Skip to content

Commit

Permalink
Cherry pick few more bug fixes to 1.5.1-1.0.1 (#316)
Browse files Browse the repository at this point in the history
* Set s3 endpoint in workflow-controller-configmap from pipeline-install-config (#291)

* Added support for non-root EFS files ownership (#268)

* Updated documentation about EFS permissions

* Added gid & uid to auto efs script

* Updated EFS CSI driver to v1.4.0

* feat/267 Updated documentation about EFS & added default value for uid & gid

* Update kserve.md (#304)

* update: Adding a missing preposition in cognito guide (#307)

The preposition "to" was missing in cognito guide

* add cdk support for private subnets detection (#295)

Co-authored-by: rrrkharse <[email protected]>
Co-authored-by: Alexandre Brown <[email protected]>
Co-authored-by: Gitesh Shinde <[email protected]>
Co-authored-by: Jobin <[email protected]>
Co-authored-by: Theofilos Papapanagiotou <[email protected]>
  • Loading branch information
6 people authored Aug 6, 2022
1 parent 077d91e commit 2a536c3
Show file tree
Hide file tree
Showing 8 changed files with 48 additions and 6 deletions.
2 changes: 1 addition & 1 deletion awsconfigs/apps/pipeline/s3/config
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ artifactRepository:
s3: {
bucket: $(kfp-artifact-bucket-name),
keyPrefix: artifacts,
endpoint: s3.amazonaws.com,
endpoint: $(kfp-artifact-storage-endpoint),
insecure: true,
accessKeySecret: {
name: mlpipeline-minio-artifact,
Expand Down
8 changes: 8 additions & 0 deletions awsconfigs/apps/pipeline/s3/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,11 @@ patchesStrategicMerge:
# when application is deleted.
commonLabels:
application-crd-id: kubeflow-pipelines
vars:
- name: kfp-artifact-storage-endpoint
objref:
kind: ConfigMap
name: pipeline-install-config
apiVersion: v1
fieldref:
fieldpath: data.minioServiceHost
2 changes: 2 additions & 0 deletions deployments/add-ons/storage/efs/dynamic-provisioning/sc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ mountOptions:
- tls
parameters:
directoryPerms: '700'
gid: '100'
uid: '1000'
fileSystemId: <YOUR_FILE_SYSTEM_ID>
provisioningMode: efs-ap
provisioner: efs.csi.aws.com
Expand Down
24 changes: 22 additions & 2 deletions tests/e2e/utils/auto-efs-setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ def create_efs_iam_policy():


def get_efs_iam_policy_document():
url = "https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.3.6/docs/iam-policy-example.json"
url = "https://raw.githubusercontent.com/kubernetes-sigs/aws-efs-csi-driver/v1.4.0/docs/iam-policy-example.json"
response = urllib.request.urlopen(url)
data = response.read()
return data.decode("utf-8")
Expand Down Expand Up @@ -197,7 +197,7 @@ def install_efs_driver():
print("Installing EFS driver...")

kubectl_kustomize_apply(
"https://github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=tags/v1.3.6"
"https://github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=tags/v1.4.0"
)

print("EFS driver installed!")
Expand Down Expand Up @@ -498,6 +498,8 @@ def edit_dynamic_provisioning_storage_class_fields(
print("Editing storage class with appropriate values...")

storage_class_file_yaml_content["parameters"]["fileSystemId"] = file_system_id
storage_class_file_yaml_content["parameters"]["gid"] = str(EFS_GID)
storage_class_file_yaml_content["parameters"]["uid"] = str(EFS_UID)

with open(EFS_DYNAMIC_PROVISIONING_STORAGE_CLASS_FILE_PATH, "w") as file:
file.write(yaml.dump(storage_class_file_yaml_content))
Expand Down Expand Up @@ -573,6 +575,22 @@ def footer():
help=f"Default is set to {EFS_THROUGHPUT_MODE_DEFAULT}",
required=False,
)
EFS_GID_DEFAULT = 100
parser.add_argument(
"--efs_gid",
type=int,
default=EFS_GID_DEFAULT,
help=f"POSIX group Id to be applied for Access Point root directory creation. Default is set to {EFS_GID_DEFAULT}",
required=False,
)
EFS_UID_DEFAULT = 1000
parser.add_argument(
"--efs_uid",
type=int,
default=EFS_UID_DEFAULT,
help=f"POSIX user Id to be applied for Access Point root directory creation. Default is set to {EFS_UID_DEFAULT}",
required=False,
)
DEFAULT_DIRECTORY_PATH = ""
parser.add_argument(
"--directory",
Expand All @@ -591,6 +609,8 @@ def footer():
EFS_SECURITY_GROUP_NAME = args.efs_security_group_name
EFS_FILE_SYSTEM_PERFORMANCE_MODE = args.efs_performance_mode
EFS_FILE_SYSTEM_THROUGHPUT_MODE = args.efs_throughput_mode
EFS_GID = args.efs_gid
EFS_UID = args.efs_uid
DIRECTORY_PATH = args.directory

