From 4bc1647330d6c118d0b942a287cb22aea9007ba3 Mon Sep 17 00:00:00 2001 From: Kunming Qu <37601826+kunmingg@users.noreply.github.com> Date: Wed, 10 Jul 2019 16:34:53 -0700 Subject: [PATCH] fix basic auth (#204) * fix basic auth * fix tests * fix presubmit --- common/ambassador/base/deployment.yaml | 1 + common/ambassador/base/kustomization.yaml | 1 + common/ambassador/base/service-account.yaml | 1 + common/ambassador/base/service.yaml | 2 ++ gcp/basic-auth-ingress/base/certificate.yaml | 2 +- .../base/istio-mapping-svc.yaml | 26 +++++++++++++++++++ .../base/kustomization.yaml | 7 +++++ gcp/basic-auth-ingress/base/params.yaml | 8 +++++- tests/ambassador-base_test.go | 5 ++++ tests/basic-auth-ingress-base_test.go | 17 ++++++++++-- tests/iap-ingress-base_test.go | 3 ++- tests/minio-base_test.go | 6 +++-- tests/minio-overlays-minioPd_test.go | 9 ++++--- tests/mysql-base_test.go | 6 +++-- tests/mysql-overlays-mysqlPd_test.go | 6 +++-- tests/profiles-base_test.go | 3 ++- tests/profiles-overlays-debug_test.go | 3 ++- tests/profiles-overlays-devices_test.go | 3 ++- tests/profiles-overlays-istio_test.go | 3 ++- tests/workflows/app.yaml | 2 +- .../workflows/components/workflows.libsonnet | 2 +- 21 files changed, 96 insertions(+), 20 deletions(-) create mode 100644 gcp/basic-auth-ingress/base/istio-mapping-svc.yaml diff --git a/common/ambassador/base/deployment.yaml b/common/ambassador/base/deployment.yaml index c95f50eb1f..79439fc7b1 100644 --- a/common/ambassador/base/deployment.yaml +++ b/common/ambassador/base/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1beta1 kind: Deployment metadata: name: ambassador + namespace: istio-system spec: replicas: 3 template: diff --git a/common/ambassador/base/kustomization.yaml b/common/ambassador/base/kustomization.yaml index dbb6dea300..c487b5416a 100644 --- a/common/ambassador/base/kustomization.yaml +++ b/common/ambassador/base/kustomization.yaml @@ -8,6 +8,7 @@ resources: - service.yaml commonLabels: kustomize.component: ambassador +namespace: istio-system images: - name: quay.io/datawire/ambassador newName: quay.io/datawire/ambassador diff --git a/common/ambassador/base/service-account.yaml b/common/ambassador/base/service-account.yaml index f27a737cf7..e585fcdceb 100644 --- a/common/ambassador/base/service-account.yaml +++ b/common/ambassador/base/service-account.yaml @@ -2,3 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: ambassador + namespace: istio-system diff --git a/common/ambassador/base/service.yaml b/common/ambassador/base/service.yaml index 1125d58382..c25c8e084b 100644 --- a/common/ambassador/base/service.yaml +++ b/common/ambassador/base/service.yaml @@ -5,6 +5,7 @@ metadata: labels: service: ambassador-admin name: ambassador-admin + namespace: istio-system spec: ports: - name: ambassador-admin @@ -20,6 +21,7 @@ metadata: labels: service: ambassador name: ambassador + namespace: istio-system spec: ports: - name: ambassador diff --git a/gcp/basic-auth-ingress/base/certificate.yaml b/gcp/basic-auth-ingress/base/certificate.yaml index b0e43cf55a..c54e44ae2b 100644 --- a/gcp/basic-auth-ingress/base/certificate.yaml +++ b/gcp/basic-auth-ingress/base/certificate.yaml @@ -8,7 +8,7 @@ spec: - domains: - $(hostname) http01: - ingress: envoy-ingress + ingress: $(ingressName) commonName: $(hostname) dnsNames: - $(hostname) diff --git a/gcp/basic-auth-ingress/base/istio-mapping-svc.yaml b/gcp/basic-auth-ingress/base/istio-mapping-svc.yaml new file mode 100644 index 0000000000..7f3d23d812 --- /dev/null +++ b/gcp/basic-auth-ingress/base/istio-mapping-svc.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + getambassador.io/config: |- + --- + apiVersion: ambassador/v0 + kind: Mapping + name: istio-mapping + prefix_regex: true + prefix: /(?!whoami|kflogin).