├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── .kube-linter.yaml ├── LICENSE ├── Makefile ├── OWNERS ├── README.md ├── RELEASE.md ├── ceph ├── README.md └── object-storage │ ├── nano │ └── base │ │ ├── kustomization.yaml │ │ ├── secret-rbac.yaml │ │ ├── service-account.yaml │ │ ├── service.yaml │ │ └── statefulset.yaml │ └── scc │ └── base │ ├── kustomization.yaml │ ├── params.env │ ├── params.yaml │ └── securitycontextconstraint.yaml ├── codeflare-stack ├── OWNERS ├── README.md ├── base │ ├── codeflare-notebook-imagestream.yaml │ ├── instascale.yaml │ ├── kustomization.yaml │ ├── mcad.yaml │ ├── params.env │ └── params.yaml └── rbac │ ├── kustomization.yaml │ ├── mcad-controller-ray-clusterrole.yaml │ └── mcad-controller-ray-clusterrolebinding.yaml ├── data-science-pipelines-operator ├── OWNERS ├── README.md ├── base │ ├── kustomization.yaml │ ├── params.env │ └── params.yaml ├── configmaps │ ├── files │ │ └── config.yaml │ └── kustomization.yaml ├── crd │ ├── bases │ │ ├── datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml │ │ └── scheduledworkflows.yaml │ ├── external │ │ ├── monitoring.coreos.com_servicemonitors.yaml │ │ └── route.openshift.io_routes.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── manager │ ├── kustomization.yaml │ ├── manager-service.yaml │ └── manager.yaml ├── manifests │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── aggregate_dspa_role.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml └── samples │ ├── custom-configs │ ├── artifact_script.yaml │ ├── db-creds.yaml │ ├── dspa.yaml │ ├── kustomization.yaml │ ├── storage-creds.yaml │ └── ui-configmap.yaml │ ├── dspa_all_fields.yaml │ ├── dspa_simple.yaml │ ├── dspa_simple_external_storage.yaml │ └── kustomization.yaml ├── docs └── adr │ ├── 0000-odh-release-policy.md │ ├── README.md │ └── template.md ├── grafana ├── README.md ├── cluster │ └── base │ │ ├── kustomization.yaml │ │ └── subscription.yaml ├── grafana │ └── base │ │ ├── argo-dashboards │ │ ├── argo-dashboard.yaml │ │ └── kustomization.yaml │ │ ├── datasource.yaml │ │ ├── grafana.yaml │ │ ├── kafka-dashboards │ │ ├── kafka-dashboard.yaml │ │ └── kustomization.yaml │ │ ├── kustomization.yaml │ │ └── odh-notebook-controller-dashboards │ │ ├── kustomization.yaml │ │ └── odh-notebook-controller-dashboard.yaml └── tests │ └── grafana.sh ├── kfdef ├── codeflare-stack-kfdef.yaml ├── odh-core.yaml └── ray-minimal-kfdef.yaml ├── kserve ├── OWNERS ├── README.md ├── base │ ├── inferenceservice-config-patch.yaml │ ├── kserve-controller-manager-patch.yaml │ ├── kustomization.yaml │ ├── params.env │ └── params.yaml ├── hack │ ├── build-kserve-manifests.sh │ └── kustomization.yaml └── kserve-built │ ├── kserve-built.yaml │ └── kustomization.yaml ├── model-mesh ├── OWNERS ├── README.md ├── base │ ├── kustomization.yaml │ └── params.env ├── odh-model-controller │ ├── base │ │ └── kustomization.yaml │ ├── default │ │ └── kustomization.yaml │ ├── manager │ │ ├── controller_manager_config.yaml │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── overlays │ │ └── odh │ │ │ ├── kustomization.yaml │ │ │ ├── odh_model_controller_manager_patch.yaml │ │ │ └── params.yaml │ ├── prometheus │ │ ├── kustomization.yaml │ │ └── monitor.yaml │ └── rbac │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── kserve_prometheus_clusterrole.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── role.yaml │ │ ├── role_binding.yaml │ │ └── service_account.yaml └── odh-modelmesh-controller │ ├── base │ └── kustomization.yaml │ ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml │ ├── crd │ ├── bases │ │ ├── serving.kserve.io_clusterservingruntimes.yaml │ │ ├── serving.kserve.io_inferenceservices.yaml │ │ ├── serving.kserve.io_predictors.yaml │ │ └── serving.kserve.io_servingruntimes.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_predictors.yaml │ │ ├── cainjection_in_servingruntimes.yaml │ │ ├── webhook_in_predictors.yaml │ │ └── webhook_in_servingruntimes.yaml │ ├── dashboard │ └── ModelMeshMetricsDashboard.json │ ├── default │ ├── config-defaults.yaml │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_webhook_patch.yaml │ ├── metadataLabelTransformer.yaml │ ├── storage-secret.yaml │ └── webhookcainjection_patch.yaml │ ├── dependencies │ ├── fvt.yaml │ ├── minio-storage-secret.yaml │ ├── nfs-provisioner-subs.yaml │ ├── nfs-provisioner.yaml │ └── quickstart.yaml │ ├── example-isvcs │ ├── example-keras-mnist-isvc.yaml │ ├── example-lightgbm-mushroom-isvc.yaml │ ├── example-mlserver-sklearn-mnist-isvc.yaml │ ├── example-onnx-mnist-isvc.yaml │ ├── example-pytorch-cifar-isvc.yaml │ ├── example-tensorflow-mnist-isvc.yaml │ └── example-xgboost-mushroom-isvc.yaml │ ├── example-predictors │ ├── example-keras-mnist-predictor.yaml │ ├── example-lightgbm-mushroom-predictor.yaml │ ├── example-mlserver-sklearn-mnist-predictor.yaml │ ├── example-onnx-mnist-predictor.yaml │ ├── example-pytorch-cifar-predictor.yaml │ ├── example-tensorflow-mnist-predictor.yaml │ └── example-xgboost-mushroom-predictor.yaml │ ├── internal │ └── base │ │ └── deployment.yaml.tmpl │ ├── manager │ ├── kustomization.yaml │ └── manager.yaml │ ├── namespace-runtimes │ └── kustomization.yaml │ ├── overlays │ └── odh │ │ ├── kustomization.yaml │ │ ├── manager │ │ ├── kustomization.yaml │ │ └── service.yaml │ │ ├── params.yaml │ │ ├── quickstart.yaml │ │ ├── rbac │ │ ├── kustomization.yaml │ │ ├── networkpolicy_etcd.yaml │ │ ├── remove_networkpolicy_rumtime_patch.yaml │ │ ├── role_apps_metrics_access.yaml │ │ └── user_cluster_roles.yaml │ │ └── scripts │ │ ├── enable_auth.sh │ │ └── kustomization.yaml │ ├── prometheus │ ├── kustomization.yaml │ ├── monitor.yaml │ └── servicemonitor.yaml │ ├── rbac │ ├── cluster-scope │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── common │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── inferenceservice_editor_role.yaml │ │ ├── inferenceservice_viewer_role.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── modelmesh-service-account.yaml │ │ ├── modelmesh-serving-service-account.yaml │ │ ├── networkpolicy-controller.yaml │ │ ├── networkpolicy-runtimes.yaml │ │ ├── networkpolicy-webhook.yaml │ │ ├── predictor_editor_role.yaml │ │ ├── predictor_viewer_role.yaml │ │ ├── restricted_scc_role.yaml │ │ ├── restricted_scc_role_binding.yaml │ │ ├── service-account.yaml │ │ ├── servingruntime_editor_role.yaml │ │ └── servingruntime_viewer_role.yaml │ └── namespace-scope │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── runtimes │ ├── kustomization.yaml │ ├── mlserver-1.x.yaml │ ├── ovms-1.x.yaml │ ├── torchserve-0.x.yaml │ └── triton-2.x.yaml │ ├── samples │ ├── kustomization.yaml │ ├── predictor_custom_complete.yaml │ ├── predictor_mlserver.yaml │ ├── predictor_tf_minimal.yaml │ ├── serving_v1beta1_inferenceservice.yaml │ ├── servingruntime_custom.yaml │ └── servingruntime_pullerless.yaml │ └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── modelmesh-monitoring └── base │ ├── kustomization.yaml │ ├── params.env │ ├── params.yaml │ ├── prometheus-operator │ ├── kustomization.yaml │ ├── rbac │ │ ├── clusterrole_odh-prometheus-operator.yaml │ │ ├── clusterrolebinding_odh-prometheus-operator.yaml │ │ └── kustomization.yaml │ └── serviceaccount.yaml │ ├── prometheus │ ├── kustomization.yaml │ ├── odh-prometheus.yaml │ ├── rbac │ │ ├── clusterrole_odh-namespace-read.yaml │ │ ├── clusterrole_prometheus-k8s.yaml │ │ ├── clusterrole_prometheus_token_access.yaml │ │ ├── clusterrolebinding_odh-model-monitoring.yaml │ │ └── kustomization.yaml │ ├── route.yaml │ ├── secret.yaml │ ├── service.yaml │ └── serviceaccount.yaml │ └── servicemonitors │ ├── kustomization.yaml │ └── modelmesh-federated-metrics.yaml ├── must-gather ├── Dockerfile ├── Makefile ├── README.md └── collection-scripts │ ├── gather │ ├── gather-data-science-pipelines │ ├── gather-model-mesh │ └── gather-notebooks ├── notebook-images ├── OWNERS ├── base │ ├── jupyter-datascience-notebook-imagestream.yaml │ ├── jupyter-minimal-gpu-notebook-imagestream.yaml │ ├── jupyter-minimal-notebook-imagestream.yaml │ ├── jupyter-pytorch-notebook-imagestream.yaml │ ├── jupyter-tensorflow-notebook-imagestream.yaml │ ├── jupyter-trustyai-notebook-imagestream.yaml │ ├── kustomization.yaml │ ├── params.env │ └── params.yaml └── overlays │ └── additional │ ├── README.md │ ├── code-server-notebook-imagestream.yaml │ ├── kustomization.yaml │ ├── rstudio-gpu-notebook-imagestream.yaml │ └── rstudio-notebook-imagestream.yaml ├── odh-common └── base │ ├── kustomization.yaml │ ├── operatorgroup.yaml │ ├── params.env │ └── params.yaml ├── odh-dashboard ├── OWNERS ├── README.md ├── apps │ ├── jupyter │ │ ├── create-jupyter-notebook-quickstart.yaml │ │ ├── deploy-python-model-quickstart.yaml │ │ ├── jupyter-app.yaml │ │ ├── jupyter-docs.yaml │ │ ├── jupyterhub-app.yaml │ │ └── kustomization.yaml │ └── kustomization.yaml ├── base │ ├── auth-delegator.clusterrolebinding.yaml │ ├── cluster-monitoring-role-binding.yaml │ ├── cluster-role-binding.yaml │ ├── cluster-role.yaml │ ├── deployment.yaml │ ├── fetch-builds-and-images.rbac.yaml │ ├── image-puller.clusterrolebinding.yaml │ ├── kustomization.yaml │ ├── model-serving-role-binding.yaml │ ├── model-serving-role.yaml │ ├── oauth.secret.yaml │ ├── role-binding.yaml │ ├── role.yaml │ ├── routes.yaml │ ├── service-account.yaml │ └── service.yaml ├── crd │ ├── acceleratorprofiles.opendatahub.io.crd.yaml │ ├── kustomization.yaml │ ├── odhapplications.dashboard.opendatahub.io.crd.yaml │ ├── odhdashboardconfigs.opendatahub.io.crd.yaml │ ├── odhdocuments.dashboard.opendatahub.io.crd.yaml │ └── odhquickstarts.console.openshift.io.crd.yaml ├── kfdef │ ├── README.md │ └── odh-dashboard-kfnbc-test.yaml └── modelserving │ ├── kustomization.yaml │ ├── ovms-gpu-ootb.yaml │ └── ovms-ootb.yaml ├── odh-model-controller ├── base │ ├── kustomization.yaml │ └── params.env ├── default │ └── kustomization.yaml ├── manager │ ├── controller_manager_config.yaml │ ├── kustomization.yaml │ └── manager.yaml ├── overlays │ └── odh │ │ ├── kustomization.yaml │ │ ├── odh_model_controller_manager_patch.yaml │ │ └── params.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml └── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── kserve_prometheus_clusterrole.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── odh-notebook-controller ├── OWNERS ├── README.md ├── assets │ └── odh-notebook-controller-oauth-diagram.png ├── base │ └── kustomization.yaml ├── gen_kubeflow_manifests.sh ├── gen_odh_manifests.sh ├── kf-notebook-controller │ ├── base │ │ └── kustomization.yaml │ ├── crd │ │ ├── bases │ │ │ └── kubeflow.org_notebooks.yaml │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── patches │ │ │ ├── cainjection_in_notebooks.yaml │ │ │ ├── trivial_conversion_patch.yaml │ │ │ └── webhook_in_notebooks.yaml │ ├── default │ │ └── kustomization.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ ├── manager.yaml │ │ ├── params.env │ │ ├── service-account.yaml │ │ └── service.yaml │ ├── overlays │ │ └── openshift │ │ │ ├── kustomization.yaml │ │ │ ├── manager_openshift_patch.yaml │ │ │ ├── manager_service_openshift_patch.yaml │ │ │ └── remove_namespace_patch.yaml │ └── rbac │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ ├── role_binding.yaml │ │ └── user_cluster_roles.yaml └── odh-notebook-controller │ ├── base │ └── kustomization.yaml │ ├── default │ ├── kustomization.yaml │ └── webhook_manager_patch.yaml │ ├── manager │ ├── kustomization.yaml │ ├── manager.yaml │ └── service.yaml │ ├── rbac │ ├── kustomization.yaml │ ├── role.yaml │ ├── role_binding.yaml │ ├── service_account.yaml │ └── user_cluster_roles.yaml │ └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── openshift-pipelines ├── README.md └── cluster │ └── base │ ├── kustomization.yaml │ └── subscription.yaml ├── prometheus ├── README.md ├── cluster │ └── base │ │ ├── kustomization.yaml │ │ └── subscription.yaml └── operator │ ├── base │ ├── cluster-metrics-servicemonitor.yaml │ ├── cluster-monitoring-role-binding.yaml │ ├── cluster-monitoring-role.yaml │ ├── kafka-podmonitors.yaml │ ├── kustomization.yaml │ ├── params.yaml │ ├── prometheus-monitoring-role-binding.yaml │ ├── prometheus-monitoring-role.yaml │ ├── prometheus.yaml │ ├── route.yaml │ ├── secrets │ │ ├── kustomization.yaml │ │ └── prometheus-k8s.yaml │ └── service-monitors │ │ ├── application-service-monitor.yaml │ │ ├── kustomization.yaml │ │ └── operator-service-monitor.yaml │ └── overlays │ └── kubeflow │ ├── kubeflow-servicemonitor.yaml │ └── kustomization.yaml ├── ray ├── OWNERS ├── README.md └── operator │ ├── base │ ├── kustomization.yaml │ ├── params.env │ └── params.yaml │ ├── crd │ ├── bases │ │ ├── ray.io_rayclusters.yaml │ │ ├── ray.io_rayjobs.yaml │ │ └── ray.io_rayservices.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml │ ├── manager │ ├── kustomization.yaml │ ├── manager.yaml │ └── service.yaml │ ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml │ ├── rbac │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── ray_rayjob_editor_role.yaml │ ├── ray_rayjob_viewer_role.yaml │ ├── ray_rayservice_editor_role.yaml │ ├── ray_rayservice_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml │ └── scc │ ├── kustomization.yaml │ └── ray_operator_scc.yaml ├── tests ├── Dockerfile ├── Makefile ├── Pipfile ├── Pipfile.lock ├── README.md ├── TESTING.md ├── basictests │ ├── codeflare-stack.sh │ ├── dashboard.sh │ ├── dsp-operator.sh │ ├── modelmesh.sh │ ├── odh-notebook-controller.sh │ ├── openshift-pipelines.sh │ ├── prometheus.sh │ ├── ray.sh │ └── trustyai.sh ├── resources │ ├── codeflare-stack │ │ ├── codeflare-operator-system-dependencies.yaml │ │ ├── codeflare-stack-kfdef.yaml │ │ ├── codeflare-subscription.yaml │ │ ├── custom-nb-small.yaml │ │ ├── mcad-mnist-tests-Containerfile │ │ ├── mnist.py │ │ ├── mnist_mcad_mini.ipynb │ │ ├── mnist_ray_mini.ipynb │ │ ├── requirements.txt │ │ └── util │ ├── dsp-operator │ │ ├── enable-uwm.yaml │ │ ├── test-dspo-cr.yaml │ │ └── test-pipeline-run.yaml │ ├── htpasswd.secret.yaml │ ├── modelmesh │ │ ├── enable-uwm.yaml │ │ ├── openvino-inference-service.yaml │ │ ├── openvino-serving-runtime.yaml │ │ ├── ovms-input.json │ │ ├── sample-minio.yaml │ │ └── service_account.yaml │ ├── notebook-controller │ │ ├── notebooks │ │ │ ├── cuda-jupyter-minimal-ubi8-python-3-8.yaml │ │ │ ├── cuda-jupyter-minimal-ubi9-python-3-9.yaml │ │ │ ├── cuda-jupyter-pytorch-ubi8-python-3-8.yaml │ │ │ ├── cuda-jupyter-pytorch-ubi9-python-3-9.yaml │ │ │ ├── cuda-jupyter-tensorflow-ubi8-python-3-8.yaml │ │ │ ├── cuda-jupyter-tensorflow-ubi9-python-3-9.yaml │ │ │ ├── jupyter-datascience-ubi8-python-3-8.yaml │ │ │ ├── jupyter-datascience-ubi9-python-3-9.yaml │ │ │ ├── jupyter-minimal-ubi8-python-3-8.yaml │ │ │ ├── jupyter-minimal-ubi9-python-3-9.yaml │ │ │ ├── jupyter-trustyai-ubi9-python-3-9.yaml │ │ │ └── kubeflow-jupyter-oauth-notebook.yaml │ │ └── prometheus-mock-exporter.yaml │ ├── oauth-patch.htpasswd.json │ ├── odh-dashboard │ │ └── crd │ │ │ ├── kustomization.yaml │ │ │ ├── odh-application-crd.yaml │ │ │ ├── odh-dashboard-crd.yaml │ │ │ ├── odh-document-crd.yaml │ │ │ └── odh-quick-start-crd.yaml │ ├── ods-ci │ │ ├── test-odh-dashboard-jupyterlab-notebook.robot │ │ └── test-variables.yml │ ├── openshift-pipelines │ │ ├── pipeline-hello-world.yaml │ │ ├── pipelinerun-hello-world.yaml │ │ └── task-hello-world.yaml │ ├── ray │ │ ├── image_definition │ │ │ ├── Containerfile │ │ │ ├── Makefile │ │ │ ├── ray_tests.py │ │ │ └── requirements.txt │ │ ├── ray-minimal-kfdef.yaml │ │ └── ray │ │ │ ├── ray-simple-test.yaml │ │ │ └── ray-test-cluster-test.yaml │ └── trustyai │ │ ├── data.json │ │ ├── minio_sklearn_mlserver_model.yaml │ │ ├── odh-mlserver-1.x.yaml │ │ ├── sample-minio.yaml │ │ ├── secret.yaml │ │ ├── trustyai_crd.yaml │ │ ├── trustyai_operator_configmap.yaml │ │ └── trustyai_operator_kfdef.yaml ├── scripts │ ├── install.sh │ └── installandtest.sh ├── setup │ ├── odh-core.yaml │ ├── operatorsetup │ └── pipelines-op-setup └── util ├── trustyai-service-operator ├── OWNERS ├── README.md ├── base │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_config_patch.yaml │ ├── params.env │ └── params.yaml ├── crd │ ├── bases │ │ └── trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_trustyaiservices.yaml │ │ └── webhook_in_trustyaiservices.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ ├── service_account.yaml │ ├── trustyaiservice_editor_role.yaml │ └── trustyaiservice_viewer_role.yaml └── scorecard │ ├── bases │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ ├── basic.config.yaml │ └── olm.config.yaml └── version.py /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: kind/bug 6 | assignees: '' 7 | --- 8 | 9 | **Describe the bug** 10 | A clear and concise description of what the bug is and how often it occurs 11 | 12 | **Steps To Reproduce** 13 | Steps to reproduce the behavior: 14 | 1. Go to '...' 15 | 2. Click on '....' 16 | 3. Scroll down to '....' 17 | 4. See error 18 | 19 | **Expected behavior** 20 | A clear and concise description of what you expected to happen. 21 | 22 | **Workaround (if any)** 23 | Any manual steps that allow you to resolve the issue 24 | 25 | **Open Data Hub Version** 26 | Please attach relevant kfdef manifest if applicable 27 | 28 | **OpenShift Version** 29 | Version #: 30 | Provider (Baremetal, OpenStack, RHV, AWS, OKD, CodeReady Containers, ...): 31 | 32 | **Additional context** 33 | Add any other context about the problem here. 34 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: kind/enhancement 6 | assignees: '' 7 | --- 8 | **Is your feature request related to a problem? Please describe.** 9 | A clear and concise description of what the problem is. Example. Instead of [CURRENT FEATURE], I think it would be helpful to implement [EXPLANATION OF NEW FEATURE]. 10 | 11 | **Describe the solution you'd like** 12 | A clear and concise description of what you want to happen. 13 | 14 | **Describe alternatives you've considered** 15 | A clear and concise description of any alternative solutions or features you've considered. 16 | 17 | **Additional context** 18 | Add any other context or screenshots about the feature request here. 