment-patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "op": "add", 4 | "path": "/spec/template/spec/containers/0/args/-", 5 | "value": "--namespaced" 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/configmap-flyte-console-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | BASE_URL: /console 4 | CONFIG_DIR: /etc/flyte/config 5 | kind: ConfigMap 6 | metadata: 7 | name: flyte-console-config 8 | namespace: flyte 9 | 10 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/serviceaccount-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard 7 | namespace: kubernetes-dashboard 8 | 9 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/configmap-kubernetes-dashboard-settings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard-settings 7 | namespace: kubernetes-dashboard 8 | 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/scheduled-workflow/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | resources: 5 | - cluster-role.yaml 6 | - cluster-role-binding.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/options/istio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - istio-authorization-policy.yaml 5 | - destination-rule.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/cloudsql-proxy/mysql-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /mysql 4 | name: mysql 5 | spec: 6 | ports: 7 | - port: 3306 8 | selector: 9 | app: cloudsqlproxy 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-pns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../platform-agnostic 5 | patchesStrategicMerge: 6 | - workflow-controller-configmap-patch.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - ./workflow-controller-rbac 6 | - ./argo-server-rbac 7 | -------------------------------------------------------------------------------- /kserve/upstream/namespace-kserve.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: kserve-controller-manager 6 | controller-tools.k8s.io: "1.0" 7 | istio-injection: disabled 8 | name: kserve 9 | 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/cache/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: cache-server 5 | resources: 6 | - cluster-role.yaml 7 | - cluster-role-binding.yaml 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-emissary/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../platform-agnostic 5 | patchesStrategicMerge: 6 | - workflow-controller-configmap-patch.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /workflow-controller-configmap 4 | name: workflow-controller-configmap 5 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-user-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | password: bXl1c2Vy 4 | user_secret: bXlzZWNyZXQ= 5 | username: bXl1c2Vy 6 | kind: Secret 7 | metadata: 8 | name: user-info 9 | namespace: flyte 10 | type: Opaque 11 | 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argo-server-role.yaml 5 | - argo-server-rolebinding.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/mysql/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - mysql-deployment.yaml 5 | - mysql-pv-claim.yaml 6 | - mysql-service.yaml 7 | - mysql-serviceaccount.yaml 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | 5 | 6 | resources: 7 | - ./upstream/cluster-scoped-resources 8 | - ./upstream/env/platform-agnostic-pns 9 | - ./patches/ingress.yaml 10 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/ci/redisgraph-module-values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | registry: docker.io 3 | repository: redislabs/redisgraph 4 | tag: '1.0.0' 5 | 6 | master: 7 | command: "redis-server" 8 | 9 | slave: 10 | command: "redis-server" 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user-pns/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../platform-agnostic-multi-user 5 | patchesStrategicMerge: 6 | - workflow-controller-configmap-patch.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argo-server-deployment.yaml 5 | - argo-server-sa.yaml 6 | - argo-server-service.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argo-server-clusterole.yaml 5 | - argo-server-clusterolebinding.yaml 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-deployment.yaml 5 | - minio-pvc.yaml 6 | - minio-service.yaml 7 | - mlpipeline-minio-artifact-secret.yaml 8 | -------------------------------------------------------------------------------- /feast/feast-charts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | helmCharts: 4 | - name: feast 5 | repo: https://feast-helm-charts.storage.googleapis.com 6 | version: 0.19.3 7 | releaseName: feast-0.19.3 8 | namespace: feast 9 | -------------------------------------------------------------------------------- /feast/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: feast 5 | 6 | resources: 7 | - ./upstream 8 | 9 | secretGenerator: 10 | - name: feast-postgresql 11 | literals: 12 | - postgresql-password=admin 13 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-kubernetes-dashboard-key-holder.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard-key-holder 7 | namespace: kubernetes-dashboard 8 | type: Opaque 9 | 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user-emissary/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../platform-agnostic-multi-user 5 | patchesStrategicMerge: 6 | - workflow-controller-configmap-patch.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-deploy.yaml 5 | - minio-service.yaml 6 | - my-minio-cred-secret.yaml 7 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/base/mlpipeline-minio-artifact-secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: # kpt-merge: /mlpipeline-minio-artifact 4 | name: mlpipeline-minio-artifact 5 | stringData: 6 | accesskey: minio 7 | secretkey: minio123 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /dex 4 | name: dex 5 | spec: 6 | ports: 7 | - name: http 8 | port: 5556 9 | selector: 10 | app: dex 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache/cache-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /cache-server 4 | name: cache-server 5 | spec: 6 | selector: 7 | app: cache-server 8 | ports: 9 | - port: 443 10 | targetPort: webhook-api 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - workflow-controller-role.yaml 5 | - workflow-controller-rolebinding.yaml 6 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/secret-kubernetes-dashboard-csrf.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | csrf: "" 4 | kind: Secret 5 | metadata: 6 | labels: 7 | k8s-app: kubernetes-dashboard 8 | name: kubernetes-dashboard-csrf 9 | namespace: kubernetes-dashboard 10 | type: Opaque 11 | 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-ui/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | commonLabels: 5 | app: ml-pipeline-ui 6 | resources: 7 | - cluster-role.yaml 8 | - cluster-role-binding.yaml 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/base/minio-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: # kpt-merge: /minio-pvc 4 | name: minio-pvc 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 20Gi 11 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-flyteconsole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: flyteconsole 5 | namespace: flyte 6 | spec: 7 | ports: 8 | - port: 80 9 | protocol: TCP 10 | targetPort: 8080 11 | selector: 12 | app: flyteconsole 13 | 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - prometheus-deployment.yaml 5 | - prometheus-config-cluster.yaml 6 | - prometheus-service.yaml 7 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Feature store for machine learning 3 | home: https://feast.dev/ 4 | keywords: 5 | - machine learning 6 | - big data 7 | - mlops 8 | name: feast 9 | sources: 10 | - https://github.com/feast-dev/feast 11 | version: 0.19.3 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: # kpt-merge: /argo-server-sso 4 | name: argo-server-sso 5 | stringData: 6 | clientID: argo-server 7 | clientSecret: ZXhhbXBsZS1hcHAtc2VjcmV0 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/installs/namespace/cluster-scoped/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | # Minimal CRDs omit schema validation, recommended for production cluster. 5 | - ../../../upstream/manifests/base/crds/minimal 6 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/mysql/base/mysql-pv-claim.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: # kpt-merge: /mysql-pv-claim 4 | name: mysql-pv-claim 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 20Gi 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/metadata-db-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: # kpt-merge: /metadata-mysql 4 | name: metadata-mysql 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 10Gi 11 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/ci/extra-flags-values.yaml: -------------------------------------------------------------------------------- 1 | master: 2 | extraFlags: 3 | - --maxmemory-policy allkeys-lru 4 | persistence: 5 | enabled: false 6 | slave: 7 | extraFlags: 8 | - --maxmemory-policy allkeys-lru 9 | persistence: 10 | enabled: false 11 | usePassword: false 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/api-service/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cluster-role-binding.yaml 5 | - cluster-role.yaml 6 | configMapGenerator: 7 | - name: pipeline-api-server-config 8 | envs: 9 | - params.env 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/minio-gcs-gateway/minio-gcs-gateway-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /minio-service 4 | name: minio-service 5 | spec: 6 | ports: 7 | - port: 9000 8 | targetPort: 9000 9 | protocol: TCP 10 | selector: 11 | app: minio 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /prometheus 4 | name: prometheus 5 | spec: 6 | selector: 7 | app: prometheus 8 | ports: 9 | - name: metrics 10 | port: 9090 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - dex 6 | patchesStrategicMerge: 7 | - overlays/workflow-controller-configmap.yaml 8 | - overlays/argo-server-sa.yaml 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/base/minio-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /minio-service 4 | name: minio-service 5 | spec: 6 | ports: 7 | - name: http 8 | port: 9000 9 | protocol: TCP 10 | targetPort: 9000 11 | selector: 12 | app: minio 13 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-minio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: minio 5 | namespace: flyte 6 | spec: 7 | externalName: minio 8 | ports: 9 | - name: minio-api 10 | port: 9000 11 | - name: minio-console 12 | port: 9001 13 | selector: 14 | app: minio 15 | 16 | -------------------------------------------------------------------------------- /kserve/upstream/service-kserve-webhook-server-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: kserve-webhook-server-service 5 | namespace: kserve 6 | spec: 7 | ports: 8 | - port: 443 9 | targetPort: webhook-server 10 | selector: 11 | control-plane: kserve-controller-manager 12 | 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/minio-azure-gateway/minio-azure-gateway-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /minio-service 4 | name: minio-service 5 | spec: 6 | ports: 7 | - port: 9000 8 | targetPort: 9000 9 | protocol: TCP 10 | selector: 11 | app: minio 12 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/ci/redis-lib-values.yaml: -------------------------------------------------------------------------------- 1 | ## Redis library image 2 | ## ref: https://hub.docker.com/r/library/redis/ 3 | ## 4 | image: 5 | registry: docker.io 6 | repository: redis 7 | tag: '5.0.5' 8 | 9 | master: 10 | command: "redis-server" 11 | 12 | slave: 13 | command: "redis-server" 14 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/role-contour-certgen.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: contour-certgen 5 | namespace: projectcontour 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - secrets 11 | verbs: 12 | - create 13 | - update 14 | 15 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-contour.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: contour 5 | namespace: projectcontour 6 | spec: 7 | ports: 8 | - name: xds 9 | port: 8001 10 | protocol: TCP 11 | targetPort: 8001 12 | selector: 13 | app: contour 14 | type: ClusterIP 15 | 16 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | stringData: 3 | accesskey: admin 4 | secretkey: password 5 | kind: Secret 6 | metadata: # kpt-merge: /my-minio-cred 7 | name: my-minio-cred 8 | labels: 9 | app: minio 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | stringData: 3 | username: mysql 4 | password: password 5 | kind: Secret 6 | metadata: # kpt-merge: /argo-mysql-config 7 | name: argo-mysql-config 8 | labels: 9 | app: mysql 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/transformation-service/config/feature_store.yaml: -------------------------------------------------------------------------------- 1 | registry: 2 | path: {{ .Values.global.registry.path }} 3 | cache_ttl_seconds: {{ .Values.global.registry.cache_ttl_seconds }} 4 | provider: local 5 | project: {{ .Values.global.project }} 6 | flags: 7 | on_demand_transforms: true 8 | alpha_features: true -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-minio-direct.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: minio 6 | name: minio-direct 7 | namespace: flyte 8 | spec: 9 | ports: 10 | - nodePort: 30084 11 | port: 9000 12 | protocol: TCP 13 | selector: 14 | app: minio 15 | type: NodePort 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /argo-server 4 | name: argo-server 5 | spec: 6 | selector: 7 | app: argo-server 8 | ports: 9 | - name: web 10 | port: 2746 11 | targetPort: 2746 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - submit-workflow-template-role.yaml 5 | - github.com-sa.yaml 6 | - github.com-rolebinding.yaml 7 | - argo-workflows-webhook-clients-secret.yaml 8 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/feature-server/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v0.19.3 3 | description: 'Feast Feature Server: Online feature serving service for Feast' 4 | home: https://github.com/feast-dev/feast 5 | keywords: 6 | - machine learning 7 | - big data 8 | - mlops 9 | name: feature-server 10 | version: 0.19.3 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - workflow-controller-configmap.yaml 5 | - workflow-controller-deployment.yaml 6 | - workflow-controller-sa.yaml 7 | - workflow-controller-metrics-service.yaml 8 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/transformation-service/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: v0.19.3 3 | description: 'Transformation service: to compute on-demand features' 4 | home: https://github.com/feast-dev/feast 5 | keywords: 6 | - machine learning 7 | - big data 8 | - mlops 9 | name: transformation-service 10 | version: 0.19.3 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/generic/params.yaml: -------------------------------------------------------------------------------- 1 | # Allow Kustomize var to replace following fields. 2 | varReference: 3 | - path: data/config 4 | kind: ConfigMap 5 | - path: data/defaultPipelineRoot 6 | kind: ConfigMap 7 | - path: metadata/name 8 | kind: Application 9 | - path: spec/descriptor/version 10 | kind: Application 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/proxy-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /proxy-agent-runner 4 | labels: 5 | app: proxy-agent-runner 6 | name: proxy-agent-runner 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - configmaps 12 | verbs: 13 | - '*' 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /dex 4 | name: dex 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - secrets 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/grafana/grafana-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /grafana 4 | labels: 5 | app: grafana 6 | name: grafana 7 | spec: 8 | selector: 9 | app: grafana 10 | ports: 11 | - name: grafanaui 12 | protocol: TCP 13 | port: 3000 14 | targetPort: 3000 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/grafana/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - grafana-deployment.yaml 5 | - grafana-service.yaml 6 | - grafana-role.yaml 7 | - grafana-sa.yaml 8 | - grafana-rolebinding.yaml 9 | images: 10 | - name: grafana/grafana 11 | newTag: 5.3.4 12 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/feature-server/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.http.enabled -}} 2 | {{ template "feast.ingress" (list . "serving" "http" .Values.ingress.http) }} 3 | {{- end }} 4 | --- 5 | {{ if .Values.ingress.grpc.enabled -}} 6 | {{ template "feast.ingress" (list . "serving" "grpc" .Values.ingress.grpc) }} 7 | {{- end }} 8 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-postgres-direct.