updating k8s version

Signed-off-by: Nelesh Singla <[email protected]>

Author: nsingla

.github/actions/create-cluster/action.yml

@@ -14,9 +14,10 @@ runs:
   using: "composite"
   steps:
     - name: Create k8s Kind Cluster
-      uses: container-tools/kind-action@v2
+      uses: helm/kind-action@v1.12.0
       with:
         cluster_name: ${{ inputs.cluster_name }}
         kubectl_version: ${{ inputs.k8s_version }}
-        version: v0.25.0
+        version: v0.29.0
         node_image: kindest/node:${{ inputs.k8s_version }}
+        registry: true

.github/resources/manifests/base/apiserver-env.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ml-pipeline
+spec:
+  template:
+    spec:
+      dnsPolicy: ClusterFirst
+      dnsConfig:
+        searches:
+          - NAMESPACE.svc.cluster.local
+          - svc.cluster.local
+          - cluster.local
+        options:
+          - name: timeout
+            value: "5"
+          - name: attempts
+            value: "5"
+          - name: ndots
+            value: "2"
+      containers:
+        - name: ml-pipeline-api-server
+          env:
+            - name: V2_DRIVER_IMAGE
+              value: kind-registry:5000/driver
+            - name: V2_LAUNCHER_IMAGE
+              value: kind-registry:5000/launcher
+            - name: LOG_LEVEL
+              value: "debug"
+            - name: DBCONFIG_HOST_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: namespace-config
+                  key: dbHost

.github/resources/manifests/base/cache-deployment.yaml

@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cache-server
+  labels:
+    app: cache-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cache-server
+  template:
+    metadata:
+      labels:
+        app: cache-server
+    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: server
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 0
+            capabilities:
+              drop:
+                - ALL
+          image: ghcr.io/kubeflow/kfp-cache-server:dummy
+          env:
+            - name: DEFAULT_CACHE_STALENESS
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: DEFAULT_CACHE_STALENESS
+            - name: MAXIMUM_CACHE_STALENESS
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key:  MAXIMUM_CACHE_STALENESS
+            - name: CACHE_IMAGE
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: cacheImage
+            - name: CACHE_NODE_RESTRICTIONS
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: cacheNodeRestrictions
+            - name: DBCONFIG_DRIVER
+              value: mysql
+            - name: DBCONFIG_DB_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: cacheDb
+            - name: DBCONFIG_HOST_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: n
+                  key: dbHost
+            - name: DBCONFIG_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: dbPort
+            - name: DBCONFIG_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: username
+            - name: DBCONFIG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+            - name: NAMESPACE_TO_WATCH
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            # If you update WEBHOOK_PORT, also change the value of the
+            # containerPort "webhook-api" to match.
+            - name: WEBHOOK_PORT
+              value: "8443"
+          args: ["--db_driver=$(DBCONFIG_DRIVER)",
+                 "--db_host=$(DBCONFIG_HOST_NAME)",
+                 "--db_port=$(DBCONFIG_PORT)",
+                 "--db_name=$(DBCONFIG_DB_NAME)",
+                 "--db_user=$(DBCONFIG_USER)",
+                 "--db_password=$(DBCONFIG_PASSWORD)",
+                 "--namespace_to_watch=$(NAMESPACE_TO_WATCH)",
+                 "--listen_port=$(WEBHOOK_PORT)",
+          ]
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8443
+              name: webhook-api
+          volumeMounts:
+            - name: webhook-tls-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+      volumes:
+        - name: webhook-tls-certs
+          secret:
+            secretName: webhook-server-tls
+      serviceAccountName: kubeflow-pipelines-cache

.github/resources/manifests/base/cache-specs.yaml

@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cache-server
+spec:
+  template:
+    spec:
+      dnsPolicy: ClusterFirst
+      dnsConfig:
+        searches:
+        - NAMESPACE.svc.cluster.local
+        - svc.cluster.local
+        - cluster.local
+        options:
+        - name: timeout
+          value: "2"
+        - name: attempts
+          value: "3"
+        - name: ndots
+          value: "2"
+      containers:
+      - name: server
+        env:
+        - name: DBCONFIG_HOST_NAME
+          valueFrom:
+            configMapKeyRef:
+              name: namespace-config
+              key: dbHost