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | kfdef/.cache/ 2 | kfdef/kustomize/ 3 | tests/kubeconfig 4 | tests/artifacts 5 | .idea 6 | .DS_STORE 7 | -------------------------------------------------------------------------------- /.kube-linter.yaml: -------------------------------------------------------------------------------- 1 | checks: 2 | ignorePaths: 3 | - .github/ 4 | - tests/ 5 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # Each list is sorted alphabetically, additions should maintain that order 2 | approvers: 3 | - anishasthana 4 | - lavlas 5 | - VaishnaviHire 6 | 7 | reviewers: 8 | - anishasthana 9 | - lavlas 10 | - VaishnaviHire 11 | -------------------------------------------------------------------------------- /ceph/object-storage/nano/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - service-account.yaml 6 | - service.yaml 7 | - statefulset.yaml 8 | - secret-rbac.yaml 9 | 10 | commonLabels: 11 | opendatahub.io/component: "true" 12 | component.opendatahub.io/name: ceph-nano 13 | app.kubernetes.io/part-of: ceph-nano 14 | 15 | images: 16 | - name: ceph/daemon 17 | newTag: v0.7 18 | newName: quay.io/ceph/cn-core 19 | - name: oc 20 | newName: quay.io/openshift/origin-cli 21 | -------------------------------------------------------------------------------- /ceph/object-storage/nano/base/secret-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: ceph-nano-secrets 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - secrets 11 | verbs: 12 | - create 13 | - get 14 | - list 15 | - patch 16 | - update 17 | --- 18 | apiVersion: rbac.authorization.k8s.io/v1 19 | kind: RoleBinding 20 | metadata: 21 | name: ceph-nano-secrets 22 | roleRef: 23 | apiGroup: rbac.authorization.k8s.io 24 | kind: Role 25 | name: ceph-nano-secrets 26 | subjects: 27 | - kind: ServiceAccount 28 | name: ceph-nano 29 | -------------------------------------------------------------------------------- /ceph/object-storage/nano/base/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | creationTimestamp: null 5 | name: ceph-nano 6 | -------------------------------------------------------------------------------- /ceph/object-storage/nano/base/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: ceph-nano 5 | labels: 6 | app: ceph 7 | daemon: nano 8 | spec: 9 | ports: 10 | - name: cn-s3 11 | port: 80 12 | protocol: TCP 13 | targetPort: 8000 14 | selector: 15 | app: ceph 16 | daemon: nano 17 | --- 18 | # This service is a workaround for the fact that cn-core hardcodes the radosgw to pod hostname 19 | # With this any pod in the namespace can set the s3 endpoint to http://ceph-nano-0 20 | apiVersion: v1 21 | kind: Service 22 | metadata: 23 | name: ceph-nano-0 24 | labels: 25 | app: ceph 26 | daemon: nano 27 | spec: 28 | ports: 29 | - name: cn-s3 30 | port: 80 31 | protocol: TCP 32 | targetPort: 8000 33 | selector: 34 | app: ceph 35 | daemon: nano 36 | -------------------------------------------------------------------------------- /ceph/object-storage/scc/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - securitycontextconstraint.yaml 6 | 7 | commonLabels: 8 | opendatahub.io/component: "true" 9 | component.opendatahub.io/name: ceph-nano 10 | app.kubernetes.io/part-of: ceph-nano 11 | 12 | configMapGenerator: 13 | - name: ceph-nano-parameters 14 | env: params.env 15 | 16 | generatorOptions: 17 | disableNameSuffixHash: true 18 | 19 | vars: 20 | - name: namespace 21 | objref: 22 | kind: ConfigMap 23 | name: ceph-nano-parameters 24 | apiVersion: v1 25 | fieldref: 26 | fieldpath: metadata.namespace 27 | 28 | configurations: 29 | - params.yaml 30 | 31 | -------------------------------------------------------------------------------- /ceph/object-storage/scc/base/params.env: -------------------------------------------------------------------------------- 1 | namespace= 2 | -------------------------------------------------------------------------------- /ceph/object-storage/scc/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: metadata/name 3 | kind: SecurityContextConstraints 4 | apiGroup: security.openshift.io 5 | - path: users 6 | kind: SecurityContextConstraints 7 | apiGroup: security.openshift.io 8 | -------------------------------------------------------------------------------- /ceph/object-storage/scc/base/securitycontextconstraint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.openshift.io/v1 2 | kind: SecurityContextConstraints 3 | metadata: 4 | annotations: 5 | kubernetes.io/description: ceph-nano-anyuid provides all features of the restricted SCC 6 | but allows users to run with any UID and any GID. 7 | name: ceph-nano-anyuid-$(namespace) 8 | allowHostDirVolumePlugin: false 9 | allowHostIPC: false 10 | allowHostNetwork: false 11 | allowHostPID: false 12 | allowHostPorts: false 13 | allowPrivilegeEscalation: true 14 | allowPrivilegedContainer: false 15 | allowedCapabilities: null 16 | defaultAddCapabilities: null 17 | fsGroup: 18 | type: RunAsAny 19 | groups: [] 20 | priority: 10 21 | readOnlyRootFilesystem: false 22 | requiredDropCapabilities: 23 | - MKNOD 24 | runAsUser: 25 | type: RunAsAny 26 | seLinuxContext: 27 | type: MustRunAs 28 | supplementalGroups: 29 | type: RunAsAny 30 | users: 31 | - system:serviceaccount:$(namespace):ceph-nano 32 | volumes: 33 | - configMap 34 | - downwardAPI 35 | - emptyDir 36 | - persistentVolumeClaim 37 | - projected 38 | - secret 39 | -------------------------------------------------------------------------------- /codeflare-stack/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - anishasthana 3 | - jbusche 4 | - kpostoffice 5 | - maxusmusti 6 | - MichaelClifford 7 | - tedhtchang 8 | reviewers: 9 | - anishasthana 10 | - jbusche 11 | - kpostoffice 12 | - maxusmusti 13 | - MichaelClifford 14 | - tedhtchang 15 | -------------------------------------------------------------------------------- /codeflare-stack/base/codeflare-notebook-imagestream.yaml: -------------------------------------------------------------------------------- 1 | kind: ImageStream 2 | apiVersion: image.openshift.io/v1 3 | metadata: 4 | name: codeflare-notebook 5 | labels: 6 | opendatahub.io/notebook-image: 'true' 7 | annotations: 8 | opendatahub.io/notebook-image-name: "CodeFlare Notebook" 9 | opendatahub.io/notebook-image-desc: "Custom Jupyter notebook image with codeflare SDK, Python 3.8, Ray 2.1.0 and PyTorch 1.12.1" 10 | spec: 11 | lookupPolicy: 12 | local: true 13 | tags: 14 | - annotations: 15 | openshift.io/imported-from: quay.io/project-codeflare/notebook 16 | name: v0.7.1 17 | from: 18 | kind: DockerImage 19 | name: quay.io/project-codeflare/notebook:v0.7.1 20 | importPolicy: 21 | scheduled: true 22 | -------------------------------------------------------------------------------- /codeflare-stack/base/instascale.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: codeflare.codeflare.dev/v1alpha1 2 | kind: InstaScale 3 | metadata: 4 | name: instascale 5 | spec: 6 | maxScaleoutAllowed: 15 7 | -------------------------------------------------------------------------------- /codeflare-stack/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | configMapGenerator: 5 | - name: codeflare-stack-config 6 | envs: 7 | - params.env 8 | configurations: 9 | - params.yaml 10 | 11 | vars: 12 | - name: namespace 13 | objref: 14 | kind: ConfigMap 15 | name: codeflare-stack-config 16 | apiVersion: v1 17 | fieldref: 18 | fieldpath: data.namespace 19 | 20 | resources: 21 | - codeflare-notebook-imagestream.yaml 22 | - instascale.yaml 23 | - mcad.yaml 24 | - ../rbac 25 | -------------------------------------------------------------------------------- /codeflare-stack/base/mcad.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: codeflare.codeflare.dev/v1alpha1 2 | kind: MCAD 3 | metadata: 4 | name: mcad 5 | spec: 6 | agentConfigs: 'null' 7 | dispatcherMode: false 8 | enableMonitoring: true 9 | multiCluster: false 10 | podCreationTimeout: 300 11 | preemptionEnabled: false 12 | quotaRestURL: 'null' 13 | -------------------------------------------------------------------------------- /codeflare-stack/base/params.env: -------------------------------------------------------------------------------- 1 | namespace=opendatahub 2 | -------------------------------------------------------------------------------- /codeflare-stack/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: subjects[]/namespace 3 | kind: ClusterRoleBinding 4 | -------------------------------------------------------------------------------- /codeflare-stack/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - mcad-controller-ray-clusterrolebinding.yaml 6 | - mcad-controller-ray-clusterrole.yaml 7 | -------------------------------------------------------------------------------- /codeflare-stack/rbac/mcad-controller-ray-clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: mcad-controller-ray-clusterrole 5 | rules: 6 | - apiGroups: 7 | - ray.io 8 | resources: 9 | - rayclusters 10 | - rayclusters/finalizers 11 | - rayclusters/status 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | - create 17 | - update 18 | - patch 19 | - delete 20 | -------------------------------------------------------------------------------- /codeflare-stack/rbac/mcad-controller-ray-clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: mcad-controller-ray-clusterrolebinding 5 | subjects: 6 | - kind: ServiceAccount 7 | name: mcad-controller-mcad 8 | namespace: $(namespace) 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: mcad-controller-ray-clusterrole 13 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - accorvin 3 | - anishasthana 4 | - DharmitD 5 | - gmfrasca 6 | - gregsheremeta 7 | - harshad16 8 | - HumairAK 9 | - rimolive 10 | reviewers: 11 | - amadhusu 12 | - DharmitD 13 | - gmfrasca 14 | - gregsheremeta 15 | - harshad16 16 | - HumairAK 17 | - rimolive 18 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: data 3 | kind: ConfigMap 4 | - path: spec/template/spec/containers/env/value 5 | kind: Deployment 6 | - path: spec/template/spec/containers/image 7 | kind: Deployment 8 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/configmaps/files/config.yaml: -------------------------------------------------------------------------------- 1 | Images: 2 | ApiServer: $(IMAGES_APISERVER) 3 | Artifact: $(IMAGES_ARTIFACT) 4 | OAuthProxy: $(IMAGES_OAUTHPROXY) 5 | PersistentAgent: $(IMAGES_PERSISTENTAGENT) 6 | ScheduledWorkflow: $(IMAGES_SCHEDULEDWORKFLOW) 7 | Cache: $(IMAGES_CACHE) 8 | MoveResultsImage: $(IMAGES_MOVERESULTSIMAGE) 9 | MariaDB: $(IMAGES_MARIADB) 10 | MlmdEnvoy: $(IMAGES_MLMDENVOY) 11 | MlmdGRPC: $(IMAGES_MLMDGRPC) 12 | MlmdWriter: $(IMAGES_MLMDWRITER) 13 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/configmaps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | configMapGenerator: 4 | - name: dspo-config 5 | files: 6 | - files/config.yaml 7 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/datasciencepipelinesapplications.opendatahub.io_datasciencepipelinesapplications.yaml 3 | # +kubebuilder:scaffold:crdkustomizeresource 4 | - bases/scheduledworkflows.yaml 5 | 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | - manager-service.yaml 4 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/manager/manager-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: service 5 | labels: 6 | app.kubernetes.io/name: data-science-pipelines-operator 7 | spec: 8 | ports: 9 | - name: metrics 10 | port: 8080 11 | selector: 12 | app.kubernetes.io/name: data-science-pipelines-operator 13 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/data-science-pipelines-operator.clusterserviceversion.yaml 3 | - ../default 4 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: service-monitor 5 | namespace: data-science-pipelines-operator 6 | spec: 7 | endpoints: 8 | - path: /metrics 9 | port: metrics 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: data-science-pipelines-operator 13 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/aggregate_dspa_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | rbac.authorization.k8s.io/aggregate-to-admin: "true" 6 | rbac.authorization.k8s.io/aggregate-to-edit: "true" 7 | name: aggregate-dspa-admin-edit 8 | rules: 9 | - apiGroups: 10 | - datasciencepipelinesapplications.opendatahub.io 11 | resources: 12 | - datasciencepipelinesapplications 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service_account.yaml 3 | - role.yaml 4 | - role_binding.yaml 5 | - leader_election_role.yaml 6 | - leader_election_role_binding.yaml 7 | - aggregate_dspa_role.yaml 8 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: data-science-pipelines-operator 7 | name: leader-election-role 8 | rules: 9 | - apiGroups: 10 | - "" 11 | resources: 12 | - configmaps 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - coordination.k8s.io 23 | resources: 24 | - leases 25 | verbs: 26 | - get 27 | - list 28 | - watch 29 | - create 30 | - update 31 | - patch 32 | - delete 33 | - apiGroups: 34 | - "" 35 | resources: 36 | - events 37 | verbs: 38 | - create 39 | - patch 40 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: data-science-pipelines-operator 6 | name: leader-election-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: Role 10 | name: leader-election-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: controller-manager 14 | namespace: datasciencepipelinesapplications-controller 15 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: data-science-pipelines-operator 6 | name: manager-rolebinding 7 | roleRef: 8 | apiGroup: rbac.authorization.k8s.io 9 | kind: ClusterRole 10 | name: manager-role 11 | subjects: 12 | - kind: ServiceAccount 13 | name: controller-manager 14 | namespace: datasciencepipelinesapplications-controller 15 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: data-science-pipelines-operator 6 | name: controller-manager 7 | namespace: datasciencepipelinesapplications-controller 8 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/custom-configs/artifact_script.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | somekey: |- 4 | #!/usr/bin/env sh 5 | push_artifact() { 6 | if [ -f "$2" ]; then 7 | tar -cvzf $1.tgz $2 8 | aws s3 --endpoint ${ARTIFACT_ENDPOINT} cp $1.tgz s3://$ARTIFACT_BUCKET/artifacts/$PIPELINERUN/$PIPELINETASK/$1.tgz 9 | else 10 | echo "$2 file does not exist. Skip artifact tracking for $1" 11 | fi 12 | } 13 | push_log() { 14 | cat /var/log/containers/$PODNAME*$NAMESPACE*step-main*.log > step-main.log 15 | push_artifact main-log step-main.log 16 | } 17 | strip_eof() { 18 | if [ -f "$2" ]; then 19 | awk 'NF' $2 | head -c -1 > $1_temp_save && cp $1_temp_save $2 20 | fi 21 | } 22 | kind: ConfigMap 23 | metadata: 24 | name: custom-artifact-script 25 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/custom-configs/db-creds.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: 4 | name: testdbsecret 5 | labels: 6 | app: mariadb-sample 7 | component: data-science-pipelines 8 | stringData: 9 | password: testingpassword 10 | type: Opaque 11 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/custom-configs/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - dspa.yaml 5 | - db-creds.yaml 6 | - artifact_script.yaml 7 | - storage-creds.yaml 8 | - ui-configmap.yaml 9 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/custom-configs/storage-creds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: teststoragesecret 5 | labels: 6 | opendatahub.io/dashboard: 'true' 7 | opendatahub.io/managed: 'true' 8 | annotations: 9 | opendatahub.io/connection-type: s3 10 | openshift.io/display-name: Minio Data Connection 11 | data: 12 | AWS_ACCESS_KEY_ID: QUtJQUlPU0ZPRE5ON0VYQU1QTEU= 13 | AWS_SECRET_ACCESS_KEY: d0phbHJYVXRuRkVNSS9LN01ERU5HL2JQeFJmaUNZRVhBTVBMRUtFWQ== 14 | type: Opaque 15 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/custom-configs/ui-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | viewer-pod-template.json: |- 4 | { 5 | "spec": { 6 | "serviceAccountName": "ds-pipelines-viewer-sample" 7 | } 8 | } 9 | kind: ConfigMap 10 | metadata: 11 | name: custom-ui-configmap 12 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/dspa_simple.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 2 | kind: DataSciencePipelinesApplication 3 | metadata: 4 | name: sample 5 | spec: 6 | # One of minio or externalStorage must be specified for objectStorage 7 | # This example illustrates minimal deployment with minio 8 | # This is NOT supported and should be used for dev testing/experimentation only. 9 | # See dspa_simple_external_storage.yaml for an example with external connection. 10 | objectStorage: 11 | minio: 12 | # Image field is required 13 | image: 'quay.io/opendatahub/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance' 14 | # Optional 15 | mlpipelineUI: 16 | # Image field is required 17 | image: 'quay.io/opendatahub/odh-ml-pipelines-frontend-container:beta-ui' 18 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/dspa_simple_external_storage.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 2 | kind: DataSciencePipelinesApplication 3 | metadata: 4 | name: sample 5 | namespace: data-science-project 6 | spec: 7 | objectStorage: 8 | # Configure your external object storage via `externalStorage` field 9 | externalStorage: 10 | host: minio.com 11 | port: "9092" 12 | bucket: mlpipeline 13 | scheme: https 14 | s3CredentialsSecret: 15 | secretName: somesecret-db-sample 16 | accessKey: somekey 17 | secretKey: somekey 18 | # Optional 19 | mlpipelineUI: 20 | # Image field is required 21 | image: 'quay.io/opendatahub/odh-ml-pipelines-frontend-container:beta-ui' 22 | -------------------------------------------------------------------------------- /data-science-pipelines-operator/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - dspa_simple.yaml 3 | -------------------------------------------------------------------------------- /docs/adr/README.md: -------------------------------------------------------------------------------- 1 | ## Architectural Decisions 2 | 3 | We keep track of architectural decisions using a lightweigh architectural decision records. More information on the 4 | used format is available at https://adr.github.io/madr/. General information about architectural decision records 5 | is available at https://adr.github.io/ . 6 | 7 | ### Architectural Decisions 8 | 9 | * [ADR-0000](0000-odh-release-policy.md) - The Open Data Hub Release Policy -------------------------------------------------------------------------------- /grafana/cluster/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | 5 | namespace: openshift-operators 6 | 7 | commonLabels: 8 | app.kubernetes.io/part-of: grafana 9 | 10 | resources: 11 | - subscription.yaml 12 | -------------------------------------------------------------------------------- /grafana/cluster/base/subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: grafana-operator 5 | namespace: opendatahub 6 | spec: 7 | channel: v4 8 | installPlanApproval: Automatic 9 | name: grafana-operator 10 | source: community-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /grafana/grafana/base/argo-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - argo-dashboard.yaml 6 | -------------------------------------------------------------------------------- /grafana/grafana/base/datasource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: GrafanaDataSource 3 | metadata: 4 | name: odh-datasources 5 | spec: 6 | name: odh-prometheus.yaml 7 | datasources: 8 | - name: opendatahub 9 | type: prometheus 10 | access: proxy 11 | url: http://prometheus-operated:9090 12 | isDefault: true 13 | version: 1 14 | editable: true 15 | jsonData: 16 | tlsSkipVerify: true 17 | timeInterval: "5s" 18 | -------------------------------------------------------------------------------- /grafana/grafana/base/grafana.