* + rewrite: "" + service: istio-ingressgateway.istio-system + precedence: 1 + labels: + app: istioMappingSvc + ksonnet.io/component: basic-auth-ingress + name: istio-mapping-service + namespace: istio-system +spec: + ports: + - port: 80 + targetPort: 8081 + selector: + app: istioMappingSvc + type: ClusterIP diff --git a/gcp/basic-auth-ingress/base/kustomization.yaml b/gcp/basic-auth-ingress/base/kustomization.yaml index f2559f2ee2..f64a0086e9 100644 --- a/gcp/basic-auth-ingress/base/kustomization.yaml +++ b/gcp/basic-auth-ingress/base/kustomization.yaml @@ -49,6 +49,13 @@ vars: apiVersion: v1 fieldref: fieldpath: data.hostname +- name: project + objref: + kind: ConfigMap + name: basic-auth-ingress-parameters + apiVersion: v1 + fieldref: + fieldpath: data.project - name: ipName objref: kind: ConfigMap diff --git a/gcp/basic-auth-ingress/base/params.yaml b/gcp/basic-auth-ingress/base/params.yaml index b6aeb41a7c..6c852c9d76 100644 --- a/gcp/basic-auth-ingress/base/params.yaml +++ b/gcp/basic-auth-ingress/base/params.yaml @@ -13,9 +13,15 @@ varReference: kind: Certificate - path: spec/secretName kind: Certificate -- path: spec/acme/config/0/domains/0 +- path: spec/acme/config/domains + kind: Certificate +- path: spec/acme/config/http01/ingress kind: Certificate - path: metadata/name kind: Ingress - path: metadata/annotations/certmanager.k8s.io\/issuer kind: Ingress +- path: spec/project + kind: CloudEndpoint +- path: spec/targetIngress/name + kind: CloudEndpoint diff --git a/tests/ambassador-base_test.go b/tests/ambassador-base_test.go index 9476ba45f9..393b7b0336 100644 --- a/tests/ambassador-base_test.go +++ b/tests/ambassador-base_test.go @@ -64,6 +64,7 @@ apiVersion: apps/v1beta1 kind: Deployment metadata: name: ambassador + namespace: istio-system spec: replicas: 3 template: @@ -106,6 +107,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: ambassador + namespace: istio-system `) th.writeF("/manifests/common/ambassador/base/service.yaml", ` --- @@ -115,6 +117,7 @@ metadata: labels: service: ambassador-admin name: ambassador-admin + namespace: istio-system spec: ports: - name: ambassador-admin @@ -130,6 +133,7 @@ metadata: labels: service: ambassador name: ambassador + namespace: istio-system spec: ports: - name: ambassador @@ -163,6 +167,7 @@ resources: - service.yaml commonLabels: kustomize.component: ambassador +namespace: istio-system images: - name: quay.io/datawire/ambassador newName: quay.io/datawire/ambassador diff --git a/tests/basic-auth-ingress-base_test.go b/tests/basic-auth-ingress-base_test.go index 43c01f63bb..fd039a7683 100644 --- a/tests/basic-auth-ingress-base_test.go +++ b/tests/basic-auth-ingress-base_test.go @@ -23,7 +23,7 @@ spec: - domains: - $(hostname) http01: - ingress: envoy-ingress + ingress: $(ingressName) commonName: $(hostname) dnsNames: - $(hostname) @@ -368,12 +368,18 @@ varReference: kind: Certificate - path: spec/secretName kind: Certificate -- path: spec/acme/config/0/domains/0 +- path: spec/acme/config/domains + kind: Certificate +- path: spec/acme/config/http01/ingress kind: Certificate - path: metadata/name kind: Ingress - path: metadata/annotations/certmanager.k8s.io\/issuer kind: Ingress +- path: spec/project + kind: CloudEndpoint +- path: spec/targetIngress/name + kind: CloudEndpoint `) th.writeF("/manifests/gcp/basic-auth-ingress/base/params.env", ` namespace=kubeflow @@ -437,6 +443,13 @@ vars: apiVersion: v1 fieldref: fieldpath: data.hostname +- name: project + objref: + kind: ConfigMap + name: basic-auth-ingress-parameters + apiVersion: v1 + fieldref: + fieldpath: data.project - name: ipName objref: kind: ConfigMap diff --git a/tests/iap-ingress-base_test.go b/tests/iap-ingress-base_test.go index 8371dee7ae..efc434e0cd 100644 --- a/tests/iap-ingress-base_test.go +++ b/tests/iap-ingress-base_test.go @@ -633,7 +633,8 @@ oauthSecretName=kubeflow-oauth project= adminSaSecretName=admin-gcp-sa tlsSecretName=envoy-ingress-tls -istioNamespace=istio-system`) +istioNamespace=istio-system +`) th.writeK("/manifests/gcp/iap-ingress/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/tests/minio-base_test.go b/tests/minio-base_test.go index 4564334eb6..94da5b6c20 100644 --- a/tests/minio-base_test.go +++ b/tests/minio-base_test.go @@ -84,9 +84,11 @@ varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/minio/base/params.env", ` -minioPvcName=`) +minioPvcName= +`) th.writeK("/manifests/pipeline/minio/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/tests/minio-overlays-minioPd_test.go