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: postgres 6 | name: postgres-direct 7 | namespace: flyte 8 | spec: 9 | ports: 10 | - nodePort: 30083 11 | port: 5432 12 | protocol: TCP 13 | selector: 14 | app: postgres 15 | type: NodePort 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-profile-controller/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /kubeflow-pipelines-profile-controller 4 | name: kubeflow-pipelines-profile-controller 5 | spec: 6 | ports: 7 | - name: http 8 | port: 80 9 | protocol: TCP 10 | targetPort: 8080 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /mysql 4 | name: mysql 5 | labels: 6 | app: mysql 7 | spec: 8 | selector: 9 | app: mysql 10 | ports: 11 | - protocol: TCP 12 | port: 3306 13 | targetPort: 3306 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | stringData: 3 | username: postgres 4 | password: password 5 | kind: Secret 6 | metadata: # kpt-merge: /argo-postgres-config 7 | name: argo-postgres-config 8 | labels: 9 | app: postgres 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /minio 4 | name: minio 5 | labels: 6 | app: minio 7 | spec: 8 | selector: 9 | app: minio 10 | ports: 11 | - protocol: TCP 12 | port: 9000 13 | targetPort: 9000 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /dex 4 | name: dex 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: dex 9 | subjects: 10 | - kind: ServiceAccount 11 | name: dex 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/metadata-grpc-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /metadata-grpc-configmap 4 | name: metadata-grpc-configmap 5 | labels: 6 | component: metadata-grpc-server 7 | data: 8 | METADATA_GRPC_SERVICE_HOST: "metadata-grpc-service" 9 | METADATA_GRPC_SERVICE_PORT: "8080" 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/options/istio/destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: # kpt-merge: /metadata-grpc-service 4 | name: metadata-grpc-service 5 | spec: 6 | host: metadata-grpc-service.kubeflow.svc.cluster.local 7 | trafficPolicy: 8 | tls: 9 | mode: ISTIO_MUTUAL 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - application-controller-deployment.yaml 5 | - application-controller-role.yaml 6 | - application-controller-rolebinding.yaml 7 | - application-controller-sa.yaml 8 | - application-controller-service.yaml 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/prometheus-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /prometheus 4 | labels: 5 | app: prometheus 6 | name: prometheus 7 | spec: 8 | selector: 9 | app: prometheus 10 | ports: 11 | - name: promui 12 | protocol: TCP 13 | port: 9090 14 | targetPort: 9090 15 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-contour.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: contour 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: contour 9 | subjects: 10 | - kind: ServiceAccount 11 | name: contour 12 | namespace: projectcontour 13 | 14 | -------------------------------------------------------------------------------- /knative/core/upstream/serviceaccount-controller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: controller 5 | namespace: knative-serving 6 | labels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: knative-serving 9 | app.kubernetes.io/version: "1.3.0" 10 | serving.knative.dev/release: "v1.3.0" 11 | 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-profile-controller/run_tests.sh: -------------------------------------------------------------------------------- 1 | # Build venv with required packages 2 | VENV=".venv" 3 | PYTHON_VENV="${VENV}/bin/python" 4 | python -m venv $VENV 5 | $PYTHON_VENV -m pip install -U pip 6 | $PYTHON_VENV -m pip install -r requirements-dev.txt 7 | 8 | # Run tests 9 | $PYTHON_VENV -m pytest ./test_sync.py 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/metadata-db-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /metadata-db 4 | name: metadata-db 5 | labels: 6 | component: db 7 | spec: 8 | type: ClusterIP 9 | ports: 10 | - port: 3306 11 | protocol: TCP 12 | name: dbapi 13 | selector: 14 | component: db 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-ui-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /ml-pipeline-ui-configmap 4 | name: ml-pipeline-ui-configmap 5 | data: 6 | viewer-pod-template.json: |- 7 | { 8 | "spec": { 9 | "serviceAccountName": "kubeflow-pipelines-viewer" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-ui-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | labels: 5 | app: ml-pipeline-ui 6 | name: ml-pipeline-ui 7 | spec: 8 | ports: 9 | - name: http 10 | protocol: TCP 11 | port: 80 12 | targetPort: 3000 13 | selector: 14 | app: ml-pipeline-ui 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/options/istio/istio-authorization-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: # kpt-merge: /metadata-grpc-service 4 | name: metadata-grpc-service 5 | spec: 6 | action: ALLOW 7 | selector: 8 | matchLabels: 9 | component: metadata-grpc-server 10 | rules: 11 | - {} 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - argo-mysql-config-secret.yaml 6 | - mysql-deployment.yaml 7 | - mysql-service.yaml 8 | patchesStrategicMerge: 9 | - overlays/workflow-controller-configmap.yaml 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /postgres 4 | name: postgres 5 | labels: 6 | app: postgres 7 | spec: 8 | selector: 9 | app: postgres 10 | ports: 11 | - protocol: TCP 12 | port: 5432 13 | targetPort: 5432 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | "app.kubernetes.io/part-of": "dex" 5 | resources: 6 | - dex-cm.yaml 7 | - dex-role.yaml 8 | - dex-sa.yaml 9 | - dex-rb.yaml 10 | - dex-deploy.yaml 11 | - dev-svc.yaml 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/mysql/base/mysql-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /mysql 4 | name: mysql 5 | spec: 6 | ports: 7 | - # We cannot have name: mysql here, because some requests through istio fail with it. 8 | port: 3306 9 | protocol: TCP 10 | targetPort: 3306 11 | selector: 12 | app: mysql 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | images: 4 | - name: gcr.io/ml-pipeline/inverse-proxy-agent 5 | newTag: 1.8.1 6 | resources: 7 | - proxy-configmap.yaml 8 | - proxy-deployment.yaml 9 | - proxy-role.yaml 10 | - proxy-rolebinding.yaml 11 | - proxy-sa.yaml 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: # kpt-merge: /argo-server 4 | name: argo-server 5 | annotations: 6 | workflows.argoproj.io/rbac-rule: "'authors' in groups && email == 'kilgore@kilgore.trout'" 7 | workflows.argoproj.io/rbac-rule-precedence: "1" 8 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - prometheus-configmap.yaml 5 | - prometheus-sa.yaml 6 | - prometheus-role.yaml 7 | - prometheus-rolebinding.yaml 8 | - prometheus-service.yaml 9 | - prometheus-deployment.yaml 10 | images: 11 | - name: prom/prometheus 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-dashboard-metrics-scraper.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | k8s-app: dashboard-metrics-scraper 6 | name: dashboard-metrics-scraper 7 | namespace: kubernetes-dashboard 8 | spec: 9 | ports: 10 | - port: 8000 11 | targetPort: 8000 12 | selector: 13 | k8s-app: dashboard-metrics-scraper 14 | 15 | -------------------------------------------------------------------------------- /kserve/upstream/serviceaccount-kserve-controller-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/instance: kserve-controller-manager 6 | app.kubernetes.io/managed-by: kserve-controller-manager 7 | app.kubernetes.io/name: kserve-controller-manager 8 | name: kserve-controller-manager 9 | namespace: kserve 10 | 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/grafana/grafana-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /grafana 4 | labels: 5 | app: grafana 6 | name: grafana 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: grafana 11 | subjects: 12 | - kind: ServiceAccount 13 | name: grafana 14 | -------------------------------------------------------------------------------- /prometheus-operator/upstream/serviceaccount-prometheus-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | automountServiceAccountToken: false 3 | kind: ServiceAccount 4 | metadata: 5 | labels: 6 | app.kubernetes.io/component: controller 7 | app.kubernetes.io/name: prometheus-operator 8 | app.kubernetes.io/version: 0.55.1 9 | name: prometheus-operator 10 | namespace: default 11 | 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cache-deployer-role.yaml 5 | - cache-deployer-rolebinding.yaml 6 | - cache-deployer-deployment.yaml 7 | commonLabels: 8 | app: cache-deployer 9 | images: 10 | - name: gcr.io/ml-pipeline/cache-deployer 11 | newTag: 1.8.1 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/cache/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /cache-server 4 | name: cache-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: server 10 | env: 11 | - name: NAMESPACE_TO_WATCH 12 | value: '' 13 | valueFrom: null 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-visualization-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /ml-pipeline-visualizationserver 4 | name: ml-pipeline-visualizationserver 5 | spec: 6 | ports: 7 | - name: http 8 | port: 8888 9 | protocol: TCP 10 | targetPort: 8888 11 | selector: 12 | app: ml-pipeline-visualizationserver 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - argo-postgres-config-secret.yaml 6 | - postgres-deployment.yaml 7 | - postgres-service.yaml 8 | patchesStrategicMerge: 9 | - overlays/workflow-controller-configmap.yaml 10 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/rolebinding-contour.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: contour 5 | namespace: projectcontour 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: contour-certgen 10 | subjects: 11 | - kind: ServiceAccount 12 | name: contour-certgen 13 | namespace: projectcontour 14 | 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ml-pipeline 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/metadata-writer/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - metadata-writer-deployment.yaml 5 | - metadata-writer-role.yaml 6 | - metadata-writer-rolebinding.yaml 7 | - metadata-writer-sa.yaml 8 | images: 9 | - name: gcr.io/ml-pipeline/metadata-writer 10 | newTag: 1.8.1 11 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/metadata-envoy-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: # kpt-merge: /metadata-envoy-service 4 | labels: 5 | app: metadata-envoy 6 | name: metadata-envoy-service 7 | spec: 8 | selector: 9 | component: metadata-envoy 10 | type: ClusterIP 11 | ports: 12 | - port: 9090 13 | protocol: TCP 14 | name: md-envoy 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/metadata-grpc-service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: # kpt-merge: /metadata-grpc-service 4 | labels: 5 | app: metadata 6 | name: metadata-grpc-service 7 | spec: 8 | selector: 9 | component: metadata-grpc-server 10 | type: ClusterIP 11 | ports: 12 | - port: 8080 13 | protocol: TCP 14 | name: grpc-api 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/pipeline-runner-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /pipeline-runner-binding 4 | name: pipeline-runner-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: pipeline-runner 9 | subjects: 10 | - kind: ServiceAccount 11 | name: pipeline-runner 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-flyte-pod-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | projectcontour.io/upstream-protocol.h2c: grpc 6 | name: flyte-pod-webhook 7 | namespace: flyte 8 | spec: 9 | ports: 10 | - name: https 11 | port: 443 12 | protocol: TCP 13 | targetPort: 9443 14 | selector: 15 | app: flyte-pod-webhook 16 | 17 | -------------------------------------------------------------------------------- /knative/core/upstream/secret-webhook-certs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: webhook-certs 5 | namespace: knative-serving 6 | labels: 7 | app.kubernetes.io/component: webhook 8 | app.kubernetes.io/name: knative-serving 9 | app.kubernetes.io/version: "1.3.0" 10 | serving.knative.dev/release: "v1.3.0" 11 | # The data is populated at install time. 12 | 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cache-deployment.yaml 5 | - cache-service.yaml 6 | - cache-role.yaml 7 | - cache-rolebinding.yaml 8 | - cache-sa.yaml 9 | commonLabels: 10 | app: cache-server 11 | images: 12 | - name: gcr.io/ml-pipeline/cache-server 13 | newTag: 1.8.1 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/metadata-writer/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /metadata-writer 4 | name: metadata-writer 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: main 10 | env: 11 | - name: NAMESPACE_TO_WATCH 12 | value: '' 13 | valueFrom: null 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - workflow-aggregate-roles.yaml 5 | - workflow-controller-clusterrole.yaml 6 | - workflow-controller-clusterrolebinding.yaml 7 | - workflow-controller-role.yaml 8 | - workflow-controller-rolebinding.yaml 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/prometheus-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /prometheus 4 | labels: 5 | app: prometheus 6 | name: prometheus 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: prometheus 11 | subjects: 12 | - kind: ServiceAccount 13 | name: prometheus 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-ui/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | name: ml-pipeline-ui 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ml-pipeline-ui 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-ui 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrole-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard 7 | rules: 8 | - apiGroups: 9 | - metrics.k8s.io 10 | resources: 11 | - pods 12 | - nodes 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | 18 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-flyteadmin-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: flyteadmin-binding 5 | namespace: flyte 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: flyteadmin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: flyteadmin 13 | namespace: flyte 14 | 15 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-flytepropeller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1beta1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: flytepropeller 5 | namespace: flyte 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: flytepropeller 10 | subjects: 11 | - kind: ServiceAccount 12 | name: flytepropeller 13 | namespace: flyte 14 | 15 | -------------------------------------------------------------------------------- /kserve/upstream/clusterrolebinding-kserve-proxy-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kserve-proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kserve-proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kserve-controller-manager 12 | namespace: kserve 13 | 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-apiserver-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /ml-pipeline 4 | labels: 5 | app: ml-pipeline 6 | name: ml-pipeline 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: ml-pipeline 11 | subjects: 12 | - kind: ServiceAccount 13 | name: ml-pipeline 14 | -------------------------------------------------------------------------------- /kserve/upstream/clusterrolebinding-kserve-manager-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kserve-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kserve-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kserve-controller-manager 12 | namespace: kserve 13 | 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-ui-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | labels: 5 | app: ml-pipeline-ui 6 | name: ml-pipeline-ui 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: ml-pipeline-ui 11 | subjects: 12 | - kind: ServiceAccount 13 | name: ml-pipeline-ui 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /kubelet-executor 4 | name: kubelet-executor 5 | rules: 6 | # This allows the kubelet executor. 