From c332c8f7d30169fa129fece70477c36985271cd4 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:05:27 +0100 Subject: [PATCH 01/54] Add skopeo sync workflow --- .github/workflows/sync-images.yaml | 39 ++++++ skopeo-manifests/create-skopeo-manifest.py | 61 ++++++++++ skopeo-manifests/skopeo-manifest-daskhub.yml | 24 ++++ .../skopeo-manifest-jupyterhub.yml | 21 ++++ skopeo-manifests/skopeo-manifest-kubeflow.yml | 115 ++++++++++++++++++ 5 files changed, 260 insertions(+) create mode 100644 .github/workflows/sync-images.yaml create mode 100644 skopeo-manifests/create-skopeo-manifest.py create mode 100644 skopeo-manifests/skopeo-manifest-daskhub.yml create mode 100644 skopeo-manifests/skopeo-manifest-jupyterhub.yml create mode 100644 skopeo-manifests/skopeo-manifest-kubeflow.yml diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml new file mode 100644 index 00000000..25fbe4df --- /dev/null +++ b/.github/workflows/sync-images.yaml @@ -0,0 +1,39 @@ +name: sync images +on: + workflow_call: + +jobs: + sync_images: + runs-on: ubuntu-latest + strategy: + matrix: + component: + - skopeo-manifests-daskhub.yml + - skopeo-manifests-jupyterhub.yml + - skopeo-manifests-kubeflow.yml + steps: + - name: Check out the repository + uses: actions/checkout@v3 + + - name: Install skopeo + run: sudo apt-get -y update && sudo apt-get install -y skopeo + + - name: Check component manifest for changes + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + manifest: + - skopeo-manifests/${{ matrix.component }}.yml + + - name: Sync component images + if: ${{ steps.changes.outputs.manifest == 'true' }} + run: |- + skopeo sync \ + --src yaml \ + --dest docker \ + --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + --scoped \ + --all \ + skopeo-manifests/${{ matrix.component }}.yml \ + ghcr.io/stackhpc/azimuth-charts \ No newline at end of file diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py new file mode 100644 index 00000000..e3646cc5 --- /dev/null +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -0,0 +1,61 @@ +""" +This script should be fed the `FILE_PATH` output of the following kubectl command which +lists all container images currently in use on the target kubernetes cluster: + +kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" \ +| tr -s '[[:space:]]' '\n' | sort | uniq > FILE_PATH + +The script will then generate an output file named skopeo-manifest-{FILE_PATH}.yaml which +is formatted such that it can be fed into the sync-images.yml github workflow to copy any +required images into a dedicated container registry. +""" + +import sys, yaml +from pathlib import Path +from functools import reduce + +if len(sys.argv) != 2: + print("Path to input file must be the sole command line arg to this script") + sys.exit(1) + +file_path = Path(sys.argv[1]) +# Kubernetes assumes docker registry by default: +# https://kubernetes.io/docs/concepts/containers/images/#image-names +default_registry = "docker.io" + + +def split_image_url(url: str): + try: + parts = url.strip("\n").split("/") + registry = parts[0] if len(parts) > 1 else default_registry + # TODO: Check if skopeo copy a no-op when + # source and destination are the same + if registry == "ghcr.io": + return {} + repo_plus_version = "".join(parts[1:]) if len(parts) > 1 else parts[0] + repo, version = repo_plus_version.split(":") + return {registry: {repo: [version]}} + except Exception as e: + raise Exception(f"Failed to parse url: {url}\nException was:", e) + + +def dict_merge_recursive(d1, d2): + """update first dict with second recursively""" + try: + for k, v in d1.items(): + if k in d2: + if isinstance(v, list): + d2[k] += v + else: + d2[k] = dict_merge_recursive(v, d2[k]) + d1.update(d2) + return d1 + except Exception as e: + raise Exception(f"Failed to merge dicts: {d1} & {d2}\nException was:", e) + + +# Loop through lines in file and convert to a nested dict +with open(file_path, "r") as file: + result_dict = reduce(dict_merge_recursive, map(split_image_url, file.readlines())) + with open(f"skopeo-manifest-{file_path.stem}.yml", "w") as out_file: + yaml.safe_dump(result_dict, out_file) diff --git a/skopeo-manifests/skopeo-manifest-daskhub.yml b/skopeo-manifests/skopeo-manifest-daskhub.yml new file mode 100644 index 00000000..dbf5b15a --- /dev/null +++ b/skopeo-manifests/skopeo-manifest-daskhub.yml @@ -0,0 +1,24 @@ +docker.io: + traefik: + - 2.6.3 +jupyterhub: + configurable-http-proxy: + - 4.5.3 + k8s-hub: + - 2.0.0 +k8s.gcr.io: + kube-scheduler: + - v1.23.10 +registry.k8s.io: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 diff --git a/skopeo-manifests/skopeo-manifest-jupyterhub.yml b/skopeo-manifests/skopeo-manifest-jupyterhub.yml new file mode 100644 index 00000000..b646dd24 --- /dev/null +++ b/skopeo-manifests/skopeo-manifest-jupyterhub.yml @@ -0,0 +1,21 @@ +jupyterhub: + configurable-http-proxy: + - 4.5.3 + k8s-hub: + - 2.0.0 +k8s.gcr.io: + kube-scheduler: + - v1.23.10 +registry.k8s.io: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/skopeo-manifest-kubeflow.yml new file mode 100644 index 00000000..27d6dda9 --- /dev/null +++ b/skopeo-manifests/skopeo-manifest-kubeflow.yml @@ -0,0 +1,115 @@ +docker.io: + istiopilot: + - 1.16.0 + istioproxyv2: + - 1.16.0 + kubeflowkatibkatib-controller: + - v0.15.0 + kubeflowkatibkatib-db-manager: + - v0.15.0 + kubeflowkatibkatib-ui: + - v0.15.0 + kubeflownotebookswgcentraldashboard: + - v1.7.0 + kubeflownotebookswgjupyter-web-app: + - v1.7.0 + kubeflownotebookswgkfam: + - v1.7.0 + kubeflownotebookswgnotebook-controller: + - v1.7.0 + kubeflownotebookswgpoddefaults-webhook: + - v1.7.0 + kubeflownotebookswgprofile-controller: + - v1.7.0 + kubeflownotebookswgtensorboard-controller: + - v1.7.0 + kubeflownotebookswgtensorboards-web-app: + - v1.7.0 + kubeflownotebookswgvolumes-web-app: + - v1.7.0 + metacontrolleriometacontroller: + - v2.0.4 + mysql: + - 8.0.29 + python: + - '3.7' +gcr.io: + arriktokubeflowoidc-authservice: + - e236439 + knative-releasesknative.deveventingcmdcontroller@sha256: + - 33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f + knative-releasesknative.deveventingcmdwebhook@sha256: + - d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba + knative-releasesknative.devnet-istiocmdcontroller@sha256: + - 2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 + knative-releasesknative.devnet-istiocmdwebhook@sha256: + - 59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d + knative-releasesknative.devservingcmdactivator@sha256: + - c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 + knative-releasesknative.devservingcmdautoscaler@sha256: + - caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f + knative-releasesknative.devservingcmdcontroller@sha256: + - 38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 + knative-releasesknative.devservingcmddomain-mapping-webhook@sha256: + - a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 + knative-releasesknative.devservingcmddomain-mapping@sha256: + - 763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 + knative-releasesknative.devservingcmdwebhook@sha256: + - bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae + kubebuilderkube-rbac-proxy: + - v0.8.0 + - v0.13.1 + ml-pipelineapi-server: + - 2.0.0-alpha.7 + ml-pipelinecache-server: + - 2.0.0-alpha.7 + ml-pipelinefrontend: + - 2.0.0-alpha.7 + ml-pipelinemetadata-envoy: + - 2.0.0-alpha.7 + ml-pipelinemetadata-writer: + - 2.0.0-alpha.7 + ml-pipelineminio: + - RELEASE.2019-08-14T20-37-41Z-license-compliance + ml-pipelinemysql: + - 8.0.26 + ml-pipelinepersistenceagent: + - 2.0.0-alpha.7 + ml-pipelinescheduledworkflow: + - 2.0.0-alpha.7 + ml-pipelineviewer-crd-controller: + - 2.0.0-alpha.7 + ml-pipelinevisualization-server: + - 2.0.0-alpha.7 + ml-pipelineworkflow-controller: + - v3.3.8-license-compliance + tfx-oss-publicml_metadata_store_server: + - 1.5.0 +kserve: + kserve-controller: + - v0.10.0 + models-web-app: + - v0.10.0 +kubeflow: + training-operator: + - v1-5a5f92d +quay.io: + jetstackcert-manager-cainjector: + - v1.10.1 + jetstackcert-manager-controller: + - v1.10.1 + jetstackcert-manager-webhook: + - v1.10.1 +registry.k8s.io: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 From bd8d12f89d3fb4afc9ab8f931db3cf549bda6165 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:08:17 +0100 Subject: [PATCH 02/54] Trigger workflow on push --- .github/workflows/sync-images.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 25fbe4df..1090179a 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -1,6 +1,7 @@ name: sync images on: - workflow_call: + # TODO: Decide on triggers + push: jobs: sync_images: From 2e4afcd0814542db47b69d9b26d596d395b9aafc Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:12:20 +0100 Subject: [PATCH 03/54] Fix filenames in test matrix --- .github/workflows/sync-images.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 1090179a..9dc160a6 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -9,9 +9,9 @@ jobs: strategy: matrix: component: - - skopeo-manifests-daskhub.yml - - skopeo-manifests-jupyterhub.yml - - skopeo-manifests-kubeflow.yml + - skopeo-manifests-daskhub + - skopeo-manifests-jupyterhub + - skopeo-manifests-kubeflow steps: - name: Check out the repository uses: actions/checkout@v3 From d736820bc3b1d63790e4f18bd6c1d93882c8bac5 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:13:59 +0100 Subject: [PATCH 04/54] Fix filenames in test matrix --- .github/workflows/sync-images.