b/tests/minio-overlays-minioPd_test.go index 6628097d8a..688f84a28e 100644 --- a/tests/minio-overlays-minioPd_test.go +++ b/tests/minio-overlays-minioPd_test.go @@ -33,7 +33,8 @@ metadata: name: $(minioPvcName) spec: volumeName: $(minioPvName) - storageClassName: ""`) + storageClassName: "" +`) th.writeF("/manifests/pipeline/minio/overlays/minioPd/params.yaml", ` varReference: - path: spec/gcePersistentDisk/pdName @@ -154,9 +155,11 @@ varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/minio/base/params.env", ` -minioPvcName=`) +minioPvcName= +`) th.writeK("/manifests/pipeline/minio/base", ` apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/tests/mysql-base_test.go b/tests/mysql-base_test.go index 6e82f92ce7..7ea73217be 100644 --- a/tests/mysql-base_test.go +++ b/tests/mysql-base_test.go @@ -58,13 +58,15 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi`) + storage: 20Gi +`) th.writeF("/manifests/pipeline/mysql/base/params.yaml", ` varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/mysql/base/params.env", ` mysqlPvcName= `) diff --git a/tests/mysql-overlays-mysqlPd_test.go b/tests/mysql-overlays-mysqlPd_test.go index 0bfd4b90aa..7dc566a2e5 100644 --- a/tests/mysql-overlays-mysqlPd_test.go +++ b/tests/mysql-overlays-mysqlPd_test.go @@ -129,13 +129,15 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi`) + storage: 20Gi +`) th.writeF("/manifests/pipeline/mysql/base/params.yaml", ` varReference: - path: spec/template/spec/volumes/persistentVolumeClaim/claimName kind: Deployment - path: metadata/name - kind: PersistentVolumeClaim`) + kind: PersistentVolumeClaim +`) th.writeF("/manifests/pipeline/mysql/base/params.env", ` mysqlPvcName= `) diff --git a/tests/profiles-base_test.go b/tests/profiles-base_test.go index b932628cf4..d14655ffe1 100644 --- a/tests/profiles-base_test.go +++ b/tests/profiles-base_test.go @@ -125,7 +125,8 @@ metadata: name: kfam spec: ports: - - port: 8081`) + - port: 8081 +`) th.writeF("/manifests/profiles/base/deployment.yaml", ` apiVersion: apps/v1 kind: Deployment diff --git a/tests/profiles-overlays-debug_test.go b/tests/profiles-overlays-debug_test.go index 537a534055..0631371aa2 100644 --- a/tests/profiles-overlays-debug_test.go +++ b/tests/profiles-overlays-debug_test.go @@ -180,7 +180,8 @@ metadata: name: kfam spec: ports: - - port: 8081`) + - port: 8081 +`) th.writeF("/manifests/profiles/base/deployment.yaml", ` apiVersion: apps/v1 kind: Deployment diff --git a/tests/profiles-overlays-devices_test.go b/tests/profiles-overlays-devices_test.go index bd55ffca18..5457ec8b5c 100644 --- a/tests/profiles-overlays-devices_test.go +++ b/tests/profiles-overlays-devices_test.go @@ -151,7 +151,8 @@ metadata: name: kfam spec: ports: - - port: 8081`) + - port: 8081 +`) th.writeF("/manifests/profiles/base/deployment.yaml", ` apiVersion: apps/v1 kind: Deployment diff --git a/tests/profiles-overlays-istio_test.go b/tests/profiles-overlays-istio_test.go index 3cf3f99fac..67b93a3662 100644 --- a/tests/profiles-overlays-istio_test.go +++ b/tests/profiles-overlays-istio_test.go @@ -166,7 +166,8 @@ metadata: name: kfam spec: ports: - - port: 8081`) + - port: 8081 +`) th.writeF("/manifests/profiles/base/deployment.yaml", ` apiVersion: apps/v1 kind: Deployment diff --git a/tests/workflows/app.yaml b/tests/workflows/app.yaml index 706b67d606..7d7b50f9c4 100644 --- a/tests/workflows/app.yaml +++ b/tests/workflows/app.yaml @@ -1,4 +1,4 @@ -apiVersion: 0.1.0 +apiVersion: 0.3.0 environments: releasing: destination: diff --git a/tests/workflows/components/workflows.libsonnet b/tests/workflows/components/workflows.libsonnet index 5e75004a01..54e22b0489 100644 --- a/tests/workflows/components/workflows.libsonnet +++ b/tests/workflows/components/workflows.libsonnet @@ -46,7 +46,7 @@ local srcRootDir = testDir + "/src"; // The directory containing the kubeflow/manifests repo local srcDir = srcRootDir + "/kubeflow/manifests"; - local testWorkerImage = "gcr.io/kubeflow-ci/test-worker"; + local testWorkerImage = "gcr.io/kubeflow-ci/test-worker:latest"; local golangImage = "golang:1.9.4-stretch"; // TODO(jose5918) Build our own helm image local pythonImage = "python:3.6-jessie";