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - nodes/proxy 11 | verbs: 12 | - get 13 | -------------------------------------------------------------------------------- /feast/upstream/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - configmap-feast-0.19.3-feature-server.yaml 5 | - deployment-feast-0.19.3-feature-server.yaml 6 | - deployment-feast-0.19.3-transformation-service.yaml 7 | - secret-feast-0.19.3-feature-server.yaml 8 | - service-feast-0.19.3-feature-server.yaml 9 | - service-feast-0.19.3-transformation-service.yaml 10 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-flyte-pod-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: flyte-pod-webhook 5 | namespace: flyte 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: flyte-pod-webhook 10 | subjects: 11 | - kind: ServiceAccount 12 | name: flyte-pod-webhook 13 | namespace: flyte 14 | 15 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kubernetes-dashboard 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kubernetes-dashboard 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubernetes-dashboard 12 | namespace: kubernetes-dashboard 13 | 14 | -------------------------------------------------------------------------------- /kserve/upstream/certificate-serving-cert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: serving-cert 5 | namespace: kserve 6 | spec: 7 | commonName: kserve-webhook-server-service.kserve.svc 8 | dnsNames: 9 | - kserve-webhook-server-service.kserve.svc 10 | issuerRef: 11 | kind: Issuer 12 | name: selfsigned-issuer 13 | secretName: kserve-webhook-server-cert 14 | 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache/cache-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-binding 4 | name: kubeflow-pipelines-cache-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: kubeflow-pipelines-cache-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-cache 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argoproj.io_clusterworkflowtemplates.yaml 5 | - argoproj.io_cronworkflows.yaml 6 | - argoproj.io_workflows.yaml 7 | - argoproj.io_workflowtemplates.yaml 8 | - argoproj.io_workfloweventbindings.yaml 9 | - argoproj.io_workflowtasksets.yaml 10 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrolebinding-kubernetes-dashboard-admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kubernetes-dashboard-admin 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubernetes-dashboard 12 | namespace: kubernetes-dashboard 13 | 14 | -------------------------------------------------------------------------------- /kserve/upstream/rolebinding-leader-election-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | namespace: kserve 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: Role 9 | name: leader-election-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: kserve-controller-manager 13 | namespace: kserve 14 | 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - argoproj.io_clusterworkflowtemplates.yaml 5 | - argoproj.io_cronworkflows.yaml 6 | - argoproj.io_workflows.yaml 7 | - argoproj.io_workflowtemplates.yaml 8 | - argoproj.io_workfloweventbindings.yaml 9 | - argoproj.io_workflowtasksets.yaml 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /argo-binding 4 | name: argo-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: argo-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: argo 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /argo-binding 4 | name: argo-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: argo-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: argo 12 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/redis-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "redis.serviceAccountName" . }} 6 | labels: 7 | app: {{ template "redis.name" . }} 8 | chart: {{ template "redis.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrole-flyte-pod-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: flyte-pod-webhook 5 | namespace: flyte 6 | rules: 7 | - apiGroups: 8 | - '*' 9 | resources: 10 | - mutatingwebhookconfigurations 11 | - secrets 12 | - pods 13 | verbs: 14 | - get 15 | - create 16 | - update 17 | - patch 18 | 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /workflow-default-binding 4 | name: workflow-default-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: workflow-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/proxy-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /proxy-agent-runner 4 | labels: 5 | app: proxy-agent-runner 6 | name: proxy-agent-runner 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: proxy-agent-runner 11 | subjects: 12 | - kind: ServiceAccount 13 | name: proxy-agent-runner 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/application-controller-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /application-manager-rolebinding 4 | name: application-manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: application-manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: application 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /argo-server-binding 4 | name: argo-server-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: argo-server-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: argo-server 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/sample/cluster-scoped-resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | # !!! If you want to customize the namespace, 4 | # please also update sample/kustomization.yaml's namespace field to the same value 5 | namespace: kubeflow 6 | bases: 7 | # Or github.com/kubeflow/pipelines/manifests/kustomize/cluster-scoped-resources?ref=1.0.0 8 | - ../../cluster-scoped-resources 9 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/persistence-agent/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent 4 | name: ml-pipeline-persistenceagent 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ml-pipeline-persistenceagent 10 | env: 11 | - name: NAMESPACE 12 | value: '' 13 | valueFrom: null 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - metadata-grpc-configmap.yaml 5 | - metadata-grpc-deployment.yaml 6 | - metadata-grpc-service.yaml 7 | - metadata-envoy-deployment.yaml 8 | - metadata-envoy-service.yaml 9 | - metadata-grpc-sa.yaml 10 | images: 11 | - name: gcr.io/ml-pipeline/metadata-envoy 12 | newTag: 1.8.1 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /github.com 4 | name: github.com 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: submit-workflow-template 9 | subjects: 10 | - kind: ServiceAccount 11 | name: github.com 12 | namespace: argo 13 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/customresourcedefinition-flyteworkflows.flyte.lyft.com.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1beta1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: flyteworkflows.flyte.lyft.com 5 | spec: 6 | group: flyte.lyft.com 7 | names: 8 | kind: FlyteWorkflow 9 | plural: flyteworkflows 10 | shortNames: 11 | - fly 12 | singular: flyteworkflow 13 | scope: Namespaced 14 | version: v1alpha1 15 | 16 | -------------------------------------------------------------------------------- /hack/deploy_mlops.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | 5 | # FUNCTIONS 6 | 7 | deploy(){ 8 | local app=$1 9 | kubectl apply -n argocd -f argocd/applications/${app}.yaml 10 | 11 | kubectl delete secret -A -l owner=helm,name=${app} 12 | } 13 | 14 | deploy feast 15 | #deploy flyte 16 | deploy kubeflow-pipelines 17 | deploy knative-serving-core 18 | deploy knative-serving-crds 19 | # deploy knative-serving-net-istio 20 | deploy kserve 21 | -------------------------------------------------------------------------------- /knative/core/upstream/clusterrole-knative-serving-admin.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: knative-serving-admin 5 | labels: 6 | app.kubernetes.io/name: knative-serving 7 | app.kubernetes.io/version: "1.3.0" 8 | serving.knative.dev/release: "v1.3.0" 9 | aggregationRule: 10 | clusterRoleSelectors: 11 | - matchLabels: 12 | serving.knative.dev/controller: "true" 13 | 14 | -------------------------------------------------------------------------------- /kserve/upstream/clusterrole-kserve-proxy-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: kserve-proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/application-controller-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /controller-manager-service 4 | name: controller-manager-service 5 | labels: 6 | control-plane: controller-manager 7 | controller-tools.k8s.io: "1.0" 8 | spec: 9 | selector: 10 | control-plane: controller-manager 11 | controller-tools.k8s.io: "1.0" 12 | ports: 13 | - port: 443 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/metacontroller/base/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /meta-controller-cluster-role-binding 4 | name: meta-controller-cluster-role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: ServiceAccount 11 | name: meta-controller-service 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard 7 | namespace: kubernetes-dashboard 8 | spec: 9 | ports: 10 | - name: http 11 | nodePort: 30082 12 | port: 80 13 | protocol: TCP 14 | targetPort: 9090 15 | selector: 16 | k8s-app: kubernetes-dashboard 17 | type: NodePort 18 | 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-viewer-crd-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-viewer-crd-binding 4 | name: ml-pipeline-viewer-crd-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: ml-pipeline-viewer-controller-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-viewer-crd-service-account 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/cache/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-binding 4 | name: kubeflow-pipelines-cache-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kubeflow-pipelines-cache-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-cache 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/minio-azure-gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-azure-gateway-deployment.yaml 5 | - minio-azure-gateway-service.yaml 6 | secretGenerator: 7 | - name: mlpipeline-minio-artifact 8 | env: minio-artifact-secret.env 9 | generatorOptions: 10 | # mlpipeline-minio-artifact needs to be referred by exact name 11 | disableNameSuffixHash: true 12 | -------------------------------------------------------------------------------- /feast/upstream/secret-feast-0.19.3-feature-server.yaml: -------------------------------------------------------------------------------- 1 | # Source: feast/charts/feature-server/templates/secret.yaml 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: feast-0.19.3-feature-server 6 | namespace: feast 7 | labels: 8 | app: feature-server 9 | component: serving 10 | chart: feature-server-0.19.3 11 | release: feast-0.19.3 12 | heritage: Helm 13 | type: Opaque 14 | stringData: 15 | application-secret.yaml: "" 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-persistenceagent-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent-binding 4 | name: ml-pipeline-persistenceagent-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: ml-pipeline-persistenceagent-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-persistenceagent 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cache-deployer-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-deployer-role 4 | labels: 5 | app: kubeflow-pipelines-cache-deployer-role 6 | name: kubeflow-pipelines-cache-deployer-role 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - secrets 12 | verbs: 13 | - create 14 | - delete 15 | - get 16 | - patch 17 | - list 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-scheduledworkflow-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow-binding 4 | name: ml-pipeline-scheduledworkflow-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: ml-pipeline-scheduledworkflow-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-scheduledworkflow 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/cluster-scoped/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - application-crd.yaml 5 | 6 | # Update application CRD: 7 | # Copy the upstream file to application-crd.yaml of the current folder. 8 | # Upstream file: https://github.com/kubernetes-sigs/application/blob/master/config/crd/bases/app.k8s.io_applications.yaml 9 | # Keep label controller-tools.k8s.io. 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../upstream/manifests/base/workflow-controller 5 | patchesStrategicMerge: 6 | - workflow-controller-deployment-patch.yaml 7 | - workflow-controller-configmap-patch.yaml 8 | # Allow Kustomize vars to replace fields defined in params.yaml. 9 | # The vars can be defined anywhere. 10 | configurations: 11 | - params.yaml 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-datacatalog.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | contour.heptio.com/upstream-protocol.h2c: grpc 6 | name: datacatalog 7 | namespace: flyte 8 | spec: 9 | ports: 10 | - name: http 11 | port: 88 12 | protocol: TCP 13 | targetPort: 8088 14 | - name: grpc 15 | port: 89 16 | protocol: TCP 17 | targetPort: 8089 18 | selector: 19 | app: datacatalog 20 | 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /workflow-controller-metrics 4 | name: workflow-controller-metrics 5 | labels: 6 | app: workflow-controller 7 | spec: 8 | selector: 9 | app: workflow-controller 10 | ports: 11 | - name: metrics 12 | port: 9090 13 | targetPort: 9090 14 | protocol: TCP 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /argo-binding 4 | name: argo-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: argo-cluster-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: argo 12 | namespace: argo 13 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /prometheus-config 4 | name: prometheus-config 5 | data: 6 | prometheus.yaml: | 7 | global: 8 | scrape_interval: 15s 9 | scrape_configs: 10 | - job_name: 'argo' 11 | static_configs: 12 | - targets: ['workflow-controller-metrics:9090', 'argo-server:2746'] 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/grafana/grafana-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /grafana 4 | labels: 5 | app: grafana 6 | name: grafana 7 | rules: 8 | - apiGroups: [""] 9 | resources: 10 | - nodes 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: 16 | - extensions 17 | resources: 18 | - ingresses 19 | verbs: ["get", "list", "watch"] 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cache-deployer-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-deployer-rolebinding 4 | name: kubeflow-pipelines-cache-deployer-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: kubeflow-pipelines-cache-deployer-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-cache-deployer-sa 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/persistence-agent/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent-binding 4 | name: ml-pipeline-persistenceagent-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ml-pipeline-persistenceagent-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-persistenceagent 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/viewer-controller/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-viewer-crd-binding 4 | name: ml-pipeline-viewer-crd-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ml-pipeline-viewer-controller-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-viewer-crd-service-account 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/viewer-controller/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline-viewer-crd 4 | name: ml-pipeline-viewer-crd 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ml-pipeline-viewer-crd 10 | env: 11 | - name: NAMESPACE 12 | value: '' # Empty namespace let viewer controller watch all namespaces 13 | valueFrom: null 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/minio-gcs-gateway/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - minio-gcs-gateway-deployment.yaml 5 | - minio-gcs-gateway-sa.yaml 6 | - minio-gcs-gateway-service.yaml 7 | secretGenerator: 8 | - name: mlpipeline-minio-artifact 9 | env: minio-artifact-secret.env 10 | generatorOptions: 11 | # mlpipeline-minio-artifact needs to be referred by exact name 12 | disableNameSuffixHash: true 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /kubelet-executor-default 4 | name: kubelet-executor-default 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kubelet-executor 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: argo 13 | -------------------------------------------------------------------------------- /kserve/upstream/service-kserve-controller-manager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: kserve-controller-manager 6 | controller-tools.k8s.io: "1.0" 7 | name: kserve-controller-manager-service 8 | namespace: kserve 9 | spec: 10 | ports: 11 | - port: 8443 12 | protocol: TCP 13 | targetPort: https 14 | selector: 15 | control-plane: kserve-controller-manager 16 | controller-tools.k8s.io: "1.0" 17 | 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-ui/configmap-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /ml-pipeline-ui-configmap 4 | name: ml-pipeline-ui-configmap 5 | data: 6 | # Temporary workarounds: 7 | # 1. Using default-editor because default-viewer isn't bound to workload identity 8 | viewer-pod-template.json: |- 9 | { 10 | "spec": { 11 | "serviceAccountName": "default-editor" 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/scheduled-workflow/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow-binding 4 | name: ml-pipeline-scheduledworkflow-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: ml-pipeline-scheduledworkflow-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: ml-pipeline-scheduledworkflow 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/metadata-writer/metadata-writer-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-metadata-writer-binding 4 | name: kubeflow-pipelines-metadata-writer-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: kubeflow-pipelines-metadata-writer-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-metadata-writer 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /argo-server-binding 4 | name: argo-server-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: argo-server-cluster-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: argo-server 12 | namespace: argo 13 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/rolebinding-kubernetes-dashboard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | name: kubernetes-dashboard 7 | namespace: kubernetes-dashboard 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: Role 11 | name: kubernetes-dashboard 12 | subjects: 13 | - kind: ServiceAccount 14 | name: kubernetes-dashboard 15 | namespace: kubernetes-dashboard 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/prometheus-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /prometheus 4 | labels: 5 | app: prometheus 6 | name: prometheus 7 | rules: 8 | - apiGroups: [""] 9 | resources: 10 | - nodes 11 | - services 12 | - endpoints 13 | - pods 14 | verbs: ["get", "list", "watch"] 15 | - apiGroups: 16 | - extensions 17 | resources: 18 | - ingresses 19 | verbs: ["get", "list", "watch"] 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cluster-scoped/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - cache-deployer-clusterrole.yaml 5 | - cache-deployer-clusterrolebinding.yaml 6 | # HACK: although a service account(SA) is not a cluster-scoped resource. 7 | # Presence of a SA referred by a clusterrolebinding allows kustomize to auto-add 8 | # namespace for the clusterrolebinding's SA ref. 9 | - cache-deployer-sa.yaml 10 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /argo-server 4 | name: argo-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: argo-server 10 | args: 11 | - server 12 | - --namespaced 13 | - --auth-mode 14 | - server 15 | - --auth-mode 16 | - client 17 | -------------------------------------------------------------------------------- /cluster/gke/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | load_config_file = "false" 3 | 4 | host = google_container_cluster.primary.endpoint 5 | username = var.gke_username 6 | password = var.gke_password 7 | 8 | client_certificate = google_container_cluster.primary.master_auth.0.client_certificate 9 | client_key = google_container_cluster.primary.master_auth.0.client_key 10 | cluster_ca_certificate = google_container_cluster.primary.master_auth.0.cluster_ca_certificate 11 | } 12 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/metadata-writer/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-metadata-writer-binding 4 | name: kubeflow-pipelines-metadata-writer-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kubeflow-pipelines-metadata-writer-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-metadata-writer 12 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-envoy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp 6 | name: envoy 7 | namespace: projectcontour 8 | spec: 9 | externalTrafficPolicy: Local 10 | ports: 11 | - name: http 12 | nodePort: 30081 13 | port: 80 14 | protocol: TCP 15 | - name: https 16 | port: 443 17 | protocol: TCP 18 | selector: 19 | app: envoy 20 | type: NodePort 21 | 22 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/ingress-minio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | annotations: 5 | nginx.ingress.kubernetes.io/ssl-redirect: "false" 6 | name: minio 7 | namespace: flyte 8 | spec: 9 | rules: 10 | - http: 11 | paths: 12 | - backend: 13 | service: 14 | name: minio 15 | port: 16 | number: 9001 17 | path: /minio 18 | pathType: ImplementationSpecific 19 | 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1 2 | kind: Kptfile 3 | metadata: 4 | name: upstream 5 | upstream: 6 | type: git 7 | git: 8 | repo: https://github.com/kubeflow/pipelines 9 | directory: /manifests/kustomize 10 | ref: 1.8.1 11 | updateStrategy: resource-merge 12 | upstreamLock: 13 | type: git 14 | git: 15 | repo: https://github.com/kubeflow/pipelines 16 | directory: /manifests/kustomize 17 | ref: 1.8.1 18 | commit: 04b401258ddf87fc65684c3f4cac78e7e071f9ff 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent-role 4 | name: ml-pipeline-persistenceagent-role 5 | rules: 6 | - apiGroups: 7 | - argoproj.io 8 | resources: 9 | - workflows 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - kubeflow.org 16 | resources: 17 | - scheduledworkflows 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | -------------------------------------------------------------------------------- /cluster/gke/outputs.tf: -------------------------------------------------------------------------------- 1 | output "region" { 2 | value = var.region 3 | description = "GCloud Region" 4 | } 5 | 6 | output "project_id" { 7 | value = var.project_id 8 | description = "GCloud Project ID" 9 | } 10 | 11 | output "kubernetes_cluster_name" { 12 | value = google_container_cluster.primary.name 13 | description = "GKE Cluster Name" 14 | } 15 | 16 | output "kubernetes_cluster_host" { 17 | value = google_container_cluster.primary.endpoint 18 | description = "GKE Cluster Host" 19 | } 20 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.usePassword (not .Values.existingSecret) -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | labels: 7 | app: {{ template "redis.name" . }} 8 | chart: {{ template "redis.chart" . }} 9 | release: "{{ .Release.Name }}" 10 | heritage: "{{ .Release.Service }}" 11 | type: Opaque 12 | data: 13 | redis-password: {{ include "redis.password" . | b64enc | quote }} 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/application/application-controller-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /application-manager-role 4 | name: application-manager-role 5 | rules: 6 | - apiGroups: 7 | - '*' 8 | resources: 9 | - '*' 10 | verbs: 11 | - get 12 | - list 13 | - update 14 | - patch 15 | - watch 16 | - apiGroups: 17 | - app.k8s.io 18 | resources: 19 | - '*' 20 | verbs: 21 | - '*' 22 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /argo-role 4 | name: argo-role 5 | rules: 6 | - apiGroups: 7 | - coordination.k8s.io 8 | resources: 9 | - leases 10 | verbs: 11 | - create 12 | - get 13 | - update 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - secrets 18 | verbs: 19 | - get 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /ml-pipeline-persistenceagent-role 4 | name: ml-pipeline-persistenceagent-role 5 | rules: 6 | - apiGroups: 7 | - argoproj.io 8 | resources: 9 | - workflows 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - apiGroups: 15 | - kubeflow.org 16 | resources: 17 | - scheduledworkflows 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | annotations: 6 | prometheus.io/port: "8888" 7 | prometheus.io/scheme: http 8 | prometheus.io/scrape: "true" 9 | spec: 10 | ports: 11 | - name: http 12 | port: 8888 13 | protocol: TCP 14 | targetPort: 8888 15 | - name: grpc 16 | port: 8887 17 | protocol: TCP 18 | targetPort: 8887 19 | selector: 20 | app: ml-pipeline 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-profile-controller/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | commonLabels: 5 | app: kubeflow-pipelines-profile-controller 6 | resources: 7 | - service.yaml 8 | - deployment.yaml 9 | - composite-controller.yaml 10 | configMapGenerator: 11 | - name: kubeflow-pipelines-profile-controller-code 12 | files: 13 | - sync.py 14 | - name: kubeflow-pipelines-profile-controller-env 15 | envs: 16 | - params.env 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/config: -------------------------------------------------------------------------------- 1 | { 2 | artifactRepository: 3 | { 4 | s3: { 5 | bucket: $(kfp-artifact-bucket-name), 6 | keyPrefix: artifacts, 7 | endpoint: s3.amazonaws.com, 8 | insecure: true, 9 | accessKeySecret: { 10 | name: mlpipeline-minio-artifact, 11 | key: accesskey 12 | }, 13 | secretKeySecret: { 14 | name: mlpipeline-minio-artifact, 15 | key: secretkey 16 | } 17 | }, 18 | archiveLogs: true 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/Kptfile: -------------------------------------------------------------------------------- 1 | apiVersion: kpt.dev/v1 2 | kind: Kptfile 3 | metadata: 4 | name: manifests 5 | upstream: 6 | type: git 7 | git: 8 | repo: https://github.com/argoproj/argo-workflows 9 | directory: /manifests 10 | ref: v3.2.3 11 | updateStrategy: resource-merge 12 | upstreamLock: 13 | type: git 14 | git: 15 | repo: https://github.com/argoproj/argo-workflows 16 | directory: /manifests 17 | ref: v3.2.3 18 | commit: e5dc961b7846efe0fe36ab3a0964180eaedd2672 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/api-service/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ml-pipeline-api-server 10 | envFrom: 11 | - configMapRef: 12 | name: pipeline-api-server-config 13 | env: 14 | - name: KUBEFLOW_USERID_HEADER 15 | value: kubeflow-userid 16 | - name: KUBEFLOW_USERID_PREFIX 17 | value: "" 18 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/service-flyteadmin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | projectcontour.io/upstream-protocol.h2c: grpc 6 | name: flyteadmin 7 | namespace: flyte 8 | spec: 9 | ports: 10 | - name: redoc 11 | port: 87 12 | protocol: TCP 13 | targetPort: 8087 14 | - name: http 15 | port: 80 16 | protocol: TCP 17 | targetPort: 8088 18 | - name: grpc 19 | port: 81 20 | protocol: TCP 21 | targetPort: 8089 22 | selector: 23 | app: flyteadmin 24 | 25 | -------------------------------------------------------------------------------- /prometheus-operator/upstream/service-prometheus-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/version: 0.55.1 8 | name: prometheus-operator 9 | namespace: default 10 | spec: 11 | clusterIP: None 12 | ports: 13 | - name: http 14 | port: 8080 15 | targetPort: http 16 | selector: 17 | app.kubernetes.io/component: controller 18 | app.kubernetes.io/name: prometheus-operator 19 | 20 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/requirements.yaml: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: feature-server 3 | alias: feature-server 4 | version: 0.19.3 5 | condition: feature-server.enabled 6 | repository: https://feast-helm-charts.storage.googleapis.com 7 | - name: transformation-service 8 | alias: transformation-service 9 | version: 0.19.3 10 | condition: transformation-service.enabled 11 | repository: https://feast-helm-charts.storage.googleapis.com 12 | - name: redis 13 | version: 10.5.6 14 | repository: https://charts.helm.sh/stable 15 | condition: redis.enabled -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/metacontroller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | resources: 5 | - cluster-role-binding.yaml 6 | - crd.yaml 7 | - service-account.yaml 8 | - stateful-set.yaml 9 | commonLabels: 10 | kustomize.component: metacontroller 11 | 12 | # Update metacontroller CRD: 13 | # Copy the upstream file to crd.yaml in this folder. 14 | # Upstream file: https://github.com/metacontroller/metacontroller/blob/master/manifests/production/metacontroller-crds-v1.yaml 15 | -------------------------------------------------------------------------------- /prometheus-operator/upstream/clusterrolebinding-prometheus-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/component: controller 6 | app.kubernetes.io/name: prometheus-operator 7 | app.kubernetes.io/version: 0.55.1 8 | name: prometheus-operator 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: prometheus-operator 13 | subjects: 14 | - kind: ServiceAccount 15 | name: prometheus-operator 16 | namespace: default 17 | 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/scheduled-workflow/deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow 4 | name: ml-pipeline-scheduledworkflow 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ml-pipeline-scheduledworkflow 10 | env: 11 | - name: NAMESPACE 12 | value: '' # Empty namespace let viewer controller watch all namespaces 13 | valueFrom: null # HACK: https://github.com/kubernetes-sigs/kustomize/issues/2606 14 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | name: ml-pipeline-ui 5 | spec: 6 | gateways: 7 | - kubeflow-gateway 8 | hosts: 9 | - '*' 10 | http: 11 | - match: 12 | - uri: 13 | prefix: /pipeline 14 | rewrite: 15 | uri: /pipeline 16 | route: 17 | - destination: 18 | host: ml-pipeline-ui.$(kfp-namespace).svc.cluster.local 19 | port: 20 | number: 80 21 | timeout: 300s 22 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/options/istio/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: # kpt-merge: kubeflow/metadata-grpc 4 | name: metadata-grpc 5 | namespace: kubeflow 6 | spec: 7 | gateways: 8 | - kubeflow-gateway 9 | hosts: 10 | - '*' 11 | http: 12 | - match: 13 | - uri: 14 | prefix: /ml_metadata 15 | rewrite: 16 | uri: /ml_metadata 17 | route: 18 | - destination: 19 | host: metadata-envoy-service.kubeflow.svc.cluster.local 20 | port: 21 | number: 9090 22 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/clusterrole-flyteadmin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: flyteadmin 5 | namespace: flyte 6 | rules: 7 | - apiGroups: 8 | - "" 9 | - flyte.lyft.com 10 | - rbac.authorization.k8s.io 11 | resources: 12 | - configmaps 13 | - flyteworkflows 14 | - namespaces 15 | - pods 16 | - resourcequotas 17 | - roles 18 | - rolebindings 19 | - secrets 20 | - services 21 | - serviceaccounts 22 | - spark-role 23 | verbs: 24 | - '*' 25 | 26 | -------------------------------------------------------------------------------- /argocd/applications/feast.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: feast 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: feast 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: feast 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /argocd/applications/kserve.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: kserve 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: kserve/upstream 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: kserve 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /argocd/applications/flyte.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: flyte 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: flyte-sandbox/upstream 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: flyte 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/inverse-proxy/proxy-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /proxy-agent 4 | labels: 5 | app: proxy-agent 6 | name: proxy-agent 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: proxy-agent 11 | template: 12 | metadata: 13 | labels: 14 | app: proxy-agent 15 | spec: 16 | hostNetwork: true 17 | containers: 18 | - image: gcr.io/ml-pipeline/inverse-proxy-agent:dummy 19 | imagePullPolicy: IfNotPresent 20 | name: proxy-agent 21 | serviceAccountName: proxy-agent-runner 22 | -------------------------------------------------------------------------------- /knative/core/upstream/clusterrolebinding-knative-serving-controller-admin.