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 9dc160a6..f184095a 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -9,9 +9,9 @@ jobs: strategy: matrix: component: - - skopeo-manifests-daskhub - - skopeo-manifests-jupyterhub - - skopeo-manifests-kubeflow + - skopeo-manifest-daskhub + - skopeo-manifest-jupyterhub + - skopeo-manifest-kubeflow steps: - name: Check out the repository uses: actions/checkout@v3 From 73be504ca36cc1fa06bf63acdd0916a027fec013 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:16:56 +0100 Subject: [PATCH 05/54] Fix manifest format --- skopeo-manifests/create-skopeo-manifest.py | 2 +- skopeo-manifests/skopeo-manifest-daskhub.yml | 44 ++-- .../skopeo-manifest-jupyterhub.yml | 39 +-- skopeo-manifests/skopeo-manifest-kubeflow.yml | 224 +++++++++--------- 4 files changed, 161 insertions(+), 148 deletions(-) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index e3646cc5..e1d6c5a4 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -34,7 +34,7 @@ def split_image_url(url: str): return {} repo_plus_version = "".join(parts[1:]) if len(parts) > 1 else parts[0] repo, version = repo_plus_version.split(":") - return {registry: {repo: [version]}} + return {registry: {'images': {repo: [version]}}} except Exception as e: raise Exception(f"Failed to parse url: {url}\nException was:", e) diff --git a/skopeo-manifests/skopeo-manifest-daskhub.yml b/skopeo-manifests/skopeo-manifest-daskhub.yml index dbf5b15a..1e7a983c 100644 --- a/skopeo-manifests/skopeo-manifest-daskhub.yml +++ b/skopeo-manifests/skopeo-manifest-daskhub.yml @@ -1,24 +1,28 @@ docker.io: - traefik: - - 2.6.3 + images: + traefik: + - 2.6.3 jupyterhub: - configurable-http-proxy: - - 4.5.3 - k8s-hub: - - 2.0.0 + images: + configurable-http-proxy: + - 4.5.3 + k8s-hub: + - 2.0.0 k8s.gcr.io: - kube-scheduler: - - v1.23.10 + images: + kube-scheduler: + - v1.23.10 registry.k8s.io: - corednscoredns: - - v1.9.3 - etcd: - - 3.5.6-0 - kube-apiserver: - - v1.26.3 - kube-controller-manager: - - v1.26.3 - kube-proxy: - - v1.26.3 - kube-scheduler: - - v1.26.3 + images: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 diff --git a/skopeo-manifests/skopeo-manifest-jupyterhub.yml b/skopeo-manifests/skopeo-manifest-jupyterhub.yml index b646dd24..aceb80bc 100644 --- a/skopeo-manifests/skopeo-manifest-jupyterhub.yml +++ b/skopeo-manifests/skopeo-manifest-jupyterhub.yml @@ -1,21 +1,24 @@ jupyterhub: - configurable-http-proxy: - - 4.5.3 - k8s-hub: - - 2.0.0 + images: + configurable-http-proxy: + - 4.5.3 + k8s-hub: + - 2.0.0 k8s.gcr.io: - kube-scheduler: - - v1.23.10 + images: + kube-scheduler: + - v1.23.10 registry.k8s.io: - corednscoredns: - - v1.9.3 - etcd: - - 3.5.6-0 - kube-apiserver: - - v1.26.3 - kube-controller-manager: - - v1.26.3 - kube-proxy: - - v1.26.3 - kube-scheduler: - - v1.26.3 + images: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/skopeo-manifest-kubeflow.yml index 27d6dda9..72a8f089 100644 --- a/skopeo-manifests/skopeo-manifest-kubeflow.yml +++ b/skopeo-manifests/skopeo-manifest-kubeflow.yml @@ -1,115 +1,121 @@ docker.io: - istiopilot: - - 1.16.0 - istioproxyv2: - - 1.16.0 - kubeflowkatibkatib-controller: - - v0.15.0 - kubeflowkatibkatib-db-manager: - - v0.15.0 - kubeflowkatibkatib-ui: - - v0.15.0 - kubeflownotebookswgcentraldashboard: - - v1.7.0 - kubeflownotebookswgjupyter-web-app: - - v1.7.0 - kubeflownotebookswgkfam: - - v1.7.0 - kubeflownotebookswgnotebook-controller: - - v1.7.0 - kubeflownotebookswgpoddefaults-webhook: - - v1.7.0 - kubeflownotebookswgprofile-controller: - - v1.7.0 - kubeflownotebookswgtensorboard-controller: - - v1.7.0 - kubeflownotebookswgtensorboards-web-app: - - v1.7.0 - kubeflownotebookswgvolumes-web-app: - - v1.7.0 - metacontrolleriometacontroller: - - v2.0.4 - mysql: - - 8.0.29 - python: - - '3.7' + images: + istiopilot: + - 1.16.0 + istioproxyv2: + - 1.16.0 + kubeflowkatibkatib-controller: + - v0.15.0 + kubeflowkatibkatib-db-manager: + - v0.15.0 + kubeflowkatibkatib-ui: + - v0.15.0 + kubeflownotebookswgcentraldashboard: + - v1.7.0 + kubeflownotebookswgjupyter-web-app: + - v1.7.0 + kubeflownotebookswgkfam: + - v1.7.0 + kubeflownotebookswgnotebook-controller: + - v1.7.0 + kubeflownotebookswgpoddefaults-webhook: + - v1.7.0 + kubeflownotebookswgprofile-controller: + - v1.7.0 + kubeflownotebookswgtensorboard-controller: + - v1.7.0 + kubeflownotebookswgtensorboards-web-app: + - v1.7.0 + kubeflownotebookswgvolumes-web-app: + - v1.7.0 + metacontrolleriometacontroller: + - v2.0.4 + mysql: + - 8.0.29 + python: + - '3.7' gcr.io: - arriktokubeflowoidc-authservice: - - e236439 - knative-releasesknative.deveventingcmdcontroller@sha256: - - 33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f - knative-releasesknative.deveventingcmdwebhook@sha256: - - d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba - knative-releasesknative.devnet-istiocmdcontroller@sha256: - - 2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 - knative-releasesknative.devnet-istiocmdwebhook@sha256: - - 59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d - knative-releasesknative.devservingcmdactivator@sha256: - - c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 - knative-releasesknative.devservingcmdautoscaler@sha256: - - caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f - knative-releasesknative.devservingcmdcontroller@sha256: - - 38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 - knative-releasesknative.devservingcmddomain-mapping-webhook@sha256: - - a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 - knative-releasesknative.devservingcmddomain-mapping@sha256: - - 763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 - knative-releasesknative.devservingcmdwebhook@sha256: - - bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae - kubebuilderkube-rbac-proxy: - - v0.8.0 - - v0.13.1 - ml-pipelineapi-server: - - 2.0.0-alpha.7 - ml-pipelinecache-server: - - 2.0.0-alpha.7 - ml-pipelinefrontend: - - 2.0.0-alpha.7 - ml-pipelinemetadata-envoy: - - 2.0.0-alpha.7 - ml-pipelinemetadata-writer: - - 2.0.0-alpha.7 - ml-pipelineminio: - - RELEASE.2019-08-14T20-37-41Z-license-compliance - ml-pipelinemysql: - - 8.0.26 - ml-pipelinepersistenceagent: - - 2.0.0-alpha.7 - ml-pipelinescheduledworkflow: - - 2.0.0-alpha.7 - ml-pipelineviewer-crd-controller: - - 2.0.0-alpha.7 - ml-pipelinevisualization-server: - - 2.0.0-alpha.7 - ml-pipelineworkflow-controller: - - v3.3.8-license-compliance - tfx-oss-publicml_metadata_store_server: - - 1.5.0 + images: + arriktokubeflowoidc-authservice: + - e236439 + knative-releasesknative.deveventingcmdcontroller@sha256: + - 33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f + knative-releasesknative.deveventingcmdwebhook@sha256: + - d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba + knative-releasesknative.devnet-istiocmdcontroller@sha256: + - 2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 + knative-releasesknative.devnet-istiocmdwebhook@sha256: + - 59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d + knative-releasesknative.devservingcmdactivator@sha256: + - c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 + knative-releasesknative.devservingcmdautoscaler@sha256: + - caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f + knative-releasesknative.devservingcmdcontroller@sha256: + - 38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 + knative-releasesknative.devservingcmddomain-mapping-webhook@sha256: + - a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 + knative-releasesknative.devservingcmddomain-mapping@sha256: + - 763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 + knative-releasesknative.devservingcmdwebhook@sha256: + - bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae + kubebuilderkube-rbac-proxy: + - v0.8.0 + - v0.13.1 + ml-pipelineapi-server: + - 2.0.0-alpha.7 + ml-pipelinecache-server: + - 2.0.0-alpha.7 + ml-pipelinefrontend: + - 2.0.0-alpha.7 + ml-pipelinemetadata-envoy: + - 2.0.0-alpha.7 + ml-pipelinemetadata-writer: + - 2.0.0-alpha.7 + ml-pipelineminio: + - RELEASE.2019-08-14T20-37-41Z-license-compliance + ml-pipelinemysql: + - 8.0.26 + ml-pipelinepersistenceagent: + - 2.0.0-alpha.7 + ml-pipelinescheduledworkflow: + - 2.0.0-alpha.7 + ml-pipelineviewer-crd-controller: + - 2.0.0-alpha.7 + ml-pipelinevisualization-server: + - 2.0.0-alpha.7 + ml-pipelineworkflow-controller: + - v3.3.8-license-compliance + tfx-oss-publicml_metadata_store_server: + - 1.5.0 kserve: - kserve-controller: - - v0.10.0 - models-web-app: - - v0.10.0 + images: + kserve-controller: + - v0.10.0 + models-web-app: + - v0.10.0 kubeflow: - training-operator: - - v1-5a5f92d + images: + training-operator: + - v1-5a5f92d quay.io: - jetstackcert-manager-cainjector: - - v1.10.1 - jetstackcert-manager-controller: - - v1.10.1 - jetstackcert-manager-webhook: - - v1.10.1 + images: + jetstackcert-manager-cainjector: + - v1.10.1 + jetstackcert-manager-controller: + - v1.10.1 + jetstackcert-manager-webhook: + - v1.10.1 registry.k8s.io: - corednscoredns: - - v1.9.3 - etcd: - - 3.5.6-0 - kube-apiserver: - - v1.26.3 - kube-controller-manager: - - v1.26.3 - kube-proxy: - - v1.26.3 - kube-scheduler: - - v1.26.3 + images: + corednscoredns: + - v1.9.3 + etcd: + - 3.5.6-0 + kube-apiserver: + - v1.26.3 + kube-controller-manager: + - v1.26.3 + kube-proxy: + - v1.26.3 + kube-scheduler: + - v1.26.3 From a77d8fbe30cf74cf34770a8e6e71d8421444ee16 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:47:21 +0100 Subject: [PATCH 06/54] Fix missing '/' separators --- skopeo-manifests/create-skopeo-manifest.py | 2 +- skopeo-manifests/skopeo-manifest-daskhub.yml | 2 +- .../skopeo-manifest-jupyterhub.yml | 2 +- skopeo-manifests/skopeo-manifest-kubeflow.yml | 88 +++++++++---------- 4 files changed, 47 insertions(+), 47 deletions(-) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index e1d6c5a4..7cc8a3c3 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -32,7 +32,7 @@ def split_image_url(url: str): # source and destination are the same if registry == "ghcr.io": return {} - repo_plus_version = "".join(parts[1:]) if len(parts) > 1 else parts[0] + repo_plus_version = "/".join(parts[1:]) if len(parts) > 1 else parts[0] repo, version = repo_plus_version.split(":") return {registry: {'images': {repo: [version]}}} except Exception as e: diff --git a/skopeo-manifests/skopeo-manifest-daskhub.yml b/skopeo-manifests/skopeo-manifest-daskhub.yml index 1e7a983c..d8d27d22 100644 --- a/skopeo-manifests/skopeo-manifest-daskhub.yml +++ b/skopeo-manifests/skopeo-manifest-daskhub.yml @@ -14,7 +14,7 @@ k8s.gcr.io: - v1.23.10 registry.k8s.io: images: - corednscoredns: + coredns/coredns: - v1.9.3 etcd: - 3.5.6-0 diff --git a/skopeo-manifests/skopeo-manifest-jupyterhub.yml b/skopeo-manifests/skopeo-manifest-jupyterhub.yml index aceb80bc..c54208ae 100644 --- a/skopeo-manifests/skopeo-manifest-jupyterhub.yml +++ b/skopeo-manifests/skopeo-manifest-jupyterhub.yml @@ -10,7 +10,7 @@ k8s.gcr.io: - v1.23.10 registry.k8s.io: images: - corednscoredns: + coredns/coredns: - v1.9.3 etcd: - 3.5.6-0 diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/skopeo-manifest-kubeflow.yml index 72a8f089..ddf7dc65 100644 --- a/skopeo-manifests/skopeo-manifest-kubeflow.yml +++ b/skopeo-manifests/skopeo-manifest-kubeflow.yml @@ -1,34 +1,34 @@ docker.io: images: - istiopilot: + istio/pilot: - 1.16.0 - istioproxyv2: + istio/proxyv2: - 1.16.0 - kubeflowkatibkatib-controller: + kubeflowkatib/katib-controller: - v0.15.0 - kubeflowkatibkatib-db-manager: + kubeflowkatib/katib-db-manager: - v0.15.0 - kubeflowkatibkatib-ui: + kubeflowkatib/katib-ui: - v0.15.0 - kubeflownotebookswgcentraldashboard: + kubeflownotebookswg/centraldashboard: - v1.7.0 - kubeflownotebookswgjupyter-web-app: + kubeflownotebookswg/jupyter-web-app: - v1.7.0 - kubeflownotebookswgkfam: + kubeflownotebookswg/kfam: - v1.7.0 - kubeflownotebookswgnotebook-controller: + kubeflownotebookswg/notebook-controller: - v1.7.0 - kubeflownotebookswgpoddefaults-webhook: + kubeflownotebookswg/poddefaults-webhook: - v1.7.0 - kubeflownotebookswgprofile-controller: + kubeflownotebookswg/profile-controller: - v1.7.0 - kubeflownotebookswgtensorboard-controller: + kubeflownotebookswg/tensorboard-controller: - v1.7.0 - kubeflownotebookswgtensorboards-web-app: + kubeflownotebookswg/tensorboards-web-app: - v1.7.0 - kubeflownotebookswgvolumes-web-app: + kubeflownotebookswg/volumes-web-app: - v1.7.0 - metacontrolleriometacontroller: + metacontrollerio/metacontroller: - v2.0.4 mysql: - 8.0.29 @@ -36,56 +36,56 @@ docker.io: - '3.7' gcr.io: images: - arriktokubeflowoidc-authservice: + arrikto/kubeflow/oidc-authservice: - e236439 - knative-releasesknative.deveventingcmdcontroller@sha256: + knative-releases/knative.dev/eventing/cmd/controller@sha256: - 33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f - knative-releasesknative.deveventingcmdwebhook@sha256: + knative-releases/knative.dev/eventing/cmd/webhook@sha256: - d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba - knative-releasesknative.devnet-istiocmdcontroller@sha256: + knative-releases/knative.dev/net-istio/cmd/controller@sha256: - 2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 - knative-releasesknative.devnet-istiocmdwebhook@sha256: + knative-releases/knative.dev/net-istio/cmd/webhook@sha256: - 59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d - knative-releasesknative.devservingcmdactivator@sha256: + knative-releases/knative.dev/serving/cmd/activator@sha256: - c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 - knative-releasesknative.devservingcmdautoscaler@sha256: + knative-releases/knative.dev/serving/cmd/autoscaler@sha256: - caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f - knative-releasesknative.devservingcmdcontroller@sha256: + knative-releases/knative.dev/serving/cmd/controller@sha256: - 38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 - knative-releasesknative.devservingcmddomain-mapping-webhook@sha256: + knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256: - a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 - knative-releasesknative.devservingcmddomain-mapping@sha256: + knative-releases/knative.dev/serving/cmd/domain-mapping@sha256: - 763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 - knative-releasesknative.devservingcmdwebhook@sha256: + knative-releases/knative.dev/serving/cmd/webhook@sha256: - bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae - kubebuilderkube-rbac-proxy: + kubebuilder/kube-rbac-proxy: - v0.8.0 - v0.13.1 - ml-pipelineapi-server: + ml-pipeline/api-server: - 2.0.0-alpha.7 - ml-pipelinecache-server: + ml-pipeline/cache-server: - 2.0.0-alpha.7 - ml-pipelinefrontend: + ml-pipeline/frontend: - 2.0.0-alpha.7 - ml-pipelinemetadata-envoy: + ml-pipeline/metadata-envoy: - 2.0.0-alpha.7 - ml-pipelinemetadata-writer: + ml-pipeline/metadata-writer: - 2.0.0-alpha.7 - ml-pipelineminio: + ml-pipeline/minio: - RELEASE.2019-08-14T20-37-41Z-license-compliance - ml-pipelinemysql: + ml-pipeline/mysql: - 8.0.26 - ml-pipelinepersistenceagent: + ml-pipeline/persistenceagent: - 2.0.0-alpha.7 - ml-pipelinescheduledworkflow: + ml-pipeline/scheduledworkflow: - 2.0.0-alpha.7 - ml-pipelineviewer-crd-controller: + ml-pipeline/viewer-crd-controller: - 2.0.0-alpha.7 - ml-pipelinevisualization-server: + ml-pipeline/visualization-server: - 2.0.0-alpha.7 - ml-pipelineworkflow-controller: + ml-pipeline/workflow-controller: - v3.3.8-license-compliance - tfx-oss-publicml_metadata_store_server: + tfx-oss-public/ml_metadata_store_server: - 1.5.0 kserve: images: @@ -99,15 +99,15 @@ kubeflow: - v1-5a5f92d quay.io: images: - jetstackcert-manager-cainjector: + jetstack/cert-manager-cainjector: - v1.10.1 - jetstackcert-manager-controller: + jetstack/cert-manager-controller: - v1.10.1 - jetstackcert-manager-webhook: + jetstack/cert-manager-webhook: - v1.10.1 registry.k8s.io: images: - corednscoredns: + coredns/coredns: - v1.9.3 etcd: - 3.5.6-0 From 47d3179f3413acaca231b75000d4f2482839bac8 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 16:57:36 +0100 Subject: [PATCH 07/54] Check skopeo version --- .github/workflows/sync-images.yaml | 39 ++++++++++++++++-------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index f184095a..e5efa0ff 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -19,22 +19,25 @@ jobs: - name: Install skopeo run: sudo apt-get -y update && sudo apt-get install -y skopeo - - name: Check component manifest for changes - uses: dorny/paths-filter@v2 - id: changes - with: - filters: | - manifest: - - skopeo-manifests/${{ matrix.component }}.yml + - name: Check skopeo version + run: skopeo -v - - name: Sync component images - if: ${{ steps.changes.outputs.manifest == 'true' }} - run: |- - skopeo sync \ - --src yaml \ - --dest docker \ - --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - --scoped \ - --all \ - skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + # - name: Check component manifest for changes + # uses: dorny/paths-filter@v2 + # id: changes + # with: + # filters: | + # manifest: + # - skopeo-manifests/${{ matrix.component }}.yml + + # - name: Sync component images + # if: ${{ steps.changes.outputs.manifest == 'true' }} + # run: |- + # skopeo sync \ + # --src yaml \ + # --dest docker \ + # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + # --scoped \ + # --all \ + # skopeo-manifests/${{ matrix.component }}.yml \ + # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From 6c4e798a4ff9f7e1392c34d0095bfd1dd8c0d48d Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:05:53 +0100 Subject: [PATCH 08/54] Test docker option --- .github/workflows/sync-images.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index e5efa0ff..1854f7a9 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -16,11 +16,11 @@ jobs: - name: Check out the repository uses: actions/checkout@v3 - - name: Install skopeo - run: sudo apt-get -y update && sudo apt-get install -y skopeo + # - name: Install skopeo + # run: sudo apt-get -y update && sudo apt-get install -y skopeo - name: Check skopeo version - run: skopeo -v + run: docker run quay.io/skopeo/stable:latest -v # - name: Check component manifest for changes # uses: dorny/paths-filter@v2 From 5f7d688de2e9178695d2f873233fc3a37105f588 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:08:02 +0100 Subject: [PATCH 09/54] Use containerised skopeo --- .github/workflows/sync-images.yaml | 42 ++++++++++++++++-------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 1854f7a9..40e1b4b5 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -19,25 +19,27 @@ jobs: # - name: Install skopeo # run: sudo apt-get -y update && sudo apt-get install -y skopeo - - name: Check skopeo version - run: docker run quay.io/skopeo/stable:latest -v + # - name: Check skopeo version + # run: docker run quay.io/skopeo/stable:latest -v - # - name: Check component manifest for changes - # uses: dorny/paths-filter@v2 - # id: changes - # with: - # filters: | - # manifest: - # - skopeo-manifests/${{ matrix.component }}.yml + - name: Check component manifest for changes + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + manifest: + - skopeo-manifests/${{ matrix.component }}.yml - # - name: Sync component images - # if: ${{ steps.changes.outputs.manifest == 'true' }} - # run: |- - # skopeo sync \ - # --src yaml \ - # --dest docker \ - # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - # --scoped \ - # --all \ - # skopeo-manifests/${{ matrix.component }}.yml \ - # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + # NOTE: Need skopeo > v1.09 to avoid this issue: + # https://github.com/containers/skopeo/issues/1874 + - name: Sync component images + if: ${{ steps.changes.outputs.manifest == 'true' }} + run: |- + docker run quay.io/skopeo/stable:1.11 sync \ + --src yaml \ + --dest docker \ + --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + --scoped \ + --all \ + skopeo-manifests/${{ matrix.component }}.yml \ + ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From c9cfd65c5b136cd44775cf2be904933c996fca5e Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:09:33 +0100 Subject: [PATCH 10/54] Fix container version --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 40e1b4b5..812ce18d 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -35,7 +35,7 @@ jobs: - name: Sync component images if: ${{ steps.changes.outputs.manifest == 'true' }} run: |- - docker run quay.io/skopeo/stable:1.11 sync \ + docker run quay.io/skopeo/stable:v1.11 sync \ --src yaml \ --dest docker \ --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ From c156128504b83b13773831e1f81c8b39134049d1 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:34:47 +0100 Subject: [PATCH 11/54] Run sync in container --- .github/workflows/sync-images.yaml | 33 +++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 812ce18d..c49c3e76 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -22,6 +22,18 @@ jobs: # - name: Check skopeo version # run: docker run quay.io/skopeo/stable:latest -v + + # - name: test + # run: docker run --entrypoint /usr/local/env -v /home/ubuntu/azimuth-charts:/home/skopeo alpine:latest ls /test + # run: docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ + # --src yaml \ + # --dest docker \ + # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + # --scoped \ + # --all \ + # skopeo-manifests/${{ matrix.component }}.yml \ + # ghcr.io/stackhpc/azimuth-charts + - name: Check component manifest for changes uses: dorny/paths-filter@v2 id: changes @@ -30,12 +42,23 @@ jobs: manifest: - skopeo-manifests/${{ matrix.component }}.yml - # NOTE: Need skopeo > v1.09 to avoid this issue: - # https://github.com/containers/skopeo/issues/1874 + # # NOTE: Need skopeo > v1.09 to avoid this issue: + # # https://github.com/containers/skopeo/issues/1874 + # - name: Sync component images + # if: ${{ steps.changes.outputs.manifest == 'true' }} + # run: |- + # docker run quay.io/skopeo/stable:v1.11 sync \ + # --src yaml \ + # --dest docker \ + # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + # --scoped \ + # --all \ + # skopeo-manifests/${{ matrix.component }}.yml \ + # ghcr.io/stackhpc/azimuth-charts + + - name: Sync component images - if: ${{ steps.changes.outputs.manifest == 'true' }} - run: |- - docker run quay.io/skopeo/stable:v1.11 sync \ + run: docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ --src yaml \ --dest docker \ --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ From 3ed77fb3da9f659795edcbe93351a1323f617e45 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:38:44 +0100 Subject: [PATCH 12/54] Fix path --- .github/workflows/sync-images.