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: integreatly.org/v1alpha1 2 | kind: Grafana 3 | metadata: 4 | name: odh-grafana 5 | spec: 6 | ingress: 7 | enabled: True 8 | client: 9 | preferService: true 10 | config: 11 | log: 12 | mode: "console" 13 | level: "warn" 14 | security: 15 | admin_user: "root" 16 | admin_password: "secret" 17 | auth: 18 | disable_login_form: False 19 | disable_signout_menu: True 20 | auth.basic: 21 | enabled: True 22 | auth.anonymous: 23 | enabled: True 24 | dashboardLabelSelector: 25 | - matchExpressions: 26 | - {key: app, operator: In, values: [grafana]} 27 | -------------------------------------------------------------------------------- /grafana/grafana/base/kafka-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - kafka-dashboard.yaml 6 | -------------------------------------------------------------------------------- /grafana/grafana/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: openshift-operators 5 | 6 | commonLabels: 7 | opendatahub.io/component: "true" 8 | component.opendatahub.io/name: grafana 9 | app.kubernetes.io/part-of: grafana 10 | 11 | bases: 12 | - ./argo-dashboards/ 13 | - ./kafka-dashboards/ 14 | - ./odh-notebook-controller-dashboards/ 15 | 16 | resources: 17 | - datasource.yaml 18 | - grafana.yaml 19 | -------------------------------------------------------------------------------- /grafana/grafana/base/odh-notebook-controller-dashboards/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - odh-notebook-controller-dashboard.yaml 6 | -------------------------------------------------------------------------------- /kfdef/codeflare-stack-kfdef.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kfdef.apps.kubeflow.org/v1 2 | kind: KfDef 3 | metadata: 4 | name: codeflare-stack 5 | namespace: opendatahub 6 | spec: 7 | applications: 8 | # CodeFlare 9 | - kustomizeConfig: 10 | repoRef: 11 | name: manifests 12 | path: codeflare-stack 13 | name: codeflare-stack 14 | # KubeRay 15 | - kustomizeConfig: 16 | repoRef: 17 | name: manifests 18 | path: ray/operator 19 | name: ray-operator 20 | repos: 21 | # ODH Core component manifests 22 | - name: manifests 23 | uri: https://github.com/opendatahub-io/odh-manifests/tarball/master 24 | -------------------------------------------------------------------------------- /kfdef/ray-minimal-kfdef.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kfdef.apps.kubeflow.org/v1 2 | kind: KfDef 3 | metadata: 4 | name: ray-minimal 5 | namespace: opendatahub 6 | spec: 7 | applications: 8 | - kustomizeConfig: 9 | repoRef: 10 | name: manifests 11 | path: odh-common 12 | name: odh-common 13 | - kustomizeConfig: 14 | repoRef: 15 | name: manifests 16 | path: odh-dashboard 17 | name: odh-dashboard 18 | - kustomizeConfig: 19 | overlays: 20 | - additional 21 | repoRef: 22 | name: manifests 23 | path: jupyterhub/notebook-images 24 | name: notebook-images 25 | - kustomizeConfig: 26 | repoRef: 27 | name: manifests 28 | path: odh-notebook-controller 29 | name: odh-notebook-controller 30 | # Ray.io 31 | - kustomizeConfig: 32 | repoRef: 33 | name: manifests 34 | path: ray/operator 35 | name: ray-operator 36 | repos: 37 | # ODH Core component manifests 38 | - name: manifests 39 | uri: https://github.com/opendatahub-io/odh-manifests/tarball/master 40 | -------------------------------------------------------------------------------- /kserve/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - anishasthana 3 | - danielezonca 4 | - heyselbi 5 | - israel-hdez 6 | - Jooho 7 | - VedantMahabaleshwarkar 8 | - Xaenalt 9 | 10 | reviewers: 11 | - anishasthana 12 | - danielezonca 13 | - heyselbi 14 | - israel-hdez 15 | - Jooho 16 | - VedantMahabaleshwarkar 17 | - Xaenalt 18 | -------------------------------------------------------------------------------- /kserve/base/kserve-controller-manager-patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: kserve-controller-manager 5 | namespace: kserve 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | # Change the value of image field below to your controller image URL 11 | - image: $(kserve-controller) 12 | name: manager 13 | env: 14 | - name: POD_NAMESPACE 15 | valueFrom: 16 | fieldRef: 17 | fieldPath: metadata.namespace 18 | - name: SECRET_NAME 19 | value: kserve-webhook-server-cert 20 | -------------------------------------------------------------------------------- /kserve/base/params.env: -------------------------------------------------------------------------------- 1 | kserve-controller=quay.io/opendatahub/kserve-controller:v0.11.0 2 | kserve-agent=quay.io/opendatahub/kserve-agent:v0.11.0 3 | kserve-router=quay.io/opendatahub/kserve-router:v0.11.0 4 | kserve-storage-initializer=quay.io/opendatahub/kserve-storage-initializer:v0.11.0 5 | -------------------------------------------------------------------------------- /kserve/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: spec/template/spec/containers/image 3 | kind: Deployment 4 | - path: data 5 | kind: ConfigMap 6 | -------------------------------------------------------------------------------- /kserve/hack/build-kserve-manifests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script is used to fetch KServe manifests from github.com/opendatahub-io/kserve 4 | # and bundles them into one big assembled `kserve-built-yaml` file. 5 | # To update the version, update `hack/kustomization.yaml` and re-run the script with: 6 | # 7 | # $ hack/build-kserve-manifests.sh 8 | 9 | set -Eeuo pipefail 10 | 11 | echo "Building KServe manifests" 12 | script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 13 | output_dir="$script_dir/../kserve-built" 14 | 15 | command -v kustomize >/dev/null 2>&1 || echo >&2 "kustomize is not installed. Please install kustomize in order to proceed" 16 | 17 | kustomize build "$script_dir" > "$output_dir"/kserve-built.yaml 18 | 19 | echo "KServe manifests fetched from upstream and assembled into $output_dir/kserve-built.yaml" 20 | -------------------------------------------------------------------------------- /kserve/hack/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - github.com/opendatahub-io/kserve/config/overlays/odh?ref=release-v0.11 6 | -------------------------------------------------------------------------------- /kserve/kserve-built/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - ./kserve-built.yaml 6 | -------------------------------------------------------------------------------- /model-mesh/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - anishasthana 3 | - danielezonca 4 | - heyselbi 5 | - israel-hdez 6 | - Jooho 7 | - vaibhavjainwiz 8 | - VedantMahabaleshwarkar 9 | - Xaenalt 10 | 11 | reviewers: 12 | - anishasthana 13 | - danielezonca 14 | - heyselbi 15 | - israel-hdez 16 | - Jooho 17 | - vaibhavjainwiz 18 | - VedantMahabaleshwarkar 19 | - Xaenalt 20 | -------------------------------------------------------------------------------- /model-mesh/base/params.env: -------------------------------------------------------------------------------- 1 | monitoring-namespace=opendatahub 2 | odh-mm-rest-proxy=quay.io/opendatahub/rest-proxy:v0.11.0 3 | odh-modelmesh-runtime-adapter=quay.io/opendatahub/modelmesh-runtime-adapter:v0.11.0 4 | odh-modelmesh=quay.io/opendatahub/modelmesh:v0.11.0 5 | odh-openvino=quay.io/opendatahub/openvino_model_server:2022.3-release 6 | odh-modelmesh-controller=quay.io/opendatahub/modelmesh-controller:v0.11.0 7 | odh-model-controller=quay.io/opendatahub/odh-model-controller:v0.11.0 8 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../default 5 | - ../prometheus 6 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../rbac 3 | - ../manager 4 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: odh-model-controller 12 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - files: 9 | - controller_manager_config.yaml 10 | name: manager-config 11 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/overlays/odh/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | 6 | patchesStrategicMerge: 7 | - odh_model_controller_manager_patch.yaml 8 | 9 | configurations: 10 | - params.yaml 11 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: odh-model-controller 5 | spec: 6 | replicas: 3 7 | template: 8 | spec: 9 | containers: 10 | - args: 11 | - --leader-elect 12 | - "--monitoring-namespace" 13 | - "$(MONITORING_NS)" 14 | #This is hardcoded to be false in the overlay to model-mesh. 15 | # Once Kserve and Modelmesh CRD conflict is resolved and both components can be installed together, 16 | # ODH Model Controller will not be deployed as a overlay anymore and will be deployed only as an independent component. 17 | # When that happens, the "kserve-enabled" flag needs to be removed 18 | - --kserve-enabled=false 19 | image: $(odh-model-controller) 20 | env: 21 | - name: MONITORING_NS 22 | value: $(monitoring-namespace) 23 | name: manager 24 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/overlays/odh/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: metadata/name 3 | kind: ClusterRoleBinding 4 | apiGroup: authorization.openshift.io 5 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | # Prometheus Monitor Service (Metrics) 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | labels: 6 | control-plane: odh-model-controller 7 | name: odh-model-controller-metrics-monitor 8 | spec: 9 | endpoints: 10 | - path: /metrics 11 | port: https 12 | scheme: https 13 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | tlsConfig: 15 | insecureSkipVerify: false 16 | selector: 17 | matchLabels: 18 | control-plane: odh-model-controller 19 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: odh-model-controller 6 | name: odh-model-controller-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: metrics 11 | port: 8080 12 | protocol: TCP 13 | targetPort: 8080 14 | selector: 15 | control-plane: odh-model-controller 16 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/kserve_prometheus_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: kserve-prometheus-k8s 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - services 10 | - endpoints 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: odh-model-controller-rolebinding-$(mesh-namespace) 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: odh-model-controller-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /model-mesh/odh-model-controller/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: odh-model-controller 5 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../default 6 | - ../prometheus 7 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | resources: 15 | - certificate.yaml 16 | 17 | configurations: 18 | - kustomizeconfig.yaml 19 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # This configuration is for teaching kustomize how to update name ref and var substitution 15 | nameReference: 16 | - kind: Issuer 17 | group: cert-manager.io 18 | fieldSpecs: 19 | - kind: Certificate 20 | group: cert-manager.io 21 | path: spec/issuerRef/name 22 | 23 | varReference: 24 | - kind: Certificate 25 | group: cert-manager.io 26 | path: spec/commonName 27 | - kind: Certificate 28 | group: cert-manager.io 29 | path: spec/dnsNames 30 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_predictors.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # The following patch adds a directive for certmanager to inject CA into the CRD 15 | # CRD conversion requires k8s 1.16 or later. 16 | apiVersion: apiextensions.k8s.io/v1 17 | kind: CustomResourceDefinition 18 | metadata: 19 | annotations: 20 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 21 | name: predictors.serving.kserve.io 22 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_servingruntimes.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # The following patch adds a directive for certmanager to inject CA into the CRD 15 | # CRD conversion requires k8s 1.16 or later. 16 | apiVersion: apiextensions.k8s.io/v1 17 | kind: CustomResourceDefinition 18 | metadata: 19 | annotations: 20 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 21 | name: servingruntimes.serving.kserve.io 22 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | configMapGenerator: 16 | - files: 17 | - config-defaults.yaml 18 | name: model-serving-config-defaults 19 | 20 | generatorOptions: 21 | disableNameSuffixHash: true 22 | 23 | transformers: 24 | - metadataLabelTransformer.yaml 25 | apiVersion: kustomize.config.k8s.io/v1beta1 26 | kind: Kustomization 27 | resources: 28 | - ../crd 29 | - ../manager 30 | - ../webhook 31 | 32 | patches: 33 | - path: manager_webhook_patch.yaml 34 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/default/metadataLabelTransformer.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: builtin 15 | kind: LabelTransformer 16 | metadata: 17 | name: notImportantHere 18 | labels: 19 | app.kubernetes.io/instance: modelmesh-controller 20 | app.kubernetes.io/managed-by: modelmesh-controller 21 | app.kubernetes.io/name: modelmesh-controller 22 | fieldSpecs: 23 | - path: metadata/labels 24 | create: true 25 | - path: spec/template/metadata/labels 26 | kind: Deployment 27 | create: true 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # This patch add annotation to admission webhook config and 15 | # the string CERTIFICATE_NAMESPACE_PLACEHOLDER and CERTIFICATE_NAME_PLACEHOLDER will be replaced by kustomize. 16 | apiVersion: admissionregistration.k8s.io/v1 17 | kind: ValidatingWebhookConfiguration 18 | metadata: 19 | name: modelmesh-servingruntime.serving.kserve.io 20 | annotations: 21 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE_PLACEHOLDER)/$(CERTIFICATE_NAME_PLACEHOLDER) 22 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/dependencies/minio-storage-secret.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: Secret 16 | metadata: 17 | name: storage-config 18 | stringData: 19 | localMinIO: | 20 | { 21 | "type": "s3", 22 | "access_key_id": "AKIAIOSFODNN7EXAMPLE", 23 | "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", 24 | "endpoint_url": "http://minio.controller_namespace:9000", 25 | "default_bucket": "modelmesh-example-models", 26 | "region": "us-south" 27 | } 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner-subs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: nfs-provisioner-operator 5 | namespace: openshift-operators 6 | spec: 7 | channel: alpha 8 | installPlanApproval: Automatic 9 | name: nfs-provisioner-operator 10 | source: community-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cache.jhouse.com/v1alpha1 2 | kind: NFSProvisioner 3 | metadata: 4 | name: nfsprovisioner-sample 5 | spec: 6 | storageSize: "40G" 7 | scForNFSPvc: %default-sc-name% 8 | scForNFS: nfs 9 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-keras-mnist-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-keras-mnist 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: keras 25 | storage: 26 | key: localMinIO 27 | path: keras/mnist.h5 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-lightgbm-mushroom-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-lightgbm-mushroom 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: lightgbm 25 | storage: 26 | key: localMinIO 27 | path: lightgbm/mushroom.bst 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-sklearn-mnist-svm 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: sklearn 25 | storage: 26 | key: localMinIO 27 | path: sklearn/mnist-svm.joblib 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-onnx-mnist-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-onnx-mnist 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: onnx 25 | storage: 26 | key: localMinIO 27 | path: onnx/mnist.onnx 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-pytorch-cifar-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-pytorch-cifar 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: pytorch 25 | storage: 26 | key: localMinIO 27 | path: pytorch/cifar 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-tensorflow-mnist-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-tensorflow-mnist 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: tensorflow 25 | storage: 26 | key: localMinIO 27 | path: tensorflow/mnist.savedmodel 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-isvcs/example-xgboost-mushroom-isvc.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-xgboost-mushroom 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: xgboost 25 | storage: 26 | key: localMinIO 27 | path: xgboost/mushroom.json 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-keras-mnist-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-keras-mnist 18 | spec: 19 | modelType: 20 | name: keras 21 | path: keras/mnist.h5 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-lightgbm-mushroom-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-lightgbm-mushroom 18 | spec: 19 | modelType: 20 | name: lightgbm 21 | path: lightgbm/mushroom.bst 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-sklearn-mnist-svm 18 | spec: 19 | modelType: 20 | name: sklearn 21 | path: sklearn/mnist-svm.joblib 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-onnx-mnist-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-onnx-mnist 18 | spec: 19 | modelType: 20 | name: onnx 21 | path: onnx/mnist.onnx 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-pytorch-cifar-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-pytorch-cifar 18 | spec: 19 | modelType: 20 | name: pytorch 21 | path: pytorch/cifar 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-tensorflow-mnist-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-tensorflow-mnist 18 | spec: 19 | modelType: 20 | name: tensorflow 21 | path: tensorflow/mnist.savedmodel 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/example-predictors/example-xgboost-mushroom-predictor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: example-xgboost-mushroom 18 | spec: 19 | modelType: 20 | name: xgboost 21 | path: xgboost/mushroom.json 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | resources: 15 | - manager.yaml 16 | 17 | images: 18 | - name: modelmesh-controller 19 | newName: kserve/modelmesh-controller 20 | ## NOTE THIS SHOULD BE REPLACED WITH LATEST CONTROLLER IMAGE TAG 21 | newTag: v0.11.0 22 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/namespace-runtimes/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../runtimes 5 | patches: 6 | - target: 7 | group: serving.kserve.io 8 | version: v1alpha1 9 | kind: ClusterServingRuntime 10 | name: ".