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: knative-serving-controller-admin 5 | labels: 6 | app.kubernetes.io/component: controller 7 | app.kubernetes.io/name: knative-serving 8 | app.kubernetes.io/version: "1.3.0" 9 | serving.knative.dev/release: "v1.3.0" 10 | subjects: 11 | - kind: ServiceAccount 12 | name: controller 13 | namespace: knative-serving 14 | roleRef: 15 | kind: ClusterRole 16 | name: knative-serving-admin 17 | apiGroup: rbac.authorization.k8s.io 18 | 19 | -------------------------------------------------------------------------------- /kserve/upstream/service-kserve-controller-manager-metrics-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "8443" 6 | prometheus.io/scheme: https 7 | prometheus.io/scrape: "true" 8 | labels: 9 | control-plane: kserve-controller-manager 10 | controller-tools.k8s.io: "1.0" 11 | name: kserve-controller-manager-metrics-service 12 | namespace: kserve 13 | spec: 14 | ports: 15 | - name: https 16 | port: 8443 17 | targetPort: https 18 | selector: 19 | control-plane: kserve-controller-manager 20 | controller-tools.k8s.io: "1.0" 21 | 22 | -------------------------------------------------------------------------------- /feast/upstream/service-feast-0.19.3-transformation-service.yaml: -------------------------------------------------------------------------------- 1 | # Source: feast/charts/transformation-service/templates/service.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: feast-0.19.3-transformation-service 6 | namespace: feast 7 | labels: 8 | app: transformation-service 9 | chart: transformation-service-0.19.3 10 | release: feast-0.19.3 11 | heritage: Helm 12 | spec: 13 | type: ClusterIP 14 | ports: 15 | - name: grpc 16 | port: 6566 17 | targetPort: 6566 18 | selector: 19 | app: transformation-service 20 | component: serving 21 | release: feast-0.19.3 22 | 23 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/configmap-clusterresource-template-dk5mbchdmt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | aa_namespace.yaml: | 4 | apiVersion: v1 5 | kind: Namespace 6 | metadata: 7 | name: {{ namespace }} 8 | spec: 9 | finalizers: 10 | - kubernetes 11 | ab_project-resource-quota.yaml: "apiVersion: v1\nkind: ResourceQuota\nmetadata:\n name: project-quota\n namespace: {{ namespace }} \nspec:\n hard:\n limits.cpu: {{ projectQuotaCpu }} \n limits.memory: {{ projectQuotaMemory }}\n\n" 12 | kind: ConfigMap 13 | metadata: 14 | name: clusterresource-template-dk5mbchdmt 15 | namespace: flyte 16 | 17 | -------------------------------------------------------------------------------- /knative/net-istio/upstream/peerauthentication-domainmapping-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "security.istio.io/v1beta1" 2 | kind: "PeerAuthentication" 3 | metadata: 4 | name: "domainmapping-webhook" 5 | namespace: "knative-serving" 6 | labels: 7 | app.kubernetes.io/component: net-istio 8 | app.kubernetes.io/name: knative-serving 9 | app.kubernetes.io/version: "1.3.0" 10 | serving.knative.dev/release: "v1.3.0" 11 | networking.knative.dev/ingress-provider: istio 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: domainmapping-webhook 16 | portLevelMtls: 17 | "8443": 18 | mode: PERMISSIVE 19 | 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/Makefile: -------------------------------------------------------------------------------- 1 | REPO_ROOT=../../../.. 2 | 3 | update: 4 | rm -rf upstream 5 | mkdir upstream 6 | kpt pkg get "https://github.com/argoproj/argo-workflows.git/manifests@$$(cat $(REPO_ROOT)/third_party/argo/VERSION)" upstream/ 7 | # Remove the pre-hydrated manifests which we do not use. 8 | rm upstream/manifests/*.yaml 9 | # Remove README.md which might be confusing here. 10 | rm upstream/manifests/README.md 11 | # Include argo license file 12 | curl -Lo upstream/manifests/LICENSE "https://raw.githubusercontent.com/argoproj/argo-workflows/$$(cat $(REPO_ROOT)/third_party/argo/VERSION)/LICENSE" 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../base 5 | - ./argo-server-rbac 6 | - ./workflow-controller-rbac 7 | patchesJson6902: 8 | - target: 9 | version: v1 10 | group: apps 11 | kind: Deployment 12 | name: workflow-controller 13 | path: ./overlays/workflow-controller-deployment.yaml 14 | - target: 15 | version: v1 16 | group: apps 17 | kind: Deployment 18 | name: argo-server 19 | path: ./overlays/argo-server-deployment.yaml 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/Makefile: -------------------------------------------------------------------------------- 1 | # This makefile is a quick test to verify all manifests can be hydrated. 2 | 3 | test: aws azure dev gcp platform-agnostic platform-agnostic-multi-user 4 | 5 | aws: FORCE 6 | kubectl kustomize env/aws 7 | 8 | azure: FORCE 9 | kubectl kustomize env/azure 10 | 11 | dev: FORCE 12 | kubectl kustomize env/dev 13 | 14 | gcp: FORCE 15 | kubectl kustomize env/gcp 16 | 17 | platform-agnostic: FORCE 18 | kubectl kustomize env/platform-agnostic 19 | 20 | platform-agnostic-multi-user: FORCE 21 | kustomize build --load-restrictor LoadRestrictionsNone env/platform-agnostic-multi-user 22 | 23 | FORCE: ; 24 | -------------------------------------------------------------------------------- /argocd/applications/kubeflow-pipelines.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: kubeflow-pipelines 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: kubeflow/pipelines 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: kubeflow 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/cache/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-role 4 | name: kubeflow-pipelines-cache-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - update 15 | - patch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - configmaps 20 | verbs: 21 | - get 22 | - apiGroups: 23 | - argoproj.io 24 | resources: 25 | - workflows 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - update 31 | - patch 32 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/redis-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | labels: 7 | app: {{ template "redis.name" . }} 8 | chart: {{ template "redis.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | roleRef: 12 | apiGroup: rbac.authorization.k8s.io 13 | kind: Role 14 | name: {{ template "redis.fullname" . }} 15 | subjects: 16 | - kind: ServiceAccount 17 | name: {{ template "redis.serviceAccountName" . }} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-deployer-clusterrolebinding 4 | name: kubeflow-pipelines-cache-deployer-clusterrolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kubeflow-pipelines-cache-deployer-clusterrole 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kubeflow-pipelines-cache-deployer-sa 12 | # namespace will be added by kustomize automatically according to the namespace field in kustomization.yaml 13 | -------------------------------------------------------------------------------- /argocd/applications/knative-net-istio.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: knative-net-istio 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: knative/net-istio/upstream 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: knative-serving 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /argocd/applications/knative-serving-core.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: knative-serving-core 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: knative/core/upstream 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: knative-serving 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /argocd/applications/knative-serving-crds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: knative-serving-crds 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: knative/crds/upstream 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: knative-serving 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /argocd/applications/prometheus-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | name: prometheus-operator 5 | namespace: argocd 6 | finalizers: 7 | - resources-finalizer.argocd.argoproj.io 8 | spec: 9 | project: default 10 | source: 11 | repoURL: https://github.com/aukeaai/mlops-playground.git 12 | targetRevision: HEAD 13 | path: prometheus-operator 14 | destination: 15 | server: https://kubernetes.default.svc 16 | namespace: prometheus-operator 17 | syncPolicy: 18 | syncOptions: 19 | - CreateNamespace=true 20 | automated: 21 | prune: true 22 | selfHeal: true 23 | -------------------------------------------------------------------------------- /cluster/gke/vpc.tf: -------------------------------------------------------------------------------- 1 | variable "project_id" { 2 | description = "project id" 3 | } 4 | 5 | variable "region" { 6 | description = "region" 7 | } 8 | 9 | provider "google" { 10 | project = var.project_id 11 | region = var.region 12 | } 13 | 14 | # VPC 15 | resource "google_compute_network" "vpc" { 16 | name = "${var.project_id}-vpc" 17 | auto_create_subnetworks = "false" 18 | } 19 | 20 | # Subnet 21 | resource "google_compute_subnetwork" "subnet" { 22 | name = "${var.project_id}-subnet" 23 | region = var.region 24 | network = google_compute_network.vpc.name 25 | ip_cidr_range = "10.10.0.0/24" 26 | } 27 | -------------------------------------------------------------------------------- /feast/upstream/service-feast-0.19.3-feature-server.yaml: -------------------------------------------------------------------------------- 1 | # Source: feast/charts/feature-server/templates/service.yaml 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: feast-0.19.3-feature-server 6 | namespace: feast 7 | labels: 8 | app: feature-server 9 | chart: feature-server-0.19.3 10 | release: feast-0.19.3 11 | heritage: Helm 12 | spec: 13 | type: ClusterIP 14 | ports: 15 | - name: http 16 | port: 80 17 | targetPort: 8080 18 | - name: grpc 19 | port: 6566 20 | targetPort: 6566 21 | selector: 22 | app: feature-server 23 | component: serving 24 | release: feast-0.19.3 25 | 26 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../namespace-install 5 | - minio 6 | - webhooks 7 | - argo-server-sso-secret.yaml 8 | - workflow-role.yaml 9 | - kubelet-executor-clusterrole.yaml 10 | - kubelet-executor-default-clusterrolebinding.yaml 11 | - workflow-default-rolebinding.yaml 12 | - cluster-workflow-template-rbac.yaml 13 | - artifact-repositories-configmap.yaml 14 | patchesStrategicMerge: 15 | - overlays/workflow-controller-configmap.yaml 16 | - overlays/argo-server-deployment.yaml 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | sso: | 4 | issuer: http://dex:5556/dex 5 | issuerAlias: http://mydex:5556/dex 6 | clientId: 7 | name: argo-server-sso 8 | key: clientID 9 | clientSecret: 10 | name: argo-server-sso 11 | key: clientSecret 12 | redirectUrl: http://localhost:8080/oauth2/callback 13 | scopes: 14 | - groups 15 | - email 16 | rbac: 17 | enabled: true 18 | kind: ConfigMap 19 | metadata: # kpt-merge: /workflow-controller-configmap 20 | name: workflow-controller-configmap 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /ml-pipeline-viewer-controller-role 4 | name: ml-pipeline-viewer-controller-role 5 | rules: 6 | - apiGroups: 7 | - '*' 8 | resources: 9 | - deployments 10 | - services 11 | verbs: 12 | - create 13 | - get 14 | - list 15 | - watch 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - kubeflow.org 21 | resources: 22 | - viewers 23 | - viewers/finalizers 24 | verbs: 25 | - create 26 | - get 27 | - list 28 | - watch 29 | - update 30 | - patch 31 | - delete 32 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache/cache-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-role 4 | labels: 5 | app: kubeflow-pipelines-cache-role 6 | name: kubeflow-pipelines-cache-role 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - update 17 | - patch 18 | - apiGroups: 19 | - "" 20 | resources: 21 | - configmaps 22 | verbs: 23 | - get 24 | - apiGroups: 25 | - argoproj.io 26 | resources: 27 | - workflows 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | - update 33 | - patch 34 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/metadata-writer/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /kubeflow-pipelines-metadata-writer-role 4 | name: kubeflow-pipelines-metadata-writer-role 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | - update 15 | - patch 16 | - apiGroups: 17 | - "" 18 | resources: 19 | - configmaps 20 | verbs: 21 | - get 22 | - apiGroups: 23 | - argoproj.io 24 | resources: 25 | - workflows 26 | verbs: 27 | - get 28 | - list 29 | - watch 30 | - update 31 | - patch 32 | -------------------------------------------------------------------------------- /kserve/upstream/role-leader-election-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: leader-election-role 5 | namespace: kserve 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | 34 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 5.0.7 3 | description: Open source, advanced key-value store. It is often referred to as a data 4 | structure server since keys can contain strings, hashes, lists, sets and sorted 5 | sets. 6 | home: http://redis.io/ 7 | icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png 8 | keywords: 9 | - redis 10 | - keyvalue 11 | - database 12 | maintainers: 13 | - email: containers@bitnami.com 14 | name: Bitnami 15 | - email: cedric@desaintmartin.fr 16 | name: desaintmartin 17 | name: redis 18 | sources: 19 | - https://github.com/bitnami/bitnami-docker-redis 20 | version: 10.5.6 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/patches/ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: pipeline-ui-ingress 5 | namespace: kubeflow 6 | annotations: 7 | kubernetes.io/ingress.class: nginx 8 | cert-manager.io/cluster-issuer: ca-issuer 9 | spec: 10 | rules: 11 | - host: pipeline-ui.127.0.0.1.nip.io 12 | http: 13 | paths: 14 | - backend: 15 | service: 16 | name: ml-pipeline-ui 17 | port: 18 | name: https 19 | path: / 20 | pathType: Prefix 21 | tls: 22 | - secretName: pipeline-ui.127.0.0.1.nip.io 23 | hosts: 24 | - pipeline-ui.127.0.0.1.nip.io 25 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/installs/namespace/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | # This kustomization.yaml is built mirroring ../../upstream/manifests/namespace-install/kustomization.yaml. 4 | # The differences: 5 | # * this does not include argo server. 6 | # * this separates cluster-scoped resources to its own folder. 7 | bases: 8 | - ../../base 9 | - ../../upstream/manifests/namespace-install/workflow-controller-rbac 10 | patchesJson6902: 11 | - target: 12 | version: v1 13 | group: apps 14 | kind: Deployment 15 | name: workflow-controller 16 | path: workflow-controller-deployment-patch.json 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /ml-pipeline-viewer-controller-role 4 | name: ml-pipeline-viewer-controller-role 5 | rules: 6 | - apiGroups: 7 | - '*' 8 | resources: 9 | - deployments 10 | - services 11 | verbs: 12 | - create 13 | - get 14 | - list 15 | - watch 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - kubeflow.org 21 | resources: 22 | - viewers 23 | - viewers/finalizers 24 | verbs: 25 | - create 26 | - get 27 | - list 28 | - watch 29 | - update 30 | - patch 31 | - delete 32 | -------------------------------------------------------------------------------- /knative/core/upstream/clusterrole-knative-serving-namespaced-admin.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: knative-serving-namespaced-admin 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 7 | serving.knative.dev/release: "v1.3.0" 8 | app.kubernetes.io/version: "1.3.0" 9 | app.kubernetes.io/name: knative-serving 10 | rules: 11 | - apiGroups: ["serving.knative.dev"] 12 | resources: ["*"] 13 | verbs: ["*"] 14 | - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] 15 | resources: ["*"] 16 | verbs: ["get", "list", "watch"] 17 | 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user-pns/workflow-controller-configmap-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /workflow-controller-configmap 4 | name: workflow-controller-configmap 5 | data: 6 | # References: 7 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go 8 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md 9 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml 10 | 11 | # pns executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. 