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index c49c3e76..d9899016 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -58,11 +58,12 @@ jobs: - name: Sync component images - run: docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ + run: |- + docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ --src yaml \ --dest docker \ --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ --scoped \ --all \ - skopeo-manifests/${{ matrix.component }}.yml \ + /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From 50ca070eaa79edc958cac5076ddd1a56648ec75c Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 9 May 2023 17:40:22 +0100 Subject: [PATCH 13/54] Checkout correct branch in workflow --- .github/workflows/sync-images.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index d9899016..9aee3cdb 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -15,6 +15,8 @@ jobs: steps: - name: Check out the repository uses: actions/checkout@v3 + with: + ref: skopeo # - name: Install skopeo # run: sudo apt-get -y update && sudo apt-get install -y skopeo From 80473c7839c5196dd594d7a5a2c736722c814abc Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 09:19:13 +0100 Subject: [PATCH 14/54] Debug test --- .github/workflows/sync-images.yaml | 40 +++++++++++++++++------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 9aee3cdb..28f9c2e7 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -21,6 +21,9 @@ jobs: # - name: Install skopeo # run: sudo apt-get -y update && sudo apt-get install -y skopeo + # - name: Install skopeo dependencies + # run: sudo apt install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config + # - name: Check skopeo version # run: docker run quay.io/skopeo/stable:latest -v @@ -36,16 +39,17 @@ jobs: # skopeo-manifests/${{ matrix.component }}.yml \ # ghcr.io/stackhpc/azimuth-charts - - name: Check component manifest for changes - uses: dorny/paths-filter@v2 - id: changes - with: - filters: | - manifest: - - skopeo-manifests/${{ matrix.component }}.yml + # - name: Check component manifest for changes + # uses: dorny/paths-filter@v2 + # id: changes + # with: + # filters: | + # manifest: + # - skopeo-manifests/${{ matrix.component }}.yml + + # NOTE: Need skopeo > v1.09 to avoid this issue: + # https://github.com/containers/skopeo/issues/1874 - # # NOTE: Need skopeo > v1.09 to avoid this issue: - # # https://github.com/containers/skopeo/issues/1874 # - name: Sync component images # if: ${{ steps.changes.outputs.manifest == 'true' }} # run: |- @@ -61,11 +65,13 @@ jobs: - name: Sync component images run: |- - docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ - --src yaml \ - --dest docker \ - --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - --scoped \ - --all \ - /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 \ + pwd + # /usr/bin/skopeo sync \ + # --src yaml \ + # --dest docker \ + # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + # --scoped \ + # --all \ + # /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ + # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From f6c940a5127ddd9ba72dcb37effc88fa1f2922fd Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 09:20:46 +0100 Subject: [PATCH 15/54] Debug test --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 28f9c2e7..ce580fae 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -66,7 +66,7 @@ jobs: - name: Sync component images run: |- docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 \ - pwd + ls /home/skopeo/azimuth-charts/ # /usr/bin/skopeo sync \ # --src yaml \ # --dest docker \ From 3021f82eee4310211e6476acab3d403effd828d5 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 09:23:14 +0100 Subject: [PATCH 16/54] Debug test --- .github/workflows/sync-images.yaml | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index ce580fae..b8f711f0 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -18,6 +18,11 @@ jobs: with: ref: skopeo + - uses: actions/checkout@v2 + - name: Setup upterm session + uses: lhotari/action-upterm@v1 + + # - name: Install skopeo # run: sudo apt-get -y update && sudo apt-get install -y skopeo @@ -63,15 +68,15 @@ jobs: # ghcr.io/stackhpc/azimuth-charts - - name: Sync component images - run: |- - docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 \ - ls /home/skopeo/azimuth-charts/ - # /usr/bin/skopeo sync \ - # --src yaml \ - # --dest docker \ - # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - # --scoped \ - # --all \ - # /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + # - name: Sync component images + # run: |- + # docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 \ + # ls /home/skopeo/azimuth-charts/ + # # /usr/bin/skopeo sync \ + # # --src yaml \ + # # --dest docker \ + # # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + # # --scoped \ + # # --all \ + # # /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ + # # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From 17d4d89eeee2c767a9494a862d0b364f05b1ec0f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 09:33:54 +0100 Subject: [PATCH 17/54] Fix container mount path Also comments and formatting --- .github/workflows/sync-images.yaml | 71 +++++++++--------------------- 1 file changed, 20 insertions(+), 51 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index b8f711f0..91d9e6bd 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -15,34 +15,14 @@ jobs: steps: - name: Check out the repository uses: actions/checkout@v3 + # TODO: Revert to main branch before merging with: ref: skopeo - - uses: actions/checkout@v2 - - name: Setup upterm session - uses: lhotari/action-upterm@v1 - - - # - name: Install skopeo - # run: sudo apt-get -y update && sudo apt-get install -y skopeo - - # - name: Install skopeo dependencies - # run: sudo apt install libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev pkg-config - - # - name: Check skopeo version - # run: docker run quay.io/skopeo/stable:latest -v - - - # - name: test - # run: docker run --entrypoint /usr/local/env -v /home/ubuntu/azimuth-charts:/home/skopeo alpine:latest ls /test - # run: docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 /usr/bin/skopeo sync \ - # --src yaml \ - # --dest docker \ - # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - # --scoped \ - # --all \ - # skopeo-manifests/${{ matrix.component }}.yml \ - # ghcr.io/stackhpc/azimuth-charts + # Uncommment for SSH-able terminal session within runner to aid debugging + # - uses: actions/checkout@v2 + # - name: Setup upterm session + # uses: lhotari/action-upterm@v1 # - name: Check component manifest for changes # uses: dorny/paths-filter@v2 @@ -54,29 +34,18 @@ jobs: # NOTE: Need skopeo > v1.09 to avoid this issue: # https://github.com/containers/skopeo/issues/1874 - - # - name: Sync component images - # if: ${{ steps.changes.outputs.manifest == 'true' }} - # run: |- - # docker run quay.io/skopeo/stable:v1.11 sync \ - # --src yaml \ - # --dest docker \ - # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - # --scoped \ - # --all \ - # skopeo-manifests/${{ matrix.component }}.yml \ - # ghcr.io/stackhpc/azimuth-charts - - - # - name: Sync component images - # run: |- - # docker run --entrypoint /usr/bin/env -v /home/ubuntu/azimuth-charts:/home/skopeo/azimuth-charts quay.io/skopeo/stable:v1.11 \ - # ls /home/skopeo/azimuth-charts/ - # # /usr/bin/skopeo sync \ - # # --src yaml \ - # # --dest docker \ - # # --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - # # --scoped \ - # # --all \ - # # /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - # # ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + # so use containerized version + + - name: Sync component images + run: |- + docker run --entrypoint /usr/bin/env \ + -v /home/runner/work/azimuth-charts/azimuth-charts:/home/skopeo/azimuth-charts \ + quay.io/skopeo/stable:v1.11 \ + skopeo sync \ + --src yaml \ + --dest docker \ + --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + --scoped \ + --all \ + /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ + ghcr.io/stackhpc/azimuth-charts \ No newline at end of file From 5d18b205d4a65c7277569328a080f25b12af1133 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 10:42:00 +0100 Subject: [PATCH 18/54] Add check for changes --- .github/workflows/sync-images.