*" 11 | patch: |- 12 | - op: replace 13 | path: /kind 14 | value: ServingRuntime 15 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../base 6 | - ./scripts/ 7 | - ./quickstart.yaml 8 | - ./rbac/ 9 | - ./manager 10 | 11 | commonLabels: 12 | app: model-mesh 13 | app.kubernetes.io/part-of: model-mesh 14 | 15 | configurations: 16 | - params.yaml 17 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ./service.yaml 6 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/manager/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: modelmesh-controller 6 | name: modelmesh-controller 7 | spec: 8 | ports: 9 | - protocol: TCP 10 | port: 8080 11 | targetPort: 8080 12 | type: ClusterIP 13 | selector: 14 | control-plane: modelmesh-controller 15 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: metadata/namespace 3 | kind: ServiceAccount 4 | apiVersion: v1 5 | - path: metadata/name 6 | kind: ClusterRoleBinding 7 | apiGroup: rbac.authorization.k8s.io 8 | - path: subjects/namespace 9 | kind: RoleBinding 10 | apiGroup: rbac.authorization.k8s.io 11 | - path: spec/template/spec/containers[]/image 12 | kind: Deployment 13 | apiVersion: apps/v1 14 | - path: data 15 | kind: ConfigMap 16 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../../rbac/cluster-scope 6 | - ./networkpolicy_etcd.yaml 7 | - ./role_apps_metrics_access.yaml 8 | - ./user_cluster_roles.yaml 9 | 10 | patchesStrategicMerge: 11 | - remove_networkpolicy_rumtime_patch.yaml 12 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/rbac/remove_networkpolicy_rumtime_patch.yaml: -------------------------------------------------------------------------------- 1 | $patch: delete 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: modelmesh-runtimes 6 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/rbac/role_apps_metrics_access.yaml: -------------------------------------------------------------------------------- 1 | # Deploying a RoleBinding in a given Namespace 2 | # that gives the Prometheus SA the following role 3 | # will allow that Prometheus to scrape Services 4 | # in that RoleBinding's Namespace 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | name: prometheus-ns-access 9 | rules: 10 | - apiGroups: 11 | - "" 12 | resources: 13 | - services 14 | - endpoints 15 | - pods 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - apiGroups: 21 | - extensions 22 | resources: 23 | - ingresses 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - networking.k8s.io 30 | resources: 31 | - ingresses 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | - apiGroups: 37 | - "" 38 | resources: 39 | - configmaps 40 | verbs: 41 | - get 42 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/scripts/enable_auth.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e -o pipefail 4 | export ETCDCTL_API=3 5 | 6 | function etcd::availability() { 7 | local cmd=$1 # Command whose output we require 8 | local interval=$2 # How many seconds to sleep between tries 9 | local iterations=$3 # How many times we attempt to run the command 10 | 11 | ii=0 12 | 13 | while [ $ii -le $iterations ] 14 | do 15 | 16 | token=$($cmd) && returncode=$? || returncode=$? 17 | if [ $returncode -eq 0 ]; then 18 | break 19 | fi 20 | 21 | ((ii=ii+1)) 22 | if [ $ii -eq 100 ]; then 23 | echo $cmd "did not return a value" 24 | exit 1 25 | fi 26 | sleep $interval 27 | done 28 | echo $token 29 | } 30 | 31 | cmd='etcdctl --endpoints=http://0.0.0.0:2379 endpoint health' 32 | 33 | etcd::availability "${cmd}" 6 10 34 | 35 | PASSWORD="${1:-password}" 36 | 37 | echo $PASSWORD | etcdctl --endpoints=http://0.0.0.0:2379 user add root --interactive=false 38 | etcdctl --endpoints=http://0.0.0.0:2379 auth enable 39 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/overlays/odh/scripts/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | generatorOptions: 4 | disableNameSuffixHash: true 5 | configMapGenerator: 6 | - name: etcd-scripts 7 | files: 8 | - enable_auth.sh 9 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | resources: 15 | - monitor.yaml 16 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # Prometheus Monitor Service (Metrics) 15 | apiVersion: monitoring.coreos.com/v1 16 | kind: ServiceMonitor 17 | metadata: 18 | labels: 19 | control-plane: controller-manager 20 | name: controller-manager-metrics-monitor 21 | spec: 22 | endpoints: 23 | - path: /metrics 24 | port: https 25 | selector: 26 | matchLabels: 27 | control-plane: controller-manager 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/prometheus/servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | modelmesh-service: modelmesh-serving 6 | name: modelmesh-service-monitor 7 | namespace: monitoring 8 | spec: 9 | endpoints: 10 | - path: /metrics 11 | port: "prometheus" 12 | scheme: "https" 13 | tlsConfig: 14 | insecureSkipVerify: true 15 | selector: 16 | matchLabels: 17 | modelmesh-service: modelmesh-serving 18 | namespaceSelector: 19 | matchNames: 20 | - modelmesh-serving 21 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/cluster-scope/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | resources: 15 | - ../common 16 | - role.yaml 17 | - role_binding.yaml 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: modelmesh-controller-rolebinding-$(mesh-namespace) 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: modelmesh-controller-role 22 | subjects: 23 | - kind: ServiceAccount 24 | name: modelmesh-controller 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRole 16 | metadata: 17 | name: metrics-reader 18 | rules: 19 | - nonResourceURLs: ["/metrics"] 20 | verbs: ["get"] 21 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRole 16 | metadata: 17 | name: proxy-role 18 | rules: 19 | - apiGroups: ["authentication.k8s.io"] 20 | resources: 21 | - tokenreviews 22 | verbs: ["create"] 23 | - apiGroups: ["authorization.k8s.io"] 24 | resources: 25 | - subjectaccessreviews 26 | verbs: ["create"] 27 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: ClusterRoleBinding 16 | metadata: 17 | name: proxy-rolebinding 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: ClusterRole 21 | name: proxy-role 22 | subjects: 23 | - kind: ServiceAccount 24 | name: default 25 | namespace: system 26 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | labels: 18 | control-plane: controller-manager 19 | name: controller-manager-metrics-service 20 | namespace: system 21 | spec: 22 | ports: 23 | - name: https 24 | port: 8443 25 | targetPort: https 26 | selector: 27 | control-plane: controller-manager 28 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/inferenceservice_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # permissions for end users to view inferenceservices. 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: inferenceservice-viewer-role 19 | rules: 20 | - apiGroups: 21 | - serving.kserve.io 22 | resources: 23 | - inferenceservices 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - serving.kserve.io 30 | resources: 31 | - inferenceservices/status 32 | verbs: 33 | - get 34 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: modelmesh-controller-leader-election-rolebinding 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: Role 21 | name: modelmesh-controller-leader-election-role 22 | subjects: 23 | - kind: ServiceAccount 24 | name: modelmesh-controller 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-service-account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: modelmesh 18 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-serving-service-account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: modelmesh-serving-sa 18 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-controller.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: networking.k8s.io/v1 15 | kind: NetworkPolicy 16 | metadata: 17 | name: modelmesh-controller 18 | spec: 19 | podSelector: 20 | matchLabels: 21 | app.kubernetes.io/managed-by: modelmesh-controller 22 | control-plane: modelmesh-controller 23 | ingress: 24 | # exposed for metrics 25 | - ports: 26 | - port: 8443 27 | protocol: TCP 28 | policyTypes: 29 | - Ingress 30 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-webhook.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: networking.k8s.io/v1 15 | kind: NetworkPolicy 16 | metadata: 17 | name: modelmesh-webhook 18 | spec: 19 | podSelector: 20 | matchLabels: 21 | app.kubernetes.io/managed-by: modelmesh-controller 22 | control-plane: modelmesh-controller 23 | ingress: 24 | # exposed for webhook 25 | - ports: 26 | - port: 9443 27 | protocol: TCP 28 | policyTypes: 29 | - Ingress 30 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/predictor_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # permissions for end users to view predictors. 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: predictor-viewer-role 19 | rules: 20 | - apiGroups: 21 | - serving.kserve.io 22 | resources: 23 | - predictors 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - serving.kserve.io 30 | resources: 31 | - predictors/status 32 | verbs: 33 | - get 34 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: Role 16 | metadata: 17 | name: modelmesh-controller-restricted-scc-role 18 | rules: 19 | - apiGroups: 20 | - security.openshift.io 21 | resources: 22 | - securitycontextconstraints 23 | resourceNames: 24 | - restricted 25 | verbs: 26 | - use 27 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: modelmesh-controller-restricted-scc-rolebinding 18 | subjects: 19 | - kind: ServiceAccount 20 | name: modelmesh-controller 21 | roleRef: 22 | kind: Role 23 | name: modelmesh-controller-restricted-scc-role 24 | apiGroup: rbac.authorization.k8s.io 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/service-account.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: ServiceAccount 16 | metadata: 17 | name: modelmesh-controller 18 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/common/servingruntime_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | # permissions for end users to view servingruntimes. 15 | apiVersion: rbac.authorization.k8s.io/v1 16 | kind: Role 17 | metadata: 18 | name: servingruntime-viewer-role 19 | rules: 20 | - apiGroups: 21 | - serving.kserve.io 22 | resources: 23 | - servingruntimes 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - serving.kserve.io 30 | resources: 31 | - servingruntimes/status 32 | verbs: 33 | - get 34 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/namespace-scope/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | resources: 15 | - ../common 16 | - role.yaml 17 | - role_binding.yaml 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role_binding.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: rbac.authorization.k8s.io/v1 15 | kind: RoleBinding 16 | metadata: 17 | name: modelmesh-controller-rolebinding 18 | roleRef: 19 | apiGroup: rbac.authorization.k8s.io 20 | kind: Role 21 | name: modelmesh-controller-role 22 | subjects: 23 | - kind: ServiceAccount 24 | name: modelmesh-controller 25 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | ## Append samples you want in your CSV to this file as resources ## 15 | resources: 16 | - predictor_custom_complete.yaml 17 | - predictor_mlserver.yaml 18 | # +kubebuilder:scaffold:manifestskustomizesamples 19 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/predictor_custom_complete.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: custom-predictor-1 18 | spec: 19 | modelType: 20 | name: sentiment 21 | version: "1" 22 | path: sentiment_models/french 23 | storage: 24 | persistentVolumeClaim: 25 | claimName: models-pvc 26 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/predictor_mlserver.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: minimal-mlserver-predictor 18 | spec: 19 | modelType: 20 | name: mlserver 21 | path: mnt/models 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | bucket: triton-models # Change this to appropriately bucket name 26 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/predictor_tf_minimal.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1alpha1 15 | kind: Predictor 16 | metadata: 17 | name: minimal-tf-predictor 18 | spec: 19 | modelType: 20 | name: tensorflow 21 | path: tfmnist 22 | storage: 23 | s3: 24 | secretKey: localMinIO 25 | bucket: triton-models 26 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/serving_v1beta1_inferenceservice.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.kserve.io/v1beta1 2 | kind: InferenceService 3 | metadata: 4 | name: example-sklearn-isvc 5 | annotations: 6 | serving.kserve.io/deploymentMode: ModelMesh 7 | serving.kserve.io/secretKey: localMinIO 8 | spec: 9 | predictor: 10 | sklearn: 11 | storageUri: s3://modelmesh-example-models/sklearn/mnist-svm.joblib 12 | protocolVersion: grpc-v2 13 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/samples/servingruntime_pullerless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: serving.kserve.io/v1alpha1 2 | kind: ServingRuntime 3 | metadata: 4 | name: custom-runtime-pullerless 5 | spec: 6 | containers: 7 | - env: 8 | - name: MODEL_DIRECTORY_PATH 9 | value: /models 10 | - name: MODEL_SERVER_MEM_REQ_BYTES 11 | valueFrom: 12 | resourceFieldRef: 13 | containerName: modelserver 14 | resource: requests.memory 15 | image: seldonio/mlserver:1.3.2 16 | name: modelserver 17 | resources: 18 | requests: 19 | cpu: 500m 20 | memory: 1Gi 21 | limits: 22 | cpu: "5" 23 | memory: 1Gi 24 | multiModel: true 25 | grpcDataEndpoint: port:8001 26 | grpcEndpoint: port:8001 27 | 28 | # Disabled storage helper 29 | storageHelper: 30 | disabled: true 31 | 32 | supportedModelFormats: 33 | - name: ml-type1 34 | version: "1" 35 | autoSelect: true 36 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | --- 15 | resources: 16 | - manifests.yaml 17 | - service.yaml 18 | configurations: 19 | - kustomizeconfig.yaml 20 | commonAnnotations: 21 | service.beta.openshift.io/inject-cabundle: "true" 22 | -------------------------------------------------------------------------------- /model-mesh/odh-modelmesh-controller/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2021 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: v1 15 | kind: Service 16 | metadata: 17 | name: modelmesh-webhook-server-service 18 | annotations: 19 | service.beta.openshift.io/serving-cert-secret-name: modelmesh-webhook-server-cert 20 | spec: 21 | ports: 22 | - port: 9443 23 | protocol: TCP 24 | targetPort: webhook 25 | selector: 26 | control-plane: modelmesh-controller 27 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - prometheus 5 | - prometheus-operator 6 | - servicemonitors 7 | configMapGenerator: 8 | - name: model-monitoring-parameters 9 | envs: 10 | - params.env 11 | configurations: 12 | - params.yaml 13 | vars: 14 | - name: deployment-namespace 15 | objref: 16 | kind: ConfigMap 17 | name: model-monitoring-parameters 18 | apiVersion: v1 19 | fieldref: 20 | fieldpath: data.deployment-namespace 21 | - name: monitoring-namespace 22 | objref: 23 | kind: ConfigMap 24 | name: model-monitoring-parameters 25 | apiVersion: v1 26 | fieldref: 27 | fieldpath: data.monitoring-namespace -------------------------------------------------------------------------------- /modelmesh-monitoring/base/params.env: -------------------------------------------------------------------------------- 1 | deployment-namespace=opendatahub 2 | monitoring-namespace=opendatahub -------------------------------------------------------------------------------- /modelmesh-monitoring/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: spec/template/spec/containers[]/image 3 | kind: Deployment 4 | apiVersion: apps/v1 5 | - path: data 6 | kind: ConfigMap 7 | - path: spec/template/spec/containers[]/env/value 8 | kind: Deployment 9 | - path: subjects[]/namespace 10 | kind: ClusterRoleBinding -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus-operator/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - serviceaccount.yaml 5 | - rbac 6 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus-operator/rbac/clusterrolebinding_odh-prometheus-operator.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: odh-prometheus-operator 5 | roleRef: 6 | kind: ClusterRole 7 | name: odh-prometheus-operator 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | namespace: $(deployment-namespace) 12 | name: odh-prometheus-operator 13 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus-operator/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - clusterrolebinding_odh-prometheus-operator.yaml 5 | - clusterrole_odh-prometheus-operator.yaml 6 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus-operator/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | name: odh-prometheus-operator 5 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - odh-prometheus.yaml 5 | - secret.yaml 6 | - service.yaml 7 | - serviceaccount.yaml 8 | - rbac 9 | - route.yaml 10 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/rbac/clusterrole_odh-namespace-read.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: odh-namespace-read 5 | rules: 6 | - apiGroups: 7 | - '' 8 | resources: 9 | - namespaces 10 | verbs: 11 | - get 12 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/rbac/clusterrole_prometheus-k8s.yaml: -------------------------------------------------------------------------------- 1 | # Deploying a RoleBinding in a given Namespace 2 | # that gives the Prometheus SA the following role 3 | # will allow that Prometheus to scrape Services 4 | # in that RoleBinding's Namespace 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | name: prometheus-ns-access 9 | rules: 10 | - apiGroups: 11 | - '' 12 | resources: 13 | - services 14 | - endpoints 15 | - pods 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | - apiGroups: 21 | - extensions 22 | resources: 23 | - ingresses 24 | verbs: 25 | - get 26 | - list 27 | - watch 28 | - apiGroups: 29 | - networking.k8s.io 30 | resources: 31 | - ingresses 32 | verbs: 33 | - get 34 | - list 35 | - watch 36 | - apiGroups: 37 | - '' 38 | resources: 39 | - configmaps 40 | verbs: 41 | - get 42 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/rbac/clusterrole_prometheus_token_access.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: prometheus-token-access 5 | subjects: 6 | - kind: ServiceAccount 7 | name: prometheus-custom 8 | namespace: $(deployment-namespace) 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: 'system:auth-delegator' 13 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/rbac/clusterrolebinding_odh-model-monitoring.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: odh-namespace-read 5 | subjects: 6 | - kind: ServiceAccount 7 | name: prometheus-custom 8 | namespace: $(deployment-namespace) 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: odh-namespace-read 13 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - clusterrole_odh-namespace-read.yaml 5 | - clusterrolebinding_odh-model-monitoring.yaml 6 | - clusterrole_prometheus-k8s.yaml 7 | - clusterrole_prometheus_token_access.yaml 8 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/route.