.github/resources/manifests/base/grpc-specs.yaml

@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metadata-grpc-deployment
+spec:
+  template:
+    spec:
+      dnsPolicy: ClusterFirst
+      dnsConfig:
+        searches:
+        - NAMESPACE.svc.cluster.local
+        - svc.cluster.local
+        - cluster.local
+        options:
+        - name: timeout
+          value: "2"
+        - name: attempts
+          value: "3"
+        - name: ndots
+          value: "2"
+      containers:
+      - name: container
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MYSQL_HOST
+          valueFrom:
+            configMapKeyRef:
+              name: namespace-config
+              key: dbHost
+        - name: MYSQL_PORT
+          valueFrom:
+            configMapKeyRef:
+              name: pipeline-install-config
+              key: mysqlPort
+

.github/resources/manifests/base/kustomization.yaml

@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ml-pipeline-apiserver-deployment.yaml
+  - metadata-grpc-deployment.yaml
+  - cache-deployment.yaml
+  - namespace-config.yaml
+
+patches:
+  - path: apiserver-env.yaml
+  - path: grpc-specs.yaml
+  - path: cache-specs.yaml
+
+replacements:
+  - source:
+      kind: ConfigMap
+      name: namespace-config
+      fieldPath: data.namespaceDns
+    targets:
+      - select:
+          kind: Deployment
+          name: ml-pipeline
+        fieldPaths:
+          - spec.template.spec.dnsConfig.searches.[=NAMESPACE.svc.cluster.local]
+      - select:
+          kind: Deployment
+          name: metadata-grpc-deployment
+        fieldPaths:
+          - spec.template.spec.dnsConfig.searches.[=NAMESPACE.svc.cluster.local]
+      - select:
+          kind: Deployment
+          name: cache-server
+        fieldPaths:
+          - spec.template.spec.dnsConfig.searches.[=NAMESPACE.svc.cluster.local]

.github/resources/manifests/base/metadata-grpc-deployment.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metadata-grpc-deployment
+  labels:
+    component: metadata-grpc-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      component: metadata-grpc-server
+  template:
+    metadata:
+      labels:
+        component: metadata-grpc-server
+    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: container
+          # ! Sync to the same MLMD version:
+          # * backend/metadata_writer/requirements.in and requirements.txt
+          # * @kubeflow/frontend/src/mlmd/generated
+          # * .cloudbuild.yaml and .release.cloudbuild.yaml
+          # * manifests/kustomize/base/metadata/base/metadata-grpc-deployment.yaml
+          # * test/tag_for_hosted.sh
+          image: gcr.io/tfx-oss-public/ml_metadata_store_server:1.14.0
+          securityContext:
+            allowPrivilegeEscalation: false
+            seccompProfile:
+              type: RuntimeDefault
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 0
+            capabilities:
+              drop:
+                - ALL
+          env:
+            - name: DBCONFIG_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: username
+            - name: DBCONFIG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+            - name: MYSQL_DATABASE
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: mlmdDb
+            - name: MYSQL_HOST
+              valueFrom:
+                configMapKeyRef:
+                  key: dbHost
+                  name: pipeline-install-config
+            - name: MYSQL_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: dbPort
+          command: ["/bin/metadata_store_server"]
+          args: ["--grpc_port=8080",
+                 "--mysql_config_database=$(MYSQL_DATABASE)",
+                 "--mysql_config_host=$(MYSQL_HOST)",
+                 "--mysql_config_port=$(MYSQL_PORT)",
+                 "--mysql_config_user=$(DBCONFIG_USER)",
+                 "--mysql_config_password=$(DBCONFIG_PASSWORD)",
+                 "--enable_database_upgrade=true",
+                 "--grpc_channel_arguments=grpc.max_metadata_size=16384"
+          ]
+          ports:
+            - name: grpc-api
+              containerPort: 8080
+          livenessProbe:
+            tcpSocket:
+              port: grpc-api
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 2
+          readinessProbe:
+            tcpSocket:
+              port: grpc-api
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 2
+      serviceAccountName: metadata-grpc-server