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 91d9e6bd..748f89ac 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -24,13 +24,13 @@ jobs: # - name: Setup upterm session # uses: lhotari/action-upterm@v1 - # - name: Check component manifest for changes - # uses: dorny/paths-filter@v2 - # id: changes - # with: - # filters: | - # manifest: - # - skopeo-manifests/${{ matrix.component }}.yml + - name: Check component manifest for changes + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + manifest: + - skopeo-manifests/${{ matrix.component }}.yml # NOTE: Need skopeo > v1.09 to avoid this issue: # https://github.com/containers/skopeo/issues/1874 From e4bf91017dcb417caf8b0662f5222f389c33e422 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 10 May 2023 10:43:30 +0100 Subject: [PATCH 19/54] Fix check for changes --- .github/workflows/sync-images.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 748f89ac..4fe3734a 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -37,6 +37,7 @@ jobs: # so use containerized version - name: Sync component images + if: ${{ steps.changes.outputs.manifest == 'true' }} run: |- docker run --entrypoint /usr/bin/env \ -v /home/runner/work/azimuth-charts/azimuth-charts:/home/skopeo/azimuth-charts \ From 0b93f3f177224fd0c07055e472b1596cb411f227 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:14:29 +0100 Subject: [PATCH 20/54] Address requested changes: - Trigger workflow on push - Format sync command more cleanly - Use GITHUB_WORKSPACE var - Test output capturing for catching sync errors --- .github/workflows/sync-images.yaml | 45 ++++++++++++++++++------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 4fe3734a..7da2563b 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -1,7 +1,5 @@ name: sync images -on: - # TODO: Decide on triggers - push: +on: push jobs: sync_images: @@ -24,29 +22,40 @@ jobs: # - name: Setup upterm session # uses: lhotari/action-upterm@v1 - - name: Check component manifest for changes - uses: dorny/paths-filter@v2 - id: changes - with: - filters: | - manifest: - - skopeo-manifests/${{ matrix.component }}.yml + # - name: Check component manifest for changes + # uses: dorny/paths-filter@v2 + # id: changes + # with: + # filters: | + # manifest: + # - skopeo-manifests/${{ matrix.component }}.yml # NOTE: Need skopeo > v1.09 to avoid this issue: # https://github.com/containers/skopeo/issues/1874 # so use containerized version - name: Sync component images + id: image-sync if: ${{ steps.changes.outputs.manifest == 'true' }} run: |- docker run --entrypoint /usr/bin/env \ - -v /home/runner/work/azimuth-charts/azimuth-charts:/home/skopeo/azimuth-charts \ + -v $GITHUB_WORKSPACE:/home/skopeo/azimuth-charts \ quay.io/skopeo/stable:v1.11 \ skopeo sync \ - --src yaml \ - --dest docker \ - --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ - --scoped \ - --all \ - /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts \ No newline at end of file + --src yaml \ + --dest docker \ + --dest-creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} \ + --scoped \ + --all \ + /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ + ghcr.io/stackhpc/azimuth-charts | $GITHUB_OUTPUT + + - name: Test previous step output capture + run: echo ${{ steps.image-sync.outputs }} + + # - name: Check output for any sync errors + # run: | + # if [[ $(grep "level=error" ${{ steps.image-sync.outputs }} | wc -l) -gt 0 ]]; then + # echo "Error messages found in output of sync" + # exit 1 + # fi \ No newline at end of file From 88af872effd1d8a79f2c3c5dd96de18da2d1ceae Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:19:09 +0100 Subject: [PATCH 21/54] Test output capture --- .github/workflows/sync-images.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 7da2563b..08221ea3 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -36,7 +36,7 @@ jobs: - name: Sync component images id: image-sync - if: ${{ steps.changes.outputs.manifest == 'true' }} + # if: ${{ steps.changes.outputs.manifest == 'true' }} run: |- docker run --entrypoint /usr/bin/env \ -v $GITHUB_WORKSPACE:/home/skopeo/azimuth-charts \ @@ -48,7 +48,7 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts | $GITHUB_OUTPUT + ghcr.io/stackhpc/azimuth-charts > $GITHUB_OUTPUT - name: Test previous step output capture run: echo ${{ steps.image-sync.outputs }} From d9a0a0f70794845eb9e6b0ebdd4809226c06463c Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:22:44 +0100 Subject: [PATCH 22/54] Fix typo --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 08221ea3..7719ebca 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,7 +48,7 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts > $GITHUB_OUTPUT + ghcr.io/stackhpc/azimuth-charts >> $GITHUB_OUTPUT - name: Test previous step output capture run: echo ${{ steps.image-sync.outputs }} From 126b4df45143fba75a7a80f3a74068daa9e95406 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:29:00 +0100 Subject: [PATCH 23/54] Write to file instead --- .github/workflows/sync-images.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 7719ebca..f927d944 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,10 +48,10 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts >> $GITHUB_OUTPUT + ghcr.io/stackhpc/azimuth-charts > sync-output.txt - name: Test previous step output capture - run: echo ${{ steps.image-sync.outputs }} + run: cat sync-output.txt # - name: Check output for any sync errors # run: | From 8f06178a712f2dc9aa87e769687521742304918a Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:31:43 +0100 Subject: [PATCH 24/54] Write stderr to file too --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index f927d944..0674c419 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,7 +48,7 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts > sync-output.txt + ghcr.io/stackhpc/azimuth-charts &> sync-output.txt - name: Test previous step output capture run: cat sync-output.txt From d33dadb0784372f5df678eba03140a2452b4858e Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:34:35 +0100 Subject: [PATCH 25/54] Add error checking for sync output --- .github/workflows/sync-images.yaml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 0674c419..74fbaf8a 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -50,12 +50,10 @@ jobs: /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ ghcr.io/stackhpc/azimuth-charts &> sync-output.txt - - name: Test previous step output capture - run: cat sync-output.txt - - # - name: Check output for any sync errors - # run: | - # if [[ $(grep "level=error" ${{ steps.image-sync.outputs }} | wc -l) -gt 0 ]]; then - # echo "Error messages found in output of sync" - # exit 1 - # fi \ No newline at end of file + - name: Check output for any sync errors + run: | + ERR_COUNT=$(grep "level=error" sync-output.txt | wc -l) + if [[ $ERR_COUNT -gt 0 ]]; then + echo "Error messages found in output of image sync step" + exit 1 + fi \ No newline at end of file From 63982ca275bafd79ffbd595714d29604488fed78 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:39:40 +0100 Subject: [PATCH 26/54] Duplicate sync output with tee --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 74fbaf8a..a9d743c8 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,7 +48,7 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts &> sync-output.txt + ghcr.io/stackhpc/azimuth-charts | tee sync-output.txt - name: Check output for any sync errors run: | From d0d9f0564d8200a15421dbddf087475d9d1d74ff Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:43:06 +0100 Subject: [PATCH 27/54] Also pipe stderr to tee --- .github/workflows/sync-images.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index a9d743c8..07190c22 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,12 +48,12 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts | tee sync-output.txt + ghcr.io/stackhpc/azimuth-charts |& tee sync-output.txt - name: Check output for any sync errors run: | ERR_COUNT=$(grep "level=error" sync-output.txt | wc -l) if [[ $ERR_COUNT -gt 0 ]]; then - echo "Error messages found in output of image sync step" + echo "Found $ERR_COUNT logged error messages in output of image sync step" exit 1 fi \ No newline at end of file From 96705ca29fb08650cd19b1f5f5210cf819f1e02b Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 11:57:14 +0100 Subject: [PATCH 28/54] Fix sha256 tag handling --- skopeo-manifests/create-skopeo-manifest.py | 5 ++- skopeo-manifests/skopeo-manifest-kubeflow.yml | 40 +++++++++---------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index 7cc8a3c3..03b7eeb5 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -34,7 +34,10 @@ def split_image_url(url: str): return {} repo_plus_version = "/".join(parts[1:]) if len(parts) > 1 else parts[0] repo, version = repo_plus_version.split(":") - return {registry: {'images': {repo: [version]}}} + if "@sha256" in repo: + repo = repo.replace("@sha256", "") + version = "sha256:" + version + return {registry: {"images": {repo: [version]}}} except Exception as e: raise Exception(f"Failed to parse url: {url}\nException was:", e) diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/skopeo-manifest-kubeflow.yml index ddf7dc65..7e52fc4e 100644 --- a/skopeo-manifests/skopeo-manifest-kubeflow.yml +++ b/skopeo-manifests/skopeo-manifest-kubeflow.yml @@ -38,26 +38,26 @@ gcr.io: images: arrikto/kubeflow/oidc-authservice: - e236439 - knative-releases/knative.dev/eventing/cmd/controller@sha256: - - 33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f - knative-releases/knative.dev/eventing/cmd/webhook@sha256: - - d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba - knative-releases/knative.dev/net-istio/cmd/controller@sha256: - - 2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 - knative-releases/knative.dev/net-istio/cmd/webhook@sha256: - - 59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d - knative-releases/knative.dev/serving/cmd/activator@sha256: - - c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 - knative-releases/knative.dev/serving/cmd/autoscaler@sha256: - - caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f - knative-releases/knative.dev/serving/cmd/controller@sha256: - - 38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 - knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256: - - a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 - knative-releases/knative.dev/serving/cmd/domain-mapping@sha256: - - 763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 - knative-releases/knative.dev/serving/cmd/webhook@sha256: - - bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae + knative-releases/knative.dev/eventing/cmd/controller: + - sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f + knative-releases/knative.dev/eventing/cmd/webhook: + - sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba + knative-releases/knative.dev/net-istio/cmd/controller: + - sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 + knative-releases/knative.dev/net-istio/cmd/webhook: + - sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d + knative-releases/knative.dev/serving/cmd/activator: + - sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 + knative-releases/knative.dev/serving/cmd/autoscaler: + - sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f + knative-releases/knative.dev/serving/cmd/controller: + - sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 + knative-releases/knative.dev/serving/cmd/domain-mapping: + - sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 + knative-releases/knative.dev/serving/cmd/domain-mapping-webhook: + - sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 + knative-releases/knative.dev/serving/cmd/webhook: + - sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae kubebuilder/kube-rbac-proxy: - v0.8.0 - v0.13.1 From 91ad8058a9c3f71bbe570b5fe465d0ca3711a23a Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 12:00:44 +0100 Subject: [PATCH 29/54] Re-enable manifest diff checking --- .github/workflows/sync-images.