12 | containerRuntimeExecutor: pns 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-emissary/workflow-controller-configmap-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /workflow-controller-configmap 4 | name: workflow-controller-configmap 5 | data: 6 | # References: 7 | # * https://github.com/argoproj/argo-workflows/blob/v3.1.5/config/config.go 8 | # * https://github.com/argoproj/argo-workflows/blob/v3.1.5/docs/workflow-controller-configmap.md 9 | # * https://github.com/argoproj/argo-workflows/blob/v3.1.5/docs/workflow-controller-configmap.yaml 10 | 11 | # Emissary Executor: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary 12 | containerRuntimeExecutor: emissary 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /workflow-controller-configmap 4 | name: workflow-controller-configmap 5 | data: 6 | # References: 7 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go 8 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md 9 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml 10 | 11 | # Emissary Executor: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary 12 | containerRuntimeExecutor: emissary 13 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /workflow-controller 4 | name: workflow-controller 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: workflow-controller 10 | image: gcr.io/ml-pipeline/workflow-controller:v3.2.3-license-compliance 11 | args: 12 | - --configmap 13 | - workflow-controller-configmap 14 | - --executor-image 15 | - gcr.io/ml-pipeline/argoexec:v3.2.3-license-compliance 16 | resources: 17 | requests: 18 | cpu: 100m 19 | memory: 500Mi 20 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/installs/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | # Note, we do not explicitly separate cluster-scoped resources for cluster installation, 5 | # because people who deploy cluster-scoped resources should be the same as who deploys 6 | # namespaced resources. 7 | - ../../upstream/manifests/base/crds 8 | - ../../upstream/manifests/cluster-install/workflow-controller-rbac 9 | - ../../base 10 | patchesJson6902: 11 | - target: 12 | group: rbac.authorization.k8s.io 13 | version: v1 14 | kind: ClusterRoleBinding 15 | name: argo-binding 16 | path: workflow-controller-clusterrolebinding-patch.json 17 | -------------------------------------------------------------------------------- /knative/net-istio/upstream/peerauthentication-webhook.yaml: -------------------------------------------------------------------------------- 1 | # Allows the Webhooks to be reached by kube-api with or without 2 | # sidecar injection and with mTLS PERMISSIVE and STRICT. 3 | apiVersion: "security.istio.io/v1beta1" 4 | kind: "PeerAuthentication" 5 | metadata: 6 | name: "webhook" 7 | namespace: "knative-serving" 8 | labels: 9 | app.kubernetes.io/component: net-istio 10 | app.kubernetes.io/name: knative-serving 11 | app.kubernetes.io/version: "1.3.0" 12 | serving.knative.dev/release: "v1.3.0" 13 | networking.knative.dev/ingress-provider: istio 14 | spec: 15 | selector: 16 | matchLabels: 17 | app: webhook 18 | portLevelMtls: 19 | "8443": 20 | mode: PERMISSIVE 21 | 22 | -------------------------------------------------------------------------------- /knative/core/upstream/clusterrole-knative-serving-namespaced-edit.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: knative-serving-namespaced-edit 5 | labels: 6 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 7 | serving.knative.dev/release: "v1.3.0" 8 | app.kubernetes.io/version: "1.3.0" 9 | app.kubernetes.io/name: knative-serving 10 | rules: 11 | - apiGroups: ["serving.knative.dev"] 12 | resources: ["*"] 13 | verbs: ["create", "update", "patch", "delete"] 14 | - apiGroups: ["networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] 15 | resources: ["*"] 16 | verbs: ["get", "list", "watch"] 17 | 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/metadata-writer/metadata-writer-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /kubeflow-pipelines-metadata-writer-role 4 | labels: 5 | app: kubeflow-pipelines-metadata-writer-role 6 | name: kubeflow-pipelines-metadata-writer-role 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - update 17 | - patch 18 | - apiGroups: 19 | - "" 20 | resources: 21 | - configmaps 22 | verbs: 23 | - get 24 | - apiGroups: 25 | - argoproj.io 26 | resources: 27 | - workflows 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | - update 33 | - patch 34 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | bases: 5 | - ../../base/installs/generic 6 | - ../../base/metadata/base 7 | - ../../third-party/argo/installs/namespace 8 | - minio-azure-gateway 9 | configMapGenerator: 10 | - name: pipeline-install-config 11 | env: params.env 12 | behavior: merge 13 | secretGenerator: 14 | - name: mysql-secret 15 | env: mysql-secret.env 16 | behavior: merge 17 | # Identifier for application manager to apply ownerReference. 18 | # The ownerReference ensures the resources get garbage collected 19 | # when application is deleted. 20 | commonLabels: 21 | application-crd-id: kubeflow-pipelines 22 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../../base/installs/generic 5 | - ../../base/metadata/base 6 | - ../../third-party/argo/installs/namespace 7 | - ../../third-party/minio/base 8 | - ../../third-party/mysql/base 9 | # Identifier for application manager to apply ownerReference. 10 | # The ownerReference ensures the resources get garbage collected 11 | # when application is deleted. 12 | commonLabels: 13 | application-crd-id: kubeflow-pipelines 14 | # !!! If you want to customize the namespace, 15 | # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml 16 | namespace: kubeflow 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | # Application controller is used to provide Google Cloud Console integration. 5 | - ../../third-party/application 6 | - ../../base/application 7 | - ../platform-agnostic 8 | - ../gcp/inverse-proxy 9 | # Identifier for application manager to apply ownerReference. 10 | # The ownerReference ensures the resources get garbage collected 11 | # when application is deleted. 12 | commonLabels: 13 | application-crd-id: kubeflow-pipelines 14 | # !!! If you want to customize the namespace, 15 | # please refer sample/cluster-scoped-resources to update the namespace for cluster-scoped-resources 16 | namespace: kubeflow 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/gcp/gcp-configurations-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ml-pipeline-api-server 10 | env: 11 | - name: HAS_DEFAULT_BUCKET 12 | value: 'true' 13 | - name: BUCKET_NAME 14 | valueFrom: 15 | configMapKeyRef: 16 | name: pipeline-install-config 17 | key: bucketName 18 | - name: PROJECT_ID 19 | valueFrom: 20 | configMapKeyRef: 21 | name: pipeline-install-config 22 | key: gcsProjectId 23 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/headless-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "redis.fullname" . }}-headless 5 | labels: 6 | app: {{ template "redis.name" . }} 7 | chart: {{ template "redis.chart" . }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | spec: 11 | type: ClusterIP 12 | clusterIP: None 13 | ports: 14 | - name: redis 15 | port: {{ .Values.redisPort }} 16 | targetPort: redis 17 | {{- if .Values.sentinel.enabled }} 18 | - name: redis-sentinel 19 | port: {{ .Values.sentinel.port }} 20 | targetPort: redis-sentinel 21 | {{- end }} 22 | selector: 23 | app: {{ template "redis.name" . }} 24 | release: {{ .Release.Name }} 25 | -------------------------------------------------------------------------------- /knative/core/upstream/horizontalpodautoscaler-webhook.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: webhook 5 | namespace: knative-serving 6 | labels: 7 | app.kubernetes.io/component: webhook 8 | app.kubernetes.io/name: knative-serving 9 | app.kubernetes.io/version: "1.3.0" 10 | serving.knative.dev/release: "v1.3.0" 11 | spec: 12 | minReplicas: 1 13 | maxReplicas: 5 14 | scaleTargetRef: 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | name: webhook 18 | metrics: 19 | - type: Resource 20 | resource: 21 | name: cpu 22 | target: 23 | type: Utilization 24 | # Percentage of the requested CPU 25 | averageUtilization: 100 26 | 27 | -------------------------------------------------------------------------------- /knative/core/upstream/clusterrole-knative-serving-aggregated-addressable-resolver.yaml: -------------------------------------------------------------------------------- 1 | # Use this aggregated ClusterRole when you need readonly access to "Addressables" 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | # Named like this to avoid clashing with eventing's existing `addressable-resolver` role 6 | # (which should be identical, but isn't guaranteed to be installed alongside serving). 7 | name: knative-serving-aggregated-addressable-resolver 8 | labels: 9 | serving.knative.dev/release: "v1.3.0" 10 | app.kubernetes.io/version: "1.3.0" 11 | app.kubernetes.io/name: knative-serving 12 | aggregationRule: 13 | clusterRoleSelectors: 14 | - matchLabels: 15 | duck.knative.dev/addressable: "true" 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/metadata-writer/metadata-writer-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /metadata-writer 4 | name: metadata-writer 5 | labels: 6 | app: metadata-writer 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: metadata-writer 12 | template: 13 | metadata: 14 | labels: 15 | app: metadata-writer 16 | spec: 17 | containers: 18 | - name: main 19 | image: gcr.io/ml-pipeline/metadata-writer:dummy 20 | env: 21 | - name: NAMESPACE_TO_WATCH 22 | valueFrom: 23 | fieldRef: 24 | fieldPath: metadata.namespace 25 | serviceAccountName: kubeflow-pipelines-metadata-writer 26 | -------------------------------------------------------------------------------- /knative/core/upstream/horizontalpodautoscaler-activator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: autoscaling/v2beta2 2 | kind: HorizontalPodAutoscaler 3 | metadata: 4 | name: activator 5 | namespace: knative-serving 6 | labels: 7 | app.kubernetes.io/component: activator 8 | app.kubernetes.io/name: knative-serving 9 | app.kubernetes.io/version: "1.3.0" 10 | serving.knative.dev/release: "v1.3.0" 11 | spec: 12 | minReplicas: 1 13 | maxReplicas: 20 14 | scaleTargetRef: 15 | apiVersion: apps/v1 16 | kind: Deployment 17 | name: activator 18 | metrics: 19 | - type: Resource 20 | resource: 21 | name: cpu 22 | target: 23 | type: Utilization 24 | # Percentage of the requested CPU 25 | averageUtilization: 100 26 | 27 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | persistence: | 4 | connectionPool: 5 | maxIdleConns: 100 6 | maxOpenConns: 0 7 | connMaxLifetime: 0s 8 | nodeStatusOffLoad: true 9 | archive: true 10 | archiveTTL: 7d 11 | mysql: 12 | host: mysql 13 | port: 3306 14 | database: argo 15 | tableName: argo_workflows 16 | userNameSecret: 17 | name: argo-mysql-config 18 | key: username 19 | passwordSecret: 20 | name: argo-mysql-config 21 | key: password 22 | kind: ConfigMap 23 | metadata: # kpt-merge: /workflow-controller-configmap 24 | name: workflow-controller-configmap 25 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/redis-role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create -}} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | labels: 7 | app: {{ template "redis.name" . }} 8 | chart: {{ template "redis.chart" . }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | rules: 12 | {{- if .Values.podSecurityPolicy.create }} 13 | - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}'] 14 | resources: ['podsecuritypolicies'] 15 | verbs: ['use'] 16 | resourceNames: [{{ template "redis.fullname" . }}] 17 | {{- end -}} 18 | {{- if .Values.rbac.role.rules }} 19 | {{ toYaml .Values.rbac.role.rules | indent 2 }} 20 | {{- end -}} 21 | {{- end -}} 22 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/base/metadata-envoy-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /metadata-envoy-deployment 4 | name: metadata-envoy-deployment 5 | labels: 6 | component: metadata-envoy 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | component: metadata-envoy 12 | template: 13 | metadata: 14 | labels: 15 | component: metadata-envoy 16 | annotations: 17 | sidecar.istio.io/inject: "false" 18 | spec: 19 | containers: 20 | - name: container 21 | image: gcr.io/ml-pipeline/metadata-envoy:dummy 22 | ports: 23 | - name: md-envoy 24 | containerPort: 9090 25 | - name: envoy-admin 26 | containerPort: 9901 27 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | persistence: | 4 | connectionPool: 5 | maxIdleConns: 100 6 | maxOpenConns: 0 7 | connMaxLifetime: 0s 8 | nodeStatusOffLoad: true 9 | archive: true 10 | archiveTTL: 7d 11 | postgresql: 12 | host: postgres 13 | port: 5432 14 | database: postgres 15 | tableName: argo_workflows 16 | userNameSecret: 17 | name: argo-postgres-config 18 | key: username 19 | passwordSecret: 20 | name: argo-postgres-config 21 | key: password 22 | kind: ConfigMap 23 | metadata: # kpt-merge: /workflow-controller-configmap 24 | name: workflow-controller-configmap 25 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/values.yaml: -------------------------------------------------------------------------------- 1 | feature-server: 2 | enabled: true 3 | 4 | 5 | transformation-service: 6 | enabled: true 7 | 8 | redis: 9 | # redis.enabled -- Flag to install Redis 10 | enabled: false 11 | # redis.usePassword -- Disable redis password 12 | usePassword: false 13 | 14 | global: 15 | # global.registry -- Information about registry managed by Feast Python SDK (must be in sync with feature_store.yaml) 16 | registry: 17 | # global.registry.path -- Path to the registry file managed by Feast Python SDK 18 | path: gs://path/to/registry.db 19 | # global.registry.cache_ttl_seconds -- Registry cache (in memory) will be refreshed on this interval 20 | cache_ttl_seconds: 0 21 | 22 | # global.project -- Project from feature_store.yaml 23 | project: default -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | name: ml-pipeline-ui 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | - pods/log 11 | verbs: 12 | - get 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - events 17 | verbs: 18 | - list 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - secrets 23 | verbs: 24 | - get 25 | - list 26 | - apiGroups: 27 | - "kubeflow.org" 28 | resources: 29 | - viewers 30 | verbs: 31 | - create 32 | - get 33 | - list 34 | - watch 35 | - delete 36 | - apiGroups: 37 | - "argoproj.io" 38 | resources: 39 | - workflows 40 | verbs: 41 | - get 42 | - list 43 | -------------------------------------------------------------------------------- /cluster/kind/teardown.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -o errexit 3 | 4 | cd "$(cd "$(dirname "$0")" > /dev/null && pwd)" 5 | 6 | # desired cluster name; default is "kind" 7 | KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" 8 | 9 | kind_version=$(kind version) 10 | kind_network='kind' 11 | reg_name='kind-registry' 12 | reg_port='5050' 13 | 14 | 15 | running="$(docker inspect -f '{{.State.Running}}' "${reg_name}" 2>/dev/null || true)" 16 | if [ "${running}" == 'true' ]; then 17 | cid="$(docker inspect -f '{{.ID}}' "${reg_name}")" 18 | echo "> Stopping and deleting Kind Registry container..." 19 | docker stop $cid >/dev/null 20 | docker rm $cid >/dev/null 21 | fi 22 | 23 | # Remove istioctl 24 | rm -rf ./istioctl 25 | 26 | echo "> Deleting Kind cluster..." 27 | kind delete cluster --name=$KIND_CLUSTER_NAME 28 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow-role 4 | name: ml-pipeline-scheduledworkflow-role 5 | rules: 6 | - apiGroups: 7 | - argoproj.io 8 | resources: 9 | - workflows 10 | verbs: 11 | - create 12 | - get 13 | - list 14 | - watch 15 | - update 16 | - patch 17 | - delete 18 | - apiGroups: 19 | - kubeflow.org 20 | resources: 21 | - scheduledworkflows 22 | - scheduledworkflows/finalizers 23 | verbs: 24 | - create 25 | - get 26 | - list 27 | - watch 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - '' 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml: -------------------------------------------------------------------------------- 1 | # Just enough permissions to submit a workflow template. 