Skip to content

Commit

Permalink
do not use admission
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dimss
Dimss committed Feb 7, 2024
1 parent ae39b53 commit 6615cb3
Show file tree
Hide file tree
Showing 4 changed files with 197 additions and 159 deletions.
336 changes: 181 additions & 155 deletions charts/cnvrg-all-in-one/templates/operator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,156 +10,169 @@ kind: ClusterRole
metadata:
name: cnvrg-operator-role
rules:
- apiGroups:
- ""
- admissionregistration.k8s.io
- apiextensions.k8s.io
- apps
- extensions
- authentication.k8s.io
- authorization.k8s.io
- authorization.openshift.io
- autoscaling
- batch
- config.openshift.io
- events.k8s.io
- mlops.cnvrg.io
- policy
- rbac.authorization.k8s.io
- route.openshift.io
- security.openshift.io
- storage.k8s.io
- scheduling.k8s.io
- networking.k8s.io
- istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- authentication.istio.io
- metrics.k8s.io
- install.istio.io
resources:
- bindings
- cnvrgapps
- cnvrgapps/status
- cnvrgapps/finalizers
- cnvrgthirdparties
- cnvrgthirdparties/status
- cnvrgthirdparties/finalizers
- configmaps
- cronjobs
- cronjobs/status
- customresourcedefinitions
- customresourcedefinitions/status
- daemonsets
- daemonsets/status
- deployments
- deployments/rollback
- deployments/scale
- deployments/status
- endpoints
- endpointslices
- events
- groups
- horizontalpodautoscalers
- horizontalpodautoscalers/status
- ingresses
- ingresses/status
- jobs
- jobs/status
- leases
- limitranges
- persistentvolumeclaims
- persistentvolumeclaims/status
- persistentvolumes
- persistentvolumes/status
- poddisruptionbudgets
- poddisruptionbudgets/status
- pods
- pods/attach
- pods/binding
- pods/ephemeralcontainers
- pods/eviction
- pods/exec
- pods/log
- pods/portforward
- pods/proxy
- pods/status
- priorityclasses
- replicasets
- replicasets/scale
- replicasets/status
- replicationcontrollers
- replicationcontrollers/scale
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
- rolebindingrestrictions
- rolebindings
- roles
- routes
- routes/status
- routes/custom-host
- schedulers
- schedulers/status
- secrets
- securitycontextconstraints
- serviceaccounts
- serviceaccounts/token
- services
- services/proxy
- services/status
- statefulsets
- statefulsets/scale
- statefulsets/status
- storages
- storages/status
- clusterrolebindings
- clusterroles
- storageclasses
- controllerrevisions
- nodes
- istiooperators
- virtualservices
verbs:
- get
- list
- watch
- create
- update
- use
- delete
- deletecollection
- impersonate
- patch
- apiGroups:
- istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- authentication.istio.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- kubeflow.org
resources:
- "*"
verbs:
- "*"
- apiGroups:
- mlops.cnvrg.io
resources:
- cnvrgclusterprovisioners
verbs:
- "*"
- apiGroups:
- metacloud.cnvrg.io
resources:
- domainpools
verbs:
- delete
- apiGroups:
- ""
- admissionregistration.k8s.io
- apiextensions.k8s.io
- apps
- extensions
- authentication.k8s.io
- authorization.k8s.io
- authorization.openshift.io
- autoscaling
- batch
- config.openshift.io
- events.k8s.io
- mlops.cnvrg.io
- policy
- rbac.authorization.k8s.io
- route.openshift.io
- security.openshift.io
- storage.k8s.io
- scheduling.k8s.io
- networking.k8s.io
- istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- authentication.istio.io
- metrics.k8s.io
- install.istio.io
resources:
- bindings
- cnvrgapps
- cnvrgapps/status
- cnvrgapps/finalizers
- cnvrgthirdparties
- cnvrgthirdparties/status
- cnvrgthirdparties/finalizers
- configmaps
- cronjobs
- cronjobs/status
- customresourcedefinitions
- customresourcedefinitions/status
- daemonsets
- daemonsets/status
- deployments
- deployments/rollback
- deployments/scale
- deployments/status
- endpoints
- endpointslices
- events
- groups
- horizontalpodautoscalers
- horizontalpodautoscalers/status
- ingresses
- ingresses/status
- jobs
- jobs/status
- leases
- limitranges
- persistentvolumeclaims
- persistentvolumeclaims/status
- persistentvolumes
- persistentvolumes/status
- poddisruptionbudgets
- poddisruptionbudgets/status
- pods
- pods/attach
- pods/binding
- pods/ephemeralcontainers
- pods/eviction
- pods/exec
- pods/log
- pods/portforward
- pods/proxy
- pods/status
- priorityclasses
- replicasets
- replicasets/scale
- replicasets/status
- replicationcontrollers
- replicationcontrollers/scale
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
- rolebindingrestrictions
- rolebindings
- roles
- routes
- routes/status
- routes/custom-host
- schedulers
- schedulers/status
- secrets
- securitycontextconstraints
- serviceaccounts
- serviceaccounts/token
- services
- services/proxy
- services/status
- statefulsets
- statefulsets/scale
- statefulsets/status
- storages
- storages/status
- clusterrolebindings
- clusterroles
- storageclasses
- controllerrevisions
- nodes
- istiooperators
- virtualservices
verbs:
- get
- list
- watch
- create
- update
- use
- delete
- deletecollection
- impersonate
- patch
- apiGroups:
- istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- authentication.istio.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- kubeflow.org
resources:
- "*"
verbs:
- "*"
- apiGroups:
- mlops.cnvrg.io
resources:
- cnvrgclusterprovisioners
verbs:
- "*"
- apiGroups:
- metacloud.cnvrg.io
resources:
- domainpools
verbs:
- delete
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- create
- delete
- apiGroups:
- metacloud.cnvrg.io
resources:
- domains
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down Expand Up @@ -210,10 +223,10 @@ spec:
/opt/app-root/copctl \
create \
status \
--name={{ .Release.Name }}
--namespace={{ .Release.Namespace }}
--name={{ .Release.Name }} \
--namespace={{ .Release.Namespace }} \
--interval=5
image: "docker.io/cnvrg/copctl:latest"
image: "cnvrg/cnvrg-operator:mlops-demo"
imagePullPolicy: Always
name: service-instance-status-reporter
resources:
Expand All @@ -228,7 +241,7 @@ spec:
- start
- --max-concurrent-reconciles
- "3"
image: "docker.io/cnvrg/cnvrg-operator:5.0.0"
image: "docker.io/cnvrg/cnvrg-operator:mlops-demo"
imagePullPolicy: Always
name: cnvrg-operator
resources:
Expand All @@ -239,4 +252,17 @@ spec:
cpu: 500m
memory: 200Mi
serviceAccountName: cnvrg-operator
terminationGracePeriodSeconds: 10
terminationGracePeriodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: cnvrg-operator-admission
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8080
selector:
control-plane: cnvrg-operator
4 changes: 2 additions & 2 deletions charts/cnvrg-all-in-one/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ domainpool:
annotations:
"helm.sh/hook": "pre-install"
copadmission:
enabled: true
enabled: false
admissionHook:
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-weight": "-5"
startupJob:
enabled: true
enabled: false
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-weight": "0"
Expand Down
Loading

0 comments on commit 6615cb3

Please sign in to comment.