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 07190c22..b2bce58b 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -22,13 +22,13 @@ jobs: # - name: Setup upterm session # uses: lhotari/action-upterm@v1 - # - name: Check component manifest for changes - # uses: dorny/paths-filter@v2 - # id: changes - # with: - # filters: | - # manifest: - # - skopeo-manifests/${{ matrix.component }}.yml + - name: Check component manifest for changes + uses: dorny/paths-filter@v2 + id: changes + with: + filters: | + manifest: + - skopeo-manifests/${{ matrix.component }}.yml # NOTE: Need skopeo > v1.09 to avoid this issue: # https://github.com/containers/skopeo/issues/1874 From 32f5dd2d5507c625c6e4682e1ef156b15aea36ee Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 11 May 2023 12:03:22 +0100 Subject: [PATCH 30/54] Re-enable manifest diff checking properly --- .github/workflows/sync-images.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index b2bce58b..d8cf861b 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -36,7 +36,7 @@ jobs: - name: Sync component images id: image-sync - # if: ${{ steps.changes.outputs.manifest == 'true' }} + if: ${{ steps.changes.outputs.manifest == 'true' }} run: |- docker run --entrypoint /usr/bin/env \ -v $GITHUB_WORKSPACE:/home/skopeo/azimuth-charts \ From 520515b67e72b23fe20210c324858ed890d0e72f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Mon, 15 May 2023 11:45:19 +0100 Subject: [PATCH 31/54] Add note about notebook images --- skopeo-manifests/create-skopeo-manifest.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index 03b7eeb5..32d467cd 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -8,6 +8,10 @@ The script will then generate an output file named skopeo-manifest-{FILE_PATH}.yaml which is formatted such that it can be fed into the sync-images.yml github workflow to copy any required images into a dedicated container registry. + +NOTE: In order to capture the images used by the deployed platforms (e.g. the jupyter +notebook container) the relevant platform components should be deployed cluster before +running this script. """ import sys, yaml From 438b2e05bb91611b6eba3d2f9d9b183257c5fd1f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Mon, 15 May 2023 12:37:14 +0100 Subject: [PATCH 32/54] Add notebook images --- skopeo-manifests/skopeo-manifest-daskhub.yml | 6 ++++++ skopeo-manifests/skopeo-manifest-jupyterhub.yml | 2 ++ skopeo-manifests/skopeo-manifest-kubeflow.yml | 16 ++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/skopeo-manifests/skopeo-manifest-daskhub.yml b/skopeo-manifests/skopeo-manifest-daskhub.yml index d8d27d22..9b733e0a 100644 --- a/skopeo-manifests/skopeo-manifest-daskhub.yml +++ b/skopeo-manifests/skopeo-manifest-daskhub.yml @@ -8,10 +8,16 @@ jupyterhub: - 4.5.3 k8s-hub: - 2.0.0 + k8s-singleuser-sample: + - 2.0.0 k8s.gcr.io: images: kube-scheduler: - v1.23.10 +pangeo: + images: + base-notebook: + - 2022.10.31 registry.k8s.io: images: coredns/coredns: diff --git a/skopeo-manifests/skopeo-manifest-jupyterhub.yml b/skopeo-manifests/skopeo-manifest-jupyterhub.yml index c54208ae..a70d0825 100644 --- a/skopeo-manifests/skopeo-manifest-jupyterhub.yml +++ b/skopeo-manifests/skopeo-manifest-jupyterhub.yml @@ -4,6 +4,8 @@ jupyterhub: - 4.5.3 k8s-hub: - 2.0.0 + k8s-singleuser-sample: + - 2.0.0 k8s.gcr.io: images: kube-scheduler: diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/skopeo-manifest-kubeflow.yml index 7e52fc4e..b63241f8 100644 --- a/skopeo-manifests/skopeo-manifest-kubeflow.yml +++ b/skopeo-manifests/skopeo-manifest-kubeflow.yml @@ -97,6 +97,18 @@ kubeflow: images: training-operator: - v1-5a5f92d +kubeflownotebookswg: + images: + jupyter-pytorch-cuda-full: + - v1.7.0 + jupyter-pytorch-full: + - v1.7.0 + jupyter-scipy: + - v1.7.0 + jupyter-tensorflow-cuda-full: + - v1.7.0 + jupyter-tensorflow-full: + - v1.7.0 quay.io: images: jetstack/cert-manager-cainjector: @@ -119,3 +131,7 @@ registry.k8s.io: - v1.26.3 kube-scheduler: - v1.26.3 +tensorflow: + images: + tensorflow: + - 2.5.1 From ad6a682dfdeb8ee32833383b30c158d1f5048fe5 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Mon, 15 May 2023 12:37:23 +0100 Subject: [PATCH 33/54] Formatting --- .github/workflows/sync-images.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index d8cf861b..719468b6 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -48,7 +48,8 @@ jobs: --scoped \ --all \ /home/skopeo/azimuth-charts/skopeo-manifests/${{ matrix.component }}.yml \ - ghcr.io/stackhpc/azimuth-charts |& tee sync-output.txt + ghcr.io/stackhpc/azimuth-charts \ + |& tee sync-output.txt - name: Check output for any sync errors run: | From 1de9be4f2cdc22eda15d39887467ba8837518c3e Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 25 May 2023 11:58:05 +0100 Subject: [PATCH 34/54] Shorten manifest names --- skopeo-manifests/create-skopeo-manifest.py | 2 +- skopeo-manifests/{skopeo-manifest-daskhub.yml => daskhub.yml} | 0 .../{skopeo-manifest-jupyterhub.yml => jupyterhub.yml} | 0 skopeo-manifests/{skopeo-manifest-kubeflow.yml => kubeflow.yml} | 0 4 files changed, 1 insertion(+), 1 deletion(-) rename skopeo-manifests/{skopeo-manifest-daskhub.yml => daskhub.yml} (100%) rename skopeo-manifests/{skopeo-manifest-jupyterhub.yml => jupyterhub.yml} (100%) rename skopeo-manifests/{skopeo-manifest-kubeflow.yml => kubeflow.yml} (100%) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index 32d467cd..4dd7b42d 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -64,5 +64,5 @@ def dict_merge_recursive(d1, d2): # Loop through lines in file and convert to a nested dict with open(file_path, "r") as file: result_dict = reduce(dict_merge_recursive, map(split_image_url, file.readlines())) - with open(f"skopeo-manifest-{file_path.stem}.yml", "w") as out_file: + with open(f"{file_path.stem}.yml", "w") as out_file: yaml.safe_dump(result_dict, out_file) diff --git a/skopeo-manifests/skopeo-manifest-daskhub.yml b/skopeo-manifests/daskhub.yml similarity index 100% rename from skopeo-manifests/skopeo-manifest-daskhub.yml rename to skopeo-manifests/daskhub.yml diff --git a/skopeo-manifests/skopeo-manifest-jupyterhub.yml b/skopeo-manifests/jupyterhub.yml similarity index 100% rename from skopeo-manifests/skopeo-manifest-jupyterhub.yml rename to skopeo-manifests/jupyterhub.yml diff --git a/skopeo-manifests/skopeo-manifest-kubeflow.yml b/skopeo-manifests/kubeflow.yml similarity index 100% rename from skopeo-manifests/skopeo-manifest-kubeflow.yml rename to skopeo-manifests/kubeflow.yml From 0b639fd73f492e0bfaa35f6b0b79a1b30817065c Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 25 May 2023 12:00:42 +0100 Subject: [PATCH 35/54] Update file list --- .github/workflows/sync-images.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sync-images.yaml b/.github/workflows/sync-images.yaml index 719468b6..f379e1ac 100644 --- a/.github/workflows/sync-images.yaml +++ b/.github/workflows/sync-images.yaml @@ -7,9 +7,9 @@ jobs: strategy: matrix: component: - - skopeo-manifest-daskhub - - skopeo-manifest-jupyterhub - - skopeo-manifest-kubeflow + - daskhub + - jupyterhub + - kubeflow steps: - name: Check out the repository uses: actions/checkout@v3 From 354de67478e5f3ac16cbbf3513c8c78b9f8f7555 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 25 May 2023 12:08:09 +0100 Subject: [PATCH 36/54] Comments and formatting --- skopeo-manifests/create-skopeo-manifest.