2 | # You could tighten this further (but perhaps impractically) by using `resourceNames` 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: Role 5 | metadata: # kpt-merge: /submit-workflow-template 6 | name: submit-workflow-template 7 | rules: 8 | - apiGroups: 9 | - argoproj.io 10 | resources: 11 | - workfloweventbindings 12 | verbs: 13 | - list 14 | - apiGroups: 15 | - argoproj.io 16 | resources: 17 | - workflowtemplates 18 | verbs: 19 | - get 20 | - apiGroups: 21 | - argoproj.io 22 | resources: 23 | - workflows 24 | verbs: 25 | - create 26 | -------------------------------------------------------------------------------- /knative/net-istio/upstream/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - clusterrole-knative-serving-istio.yaml 5 | - configmap-config-istio.yaml 6 | - deployment-net-istio-controller.yaml 7 | - deployment-net-istio-webhook.yaml 8 | - gateway-knative-ingress-gateway.yaml 9 | - gateway-knative-local-gateway.yaml 10 | - mutatingwebhookconfiguration-webhook.istio.networking.internal.knative.dev.yaml 11 | - peerauthentication-domainmapping-webhook.yaml 12 | - peerauthentication-net-istio-webhook.yaml 13 | - peerauthentication-webhook.yaml 14 | - secret-net-istio-webhook-certs.yaml 15 | - service-knative-local-gateway.yaml 16 | - service-net-istio-webhook.yaml 17 | - validatingwebhookconfiguration-config.webhook.istio.networking.internal.knative.dev.yaml 18 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-ui-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /ml-pipeline-ui 4 | labels: 5 | app: ml-pipeline-ui 6 | name: ml-pipeline-ui 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | - pods/log 13 | verbs: 14 | - get 15 | - apiGroups: 16 | - "" 17 | resources: 18 | - events 19 | verbs: 20 | - list 21 | - apiGroups: 22 | - "" 23 | resources: 24 | - secrets 25 | verbs: 26 | - get 27 | - list 28 | - apiGroups: 29 | - "kubeflow.org" 30 | resources: 31 | - viewers 32 | verbs: 33 | - create 34 | - get 35 | - list 36 | - watch 37 | - delete 38 | - apiGroups: 39 | - "argoproj.io" 40 | resources: 41 | - workflows 42 | verbs: 43 | - get 44 | - list 45 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/deployment-postgres.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: postgres 5 | namespace: flyte 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: postgres 10 | template: 11 | metadata: 12 | labels: 13 | app: postgres 14 | spec: 15 | containers: 16 | - env: 17 | - name: POSTGRES_HOST_AUTH_METHOD 18 | value: trust 19 | image: ecr.flyte.org/ubuntu/postgres:13-21.04_beta 20 | name: postgres 21 | ports: 22 | - containerPort: 5432 23 | name: postgres 24 | volumeMounts: 25 | - mountPath: /var/lib/postgresql/data 26 | name: postgres-storage 27 | volumes: 28 | - emptyDir: {} 29 | name: postgres-storage 30 | 31 | -------------------------------------------------------------------------------- /feast/upstream/configmap-feast-0.19.3-feature-server.yaml: -------------------------------------------------------------------------------- 1 | # Source: feast/charts/feature-server/templates/configmap.yaml 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: feast-0.19.3-feature-server 6 | namespace: feast 7 | labels: 8 | app: feature-server 9 | component: serving 10 | chart: feature-server-0.19.3 11 | release: feast-0.19.3 12 | heritage: Helm 13 | data: 14 | application-generated.yaml: "feast:\n registry: gs://path/to/registry.db\n registryRefreshInterval: 0\n transformationServiceEndpoint: feast-0.19.3-transformation-service:6566\n \n activeStore: online\n stores:\n - name: online\n type: REDIS \n config:\n host: feast-0.19.3-redis-master\n port: 6379\nrest:\n server: \n port: 8080\ngrpc:\n server:\n port: 6566\n" 15 | application-override.yaml: "" 16 | 17 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | bases: 5 | - ../../base 6 | resources: 7 | - metadata-db-pvc.yaml 8 | - metadata-db-deployment.yaml 9 | - metadata-db-service.yaml 10 | patchesStrategicMerge: 11 | - patches/metadata-grpc-deployment.yaml 12 | configMapGenerator: 13 | - name: metadata-db-parameters 14 | envs: 15 | - params.env 16 | secretGenerator: 17 | - name: metadata-db-secrets 18 | envs: 19 | - secrets.env 20 | generatorOptions: 21 | disableNameSuffixHash: true 22 | images: 23 | - name: mysql 24 | newName: mysql 25 | newTag: 8.0.3 26 | vars: 27 | - name: MLMD_DB_HOST 28 | objref: 29 | kind: Service 30 | name: metadata-db 31 | apiVersion: v1 32 | fieldref: 33 | fieldpath: metadata.name 34 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /ml-pipeline-scheduledworkflow-role 4 | labels: 5 | app: ml-pipeline-scheduledworkflow-role 6 | name: ml-pipeline-scheduledworkflow-role 7 | rules: 8 | - apiGroups: 9 | - argoproj.io 10 | resources: 11 | - workflows 12 | verbs: 13 | - create 14 | - get 15 | - list 16 | - watch 17 | - update 18 | - patch 19 | - delete 20 | - apiGroups: 21 | - kubeflow.org 22 | resources: 23 | - scheduledworkflows 24 | - scheduledworkflows/finalizers 25 | verbs: 26 | - create 27 | - get 28 | - list 29 | - watch 30 | - update 31 | - patch 32 | - delete 33 | - apiGroups: 34 | - '' 35 | resources: 36 | - events 37 | verbs: 38 | - create 39 | - patch 40 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-pns/workflow-controller-configmap-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: # kpt-merge: /workflow-controller-configmap 4 | name: workflow-controller-configmap 5 | data: 6 | # References: 7 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go 8 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md 9 | # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml 10 | 11 | # pns executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. 12 | # However, it is flaky for containers that run really fast, see https://github.com/kubeflow/pipelines/issues/5285. 13 | # So we still default to docker for now. 14 | containerRuntimeExecutor: pns 15 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/configmap-flyte-scheduler-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | admin.yaml: | 4 | admin: 5 | clientId: flytepropeller 6 | clientSecretLocation: /etc/secrets/client_secret 7 | endpoint: flyteadmin:81 8 | insecure: true 9 | event: 10 | capacity: 1000 11 | rate: 500 12 | type: admin 13 | db.yaml: | 14 | database: 15 | dbname: postgres 16 | host: postgres 17 | port: 5432 18 | username: postgres 19 | logger.yaml: | 20 | logger: 21 | level: 4 22 | show-source: true 23 | kind: ConfigMap 24 | metadata: 25 | labels: 26 | app.kubernetes.io/instance: flyte 27 | app.kubernetes.io/managed-by: Helm 28 | app.kubernetes.io/name: flytescheduler 29 | helm.sh/chart: flyte-v0.1.10 30 | name: flyte-scheduler-config 31 | namespace: flyte 32 | 33 | -------------------------------------------------------------------------------- /knative/net-istio/upstream/gateway-knative-local-gateway.yaml: -------------------------------------------------------------------------------- 1 | # A cluster local gateway to allow pods outside of the mesh to access 2 | # Services and Routes not exposing through an ingress. If the users 3 | # do have a service mesh setup, this isn't required. 4 | apiVersion: networking.istio.io/v1alpha3 5 | kind: Gateway 6 | metadata: 7 | name: knative-local-gateway 8 | namespace: knative-serving 9 | labels: 10 | app.kubernetes.io/component: net-istio 11 | app.kubernetes.io/name: knative-serving 12 | app.kubernetes.io/version: "1.3.0" 13 | serving.knative.dev/release: "v1.3.0" 14 | networking.knative.dev/ingress-provider: istio 15 | spec: 16 | selector: 17 | istio: ingressgateway 18 | servers: 19 | - port: 20 | number: 8081 21 | name: http 22 | protocol: HTTP 23 | hosts: 24 | - "*" 25 | 26 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /dex 4 | labels: 5 | app: dex 6 | name: dex 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: dex 11 | template: 12 | metadata: 13 | labels: 14 | app: dex 15 | spec: 16 | serviceAccountName: dex 17 | containers: 18 | - name: dex 19 | image: quay.io/dexidp/dex:v2.23.0 20 | args: 21 | - serve 22 | - /data/config.yaml 23 | ports: 24 | - name: http 25 | containerPort: 5556 26 | volumeMounts: 27 | - mountPath: /data 28 | name: config 29 | volumes: 30 | - name: config 31 | configMap: 32 | name: dex 33 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/redis/templates/prometheusrule.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: PrometheusRule 4 | metadata: 5 | name: {{ template "redis.fullname" . }} 6 | {{- with .Values.metrics.prometheusRule.namespace }} 7 | namespace: {{ . }} 8 | {{- end }} 9 | labels: 10 | app: {{ template "redis.name" . }} 11 | chart: {{ template "redis.chart" . }} 12 | release: {{ .Release.Name | quote }} 13 | heritage: {{ .Release.Service | quote }} 14 | {{- with .Values.metrics.prometheusRule.additionalLabels }} 15 | {{ toYaml . | indent 4 }} 16 | {{- end }} 17 | spec: 18 | {{- with .Values.metrics.prometheusRule.rules }} 19 | groups: 20 | - name: {{ template "redis.name" $ }} 21 | rules: {{ tpl (toYaml .) $ | nindent 8 }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cache-deployer-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /cache-deployer-deployment 4 | name: cache-deployer-deployment 5 | labels: 6 | app: cache-deployer 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: cache-deployer 12 | strategy: 13 | type: Recreate 14 | template: 15 | metadata: 16 | labels: 17 | app: cache-deployer 18 | spec: 19 | containers: 20 | - name: main 21 | image: gcr.io/ml-pipeline/cache-deployer:dummy 22 | imagePullPolicy: Always 23 | env: 24 | - name: NAMESPACE_TO_WATCH 25 | valueFrom: 26 | fieldRef: 27 | fieldPath: metadata.namespace 28 | serviceAccountName: kubeflow-pipelines-cache-deployer-sa 29 | restartPolicy: Always 30 | -------------------------------------------------------------------------------- /prometheus-operator/upstream/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - clusterrole-prometheus-operator.yaml 5 | - clusterrolebinding-prometheus-operator.yaml 6 | - customresourcedefinition-alertmanagerconfigs.monitoring.coreos.com.yaml 7 | - customresourcedefinition-alertmanagers.monitoring.coreos.com.yaml 8 | - customresourcedefinition-podmonitors.monitoring.coreos.com.yaml 9 | - customresourcedefinition-probes.monitoring.coreos.com.yaml 10 | - customresourcedefinition-prometheuses.monitoring.coreos.com.yaml 11 | - customresourcedefinition-prometheusrules.monitoring.coreos.com.yaml 12 | - customresourcedefinition-servicemonitors.monitoring.coreos.com.yaml 13 | - customresourcedefinition-thanosrulers.monitoring.coreos.com.yaml 14 | - deployment-prometheus-operator.yaml 15 | - service-prometheus-operator.yaml 16 | - serviceaccount-prometheus-operator.yaml 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gitops 2 | .ssl 3 | .tf-state 4 | .terraform.lock.hcl 5 | .terraform 6 | 7 | # Local .terraform directories 8 | **/.terraform/* 9 | 10 | # .tfstate files 11 | *.tfstate 12 | *.tfstate.* 13 | 14 | # Crash log files 15 | crash.log 16 | 17 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 18 | # .tfvars files are managed as part of configuration and so should be included in 19 | # version control. 20 | # 21 | # example.tfvars 22 | 23 | # Ignore override files as they are usually used to override resources locally and so 24 | # are not checked in 25 | override.tf 26 | override.tf.json 27 | *_override.tf 28 | *_override.tf.json 29 | 30 | # Include override files you do wish to add to version control using negated pattern 31 | # 32 | # !example_override.tf 33 | 34 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 35 | # example: *tfplan* 36 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/minio/options/istio/istio-authorization-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: # kpt-merge: /minio-service 4 | name: minio-service 5 | spec: 6 | action: ALLOW 7 | selector: 8 | matchLabels: 9 | app: minio 10 | rules: 11 | - from: 12 | - source: 13 | principals: 14 | - cluster.local/ns/kubeflow/sa/ml-pipeline 15 | - from: 16 | - source: 17 | principals: 18 | - cluster.local/ns/kubeflow/sa/ml-pipeline-ui 19 | # Allow traffic from User Pipeline Pods, which don't have a sidecar. 20 | - {} 21 | --- 22 | apiVersion: "networking.istio.io/v1alpha3" 23 | kind: DestinationRule 24 | metadata: # kpt-merge: /ml-pipeline-minio 25 | name: ml-pipeline-minio 26 | spec: 27 | host: minio-service.kubeflow.svc.cluster.local 28 | trafficPolicy: 29 | tls: 30 | mode: ISTIO_MUTUAL 31 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../../base/installs/multi-user 5 | - ../../base/metadata/base 6 | - ../../base/metadata/options/istio 7 | - ../../third-party/argo/installs/cluster 8 | - ../../third-party/mysql/base 9 | - ../../third-party/mysql/options/istio 10 | - ../../third-party/minio/base 11 | - ../../third-party/minio/options/istio 12 | - ../../third-party/metacontroller/base 13 | # Identifier for application manager to apply ownerReference. 14 | # The ownerReference ensures the resources get garbage collected 15 | # when application is deleted. 16 | commonLabels: 17 | application-crd-id: kubeflow-pipelines 18 | # !!! If you want to customize the namespace, 19 | # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml 20 | namespace: kubeflow 21 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/cache-deployer/cluster-scoped/cache-deployer-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /kubeflow-pipelines-cache-deployer-clusterrole 4 | labels: 5 | app: kubeflow-pipelines-cache-deployer-clusterrole 6 | name: kubeflow-pipelines-cache-deployer-clusterrole 7 | rules: 8 | - apiGroups: 9 | - certificates.k8s.io 10 | resources: 11 | - certificatesigningrequests 12 | - certificatesigningrequests/approval 13 | verbs: 14 | - create 15 | - delete 16 | - get 17 | - update 18 | - apiGroups: 19 | - admissionregistration.k8s.io 20 | resources: 21 | - mutatingwebhookconfigurations 22 | verbs: 23 | - create 24 | - delete 25 | - get 26 | - list 27 | - patch 28 | - apiGroups: 29 | - certificates.k8s.io 30 | resources: 31 | - signers 32 | resourceNames: 33 | - kubernetes.io/* 34 | verbs: 35 | - approve 36 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: # kpt-merge: /argo-workflows-webhook-clients 4 | name: argo-workflows-webhook-clients 5 | # The data keys must be the name of a service account. 6 | stringData: 7 | # https://support.atlassian.com/bitbucket-cloud/docs/manage-webhooks/ 8 | bitbucket.org: | 9 | type: bitbucket 10 | secret: "my-uuid" 11 | # https://confluence.atlassian.com/bitbucketserver/managing-webhooks-in-bitbucket-server-938025878.html 12 | bitbucketserver: | 13 | type: bitbucketserver 14 | secret: "shh!" 15 | # https://developer.github.com/webhooks/securing/ 16 | github.com: | 17 | type: github 18 | secret: "shh!" 19 | # https://docs.gitlab.com/ee/user/project/integrations/webhooks.html 20 | gitlab.com: |- 21 | type: gitlab 22 | secret: "shh!" 23 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /postgres 4 | name: postgres 5 | labels: 6 | app: postgres 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: postgres 11 | template: 12 | metadata: 13 | name: postgres 14 | labels: 15 | app: postgres 16 | spec: 17 | containers: 18 | - name: main 19 | image: postgres:12-alpine 20 | env: 21 | - name: POSTGRES_PASSWORD 22 | value: password 23 | ports: 24 | - containerPort: 5432 25 | readinessProbe: 26 | exec: 27 | command: ["psql", "-U", "postgres", "-c", "SELECT 1"] 28 | initialDelaySeconds: 15 29 | timeoutSeconds: 2 30 | nodeSelector: 31 | kubernetes.io/os: linux 32 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/platform-agnostic-multi-user-legacy/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../../base/installs/multi-user 5 | - ../../base/metadata/overlays/db 6 | - ../../base/metadata/options/istio 7 | - ../../third-party/argo/installs/cluster 8 | - ../../third-party/mysql/base 9 | - ../../third-party/mysql/options/istio 10 | - ../../third-party/minio/base 11 | - ../../third-party/minio/options/istio 12 | - ../../third-party/metacontroller/base 13 | # Identifier for application manager to apply ownerReference. 14 | # The ownerReference ensures the resources get garbage collected 15 | # when application is deleted. 16 | commonLabels: 17 | application-crd-id: kubeflow-pipelines 18 | # !!! If you want to customize the namespace, 19 | # please also update base/cache-deployer/cluster-scoped/cache-deployer-clusterrolebinding.yaml 20 | namespace: kubeflow 21 | -------------------------------------------------------------------------------- /kserve/upstream/validatingwebhookconfiguration-trainedmodel.serving.kserve.io.