AWS_ACCOUNT_ID = boto3.client("sts").get_caller_identity()["Account"]
Expand Down
5 changes: 5 additions & 0 deletions tests/e2e/utils/rds-s3/auto-rds-s3-setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,8 +232,13 @@ def get_cluster_private_subnet_ids(eks_client, ec2_client):
private_subnets = []
for subnet in subnets:
for tags in subnet["Tags"]:
# eksctl generated clusters
if "SubnetPrivate" in tags["Value"]:
private_subnets.append(subnet)
# cdk generated clusters
if "aws-cdk:subnet-type" in tags["Key"]:
if "Private" in tags["Value"]:
private_subnets.append(subnet)

def get_subnet_id(subnet):
return subnet["SubnetId"]
Expand Down
2 changes: 1 addition & 1 deletion website/content/en/docs/component-guides/kserve.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ export KUBEFLOW_DOMAIN="platform.example.com"
Install dependencies for the script by running:
```bash
cd tests/e2e
pip install requirements.txt
pip install -r requirements.txt
```

Run the sample python script to send an inference request based on your auth provider:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,13 @@ yq e '.spec.template.spec.volumes[0].persistentVolumeClaim.claimName = env(CLAIM
kubectl apply -f $GITHUB_STORAGE_DIR/notebook-sample/set-permission-job.yaml
```

#### Dynamic provisioning default owner
For dynamic provisioning (manual and automated setup), we already set the default Kubeflow Notebook user (Jovyan) as owner of the EFS file system by default.
##### Changing the default values
You can always change the `uid` and `gid` used for the setup.
For the manual setup, you need to edit the `uid` and `gid` in the storage class inside `dynamic-provisioning/sc.yaml`.
For the automated setup, you can specify the `uid` and `gid` as arguments to the script, see [Advanced Customization](#advanced-customization) for more details on the different parameters that are available.

### 3.4 Use existing EFS volume as workspace or data volume for a Notebook

Spin up a new Kubeflow notebook server and specify the name of the PVC to be used as the workspace volume or the data volume and specify your desired mount point. We'll assume you created a PVC with the name `efs-claim` via Kubeflow Volumes UI or via the manual setup step [Static Provisioning](#4-option-2-static-provisioning). For our example here, we are using the AWS Optimized Tensorflow 2.6 CPU image provided in the Notebook configuration options (`public.ecr.aws/c9e4w0g3/notebook-servers/jupyter-tensorflow`). Additionally, use the existing `efs-claim` volume as the workspace volume at the default mount point `/home/jovyan`. The server might take a few minutes to come up.
Expand Down
4 changes: 2 additions & 2 deletions website/content/en/docs/deployment/cognito/guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ From this point onwards, we will be creating/updating the DNS records **only in
1. Substitute `example.com` in this URL - `https://kubeflow.platform.example.com/oauth2/idpresponse` with your domain and use it as the Callback URL(s).
2. Substitute `example.com` in this URL - `https://kubeflow.platform.example.com` with your domain and use it as the Sign out URL(s).
3. ![cognito-app-client-settings](https://raw.githubusercontent.com/awslabs/kubeflow-manifests/main/website/content/en/docs/images/cognito/cognito-app-client-settings.png)
1. Add a custom domain to the user pool. In order to add a custom domain to your user pool, you need specify a domain name, and provide a certificate managed with AWS Certificate Manager (ACM).
1. Add a custom domain to the user pool. In order to add a custom domain to your user pool, you need to specify a domain name, and provide a certificate managed with AWS Certificate Manager (ACM).
1. In order to use a custom domain, its root(i.e. `platform.example.com`) must have an valid A type record. Create a new record of type `A` in `platform.example.com` hosted zone with an arbitrary IP for now. Once we have ALB created, we will update this value.
1. Following is a screenshot of `platform.example.com` hosted zone. A record is shown.
1. ![subdomain-initial-A-record](https://raw.githubusercontent.com/awslabs/kubeflow-manifests/main/website/content/en/docs/images/cognito/subdomain-initial-A-record.png)
Expand Down Expand Up @@ -217,4 +217,4 @@ From this point onwards, we will be creating/updating the DNS records **only in

## 7.0 Uninstall Kubeflow

To delete the resources created in this guide, refer to the [Uninstall section in Automated Cognito deployment guide]({{< ref "/docs/deployment/cognito/guide-automated.md#uninstall-kubeflow" >}})
To delete the resources created in this guide, refer to the [Uninstall section in Automated Cognito deployment guide]({{< ref "/docs/deployment/cognito/guide-automated.md#uninstall-kubeflow" >}})

0 comments on commit 2a536c3

Please sign in to comment.