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: odh-model-monitoring 5 | labels: 6 | prometheus: odh-model-monitoring 7 | spec: 8 | to: 9 | kind: Service 10 | name: odh-model-monitoring 11 | port: 12 | targetPort: https 13 | tls: 14 | termination: reencrypt 15 | insecureEdgeTerminationPolicy: Redirect 16 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: odh-monitoring-oauth-config 6 | annotations: 7 | secret-generator.opendatahub.io/name: "cookie_secret" 8 | secret-generator.opendatahub.io/type: "oauth" 9 | secret-generator.opendatahub.io/complexity: "16" 10 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: odh-model-monitoring 5 | annotations: 6 | service.alpha.openshift.io/serving-cert-secret-name: serving-prometheus-proxy-tls 7 | labels: 8 | prometheus: odh-model-monitoring 9 | spec: 10 | ports: 11 | - name: https 12 | protocol: TCP 13 | port: 443 14 | targetPort: 8443 15 | selector: 16 | prometheus: odh-model-monitoring 17 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/prometheus/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | annotations: 5 | serviceaccounts.openshift.io/oauth-redirectreference.prometheus: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"odh-model-monitoring"}}' 6 | name: prometheus-custom 7 | namespace: $(deployment-namespace) 8 | -------------------------------------------------------------------------------- /modelmesh-monitoring/base/servicemonitors/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - modelmesh-federated-metrics.yaml 5 | -------------------------------------------------------------------------------- /must-gather/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM quay.io/openshift/origin-cli:latest 2 | 3 | # copy all collection scripts to /usr/bin 4 | COPY collection-scripts/* /usr/bin/ 5 | 6 | ENTRYPOINT /usr/bin/gather 7 | -------------------------------------------------------------------------------- /must-gather/Makefile: -------------------------------------------------------------------------------- 1 | GATHER_IMG ?= must-gather 2 | IMAGE_BUILDER ?= docker 3 | 4 | build-must-gather: 5 | ${IMAGE_BUILDER} build . -t ${GATHER_IMG} 6 | 7 | push-must-gather: 8 | ${IMAGE_BUILDER} push ${GATHER_IMG} 9 | 10 | build-and-push-must-gather: build-must-gather push-must-gather 11 | -------------------------------------------------------------------------------- /must-gather/README.md: -------------------------------------------------------------------------------- 1 | # must-gather for Open Data Hub 2 | 3 | The must-gather script allows a cluster admin to collect information about various key resources and namespaces 4 | for Open Data Hub. 5 | 6 | ## Data Collected 7 | 8 | The must-gather script currently collects data from all the namespaces that has - 9 | - `KfDef` instances 10 | - `Notebook` instances 11 | - `Inferenceservice` instances 12 | - `DataSciencePipelinesApplication` instances 13 | 14 | ## Usage 15 | 16 | ``` 17 | oc adm must-gather --image=quay.io/opendatahub/must-gather:latest 18 | ``` 19 | 20 | #### Supported Images: 21 | 22 | Open Data Hub supports any must-gather image in the form : 23 | ``` 24 | quay.io/opendatahub/must-gather: 25 | ``` 26 | - where `` corresponds to an ODH release. 27 | - `latest` tag corresponds to the latest ODH release 28 | 29 | ## Developer Guide 30 | 31 | To build custom image : 32 | 33 | ``` 34 | export GATHER_IMG= 35 | make build-and-push-must-gather 36 | 37 | ``` 38 | 39 | To collect data for custom repositories for Open Data Hub set the following variables: 40 | 41 | ``` 42 | export ODH_NAMESPACE= -------------------------------------------------------------------------------- /must-gather/collection-scripts/gather: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kfdefs=$(oc get kfdefs --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\n"}{end}') 4 | 5 | # Get logs from all KfDef namespaces 6 | for i in $kfdefs; 7 | do 8 | # Get pod logs for all the pods in KfDef namespaces 9 | oc adm inspect namespace/"$i" --dest-dir=must-gather || echo "Error getting logs from $i" 10 | 11 | done 12 | 13 | ## Get Operator pod logs 14 | mkdir must-gather/odh-operator || echo "Error creating odh-operator directory" 15 | oc logs deployment/opendatahub-operator -n openshift-operators >> must-gather/odh-operator/pod.log 16 | /usr/bin/gather-data-science-pipelines 17 | /usr/bin/gather-model-mesh 18 | /usr/bin/gather-notebooks 19 | exit 0 20 | 21 | -------------------------------------------------------------------------------- /must-gather/collection-scripts/gather-data-science-pipelines: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | datasciencepipelines=$(oc get DataSciencePipelinesApplication --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\n"}{end}') 4 | 5 | # Get logs from all Data Science Pipelines Application namespaces 6 | for i in $datasciencepipelines; 7 | do 8 | # Get pod logs for all the pods in Data Science Pipelines Application namespaces 9 | oc adm inspect namespace/"$i" --dest-dir=must-gather || echo "Error getting logs from $i" 10 | 11 | done 12 | 13 | -------------------------------------------------------------------------------- /must-gather/collection-scripts/gather-model-mesh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | inferenceservices=$(oc get inferenceservice --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\n"}{end}') 4 | 5 | # Get logs from all Inferenceservices namespaces 6 | for i in $inferenceservices; 7 | do 8 | # Get pod logs for all the pods in Inferenceservices namespaces 9 | oc adm inspect namespace/"$i" --dest-dir=must-gather || echo "Error getting logs from $i" 10 | 11 | done 12 | 13 | -------------------------------------------------------------------------------- /must-gather/collection-scripts/gather-notebooks: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | notebooks=$(oc get notebook --all-namespaces -o=jsonpath='{range .items[*]}{.metadata.namespace}{"\n"}{end}') 4 | 5 | # Get logs from all notebook namespaces 6 | for i in $notebooks; 7 | do 8 | # Get pod logs for all the pods in Notebook namespaces 9 | mkdir must-gather/notebooks || echo "Error creating odh-operator directory" 10 | oc adm inspect namespace/"$i" --dest-dir=must-gather/notebooks || echo "Error getting logs from $i" 11 | 12 | done 13 | 14 | -------------------------------------------------------------------------------- /notebook-images/OWNERS: -------------------------------------------------------------------------------- 1 | # Fetched from https://github.com/opendatahub-io/notebooks root OWNERS 2 | approvers: 3 | - atheo89 4 | - harshad16 5 | 6 | reviewers: 7 | - atheo89 8 | - harshad16 9 | - VaishnaviHire 10 | -------------------------------------------------------------------------------- /notebook-images/overlays/additional/README.md: -------------------------------------------------------------------------------- 1 | Open Data Hub Tier 1 Notebooks 2 | === 3 | 4 | All of the notebooks in this repo are supported by the ODH Community as a Tier 1 component but not part of the ODH Core deployment. 5 | The source build files for any notebook in this repo must exist under the [opendatahub-io](https://github.com/opendatahub-io) organization 6 | 7 | Notebooks: 8 | === 9 | * [Code Server Notebook ](https://github.com/opendatahub-io/notebooks/tree/main/codeserver) - Notebook image, allows to run Visual Studio Code (VSCode) 10 | * [R Studio Notebook](https://github.com/opendatahub-io/notebooks/tree/main/rstudio) - Notebook image, integrated development environment (IDE) for R 11 | * [CUDA R Studio Notebook](https://github.com/opendatahub-io/notebooks/tree/main/rstudio) - Notebook image, integrated development environment (IDE) for R with embedded CUDA capabilities 12 | 13 | Deprecated Notebooks: 14 | === 15 | * [Elyra Notebook](https://github.com/opendatahub-io/s2i-lab-elyra) - Jupyter notebook image with Elyra-AI installed 16 | It is no-longer shipped with ODH, as all the base notebook images (except minimal) contain are installed with Elyra-Plugin 17 | -------------------------------------------------------------------------------- /notebook-images/overlays/additional/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../../base 5 | resources: 6 | - code-server-notebook-imagestream.yaml 7 | - rstudio-notebook-imagestream.yaml 8 | - rstudio-gpu-notebook-imagestream.yaml 9 | commonLabels: 10 | opendatahub.io/component: "true" 11 | component.opendatahub.io/name: notebooks 12 | -------------------------------------------------------------------------------- /odh-common/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - operatorgroup.yaml 5 | namespace: opendatahub 6 | commonLabels: 7 | opendatahub.io/component: "true" 8 | component.opendatahub.io/name: odh-common 9 | app.kubernetes.io/part-of: odh-common 10 | 11 | configMapGenerator: 12 | - name: odh-common-config 13 | env: params.env 14 | generatorOptions: 15 | disableNameSuffixHash: true 16 | 17 | vars: 18 | - name: namespace 19 | objref: 20 | kind: ConfigMap 21 | name: odh-common-config 22 | apiVersion: v1 23 | fieldref: 24 | fieldpath: metadata.namespace 25 | 26 | configurations: 27 | - params.yaml 28 | -------------------------------------------------------------------------------- /odh-common/base/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: opendatahub 5 | spec: 6 | targetNamespaces: 7 | - $(namespace) 8 | -------------------------------------------------------------------------------- /odh-common/base/params.env: -------------------------------------------------------------------------------- 1 | namespace=opendatahub 2 | -------------------------------------------------------------------------------- /odh-common/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: spec/targetNamespaces 3 | kind: OperatorGroup 4 | apiGroup: operators.coreos.com 5 | -------------------------------------------------------------------------------- /odh-dashboard/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - andrewballantyne 3 | 4 | reviewers: 5 | - DaoDaoNoCode 6 | - lucferbux 7 | - Gkrumbach07 8 | -------------------------------------------------------------------------------- /odh-dashboard/apps/jupyter/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - create-jupyter-notebook-quickstart.yaml 8 | - deploy-python-model-quickstart.yaml 9 | - jupyter-app.yaml 10 | - jupyterhub-app.yaml 11 | - jupyter-docs.yaml 12 | -------------------------------------------------------------------------------- /odh-dashboard/apps/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - ./jupyter 8 | -------------------------------------------------------------------------------- /odh-dashboard/base/auth-delegator.clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: odh-dashboard-auth-delegator 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: system:auth-delegator 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-dashboard 12 | -------------------------------------------------------------------------------- /odh-dashboard/base/cluster-monitoring-role-binding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: odh-dashboard-monitoring 5 | subjects: 6 | - kind: ServiceAccount 7 | name: odh-dashboard 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: cluster-monitoring-view 12 | -------------------------------------------------------------------------------- /odh-dashboard/base/cluster-role-binding.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: odh-dashboard 5 | subjects: 6 | - kind: ServiceAccount 7 | name: odh-dashboard 8 | roleRef: 9 | apiGroup: rbac.authorization.k8s.io 10 | kind: ClusterRole 11 | name: odh-dashboard 12 | -------------------------------------------------------------------------------- /odh-dashboard/base/fetch-builds-and-images.rbac.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRole 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: dsg-cluster-roles 5 | rules: 6 | - apiGroups: 7 | - image.openshift.io 8 | verbs: 9 | - get 10 | - list 11 | - watch 12 | resources: 13 | - imagestreams 14 | - apiGroups: 15 | - build.openshift.io 16 | verbs: 17 | - get 18 | - list 19 | - watch 20 | resources: 21 | - builds 22 | - buildconfigs 23 | --- 24 | apiVersion: rbac.authorization.k8s.io/v1 25 | kind: RoleBinding 26 | metadata: 27 | name: builds-and-images 28 | roleRef: 29 | apiGroup: rbac.authorization.k8s.io 30 | kind: ClusterRole 31 | name: dsg-cluster-roles 32 | subjects: 33 | - apiGroup: rbac.authorization.k8s.io 34 | kind: Group 35 | name: system:authenticated 36 | -------------------------------------------------------------------------------- /odh-dashboard/base/image-puller.clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: cluster-image-pullers 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: system:image-puller 9 | subjects: 10 | - apiGroup: rbac.authorization.k8s.io 11 | kind: Group 12 | name: system:serviceaccounts 13 | -------------------------------------------------------------------------------- /odh-dashboard/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - ../apps 8 | - ../modelserving 9 | - role.yaml 10 | - cluster-role.yaml 11 | - service-account.yaml 12 | - role-binding.yaml 13 | - cluster-role-binding.yaml 14 | - auth-delegator.clusterrolebinding.yaml 15 | - cluster-monitoring-role-binding.yaml 16 | - deployment.yaml 17 | - routes.yaml 18 | - service.yaml 19 | - oauth.secret.yaml 20 | - fetch-builds-and-images.rbac.yaml 21 | - image-puller.clusterrolebinding.yaml 22 | - model-serving-role.yaml 23 | - model-serving-role-binding.yaml 24 | images: 25 | - name: odh-dashboard 26 | newName: quay.io/opendatahub/odh-dashboard 27 | digest: sha256:4478d3830a30058fb87ed3e94dfdc615bf7517fddbd8490d6e2563263a0752fb 28 | - name: oauth-proxy 29 | newName: registry.redhat.io/openshift4/ose-oauth-proxy 30 | digest: sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33 31 | -------------------------------------------------------------------------------- /odh-dashboard/base/model-serving-role-binding.yaml: -------------------------------------------------------------------------------- 1 | kind: RoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: servingruntimes-config-updater 5 | subjects: 6 | - kind: Group 7 | apiGroup: rbac.authorization.k8s.io 8 | name: 'system:authenticated' 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: Role 12 | name: servingruntimes-config-updater 13 | -------------------------------------------------------------------------------- /odh-dashboard/base/model-serving-role.yaml: -------------------------------------------------------------------------------- 1 | kind: Role 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: servingruntimes-config-updater 5 | rules: 6 | - verbs: 7 | - get 8 | - list 9 | apiGroups: 10 | - template.openshift.io 11 | resources: 12 | - templates 13 | - verbs: 14 | - get 15 | - list 16 | apiGroups: 17 | - opendatahub.io 18 | resources: 19 | - odhdashboardconfigs -------------------------------------------------------------------------------- /odh-dashboard/base/oauth.secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: dashboard-oauth-config 6 | annotations: 7 | secret-generator.opendatahub.io/name: "cookie_secret" 8 | secret-generator.opendatahub.io/type: "oauth" 9 | secret-generator.opendatahub.io/complexity: "16" 10 | type: Opaque 11 | 12 | --- 13 | apiVersion: v1 14 | kind: Secret 15 | metadata: 16 | name: dashboard-oauth-client 17 | annotations: 18 | secret-generator.opendatahub.io/name: secret 19 | secret-generator.opendatahub.io/type: random 20 | secret-generator.opendatahub.io/complexity: "32" 21 | secret-generator.opendatahub.io/oauth-client-route: odh-dashboard 22 | type: Opaque 23 | -------------------------------------------------------------------------------- /odh-dashboard/base/role-binding.yaml: -------------------------------------------------------------------------------- 1 | kind: RoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: odh-dashboard 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: odh-dashboard 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-dashboard 12 | -------------------------------------------------------------------------------- /odh-dashboard/base/routes.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: route.openshift.io/v1 2 | kind: Route 3 | metadata: 4 | annotations: 5 | kubernetes.io/tls-acme: 'true' 6 | haproxy.router.openshift.io/hsts_header: max-age=31536000;includeSubDomains;preload 7 | name: odh-dashboard 8 | spec: 9 | port: 10 | targetPort: 8443 11 | tls: 12 | insecureEdgeTerminationPolicy: Redirect 13 | termination: reencrypt 14 | to: 15 | kind: Service 16 | name: odh-dashboard 17 | weight: 100 18 | -------------------------------------------------------------------------------- /odh-dashboard/base/service-account.yaml: -------------------------------------------------------------------------------- 1 | kind: ServiceAccount 2 | apiVersion: v1 3 | metadata: 4 | name: odh-dashboard 5 | annotations: 6 | serviceaccounts.openshift.io/oauth-redirectreference.primary: '{"kind":"OAuthRedirectReference","apiVersion":"v1","reference":{"kind":"Route","name":"odh-dashboard"}}' 7 | -------------------------------------------------------------------------------- /odh-dashboard/base/service.yaml: -------------------------------------------------------------------------------- 1 | kind: Service 2 | apiVersion: v1 3 | metadata: 4 | name: odh-dashboard 5 | annotations: 6 | service.alpha.openshift.io/serving-cert-secret-name: dashboard-proxy-tls 7 | spec: 8 | selector: 9 | deployment: odh-dashboard 10 | ports: 11 | - protocol: TCP 12 | targetPort: 8443 13 | port: 8443 14 | -------------------------------------------------------------------------------- /odh-dashboard/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - odhdashboardconfigs.opendatahub.io.crd.yaml 8 | - odhquickstarts.console.openshift.io.crd.yaml 9 | - odhdocuments.dashboard.opendatahub.io.crd.yaml 10 | - odhapplications.dashboard.opendatahub.io.crd.yaml 11 | - acceleratorprofiles.opendatahub.io.crd.yaml -------------------------------------------------------------------------------- /odh-dashboard/modelserving/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - ovms-ootb.yaml 8 | - ovms-gpu-ootb.yaml 9 | images: 10 | - name: ovms-1 11 | newName: quay.io/opendatahub/openvino_model_server 12 | digest: sha256:20dbfbaf53d1afbd47c612d953984238cb0e207972ed544a5ea662c2404f276d -------------------------------------------------------------------------------- /odh-model-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../prometheus 5 | - ../overlays/odh 6 | 7 | namespace: opendatahub 8 | configMapGenerator: 9 | - envs: 10 | - params.env 11 | name: odh-model-controller-parameters 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | 15 | vars: 16 | - fieldref: 17 | fieldPath: metadata.namespace 18 | name: mesh-namespace 19 | objref: 20 | apiVersion: v1 21 | kind: ConfigMap 22 | name: odh-model-controller-parameters 23 | - fieldref: 24 | fieldPath: data.odh-model-controller 25 | name: odh-model-controller 26 | objref: 27 | apiVersion: v1 28 | kind: ConfigMap 29 | name: odh-model-controller-parameters -------------------------------------------------------------------------------- /odh-model-controller/base/params.env: -------------------------------------------------------------------------------- 1 | odh-model-controller=quay.io/opendatahub/odh-model-controller:v0.11.0-alpha 2 | kserve-enabled=true 3 | -------------------------------------------------------------------------------- /odh-model-controller/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | bases: 2 | - ../rbac 3 | - ../manager 4 | -------------------------------------------------------------------------------- /odh-model-controller/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: odh-model-controller 12 | -------------------------------------------------------------------------------- /odh-model-controller/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | 7 | configMapGenerator: 8 | - files: 9 | - controller_manager_config.yaml 10 | name: manager-config 