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | cert-manager.io/inject-ca-from: kserve/serving-cert 6 | name: trainedmodel.serving.kserve.io 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1beta1 10 | clientConfig: 11 | caBundle: Cg== 12 | service: 13 | name: kserve-webhook-server-service 14 | namespace: kserve 15 | path: /validate-serving-kserve-io-v1alpha1-trainedmodel 16 | failurePolicy: Fail 17 | name: trainedmodel.kserve-webhook-server.validator 18 | rules: 19 | - apiGroups: 20 | - serving.kserve.io 21 | apiVersions: 22 | - v1alpha1 23 | operations: 24 | - CREATE 25 | - UPDATE 26 | resources: 27 | - trainedmodels 28 | sideEffects: None 29 | 30 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/metadata/overlays/db/patches/metadata-grpc-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /metadata-grpc-deployment 4 | name: metadata-grpc-deployment 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: container 10 | # Remove existing environment variables 11 | env: 12 | - $patch: replace 13 | envFrom: 14 | - configMapRef: 15 | name: metadata-db-parameters 16 | - secretRef: 17 | name: metadata-db-secrets 18 | - configMapRef: 19 | name: metadata-grpc-configmap 20 | args: ["--grpc_port=$(METADATA_GRPC_SERVICE_PORT)", "--mysql_config_host=$(MLMD_DB_HOST)", "--mysql_config_database=$(MYSQL_DATABASE)", "--mysql_config_port=$(MYSQL_PORT)", "--mysql_config_user=$(MYSQL_USER_NAME)", "--mysql_config_password=$(MYSQL_ROOT_PASSWORD)"] 21 | -------------------------------------------------------------------------------- /kserve/upstream/validatingwebhookconfiguration-inferenceservice.serving.kserve.io.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | annotations: 5 | cert-manager.io/inject-ca-from: kserve/serving-cert 6 | name: inferenceservice.serving.kserve.io 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1beta1 10 | clientConfig: 11 | caBundle: Cg== 12 | service: 13 | name: kserve-webhook-server-service 14 | namespace: kserve 15 | path: /validate-serving-kserve-io-v1beta1-inferenceservice 16 | failurePolicy: Fail 17 | name: inferenceservice.kserve-webhook-server.validator 18 | rules: 19 | - apiGroups: 20 | - serving.kserve.io 21 | apiVersions: 22 | - v1beta1 23 | operations: 24 | - CREATE 25 | - UPDATE 26 | resources: 27 | - inferenceservices 28 | sideEffects: None 29 | 30 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/installs/multi-user/api-service/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: # kpt-merge: /ml-pipeline 4 | name: ml-pipeline 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | - pods/log 11 | verbs: 12 | - get 13 | - list 14 | - delete 15 | - apiGroups: 16 | - argoproj.io 17 | resources: 18 | - workflows 19 | verbs: 20 | - create 21 | - get 22 | - list 23 | - watch 24 | - update 25 | - patch 26 | - delete 27 | - apiGroups: 28 | - kubeflow.org 29 | resources: 30 | - scheduledworkflows 31 | verbs: 32 | - create 33 | - get 34 | - list 35 | - update 36 | - patch 37 | - delete 38 | - apiGroups: 39 | - authorization.k8s.io 40 | resources: 41 | - subjectaccessreviews 42 | verbs: 43 | - create 44 | - apiGroups: 45 | - authentication.k8s.io 46 | resources: 47 | - tokenreviews 48 | verbs: 49 | - create 50 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: # kpt-merge: /viewers.kubeflow.org 4 | name: viewers.kubeflow.org 5 | spec: 6 | group: kubeflow.org 7 | names: 8 | kind: Viewer 9 | listKind: ViewerList 10 | plural: viewers 11 | singular: viewer 12 | shortNames: 13 | - vi 14 | scope: Namespaced 15 | versions: 16 | - name: v1beta1 17 | schema: 18 | openAPIV3Schema: 19 | properties: 20 | apiVersion: 21 | type: string 22 | kind: 23 | type: string 24 | metadata: 25 | type: object 26 | spec: 27 | type: object 28 | x-kubernetes-preserve-unknown-fields: true 29 | x-kubernetes-map-type: atomic 30 | required: 31 | - spec 32 | type: object 33 | served: true 34 | storage: true 35 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/azure/readme.md: -------------------------------------------------------------------------------- 1 | # KFP customizations for Azure 2 | 3 | This template provides a starting point to configure KFP to use an Azure hosted MySQL database, as well as an Azure Blob backed MinIO service. 4 | 5 | ## MySQL 6 | 7 | 1. [Create an Azure Database for MySQL](https://docs.microsoft.com/azure/mysql/quickstart-create-mysql-server-database-using-azure-portal). Ensure that it will allow connections from the Kubernetes cluster. 8 | 9 | 2. Substitute the server name into [params.env](./params.env), and the username and password into [mysql-secret.env](./mysql-secret.env) 10 | 11 | ## MinIO Gateway for Azure Blobstore 12 | 13 | 1. [Create an Azure Storage account](https://docs.microsoft.com/azure/storage/common/storage-account-create). Ensure that it will allow connections from the Kubernetes cluster. 14 | 15 | 2. Substitute the storage name and access key into [minio-artifact-secret.env](./minio-azure-gateway/minio-artifact-secret.env). 16 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: # kpt-merge: /ml-pipeline 4 | labels: 5 | app: ml-pipeline 6 | name: ml-pipeline 7 | rules: 8 | - apiGroups: 9 | - "" 10 | resources: 11 | - pods 12 | - pods/log 13 | verbs: 14 | - get 15 | - list 16 | - delete 17 | - apiGroups: 18 | - argoproj.io 19 | resources: 20 | - workflows 21 | verbs: 22 | - create 23 | - get 24 | - list 25 | - watch 26 | - update 27 | - patch 28 | - delete 29 | - apiGroups: 30 | - kubeflow.org 31 | resources: 32 | - scheduledworkflows 33 | verbs: 34 | - create 35 | - get 36 | - list 37 | - update 38 | - patch 39 | - delete 40 | - apiGroups: 41 | - authorization.k8s.io 42 | resources: 43 | - subjectaccessreviews 44 | verbs: 45 | - create 46 | - apiGroups: 47 | - authentication.k8s.io 48 | resources: 49 | - tokenreviews 50 | verbs: 51 | - create 52 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /ml-pipeline-viewer-crd 4 | labels: 5 | app: ml-pipeline-viewer-crd 6 | name: ml-pipeline-viewer-crd 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: ml-pipeline-viewer-crd 11 | template: 12 | metadata: 13 | labels: 14 | app: ml-pipeline-viewer-crd 15 | annotations: 16 | cluster-autoscaler.kubernetes.io/safe-to-evict: "true" 17 | spec: 18 | containers: 19 | - image: gcr.io/ml-pipeline/viewer-crd-controller:dummy 20 | imagePullPolicy: Always 21 | name: ml-pipeline-viewer-crd 22 | env: 23 | - name: MAX_NUM_VIEWERS 24 | value: "50" 25 | - name: MINIO_NAMESPACE 26 | valueFrom: 27 | fieldRef: 28 | fieldPath: metadata.namespace 29 | serviceAccountName: ml-pipeline-viewer-crd-service-account 30 | -------------------------------------------------------------------------------- /knative/net-istio/upstream/validatingwebhookconfiguration-config.webhook.istio.networking.internal.knative.dev.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: admissionregistration.k8s.io/v1 2 | kind: ValidatingWebhookConfiguration 3 | metadata: 4 | name: config.webhook.istio.networking.internal.knative.dev 5 | labels: 6 | app.kubernetes.io/component: net-istio 7 | app.kubernetes.io/name: knative-serving 8 | app.kubernetes.io/version: "1.3.0" 9 | serving.knative.dev/release: "v1.3.0" 10 | networking.knative.dev/ingress-provider: istio 11 | webhooks: 12 | - admissionReviewVersions: 13 | - v1 14 | - v1beta1 15 | clientConfig: 16 | service: 17 | name: net-istio-webhook 18 | namespace: knative-serving 19 | failurePolicy: Fail 20 | sideEffects: None 21 | name: config.webhook.istio.networking.internal.knative.dev 22 | objectSelector: 23 | matchLabels: 24 | app.kubernetes.io/name: knative-serving 25 | app.kubernetes.io/component: net-istio 26 | 27 | -------------------------------------------------------------------------------- /knative/crds/upstream/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - customresourcedefinition-certificates.networking.internal.knative.dev.yaml 5 | - customresourcedefinition-clusterdomainclaims.networking.internal.knative.dev.yaml 6 | - customresourcedefinition-configurations.serving.knative.dev.yaml 7 | - customresourcedefinition-domainmappings.serving.knative.dev.yaml 8 | - customresourcedefinition-images.caching.internal.knative.dev.yaml 9 | - customresourcedefinition-ingresses.networking.internal.knative.dev.yaml 10 | - customresourcedefinition-metrics.autoscaling.internal.knative.dev.yaml 11 | - customresourcedefinition-podautoscalers.autoscaling.internal.knative.dev.yaml 12 | - customresourcedefinition-revisions.serving.knative.dev.yaml 13 | - customresourcedefinition-routes.serving.knative.dev.yaml 14 | - customresourcedefinition-serverlessservices.networking.internal.knative.dev.yaml 15 | - customresourcedefinition-services.serving.knative.dev.yaml 16 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/transformation-service/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "transformation-service.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "transformation-service.name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | {{- with .Values.service.annotations }} 12 | annotations: 13 | {{ toYaml . | indent 4 }} 14 | {{- end }} 15 | spec: 16 | type: {{ .Values.service.type }} 17 | ports: 18 | - name: grpc 19 | port: {{ .Values.service.grpc.port }} 20 | targetPort: {{ .Values.service.grpc.targetPort }} 21 | {{- if .Values.service.grpc.nodePort }} 22 | nodePort: {{ .Values.service.grpc.nodePort }} 23 | {{- end }} 24 | selector: 25 | app: {{ template "transformation-service.name" . }} 26 | component: serving 27 | release: {{ .Release.Name }} 28 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/configmap-datacatalog-config-64k8dg9gck.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | db.yaml: | 4 | database: 5 | port: 5432 6 | username: postgres 7 | host: postgres 8 | dbname: datacatalog 9 | options: sslmode=disable 10 | logger.yaml: | 11 | logger: 12 | show-source: true 13 | level: 2 14 | server.yaml: | 15 | datacatalog: 16 | storage-prefix: metadata/datacatalog 17 | metrics-scope: "datacatalog" 18 | profiler-port: 10254 19 | application: 20 | grpcPort: 8089 21 | storage.yaml: |+ 22 | storage: 23 | type: minio 24 | connection: 25 | access-key: minio 26 | auth-type: accesskey 27 | secret-key: miniostorage 28 | disable-ssl: true 29 | endpoint: http://minio.flyte.svc.cluster.local:9000 30 | region: us-east-1 31 | container: "my-s3-bucket" 32 | 33 | kind: ConfigMap 34 | metadata: 35 | name: datacatalog-config-64k8dg9gck 36 | namespace: flyte 37 | 38 | -------------------------------------------------------------------------------- /feast/feast-charts/charts/feast/charts/feature-server/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "feature-server.fullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | app: {{ template "feature-server.name" . }} 8 | component: serving 9 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | type: Opaque 13 | stringData: 14 | application-secret.yaml: | 15 | {{- if index .Values "application-secret.yaml" "feast" }} 16 | feast: {{- toYaml (index .Values "application-secret.yaml" "feast") | nindent 6 }} 17 | {{- end }} 18 | {{- if index .Values "application-secret.yaml" "rest" }} 19 | rest: {{- toYaml (index .Values "application-secret.yaml" "rest") | nindent 6 }} 20 | {{- end }} 21 | {{- if index .Values "application-secret.yaml" "grpc" }} 22 | grpc: {{- toYaml (index .Values "application-secret.yaml" "grpc") | nindent 6 }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/viewer-pod-template.json: -------------------------------------------------------------------------------- 1 | { 2 | "spec": { 3 | "containers": [ 4 | { 5 | "env": [ 6 | { 7 | "name": "AWS_ACCESS_KEY_ID", 8 | "valueFrom": { 9 | "secretKeyRef": { 10 | "name": "mlpipeline-minio-artifact", 11 | "key": "accesskey" 12 | } 13 | } 14 | }, 15 | { 16 | "name": "AWS_SECRET_ACCESS_KEY", 17 | "valueFrom": { 18 | "secretKeyRef": { 19 | "name": "mlpipeline-minio-artifact", 20 | "key": "secretkey" 21 | } 22 | } 23 | }, 24 | { 25 | "name": "AWS_REGION", 26 | "valueFrom": { 27 | "configMapKeyRef": { 28 | "name": "pipeline-install-config", 29 | "key": "minioServiceRegion" 30 | } 31 | } 32 | } 33 | ] 34 | } 35 | ] 36 | } 37 | } -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: # kpt-merge: /minio 4 | name: minio 5 | labels: 6 | app: minio 7 | spec: 8 | containers: 9 | - name: main 10 | image: minio/minio:RELEASE.2019-12-17T23-16-33Z 11 | env: 12 | - name: MINIO_ACCESS_KEY 13 | value: admin 14 | - name: MINIO_SECRET_KEY 15 | value: password 16 | ports: 17 | - containerPort: 9000 18 | command: [minio, server, /data] 19 | lifecycle: 20 | postStart: 21 | exec: 22 | command: [mkdir, -p, /data/my-bucket] 23 | readinessProbe: 24 | httpGet: 25 | path: /minio/health/ready 26 | port: 9000 27 | initialDelaySeconds: 5 28 | periodSeconds: 10 29 | livenessProbe: 30 | httpGet: 31 | path: /minio/health/live 32 | port: 9000 33 | initialDelaySeconds: 5 34 | periodSeconds: 10 35 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/env/aws/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | bases: 5 | - ../../env/platform-agnostic 6 | configMapGenerator: 7 | - name: pipeline-install-config 8 | env: params.env 9 | behavior: merge 10 | - name: workflow-controller-configmap 11 | behavior: replace 12 | files: 13 | - config 14 | - name: ml-pipeline-ui-configmap 15 | behavior: replace 16 | files: 17 | - viewer-pod-template.json 18 | secretGenerator: 19 | - name: mysql-secret 20 | env: secret.env 21 | behavior: merge 22 | - name: mlpipeline-minio-artifact 23 | env: minio-artifact-secret-patch.env 24 | behavior: merge 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | patchesStrategicMerge: 28 | - aws-configuration-patch.yaml 29 | # Identifier for application manager to apply ownerReference. 30 | # The ownerReference ensures the resources get garbage collected 31 | # when application is deleted. 32 | commonLabels: 33 | application-crd-id: kubeflow-pipelines 34 | -------------------------------------------------------------------------------- /flyte-sandbox/upstream/deployment-flyteconsole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: flyteconsole 6 | name: flyteconsole 7 | namespace: flyte 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: flyteconsole 13 | template: 14 | metadata: 15 | labels: 16 | app: flyteconsole 17 | app.kubernetes.io/name: flyteconsole 18 | app.kubernetes.io/version: 0.19.0 19 | spec: 20 | containers: 21 | - envFrom: 22 | - configMapRef: 23 | name: flyte-console-config 24 | image: cr.flyte.org/flyteorg/flyteconsole:v0.43.0 25 | name: flyteconsole 26 | ports: 27 | - containerPort: 8080 28 | volumeMounts: 29 | - mountPath: /srv/flyte 30 | name: shared-data 31 | securityContext: 32 | fsGroupChangePolicy: Always 33 | runAsUser: 1000 34 | volumes: 35 | - emptyDir: {} 36 | name: shared-data 37 | 38 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/third-party/prometheus/prometheus-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: # kpt-merge: /prometheus 4 | name: prometheus 5 | labels: 6 | app: prometheus 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: prometheus 12 | template: 13 | metadata: 14 | labels: 15 | app: prometheus 16 | spec: 17 | containers: 18 | - name: prometheus 19 | image: prom/prometheus 20 | volumeMounts: 21 | - name: config-volume 22 | mountPath: /etc/prometheus/prometheus.yml 23 | subPath: prometheus.yml 24 | args: ["--storage.tsdb.retention.time=7d", # Adjust retention policy if necessary 25 | "--storage.tsdb.retention.size=1GB", "--config.file=/etc/prometheus/prometheus.yml"] 26 | ports: 27 | - containerPort: 9090 28 | volumes: 29 | - name: config-volume 30 | configMap: 31 | name: prometheus-configmap 32 | serviceAccountName: prometheus 33 | -------------------------------------------------------------------------------- /kubeflow/pipelines/upstream/cluster-scoped-resources/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeflow 4 | resources: 5 | - namespace.yaml 6 | bases: 7 | - ../third-party/application/cluster-scoped 8 | - ../third-party/argo/installs/namespace/cluster-scoped 9 | - ../base/pipeline/cluster-scoped 10 | - ../base/cache-deployer/cluster-scoped 11 | vars: 12 | # NOTE: var name must be unique globally to allow composition of multiple kustomize 13 | # packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from 14 | # others. 15 | - name: kfp-cluster-scoped-namespace 16 | objref: 17 | # cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml 18 | # so that we only need to change kustomization.yaml's namespace field for namespace customization. 19 | kind: ServiceAccount 20 | name: kubeflow-pipelines-cache-deployer-sa 21 | apiVersion: v1 22 | fieldref: 23 | fieldpath: metadata.namespace 24 | configurations: 25 | - params.yaml 26 | --------------------------------------------------------------------------------