11 | -------------------------------------------------------------------------------- /odh-model-controller/overlays/odh/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../default 5 | 6 | patchesStrategicMerge: 7 | - odh_model_controller_manager_patch.yaml 8 | 9 | configurations: 10 | - params.yaml 11 | -------------------------------------------------------------------------------- /odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: odh-model-controller 5 | spec: 6 | replicas: 3 7 | template: 8 | spec: 9 | containers: 10 | - args: 11 | - --leader-elect 12 | - "--monitoring-namespace" 13 | - "$(MONITORING_NS)" 14 | - --kserve-enabled 15 | image: $(odh-model-controller) 16 | env: 17 | - name: MONITORING_NS 18 | value: kserve 19 | name: manager 20 | -------------------------------------------------------------------------------- /odh-model-controller/overlays/odh/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: metadata/name 3 | kind: ClusterRoleBinding 4 | apiGroup: authorization.openshift.io 5 | - path: spec/template/spec/containers[]/image 6 | kind: Deployment 7 | apiVersion: apps/v1 -------------------------------------------------------------------------------- /odh-model-controller/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /odh-model-controller/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | # Prometheus Monitor Service (Metrics) 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | labels: 6 | control-plane: odh-model-controller 7 | name: odh-model-controller-metrics-monitor 8 | spec: 9 | endpoints: 10 | - path: /metrics 11 | port: https 12 | scheme: https 13 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 14 | tlsConfig: 15 | insecureSkipVerify: false 16 | selector: 17 | matchLabels: 18 | control-plane: odh-model-controller 19 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: 7 | - "/metrics" 8 | verbs: 9 | - get 10 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: 7 | - authentication.k8s.io 8 | resources: 9 | - tokenreviews 10 | verbs: 11 | - create 12 | - apiGroups: 13 | - authorization.k8s.io 14 | resources: 15 | - subjectaccessreviews 16 | verbs: 17 | - create 18 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: odh-model-controller 6 | name: odh-model-controller-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: metrics 11 | port: 8080 12 | protocol: TCP 13 | targetPort: 8080 14 | selector: 15 | control-plane: odh-model-controller 16 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/kserve_prometheus_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: kserve-prometheus-k8s 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - services 10 | - endpoints 11 | - pods 12 | verbs: 13 | - get 14 | - list 15 | - watch 16 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | # All RBAC will be applied under this service account in 3 | # the deployment namespace. You may comment out this resource 4 | # if your manager will use a service account that exists at 5 | # runtime. Be sure to update RoleBinding and ClusterRoleBinding 6 | # subjects if changing service account names. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - leader_election_role.yaml 11 | - leader_election_role_binding.yaml 12 | # Comment the following 4 lines if you want to disable 13 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 14 | # which protects your /metrics endpoint. 15 | - auth_proxy_service.yaml 16 | - auth_proxy_role.yaml 17 | - auth_proxy_role_binding.yaml 18 | - auth_proxy_client_clusterrole.yaml 19 | - kserve_prometheus_clusterrole.yaml 20 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - coordination.k8s.io 21 | resources: 22 | - leases 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: odh-model-controller-rolebinding-$(mesh-namespace) 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: odh-model-controller-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: odh-model-controller 12 | -------------------------------------------------------------------------------- /odh-model-controller/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: odh-model-controller 5 | -------------------------------------------------------------------------------- /odh-notebook-controller/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - LavLas 3 | - harshad16 4 | reviewers: 5 | - VaishnaviHire 6 | - harshad16 7 | - atheo89 8 | -------------------------------------------------------------------------------- /odh-notebook-controller/assets/odh-notebook-controller-oauth-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/opendatahub-io/odh-manifests/7e98dd18cc7e2a61872038dc955f710ae6bf7c14/odh-notebook-controller/assets/odh-notebook-controller-oauth-diagram.png -------------------------------------------------------------------------------- /odh-notebook-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | bases: 5 | - ../kf-notebook-controller/overlays/openshift 6 | - ../odh-notebook-controller/base 7 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../default 5 | images: 6 | - name: docker.io/kubeflownotebookswg/notebook-controller 7 | newName: docker.io/kubeflownotebookswg/notebook-controller 8 | newTag: v1.7.0 9 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/kubeflow.org_notebooks.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | - patches/trivial_conversion_patch.yaml 10 | 11 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 12 | # patches here are for enabling the conversion webhook for each CRD 13 | #- patches/webhook_in_notebooks.yaml 14 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 15 | 16 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 17 | # patches here are for enabling the CA injection for each CRD 18 | #- patches/cainjection_in_notebooks.yaml 19 | # +kubebuilder:scaffold:crdkustomizecainjectionpatch 20 | 21 | # the following config is for teaching kustomize how to do kustomization for CRDs. 22 | configurations: 23 | - kustomizeconfig.yaml 24 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/crd/patches/cainjection_in_notebooks.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: notebooks.kubeflow.org 9 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/crd/patches/trivial_conversion_patch.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: apiextensions.k8s.io/v1 3 | kind: CustomResourceDefinition 4 | metadata: 5 | name: notebooks.kubeflow.org 6 | spec: 7 | conversion: 8 | strategy: None 9 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/crd/patches/webhook_in_notebooks.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: notebooks.kubeflow.org 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | - service-account.yaml 4 | - service.yaml 5 | configMapGenerator: 6 | - name: config 7 | envs: 8 | - params.env 9 | generatorOptions: 10 | disableNameSuffixHash: true 11 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/manager/params.env: -------------------------------------------------------------------------------- 1 | USE_ISTIO=true 2 | ISTIO_GATEWAY=kubeflow/kubeflow-gateway 3 | CLUSTER_DOMAIN=cluster.local 4 | ENABLE_CULLING=false 5 | CULL_IDLE_TIME=1440 6 | IDLENESS_CHECK_PERIOD=1 -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/manager/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: service-account 5 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/manager/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: notebook-controller 6 | kustomize.component: notebook-controller 7 | name: service 8 | spec: 9 | ports: 10 | - port: 443 11 | selector: 12 | app: notebook-controller 13 | kustomize.component: notebook-controller 14 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/overlays/openshift/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../../base 6 | namespace: opendatahub 7 | commonLabels: 8 | app.kubernetes.io/part-of: odh-notebook-controller 9 | component.opendatahub.io/name: kf-notebook-controller 10 | opendatahub.io/component: "true" 11 | images: 12 | - name: docker.io/kubeflownotebookswg/notebook-controller 13 | newName: quay.io/opendatahub/kubeflow-notebook-controller 14 | newTag: v1.7.0-2 15 | configMapGenerator: 16 | - name: config 17 | behavior: merge 18 | literals: 19 | - USE_ISTIO=false 20 | - ADD_FSGROUP=false 21 | patchesStrategicMerge: 22 | - remove_namespace_patch.yaml 23 | - manager_openshift_patch.yaml 24 | - manager_service_openshift_patch.yaml 25 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/overlays/openshift/manager_service_openshift_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: service 5 | spec: 6 | ports: 7 | - name: webhook 8 | port: 443 9 | - name: nbc-metrics 10 | port: 8080 11 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/overlays/openshift/remove_namespace_patch.yaml: -------------------------------------------------------------------------------- 1 | $patch: delete 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: notebook-controller-system 6 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | #- leader_election_role.yaml 5 | #- leader_election_role_binding.yaml 6 | - user_cluster_roles.yaml 7 | # Comment the following 3 lines if you want to disable 8 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 9 | # which protects your /metrics endpoint. 10 | # - auth_proxy_service.yaml 11 | # - auth_proxy_role.yaml 12 | # - auth_proxy_role_binding.yaml 13 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | creationTimestamp: null 6 | name: role 7 | rules: 8 | - apiGroups: 9 | - apps 10 | resources: 11 | - statefulsets 12 | verbs: 13 | - '*' 14 | - apiGroups: 15 | - "" 16 | resources: 17 | - events 18 | verbs: 19 | - create 20 | - get 21 | - list 22 | - patch 23 | - watch 24 | - apiGroups: 25 | - "" 26 | resources: 27 | - pods 28 | verbs: 29 | - get 30 | - list 31 | - watch 32 | - apiGroups: 33 | - "" 34 | resources: 35 | - services 36 | verbs: 37 | - '*' 38 | - apiGroups: 39 | - kubeflow.org 40 | resources: 41 | - notebooks 42 | - notebooks/finalizers 43 | - notebooks/status 44 | verbs: 45 | - '*' 46 | - apiGroups: 47 | - networking.istio.io 48 | resources: 49 | - virtualservices 50 | verbs: 51 | - '*' 52 | -------------------------------------------------------------------------------- /odh-notebook-controller/kf-notebook-controller/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: role-binding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: service-account 12 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - ../default 6 | images: 7 | - name: quay.io/opendatahub/odh-notebook-controller 8 | newName: quay.io/opendatahub/odh-notebook-controller 9 | newTag: v1.7.0-2 10 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | bases: 5 | # - ../crd 6 | - ../rbac 7 | - ../manager 8 | - ../webhook 9 | 10 | # Adds namespace to all resources. 11 | namespace: opendatahub 12 | 13 | # Value of this field is prepended to the names of all resources, e.g. a 14 | # deployment named "wordpress" becomes "alices-wordpress". Note that it should 15 | # also match with the prefix (text before '-') of the namespace field above. 16 | namePrefix: odh-notebook-controller- 17 | 18 | # Labels to add to all resources and selectors. 19 | commonLabels: 20 | app: odh-notebook-controller 21 | app.kubernetes.io/part-of: odh-notebook-controller 22 | kustomize.component: odh-notebook-controller 23 | component.opendatahub.io/name: odh-notebook-controller 24 | opendatahub.io/component: "true" 25 | 26 | patchesStrategicMerge: 27 | - webhook_manager_patch.yaml 28 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/default/webhook_manager_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: manager 6 | namespace: system 7 | spec: 8 | template: 9 | spec: 10 | containers: 11 | - name: manager 12 | ports: 13 | - containerPort: 8443 14 | name: webhook 15 | protocol: TCP 16 | volumeMounts: 17 | - mountPath: /tmp/k8s-webhook-server/serving-certs 18 | name: webhook-cert 19 | readOnly: true 20 | volumes: 21 | - name: webhook-cert 22 | secret: 23 | defaultMode: 420 24 | secretName: odh-notebook-controller-webhook-cert 25 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - manager.yaml 6 | - service.yaml 7 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/manager/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: service 6 | spec: 7 | ports: 8 | - name: metrics 9 | port: 8080 10 | targetPort: metrics 11 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | # All RBAC will be applied under this service account in the deployment 6 | # namespace. 7 | - service_account.yaml 8 | - role.yaml 9 | - role_binding.yaml 10 | - user_cluster_roles.yaml 11 | # - leader_election_role.yaml 12 | # - leader_election_role_binding.yaml 13 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: manager-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: manager-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: manager 13 | namespace: system 14 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: manager 6 | namespace: system 7 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | resources: 5 | - manifests.yaml 6 | - service.yaml 7 | commonAnnotations: 8 | service.beta.openshift.io/inject-cabundle: "true" 9 | configurations: 10 | - kustomizeconfig.yaml 11 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # Teaching kustomize where to look at when substituting vars 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: MutatingWebhookConfiguration 7 | group: admissionregistration.k8s.io 8 | path: webhooks/clientConfig/service/name 9 | 10 | namespace: 11 | - kind: MutatingWebhookConfiguration 12 | group: admissionregistration.k8s.io 13 | path: webhooks/clientConfig/service/namespace 14 | create: true 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: admissionregistration.k8s.io/v1 3 | kind: MutatingWebhookConfiguration 4 | metadata: 5 | creationTimestamp: null 6 | name: mutating-webhook-configuration 7 | webhooks: 8 | - admissionReviewVersions: 9 | - v1 10 | clientConfig: 11 | service: 12 | name: webhook-service 13 | namespace: system 14 | path: /mutate-notebook-v1 15 | failurePolicy: Fail 16 | name: notebooks.opendatahub.io 17 | rules: 18 | - apiGroups: 19 | - kubeflow.org 20 | apiVersions: 21 | - v1 22 | operations: 23 | - CREATE 24 | - UPDATE 25 | resources: 26 | - notebooks 27 | sideEffects: None 28 | -------------------------------------------------------------------------------- /odh-notebook-controller/odh-notebook-controller/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | annotations: 7 | service.beta.openshift.io/serving-cert-secret-name: odh-notebook-controller-webhook-cert 8 | spec: 9 | ports: 10 | - name: webhook 11 | port: 443 12 | targetPort: webhook 13 | -------------------------------------------------------------------------------- /openshift-pipelines/cluster/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: opendatahub 5 | 6 | commonLabels: 7 | app.kubernetes.io/part-of: openshift-pipelines 8 | 9 | resources: 10 | - subscription.yaml 11 | -------------------------------------------------------------------------------- /openshift-pipelines/cluster/base/subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: openshift-pipelines-operator 5 | namespace: openshift-operators 6 | spec: 7 | name: openshift-pipelines-operator-rh 8 | source: redhat-operators 9 | sourceNamespace: openshift-marketplace 10 | -------------------------------------------------------------------------------- /prometheus/cluster/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | namespace: openshift-operators 5 | 6 | commonLabels: 7 | app.kubernetes.io/part-of: prometheus 8 | 9 | resources: 10 | - subscription.yaml 11 | -------------------------------------------------------------------------------- /prometheus/cluster/base/subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: prometheus-operator 5 | namespace: opendatahub 6 | spec: 7 | channel: beta 8 | installPlanApproval: Automatic 9 | name: prometheus 10 | source: community-operators 11 | sourceNamespace: openshift-marketplace 12 | -------------------------------------------------------------------------------- /prometheus/operator/base/cluster-monitoring-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: cluster-metrics-federation 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-monitoring-view 10 | subjects: 11 | - kind: ServiceAccount 12 | name: prometheus-k8s 13 | namespace: opendatahub 14 | -------------------------------------------------------------------------------- /prometheus/operator/base/cluster-monitoring-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: cluster-monitoring-view 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - namespaces 11 | verbs: 12 | - get 13 | -------------------------------------------------------------------------------- /prometheus/operator/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - cluster-metrics-servicemonitor.yaml 6 | - cluster-monitoring-role.yaml 7 | - cluster-monitoring-role-binding.yaml 8 | - kafka-podmonitors.yaml 9 | - prometheus.yaml 10 | - route.yaml 11 | - service-monitors 12 | - prometheus-monitoring-role.yaml 13 | - prometheus-monitoring-role-binding.yaml 14 | - secrets 15 | 16 | namespace: opendatahub 17 | 18 | commonLabels: 19 | opendatahub.io/component: "true" 20 | component.opendatahub.io/name: prometheus 21 | app.kubernetes.io/part-of: prometheus 22 | 23 | generatorOptions: 24 | disableNameSuffixHash: true 25 | 26 | vars: 27 | - name: namespace 28 | objref: 29 | kind: Prometheus 30 | name: odh-monitoring 31 | apiVersion: monitoring.coreos.com/v1 32 | fieldref: 33 | fieldpath: metadata.namespace 34 | 35 | configurations: 36 | - params.yaml 37 | -------------------------------------------------------------------------------- /prometheus/operator/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: subjects/namespace 3 | kind: ClusterRoleBinding 4 | apiVersion: rbac.authorization.k8s.io/v1 5 | -------------------------------------------------------------------------------- /prometheus/operator/base/prometheus-monitoring-role-binding.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRoleBinding 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: odh-prometheus-monitoring-rb 6 | subjects: 7 | - kind: ServiceAccount 8 | name: prometheus-k8s 9 | namespace: $(namespace) 10 | roleRef: 11 | apiGroup: rbac.authorization.k8s.io 12 | kind: ClusterRole 13 | name: odh-prometheus-monitoring 14 | -------------------------------------------------------------------------------- /prometheus/operator/base/prometheus-monitoring-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | metadata: 5 | name: odh-prometheus-monitoring 6 | namespace: opendatahub 7 | rules: 8 | - verbs: 9 | - get 10 | - list 11 | - watch 12 | apiGroups: 13 | - '' 14 | resources: 15 | - services 16 | - endpoints 17 | - pods 18 | - verbs: 19 | - get 20 | apiGroups: 21 | - '' 22 | resources: 23 | - configmaps 24 | -------------------------------------------------------------------------------- /prometheus/operator/base/prometheus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: Prometheus 3 | metadata: 4 | name: odh-monitoring 5 | labels: 6 | app: odh-monitoring 7 | namespace: prometheus 8 | spec: 9 | replicas: 2 10 | serviceAccountName: prometheus-k8s 11 | securityContext: {} 12 | serviceMonitorSelector: 13 | matchLabels: 14 | team: opendatahub 15 | podMonitorSelector: 16 | matchLabels: 17 | team: opendatahub 18 | ruleSelector: {} 19 | -------------------------------------------------------------------------------- /prometheus/operator/base/route.yaml: -------------------------------------------------------------------------------- 1 | kind: Route 2 | apiVersion: route.openshift.io/v1 3 | metadata: 4 | name: prometheus-portal 5 | namespace: opendatahub 6 | spec: 7 | to: 8 | kind: Service 9 | name: prometheus-operated 10 | port: 11 | targetPort: web 12 | tls: 13 | termination: edge 14 | insecureEdgeTerminationPolicy: Redirect 15 | -------------------------------------------------------------------------------- /prometheus/operator/base/secrets/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kustomize.config.k8s.io/v1beta1 3 | kind: Kustomization 4 | namespace: opendatahub 5 | 6 | resources: 7 | - prometheus-k8s.yaml 8 | -------------------------------------------------------------------------------- /prometheus/operator/base/secrets/prometheus-k8s.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: odh.prometheus-k8s 6 | annotations: 7 | kubernetes.io/service-account.name: prometheus-k8s 8 | type: kubernetes.io/service-account-token 9 | -------------------------------------------------------------------------------- /prometheus/operator/base/service-monitors/application-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | team: opendatahub 6 | name: odh-application-servicemonitor 7 | spec: 8 | endpoints: 9 | - port: metrics # Argo 10 | - bearerTokenSecret: 11 | key: PROMETHEUS_API_TOKEN 12 | name: jupyterhub 13 | port: 8081-tcp # Jupyterhub 14 | path: "/metrics" 15 | - port: nbc-metrics # Notebook Controller 16 | path: "/metrics" 17 | selector: 18 | matchLabels: 19 | opendatahub.io/component: "true" 20 | -------------------------------------------------------------------------------- /prometheus/operator/base/service-monitors/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - application-service-monitor.yaml 5 | - operator-service-monitor.yaml 6 | -------------------------------------------------------------------------------- /prometheus/operator/base/service-monitors/operator-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | team: opendatahub 6 | name: odh-operator-servicemonitor 7 | spec: 8 | endpoints: 9 | - port: http-metrics # Open Data Hub Operator 10 | - port: cr-metrics # Open Data Hub Operator 11 | selector: 12 | matchLabels: 13 | name: opendatahub-operator 14 | namespaceSelector: 15 | matchNames: 16 | - openshift-operators 17 | -------------------------------------------------------------------------------- /prometheus/operator/overlays/kubeflow/kubeflow-servicemonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | team: opendatahub 6 | name: kubeflowmonitor 7 | spec: 8 | endpoints: 9 | # for katib and argo 10 | - port: metrics 11 | # for pytorchjob and tfjob 12 | - port: monitoring-port 13 | selector: {} 14 | -------------------------------------------------------------------------------- /prometheus/operator/overlays/kubeflow/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | bases: 4 | - ../../base 5 | 6 | resources: 7 | - kubeflow-servicemonitor.yaml 8 | -------------------------------------------------------------------------------- /ray/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - anishasthana 3 | - jbusche 4 | - kpostoffice 5 | - maxusmusti 6 | - MichaelClifford 7 | - tedhtchang 8 | reviewers: 9 | - anishasthana 10 | - jbusche 11 | - kpostoffice 12 | - maxusmusti 13 | - MichaelClifford 14 | - tedhtchang 15 | -------------------------------------------------------------------------------- /ray/operator/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | configMapGenerator: 5 | - name: ray-config 6 | envs: 7 | - params.env 8 | configurations: 9 | - params.yaml 10 | 11 | vars: 12 | - name: namespace 13 | objref: 14 | kind: ConfigMap 15 | name: ray-config 16 | apiVersion: v1 17 | fieldref: 18 | fieldpath: data.namespace 19 | - name: odh-kuberay-operator-controller-image 20 | objref: 21 | kind: ConfigMap 22 | name: ray-config 23 | apiVersion: v1 24 | fieldref: 25 | fieldpath: data.odh-kuberay-operator-controller-image 26 | 27 | resources: 28 | - ../crd 29 | - ../rbac 30 | - ../manager 31 | - ../prometheus 32 | - ../scc 33 | -------------------------------------------------------------------------------- /ray/operator/base/params.env: -------------------------------------------------------------------------------- 1 | namespace=opendatahub 2 | odh-kuberay-operator-controller-image=quay.io/opendatahub/kuberay-operator:v0.5.0 3 | -------------------------------------------------------------------------------- /ray/operator/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - path: subjects[]/namespace 3 | kind: ClusterRoleBinding 4 | - path: users[] 5 | kind: SecurityContextConstraints 6 | - path: spec/template/spec/containers[]/image 7 | kind: Deployment 8 | -------------------------------------------------------------------------------- /ray/operator/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/ray.io_rayclusters.yaml 6 | - bases/ray.io_rayservices.yaml 7 | - bases/ray.io_rayjobs.yaml 8 | # +kubebuilder:scaffold:crdkustomizeresource 9 | -------------------------------------------------------------------------------- /ray/operator/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | version: v1 8 | group: apiextensions.k8s.io 9 | path: spec/conversion/webhook/clientConfig/service/name 10 | 11 | namespace: 12 | - kind: CustomResourceDefinition 13 | version: v1 14 | group: apiextensions.k8s.io 15 | path: spec/conversion/webhook/clientConfig/service/namespace 16 | create: false 17 | 18 | varReference: 19 | - path: metadata/annotations 20 | -------------------------------------------------------------------------------- /ray/operator/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | - service.yaml 4 | apiVersion: kustomize.config.k8s.io/v1beta1 5 | kind: Kustomization 6 | 7 | commonLabels: 8 | app.kubernetes.io/component: kuberay-operator 9 | app.kubernetes.io/name: kuberay 10 | -------------------------------------------------------------------------------- /ray/operator/manager/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/path: /metrics 6 | prometheus.io/scrape: "true" 7 | prometheus.io/port: "8080" 8 | labels: 9 | app.kubernetes.io/name: kuberay 10 | app.kubernetes.io/component: kuberay-operator 11 | name: kuberay-operator 12 | spec: 13 | ports: 14 | - name: monitoring-port 15 | port: 8080 16 | targetPort: 8080 17 | selector: 18 | app.kubernetes.io/name: kuberay 19 | app.kubernetes.io/component: kuberay-operator 20 | type: ClusterIP 21 | -------------------------------------------------------------------------------- /ray/operator/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /ray/operator/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: kuberay-operator 8 | name: kuberay-operator-metrics-monitor 9 | spec: 10 | endpoints: 11 | - path: /metrics 12 | port: monitoring-port 13 | selector: 14 | matchLabels: 15 | control-plane: kuberay-operator 16 | -------------------------------------------------------------------------------- /ray/operator/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ray_rayjob_editor_role.yaml 3 | - ray_rayjob_viewer_role.yaml 4 | - ray_rayservice_editor_role.yaml 5 | - ray_rayservice_viewer_role.yaml 6 | - role.yaml 7 | - role_binding.yaml 8 | - leader_election_role.yaml 9 | - leader_election_role_binding.yaml 10 | - service_account.yaml 11 | 12 | commonLabels: 13 | app.kubernetes.io/name: kuberay 14 | app.kubernetes.io/component: kuberay-operator 15 | -------------------------------------------------------------------------------- /ray/operator/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: kuberay-operator-leader-election 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | -------------------------------------------------------------------------------- /ray/operator/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: kuberay-operator-leader-election 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: kuberay-operator-leader-election 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kuberay-operator 12 | -------------------------------------------------------------------------------- /ray/operator/rbac/ray_rayjob_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit rayjobs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: rayjob-editor-role 6 | rules: 7 | - apiGroups: 8 | - ray.io 9 | resources: 10 | - rayjobs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ray.io 21 | resources: 22 | - rayjobs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /ray/operator/rbac/ray_rayjob_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view rayjobs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: rayjob-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ray.io 9 | resources: 10 | - rayjobs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ray.io 17 | resources: 18 | - rayjobs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /ray/operator/rbac/ray_rayservice_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit rayservices. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: rayservice-editor-role 6 | rules: 7 | - apiGroups: 8 | - ray.io 9 | resources: 10 | - rayservices 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - ray.io 21 | resources: 22 | - rayservices/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /ray/operator/rbac/ray_rayservice_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view rayservices. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: rayservice-viewer-role 6 | rules: 7 | - apiGroups: 8 | - ray.io 9 | resources: 10 | - rayservices 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - ray.io 17 | resources: 18 | - rayservices/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /ray/operator/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: kuberay-operator 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: kuberay-operator 9 | subjects: 10 | - kind: ServiceAccount 11 | name: kuberay-operator 12 | namespace: $(namespace) 13 | -------------------------------------------------------------------------------- /ray/operator/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: kuberay-operator 5 | -------------------------------------------------------------------------------- /ray/operator/scc/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ray_operator_scc.yaml 3 | 4 | commonLabels: 5 | app.kubernetes.io/name: kuberay 6 | app.kubernetes.io/component: kuberay-operator 7 | -------------------------------------------------------------------------------- /ray/operator/scc/ray_operator_scc.yaml: -------------------------------------------------------------------------------- 1 | kind: SecurityContextConstraints 2 | apiVersion: security.openshift.io/v1 3 | metadata: 4 | name: run-as-ray-user 5 | seLinuxContext: 6 | type: MustRunAs 7 | runAsUser: 8 | type: MustRunAs 9 | uid: 1000 10 | users: 11 | - 'system:serviceaccount:$(namespace):kuberay-operator' 12 | -------------------------------------------------------------------------------- /tests/Pipfile: -------------------------------------------------------------------------------- 1 | [[source]] 2 | name = "pypi" 3 | url = "https://pypi.org/simple" 4 | verify_ssl = true 5 | 6 | [dev-packages] 7 | 8 | [packages] 9 | selenium = "*" 10 | 11 | [requires] 12 | python_version = "3.6" 13 | -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/codeflare-operator-system-dependencies.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: codeflare-operator-system 5 | spec: 6 | 7 | --- 8 | kind: ClusterRoleBinding 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: codeflare-operator-system-manager-edit-rolebinding 12 | subjects: 13 | - kind: ServiceAccount 14 | name: codeflare-operator-controller-manager 15 | namespace: codeflare-operator-system 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: edit 20 | -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/codeflare-stack-kfdef.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kfdef.apps.kubeflow.org/v1 2 | kind: KfDef 3 | metadata: 4 | name: codeflare-stack 5 | namespace: opendatahub 6 | spec: 7 | applications: 8 | # CodeFlare 9 | - kustomizeConfig: 10 | repoRef: 11 | name: manifests 12 | path: codeflare-stack 13 | name: codeflare-stack 14 | # KubeRay 15 | - kustomizeConfig: 16 | repoRef: 17 | name: manifests 18 | path: ray/operator 19 | name: ray-operator 20 | repos: 21 | # ODH Core component manifests 22 | - name: manifests 23 | uri: https://github.com/opendatahub-io/odh-manifests/tarball/master 24 | -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/codeflare-subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: codeflare-operator 5 | namespace: codeflare-operator-system 6 | spec: 7 | channel: alpha 8 | name: codeflare-operator 9 | source: community-operators 10 | sourceNamespace: openshift-marketplace 11 | installPlanApproval: Manual 12 | startingCSV: codeflare-operator.v0.2.3 13 | -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/mcad-mnist-tests-Containerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/pytorch/torchx:0.5.0dev0 2 | 3 | ADD mnist.py /app/mnist.py 4 | 5 | # change group permissions for running in OCP 6 | RUN chgrp -R 0 /app 7 | RUN chmod -R g+w /app 8 | 9 | ENTRYPOINT ["python", "/app/mnist.py"] 10 | -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/requirements.txt: -------------------------------------------------------------------------------- 1 | pytorch_lightning==1.5.10 2 | ray_lightning 3 | torchmetrics==0.9.1 4 | torchvision==0.12.0 -------------------------------------------------------------------------------- /tests/resources/codeflare-stack/util: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Change this if your project is not named opendatahub 4 | export ODHPROJECT=${ODHPROJECT:-"opendatahub"} 5 | 6 | millisecond=1 7 | second=$(( 1000 * millisecond )) 8 | minute=$(( 60 * second )) 9 | fiveminute=$(( 300 * second )) 10 | odhdefaulttimeout=$(( 1200 * second )) 11 | odhdefaultinterval=$(( 10 )) 12 | 13 | function header() { 14 | os::text::print_blue $1 15 | } 16 | -------------------------------------------------------------------------------- /tests/resources/dsp-operator/enable-uwm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cluster-monitoring-config 5 | namespace: openshift-monitoring 6 | data: 7 | config.yaml: | 8 | enableUserWorkload: true 9 | -------------------------------------------------------------------------------- /tests/resources/dsp-operator/test-dspo-cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: datasciencepipelinesapplications.opendatahub.io/v1alpha1 2 | kind: DataSciencePipelinesApplication 3 | metadata: 4 | name: sample 5 | spec: 6 | objectStorage: 7 | minio: 8 | image: 'quay.io/opendatahub/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance' 9 | mlpipelineUI: 10 | image: 'quay.io/opendatahub/odh-ml-pipelines-frontend-container:beta-ui' 11 | -------------------------------------------------------------------------------- /tests/resources/htpasswd.secret.yaml: -------------------------------------------------------------------------------- 1 | kind: Secret 2 | apiVersion: v1 3 | metadata: 4 | name: htpass-secret 5 | namespace: openshift-config 6 | data: 7 | # username:password admin:admin 8 | htpasswd: YWRtaW46JGFwcjEkNmJhdnBqNzQkQkdYUDNLNEc1LkFCZi5kQVNPNm5PMAo= 9 | type: Opaque 10 | -------------------------------------------------------------------------------- /tests/resources/modelmesh/enable-uwm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cluster-monitoring-config 5 | namespace: openshift-monitoring 6 | data: 7 | config.yaml: | 8 | enableUserWorkload: true 9 | 10 | -------------------------------------------------------------------------------- /tests/resources/modelmesh/openvino-inference-service.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-onnx-mnist 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: onnx 25 | runtime: ovms-1.x 26 | storage: 27 | key: aws-connection-minio-data-connection 28 | path: onnx/mnist.onnx 29 | -------------------------------------------------------------------------------- /tests/resources/modelmesh/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: user-one 5 | 6 | --- 7 | kind: RoleBinding 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | metadata: 10 | name: user-one-view 11 | subjects: 12 | - kind: ServiceAccount 13 | name: user-one 14 | roleRef: 15 | apiGroup: rbac.authorization.k8s.io 16 | kind: ClusterRole 17 | name: view 18 | -------------------------------------------------------------------------------- /tests/resources/oauth-patch.htpasswd.json: -------------------------------------------------------------------------------- 1 | {"name": "htpasswd-provider", "mappingMethod": "claim", "type": "HTPasswd", "htpasswd":{"fileData":{"name": "htpass-secret"}}} 2 | -------------------------------------------------------------------------------- /tests/resources/odh-dashboard/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | commonLabels: 4 | app: odh-dashboard 5 | app.kubernetes.io/part-of: odh-dashboard 6 | resources: 7 | - odh-dashboard-crd.yaml 8 | - odh-quick-start-crd.yaml 9 | - odh-document-crd.yaml 10 | - odh-application-crd.yaml 11 | -------------------------------------------------------------------------------- /tests/resources/ods-ci/test-variables.yml: -------------------------------------------------------------------------------- 1 | BROWSER: 2 | NAME: headlesschrome 3 | # List of Chrome options - https://peter.sh/experiments/chromium-command-line-switches/ 4 | # --disable-dev-shm-usage and --no-sandbox are required for running chromedriver in a container 5 | OPTIONS: add_argument("--ignore-certificate-errors");add_argument("window-size=1920,1024");add_argument("--disable-dev-shm-usage");add_argument("--no-sandbox") 6 | # Override the project name that is used when checking if the current page is ODH Dashboard 7 | ODH_DASHBOARD_PROJECT_NAME: "Open Data Hub" 8 | OCP_API_URL: "https://api.my-cluster.test.redhat.com:my-port" 9 | OCP_CONSOLE_URL: "http://console-openshift-console.apps.my-cluster.test.redhat.com/" 10 | ODH_DASHBOARD_URL: "http://odh-dashboard-opendatahub.apps.my-cluster.test.redhat.com/" 11 | TEST_USER: 12 | AUTH_TYPE: htpasswd-provider 13 | USERNAME: admin 14 | PASSWORD: admin 15 | OCP_ADMIN_USER: 16 | AUTH_TYPE: "htpasswd-provider" 17 | USERNAME: admin 18 | PASSWORD: admin 19 | RHODS_PROMETHEUS_URL: "https://prometheus-redhat-ods-monitoring.apps.my-cluster.test.redhat.com/" 20 | RHODS_PROMETHEUS_TOKEN: "prometheus-token" 21 | -------------------------------------------------------------------------------- /tests/resources/openshift-pipelines/pipeline-hello-world.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Pipeline 3 | metadata: 4 | name: odh-test-hello-world 5 | spec: 6 | tasks: 7 | - name: odh-test-hello-world 8 | params: 9 | - name: subject 10 | value: ODH Test 11 | taskRef: 12 | kind: Task 13 | name: odh-test-hello-world 14 | -------------------------------------------------------------------------------- /tests/resources/openshift-pipelines/pipelinerun-hello-world.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: PipelineRun 3 | metadata: 4 | generateName: odh-test-hello-world- 5 | spec: 6 | pipelineRef: 7 | name: odh-test-hello-world 8 | -------------------------------------------------------------------------------- /tests/resources/openshift-pipelines/task-hello-world.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tekton.dev/v1beta1 2 | kind: Task 3 | metadata: 4 | name: odh-test-hello-world 5 | spec: 6 | params: 7 | - name: subject 8 | description: name of person to greet 9 | default: ODH 10 | type: string 11 | steps: 12 | - name: hello-world 13 | image: registry.access.redhat.com/ubi8/ubi 14 | command: 15 | - echo 16 | args: 17 | - "$(params.subject), Hello World!" 18 | -------------------------------------------------------------------------------- /tests/resources/ray/image_definition/Containerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.8.14-slim 2 | COPY requirements.txt . 3 | RUN pip install -r requirements.txt 4 | COPY ray_tests.py /tests/ray_test.py 5 | WORKDIR /tests 6 | ENTRYPOINT [ "/bin/bash" ] 7 | -------------------------------------------------------------------------------- /tests/resources/ray/image_definition/Makefile: -------------------------------------------------------------------------------- 1 | app_name = ray-tests 2 | 3 | 4 | build-test: 5 | @sudo podman build -t $(app_name) . -f Containerfile 6 | 7 | build-test-no-cache: 8 | @sudo podman build -t $(app_name) . --no-cache -f Containerfile 9 | 10 | run-test: 11 | @sudo podman run -it $(app_name) 12 | -------------------------------------------------------------------------------- /tests/resources/ray/image_definition/ray_tests.py: -------------------------------------------------------------------------------- 1 | import ray 2 | from collections import Counter 3 | import platform 4 | 5 | ray.init('ray://kuberay-cluster-test-head-svc:10001') 6 | print("Connected to ray cluster") 7 | print("Running example ray job ...") 8 | 9 | @ray.remote 10 | def f(x): 11 | t = sum(list(range(100000))) 12 | return x + (platform.node(), ) 13 | 14 | out = Counter(ray.get([f.remote(()) for _ in range(1000)])) 15 | 16 | assert len(dict(out).keys()) == 2 17 | 18 | print("Simple tests passed") 19 | -------------------------------------------------------------------------------- /tests/resources/ray/image_definition/requirements.txt: -------------------------------------------------------------------------------- 1 | ray==2.1.0 2 | six -------------------------------------------------------------------------------- /tests/resources/ray/ray-minimal-kfdef.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kfdef.apps.kubeflow.org/v1 2 | kind: KfDef 3 | metadata: 4 | name: ray-minimal 5 | namespace: opendatahub 6 | spec: 7 | applications: 8 | - kustomizeConfig: 9 | repoRef: 10 | name: manifests 11 | path: odh-common 12 | name: odh-common 13 | - kustomizeConfig: 14 | repoRef: 15 | name: manifests 16 | path: odh-dashboard 17 | name: odh-dashboard 18 | - kustomizeConfig: 19 | overlays: 20 | - additional 21 | repoRef: 22 | name: manifests 23 | path: jupyterhub/notebook-images 24 | name: notebook-images 25 | - kustomizeConfig: 26 | repoRef: 27 | name: manifests 28 | path: odh-notebook-controller 29 | name: odh-notebook-controller 30 | # Ray.io 31 | - kustomizeConfig: 32 | repoRef: 33 | name: manifests 34 | path: ray/operator 35 | name: ray-operator 36 | repos: 37 | # ODH Core component manifests 38 | - name: manifests 39 | uri: https://github.com/opendatahub-io/odh-manifests/tarball/master 40 | -------------------------------------------------------------------------------- /tests/resources/ray/ray/ray-simple-test.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ray-simple-test 5 | labels: 6 | app: ray-simple-test 7 | spec: 8 | replicas: 1 9 | selector: 10 | type: Recreate 11 | matchLabels: 12 | app: ray-simple-test 13 | template: 14 | metadata: 15 | labels: 16 | app: ray-simple-test 17 | spec: 18 | containers: 19 | - name: ray-odh-tests 20 | image: quay.io/opendatahub-contrib/ray-odh-tests:latest 21 | imagePullPolicy: Always 22 | command: 23 | - /bin/sh 24 | - -c 25 | - | 26 | python ray_test.py 27 | sleep infinity 28 | resources: {} 29 | 30 | -------------------------------------------------------------------------------- /tests/resources/trustyai/data.json: -------------------------------------------------------------------------------- 1 | { 2 | "inputs": [ 3 | { 4 | "name": "predict", 5 | "shape": [1, 4], 6 | "datatype": "FP64", 7 | "data": [40.83, 3.5, 0.5, 0] 8 | } 9 | ] 10 | } -------------------------------------------------------------------------------- /tests/resources/trustyai/minio_sklearn_mlserver_model.yaml: -------------------------------------------------------------------------------- 1 | # Copyright 2022 IBM Corporation 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | apiVersion: serving.kserve.io/v1beta1 15 | kind: InferenceService 16 | metadata: 17 | name: example-sklearn-isvc 18 | annotations: 19 | serving.kserve.io/deploymentMode: ModelMesh 20 | spec: 21 | predictor: 22 | model: 23 | modelFormat: 24 | name: sklearn 25 | runtime: mlserver-1.x 26 | storage: 27 | key: aws-connection-minio-data-connection 28 | path: sklearn/model.joblib 29 | -------------------------------------------------------------------------------- /tests/resources/trustyai/secret.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: aws-connection-minio-data-connection 6 | labels: 7 | opendatahub.io/dashboard: 'true' 8 | opendatahub.io/managed: 'true' 9 | annotations: 10 | opendatahub.io/connection-type: s3 11 | openshift.io/display-name: Minio Data Connection 12 | data: 13 | AWS_ACCESS_KEY_ID: VEhFQUNDRVNTS0VZ 14 | AWS_DEFAULT_REGION: dXMtc291dGg= 15 | AWS_S3_BUCKET: bW9kZWxtZXNoLWV4YW1wbGUtbW9kZWxz 16 | AWS_S3_ENDPOINT: aHR0cDovL21pbmlvOjkwMDA= 17 | AWS_SECRET_ACCESS_KEY: VEhFU0VDUkVUS0VZ 18 | type: Opaque 19 | --- 20 | apiVersion: v1 21 | kind: Secret 22 | metadata: 23 | name: model-serving-etcd 24 | stringData: 25 | etcd_connection: | 26 | { 27 | "endpoints": "http://etcd:2379", 28 | "root_prefix": "modelmesh-serving", 29 | "userid": "root", 30 | "password": "" 31 | } 32 | --- 33 | apiVersion: v1 34 | kind: Secret 35 | metadata: 36 | name: etcd-passwords 37 | stringData: 38 | root: -------------------------------------------------------------------------------- /tests/resources/trustyai/trustyai_crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: trustyai.opendatahub.io.trustyai.opendatahub.io/v1alpha1 2 | kind: TrustyAIService 3 | metadata: 4 | name: trustyai-service 5 | spec: 6 | storage: 7 | format: "PVC" 8 | folder: "/inputs" 9 | size: "1Gi" 10 | data: 11 | filename: "data.csv" 12 | format: "CSV" 13 | metrics: 14 | schedule: "5s" -------------------------------------------------------------------------------- /tests/resources/trustyai/trustyai_operator_configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: trustyai-service-operator-config 5 | data: 6 | trustyaiServiceImageName: "quay.io/trustyai/trustyai-service" 7 | trustyaiServiceImageTag: "latest" -------------------------------------------------------------------------------- /tests/resources/trustyai/trustyai_operator_kfdef.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kfdef.apps.kubeflow.org/v1 2 | kind: KfDef 3 | metadata: 4 | name: trustyai-service-operator 5 | spec: 6 | applications: 7 | - kustomizeConfig: 8 | repoRef: 9 | name: manifests 10 | path: trustyai-service-operator 11 | name: trustyai-service-operator 12 | repos: 13 | - name: manifests 14 | uri: https://github.com/trustyai-explainability/trustyai-service-operator/tarball/main 15 | version: v1.0.0 -------------------------------------------------------------------------------- /tests/setup/operatorsetup: -------------------------------------------------------------------------------- 1 | opendatahub-operator rolling https://github.com/opendatahub-io/opendatahub-operator 2 | -------------------------------------------------------------------------------- /tests/setup/pipelines-op-setup: -------------------------------------------------------------------------------- 1 | openshift-pipelines-operator-rh latest https://github.com/tektoncd/operator 2 | -------------------------------------------------------------------------------- /tests/util: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Change this if your project is not named opendatahub 4 | export ODHPROJECT=${ODHPROJECT:-"opendatahub"} 5 | 6 | millisecond=1 7 | second=$(( 1000 * millisecond )) 8 | minute=$(( 60 * second )) 9 | fiveminute=$(( 300 * second )) 10 | odhdefaulttimeout=$(( 1200 * second )) 11 | odhdefaultinterval=$(( 10 )) 12 | 13 | function header() { 14 | os::text::print_blue $1 15 | } 16 | -------------------------------------------------------------------------------- /trustyai-service-operator/OWNERS: -------------------------------------------------------------------------------- 1 | reviewers: 2 | - robgeada 3 | - ruivieira 4 | - tteofili 5 | 6 | approvers: 7 | - robgeada 8 | - ruivieira 9 | - tteofili 10 | -------------------------------------------------------------------------------- /trustyai-service-operator/base/manager_config_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | -------------------------------------------------------------------------------- /trustyai-service-operator/base/params.env: -------------------------------------------------------------------------------- 1 | trustyaiServiceImageName=quay.io/trustyai/trustyai-service 2 | trustyaiServiceImageTag=v0.2.0 3 | trustyaiOperatorImageName=quay.io/trustyai/trustyai-service-operator 4 | trustyaiOperatorImageTag=v1.9.0 5 | -------------------------------------------------------------------------------- /trustyai-service-operator/base/params.yaml: -------------------------------------------------------------------------------- 1 | varReference: 2 | - kind: Deployment 3 | path: spec/template/spec/containers[]/image -------------------------------------------------------------------------------- /trustyai-service-operator/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/trustyai.opendatahub.io.trustyai.opendatahub.io_trustyaiservices.yaml 3 | #+kubebuilder:scaffold:crdkustomizeresource 4 | 5 | patchesStrategicMerge: 6 | #+kubebuilder:scaffold:crdkustomizewebhookpatch 7 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch 8 | 9 | configurations: 10 | - kustomizeconfig.yaml 11 | -------------------------------------------------------------------------------- /trustyai-service-operator/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | nameReference: 2 | - kind: Service 3 | version: v1 4 | fieldSpecs: 5 | - kind: CustomResourceDefinition 6 | version: v1 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhook/clientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | version: v1 13 | group: apiextensions.k8s.io 14 | path: spec/conversion/webhook/clientConfig/service/namespace 15 | create: false 16 | 17 | varReference: 18 | - path: metadata/annotations 19 | -------------------------------------------------------------------------------- /trustyai-service-operator/crd/patches/cainjection_in_trustyaiservices.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 6 | name: trustyaiservices.trustyai.opendatahub.io.trustyai.opendatahub.io 7 | -------------------------------------------------------------------------------- /trustyai-service-operator/crd/patches/webhook_in_trustyaiservices.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: trustyaiservices.trustyai.opendatahub.io.trustyai.opendatahub.io 5 | spec: 6 | conversion: 7 | strategy: Webhook 8 | webhook: 9 | clientConfig: 10 | service: 11 | namespace: system 12 | name: webhook-service 13 | path: /convert 14 | conversionReviewVersions: 15 | - v1 16 | -------------------------------------------------------------------------------- /trustyai-service-operator/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | apiVersion: kustomize.config.k8s.io/v1beta1 4 | kind: Kustomization -------------------------------------------------------------------------------- /trustyai-service-operator/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/trustyai-service-operator.clusterserviceversion.yaml 3 | - ../default 4 | - ../samples 5 | - ../scorecard -------------------------------------------------------------------------------- /trustyai-service-operator/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /trustyai-service-operator/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: servicemonitor 7 | app.kubernetes.io/instance: controller-manager-metrics-monitor 8 | app.kubernetes.io/component: metrics 9 | app.kubernetes.io/created-by: trustyai-service-operator 10 | app.kubernetes.io/part-of: trustyai-service-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: controller-manager-metrics-monitor 13 | namespace: system 14 | spec: 15 | endpoints: 16 | - path: /metrics 17 | port: https 18 | scheme: https 19 | bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token 20 | tlsConfig: 21 | insecureSkipVerify: true 22 | selector: 23 | matchLabels: 24 | control-plane: controller-manager 25 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrole 6 | app.kubernetes.io/instance: metrics-reader 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: metrics-reader 12 | rules: 13 | - nonResourceURLs: 14 | - "/metrics" 15 | verbs: 16 | - get 17 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrole 6 | app.kubernetes.io/instance: proxy-role 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: proxy-role 12 | rules: 13 | - apiGroups: 14 | - authentication.k8s.io 15 | resources: 16 | - tokenreviews 17 | verbs: 18 | - create 19 | - apiGroups: 20 | - authorization.k8s.io 21 | resources: 22 | - subjectaccessreviews 23 | verbs: 24 | - create 25 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrolebinding 6 | app.kubernetes.io/instance: proxy-rolebinding 7 | app.kubernetes.io/component: kube-rbac-proxy 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: proxy-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: proxy-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | app.kubernetes.io/name: service 7 | app.kubernetes.io/instance: controller-manager-metrics-service 8 | app.kubernetes.io/component: kube-rbac-proxy 9 | app.kubernetes.io/created-by: trustyai-service-operator 10 | app.kubernetes.io/part-of: trustyai-service-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: controller-manager-metrics-service 13 | namespace: system 14 | spec: 15 | ports: 16 | - name: https 17 | port: 8443 18 | protocol: TCP 19 | targetPort: https 20 | selector: 21 | control-plane: controller-manager 22 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - service_account.yaml 3 | - role.yaml 4 | - role_binding.yaml 5 | - leader_election_role.yaml 6 | - leader_election_role_binding.yaml 7 | - auth_proxy_service.yaml 8 | - auth_proxy_role.yaml 9 | - auth_proxy_role_binding.yaml 10 | - auth_proxy_client_clusterrole.yaml 11 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: role 6 | app.kubernetes.io/instance: leader-election-role 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: leader-election-role 12 | rules: 13 | - apiGroups: 14 | - "" 15 | resources: 16 | - configmaps 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - update 23 | - patch 24 | - delete 25 | - apiGroups: 26 | - coordination.k8s.io 27 | resources: 28 | - leases 29 | verbs: 30 | - get 31 | - list 32 | - watch 33 | - create 34 | - update 35 | - patch 36 | - delete 37 | - apiGroups: 38 | - "" 39 | resources: 40 | - events 41 | verbs: 42 | - create 43 | - patch 44 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: rolebinding 6 | app.kubernetes.io/instance: leader-election-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: leader-election-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: Role 15 | name: leader-election-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrolebinding 6 | app.kubernetes.io/instance: manager-rolebinding 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: manager-rolebinding 12 | roleRef: 13 | apiGroup: rbac.authorization.k8s.io 14 | kind: ClusterRole 15 | name: manager-role 16 | subjects: 17 | - kind: ServiceAccount 18 | name: controller-manager 19 | namespace: system 20 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: serviceaccount 6 | app.kubernetes.io/instance: controller-manager 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: controller-manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/trustyaiservice_editor_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: clusterrole 6 | app.kubernetes.io/instance: trustyaiservice-editor-role 7 | app.kubernetes.io/component: rbac 8 | app.kubernetes.io/created-by: trustyai-service-operator 9 | app.kubernetes.io/part-of: trustyai-service-operator 10 | app.kubernetes.io/managed-by: kustomize 11 | name: trustyaiservice-editor-role 12 | rules: 13 | - apiGroups: 14 | - trustyai.opendatahub.io.trustyai.opendatahub.io 15 | resources: 16 | - trustyaiservices 17 | verbs: 18 | - create 19 | - delete 20 | - get 21 | - list 22 | - patch 23 | - update 24 | - watch 25 | - apiGroups: 26 | - trustyai.opendatahub.io.trustyai.opendatahub.io 27 | resources: 28 | - trustyaiservices/status 29 | verbs: 30 | - get 31 | -------------------------------------------------------------------------------- /trustyai-service-operator/rbac/trustyaiservice_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view trustyaiservices. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: trustyaiservice-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: trustyai-service-operator 10 | app.kubernetes.io/part-of: trustyai-service-operator 11 | app.kubernetes.io/managed-by: kustomize 12 | name: trustyaiservice-viewer-role 13 | rules: 14 | - apiGroups: 15 | - trustyai.opendatahub.io.trustyai.opendatahub.io 16 | resources: 17 | - trustyaiservices 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - trustyai.opendatahub.io.trustyai.opendatahub.io 24 | resources: 25 | - trustyaiservices/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /trustyai-service-operator/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /trustyai-service-operator/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | #+kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /trustyai-service-operator/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.28.1 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /version.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | """This file is just for the release bots of opendatahub manifests""" 3 | 4 | 5 | __version__ = "1.1.0" 6 | --------------------------------------------------------------------------------