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index 4dd7b42d..9533e126 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -5,7 +5,7 @@ kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" \ | tr -s '[[:space:]]' '\n' | sort | uniq > FILE_PATH -The script will then generate an output file named skopeo-manifest-{FILE_PATH}.yaml which +The script will then generate an output file named {FILE_PATH}.yml which is formatted such that it can be fed into the sync-images.yml github workflow to copy any required images into a dedicated container registry. @@ -32,8 +32,7 @@ def split_image_url(url: str): try: parts = url.strip("\n").split("/") registry = parts[0] if len(parts) > 1 else default_registry - # TODO: Check if skopeo copy a no-op when - # source and destination are the same + # Don't copy images that are already in ghcr if registry == "ghcr.io": return {} repo_plus_version = "/".join(parts[1:]) if len(parts) > 1 else parts[0] @@ -47,7 +46,7 @@ def split_image_url(url: str): def dict_merge_recursive(d1, d2): - """update first dict with second recursively""" + """Update first dict with second recursively""" try: for k, v in d1.items(): if k in d2: From a2a7b1d4fde65aff9135d1f6259e68773b36fb7d Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 09:39:13 +0100 Subject: [PATCH 37/54] Be explicit about defaulting to docker.io --- skopeo-manifests/create-skopeo-manifest.py | 28 ++++++++++++-- skopeo-manifests/daskhub.yml | 18 ++++----- skopeo-manifests/jupyterhub.yml | 8 ++-- skopeo-manifests/kubeflow.yml | 44 +++++++++------------- 4 files changed, 54 insertions(+), 44 deletions(-) diff --git a/skopeo-manifests/create-skopeo-manifest.py b/skopeo-manifests/create-skopeo-manifest.py index 9533e126..29e949fb 100644 --- a/skopeo-manifests/create-skopeo-manifest.py +++ b/skopeo-manifests/create-skopeo-manifest.py @@ -24,19 +24,41 @@ file_path = Path(sys.argv[1]) # Kubernetes assumes docker registry by default: -# https://kubernetes.io/docs/concepts/containers/images/#image-names -default_registry = "docker.io" +DEFAULT_REGISTRY = "docker.io" +KNOWN_REGISTRIES = [ + "docker.io", + "ghcr.io", + "gcr.io", + "quay.io", + "registry.k8s.io", + "k8s.gcr.io", +] def split_image_url(url: str): + """ + Split image url into constituent parts. + + The logic here is intended to handle urls where the registry is the content + of the string up to the first '/' and also cases where the registry is + not explicitly include in the string, meaning that docker.io should be + used since it is the default k8s registry: + https://kubernetes.io/docs/concepts/containers/images/#image-names + """ try: parts = url.strip("\n").split("/") - registry = parts[0] if len(parts) > 1 else default_registry + registry = parts[0] if len(parts) > 1 else DEFAULT_REGISTRY + # Handle case where registry image path had a '/' in it but + # image registry wasn't included in path + if registry not in KNOWN_REGISTRIES: + parts[1] = registry + "/" + parts[1] + registry = DEFAULT_REGISTRY # Don't copy images that are already in ghcr if registry == "ghcr.io": return {} repo_plus_version = "/".join(parts[1:]) if len(parts) > 1 else parts[0] repo, version = repo_plus_version.split(":") + # Handle case where sha is include in image url if "@sha256" in repo: repo = repo.replace("@sha256", "") version = "sha256:" + version diff --git a/skopeo-manifests/daskhub.yml b/skopeo-manifests/daskhub.yml index 9b733e0a..5b813595 100644 --- a/skopeo-manifests/daskhub.yml +++ b/skopeo-manifests/daskhub.yml @@ -1,23 +1,19 @@ docker.io: images: - traefik: - - 2.6.3 -jupyterhub: - images: - configurable-http-proxy: + jupyterhub/configurable-http-proxy: - 4.5.3 - k8s-hub: + jupyterhub/k8s-hub: - 2.0.0 - k8s-singleuser-sample: + jupyterhub/k8s-singleuser-sample: - 2.0.0 + pangeo/base-notebook: + - 2022.10.31 + traefik: + - 2.6.3 k8s.gcr.io: images: kube-scheduler: - v1.23.10 -pangeo: - images: - base-notebook: - - 2022.10.31 registry.k8s.io: images: coredns/coredns: diff --git a/skopeo-manifests/jupyterhub.yml b/skopeo-manifests/jupyterhub.yml index a70d0825..42f2d358 100644 --- a/skopeo-manifests/jupyterhub.yml +++ b/skopeo-manifests/jupyterhub.yml @@ -1,10 +1,10 @@ -jupyterhub: +docker.io: images: - configurable-http-proxy: + jupyterhub/configurable-http-proxy: - 4.5.3 - k8s-hub: + jupyterhub/k8s-hub: - 2.0.0 - k8s-singleuser-sample: + jupyterhub/k8s-singleuser-sample: - 2.0.0 k8s.gcr.io: images: diff --git a/skopeo-manifests/kubeflow.yml b/skopeo-manifests/kubeflow.yml index b63241f8..62b76ba0 100644 --- a/skopeo-manifests/kubeflow.yml +++ b/skopeo-manifests/kubeflow.yml @@ -4,6 +4,12 @@ docker.io: - 1.16.0 istio/proxyv2: - 1.16.0 + kserve/kserve-controller: + - v0.10.0 + kserve/models-web-app: + - v0.10.0 + kubeflow/training-operator: + - v1-5a5f92d kubeflowkatib/katib-controller: - v0.15.0 kubeflowkatib/katib-db-manager: @@ -12,6 +18,16 @@ docker.io: - v0.15.0 kubeflownotebookswg/centraldashboard: - v1.7.0 + kubeflownotebookswg/jupyter-pytorch-cuda-full: + - v1.7.0 + kubeflownotebookswg/jupyter-pytorch-full: + - v1.7.0 + kubeflownotebookswg/jupyter-scipy: + - v1.7.0 + kubeflownotebookswg/jupyter-tensorflow-cuda-full: + - v1.7.0 + kubeflownotebookswg/jupyter-tensorflow-full: + - v1.7.0 kubeflownotebookswg/jupyter-web-app: - v1.7.0 kubeflownotebookswg/kfam: @@ -34,6 +50,8 @@ docker.io: - 8.0.29 python: - '3.7' + tensorflow/tensorflow: + - 2.5.1 gcr.io: images: arrikto/kubeflow/oidc-authservice: @@ -87,28 +105,6 @@ gcr.io: - v3.3.8-license-compliance tfx-oss-public/ml_metadata_store_server: - 1.5.0 -kserve: - images: - kserve-controller: - - v0.10.0 - models-web-app: - - v0.10.0 -kubeflow: - images: - training-operator: - - v1-5a5f92d -kubeflownotebookswg: - images: - jupyter-pytorch-cuda-full: - - v1.7.0 - jupyter-pytorch-full: - - v1.7.0 - jupyter-scipy: - - v1.7.0 - jupyter-tensorflow-cuda-full: - - v1.7.0 - jupyter-tensorflow-full: - - v1.7.0 quay.io: images: jetstack/cert-manager-cainjector: @@ -131,7 +127,3 @@ registry.k8s.io: - v1.26.3 kube-scheduler: - v1.26.3 -tensorflow: - images: - tensorflow: - - 2.5.1 From 231f93a712977f279be0bed0eeb801581c8015eb Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 12:05:30 +0100 Subject: [PATCH 38/54] Update ignores --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index b496e629..f599f88f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ */charts/* */Chart.lock # Ignore `helm dependency build` output -kubeflow-azimuth/kubeflow-azimuth-chart/** -kubeflow-azimuth/kubeflow-crds/** +kubeflow-azimuth/kubeflow-azimuth-chart +kubeflow-azimuth/kubeflow-crds kubeflow-azimuth/kustomize-build-output.yml \ No newline at end of file From d442ec6db3a1053e9d47f0323f4cba460317c8ea Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 13:40:08 +0100 Subject: [PATCH 39/54] Use stackhpc ghcr container images --- daskhub-azimuth/values.yaml | 15 +++++++ jupyterhub-azimuth/values.yaml | 12 ++++++ kubeflow-azimuth/to-helm-chart.py | 70 +++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) diff --git a/daskhub-azimuth/values.yaml b/daskhub-azimuth/values.yaml index 93847fed..1d520764 100644 --- a/daskhub-azimuth/values.yaml +++ b/daskhub-azimuth/values.yaml @@ -19,6 +19,9 @@ daskhub: String("image", default="pangeo/base-notebook:2022.05.10", label="Image"), handler=option_handler, ) + traefik: + image: ghcr.io/stackhpc/azimuth-charts/docker.io/library/traefik + tag: 2.6.3 jupyterhub: prePuller: @@ -32,10 +35,18 @@ daskhub: service: type: ClusterIP chp: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/configurable-http-proxy + tag: 4.5.3 networkPolicy: enabled: false hub: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-hub + tag: 2.0.0 networkPolicy: enabled: false # Configure the authentication to respect the X-Remote-User header sent by Zenith from Azimuth @@ -81,6 +92,10 @@ daskhub: c.JupyterHub.authenticator_class = RemoteUserAuthenticator singleuser: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/pangeo/base-notebook + tag: 2022.10.31 networkPolicy: enabled: false defaultUrl: /lab diff --git a/jupyterhub-azimuth/values.yaml b/jupyterhub-azimuth/values.yaml index 5e2da9c3..87131bba 100644 --- a/jupyterhub-azimuth/values.yaml +++ b/jupyterhub-azimuth/values.yaml @@ -15,10 +15,18 @@ jupyterhub: service: type: ClusterIP chp: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/configurable-http-proxy + tag: 4.5.3 networkPolicy: enabled: false hub: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-hub + tag: 2.0.0 networkPolicy: enabled: false extraConfig: @@ -63,6 +71,10 @@ jupyterhub: c.JupyterHub.authenticator_class = RemoteUserAuthenticator singleuser: + # Use stackhpc's ghcr image copy + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-singleuser-sample + tag: 2.0.0 networkPolicy: enabled: false defaultUrl: /lab diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index fbb812b9..071b70b2 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -60,6 +60,72 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): with open(main_chart_path / 'values.schema.json', 'w') as schema_file: schema_file.write(json_schema) + +# List of container images that have been synced to stackhpc's ghcr +# by the skopeo github workflow, we want to patch the relevant k8s +# manifests to prepend 'ghcr.io/stackhpc/azimuth-charts/' to these +# images paths so that the images are pulled from the ghcr mirror +# (doing so via a loop in this script is far simpler than adding a +# separate kustomize patch for each image) +MIRRORED_IMAGES = [ + 'docker.io/istio/pilot:1.16.0', + 'docker.io/istio/proxyv2:1.16.0', + 'docker.io/kubeflowkatib/katib-controller:v0.15.0', + 'docker.io/kubeflowkatib/katib-db-manager:v0.15.0', + 'docker.io/kubeflowkatib/katib-ui:v0.15.0', + 'docker.io/kubeflownotebookswg/centraldashboard:v1.7.0', + 'docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0', + 'docker.io/kubeflownotebookswg/kfam:v1.7.0', + 'docker.io/kubeflownotebookswg/notebook-controller:v1.7.0', + 'docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0', + 'docker.io/kubeflownotebookswg/profile-controller:v1.7.0', + 'docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0', + 'docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0', + 'docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0', + 'docker.io/metacontrollerio/metacontroller:v2.0.4', + 'gcr.io/arrikto/kubeflow/oidc-authservice:e236439', + 'gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f', + 'gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba', + 'gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918', + 'gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d', + 'gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1', + 'gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f', + 'gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95', + 'gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470', + 'gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96', + 'gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae', + 'gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1', + 'gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0', + 'gcr.io/ml-pipeline/api-server:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/frontend:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance', + 'gcr.io/ml-pipeline/mysql:8.0.26', + 'gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7', + 'gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance', + 'gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0', + 'kserve/kserve-controller:v0.10.0', + 'kserve/models-web-app:v0.10.0', + 'kubeflow/training-operator:v1-5a5f92d', + 'kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0', + 'kubeflownotebookswg/jupyter-pytorch-full:v1.7.0', + 'kubeflownotebookswg/jupyter-scipy:v1.7.0', + 'kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0', + 'kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0', + 'mysql:8.0.29', + 'python:3.7', + 'quay.io/jetstack/cert-manager-cainjector:v1.10.1', + 'quay.io/jetstack/cert-manager-controller:v1.10.1', + 'quay.io/jetstack/cert-manager-webhook:v1.10.1', + 'tensorflow/tensorflow:2.5.1', +] + + # Write manifest files with open('kustomize-build-output.yml', 'r') as input_file: # NOTE: Read input file as str instead of yaml to preserve newlines @@ -87,6 +153,10 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): # Regex should match everying within a curly bracket that isn't a curly bracket itself manifest_str = re.sub(r"{{([^\{\}]*)}}", r'{{ "{{" }}\1{{ "}}" }}', manifest_str) + # Replace mirrored container images with path to stackhpc mirror + for image in MIRRORED_IMAGES: + manifest_str = re.sub(image, 'ghcr.io/stackhpc/azimuth-charts/' + image, manifest_str) + # Write manifest to file # NOTE: Avoid using yaml.dumps here as it doesn't properly preserve multi-line # yaml blocks (e.g. key: | \n ...) and instead replaces all newlines with '\n' From 807ac245f1a0d3af1f954017ab0570d6e70f209d Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 13:41:06 +0100 Subject: [PATCH 40/54] Formatting --- kubeflow-azimuth/to-helm-chart.py | 161 +++++++++++++++--------------- 1 file changed, 82 insertions(+), 79 deletions(-) diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 071b70b2..21cfa7c0 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -1,10 +1,11 @@ import yaml, re, shutil from pathlib import Path + def make_helm_chart_template(chart_path, chart_yml, values_yml): """Creates a template directory structure for a helm chart""" - print('Creating Helm chart at', chart_path.absolute()) - # Remove any existing content at chart path + print("Creating Helm chart at", chart_path.absolute()) + # Remove any existing content at chart path # TODO: Add user confirmation and/or --force cmd line arg for deletion? try: shutil.rmtree(chart_path) @@ -12,13 +13,13 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): pass # Create Helm chart directory structure chart_path.mkdir() - (chart_path / 'templates').mkdir() - (chart_path / 'crds').mkdir() + (chart_path / "templates").mkdir() + (chart_path / "crds").mkdir() # Write Chart.yaml - with open(chart_path / 'Chart.yaml', 'w') as file: + with open(chart_path / "Chart.yaml", "w") as file: file.write(chart_yml) # Write values.yaml - with open(chart_path / 'values.yaml', 'w') as file: + with open(chart_path / "values.yaml", "w") as file: file.write(values_yml) @@ -57,7 +58,7 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): "required": [] } """ -with open(main_chart_path / 'values.schema.json', 'w') as schema_file: +with open(main_chart_path / "values.schema.json", "w") as schema_file: schema_file.write(json_schema) @@ -68,99 +69,101 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): # (doing so via a loop in this script is far simpler than adding a # separate kustomize patch for each image) MIRRORED_IMAGES = [ - 'docker.io/istio/pilot:1.16.0', - 'docker.io/istio/proxyv2:1.16.0', - 'docker.io/kubeflowkatib/katib-controller:v0.15.0', - 'docker.io/kubeflowkatib/katib-db-manager:v0.15.0', - 'docker.io/kubeflowkatib/katib-ui:v0.15.0', - 'docker.io/kubeflownotebookswg/centraldashboard:v1.7.0', - 'docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0', - 'docker.io/kubeflownotebookswg/kfam:v1.7.0', - 'docker.io/kubeflownotebookswg/notebook-controller:v1.7.0', - 'docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0', - 'docker.io/kubeflownotebookswg/profile-controller:v1.7.0', - 'docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0', - 'docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0', - 'docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0', - 'docker.io/metacontrollerio/metacontroller:v2.0.4', - 'gcr.io/arrikto/kubeflow/oidc-authservice:e236439', - 'gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f', - 'gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba', - 'gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918', - 'gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d', - 'gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1', - 'gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f', - 'gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95', - 'gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470', - 'gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96', - 'gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae', - 'gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1', - 'gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0', - 'gcr.io/ml-pipeline/api-server:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/frontend:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance', - 'gcr.io/ml-pipeline/mysql:8.0.26', - 'gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7', - 'gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance', - 'gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0', - 'kserve/kserve-controller:v0.10.0', - 'kserve/models-web-app:v0.10.0', - 'kubeflow/training-operator:v1-5a5f92d', - 'kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0', - 'kubeflownotebookswg/jupyter-pytorch-full:v1.7.0', - 'kubeflownotebookswg/jupyter-scipy:v1.7.0', - 'kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0', - 'kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0', - 'mysql:8.0.29', - 'python:3.7', - 'quay.io/jetstack/cert-manager-cainjector:v1.10.1', - 'quay.io/jetstack/cert-manager-controller:v1.10.1', - 'quay.io/jetstack/cert-manager-webhook:v1.10.1', - 'tensorflow/tensorflow:2.5.1', + "docker.io/istio/pilot:1.16.0", + "docker.io/istio/proxyv2:1.16.0", + "docker.io/kubeflowkatib/katib-controller:v0.15.0", + "docker.io/kubeflowkatib/katib-db-manager:v0.15.0", + "docker.io/kubeflowkatib/katib-ui:v0.15.0", + "docker.io/kubeflownotebookswg/centraldashboard:v1.7.0", + "docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0", + "docker.io/kubeflownotebookswg/kfam:v1.7.0", + "docker.io/kubeflownotebookswg/notebook-controller:v1.7.0", + "docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0", + "docker.io/kubeflownotebookswg/profile-controller:v1.7.0", + "docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0", + "docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0", + "docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0", + "docker.io/metacontrollerio/metacontroller:v2.0.4", + "gcr.io/arrikto/kubeflow/oidc-authservice:e236439", + "gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f", + "gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba", + "gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918", + "gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d", + "gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1", + "gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f", + "gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95", + "gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470", + "gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96", + "gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae", + "gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1", + "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0", + "gcr.io/ml-pipeline/api-server:2.0.0-alpha.7", + "gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7", + "gcr.io/ml-pipeline/frontend:2.0.0-alpha.7", + "gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7", + "gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7", + "gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance", + "gcr.io/ml-pipeline/mysql:8.0.26", + "gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7", + "gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7", + "gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7", + "gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7", + "gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance", + "gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0", + "kserve/kserve-controller:v0.10.0", + "kserve/models-web-app:v0.10.0", + "kubeflow/training-operator:v1-5a5f92d", + "kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0", + "kubeflownotebookswg/jupyter-pytorch-full:v1.7.0", + "kubeflownotebookswg/jupyter-scipy:v1.7.0", + "kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0", + "kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0", + "mysql:8.0.29", + "python:3.7", + "quay.io/jetstack/cert-manager-cainjector:v1.10.1", + "quay.io/jetstack/cert-manager-controller:v1.10.1", + "quay.io/jetstack/cert-manager-webhook:v1.10.1", + "tensorflow/tensorflow:2.5.1", ] # Write manifest files -with open('kustomize-build-output.yml', 'r') as input_file: +with open("kustomize-build-output.yml", "r") as input_file: # NOTE: Read input file as str instead of yaml to preserve newlines - # all_manifests = yaml.load_all(input_file) + # all_manifests = yaml.load_all(input_file) all_manifests = input_file.read().split("\n---\n") for i, manifest_str in enumerate(all_manifests): - # Convert to yaml for field queries manifest = yaml.safe_load(manifest_str) - + # NOTE: CRDs and namespaces are placed in separate sub-chart since trying to # bundle all manifests into a single helm chart creates a helm release secret # > 1MB which etcd then refuses to store so installation fails - manifest_name = manifest['metadata']['name'].replace('.', '-') + f'-{i+1}.yml' - if manifest['kind'] == 'CustomResourceDefinition': - manifest_path = crd_chart_path / 'crds' / manifest_name - elif manifest['kind'] == 'Namespace': - manifest_path = crd_chart_path / 'templates' / manifest_name + manifest_name = manifest["metadata"]["name"].replace(".", "-") + f"-{i+1}.yml" + if manifest["kind"] == "CustomResourceDefinition": + manifest_path = crd_chart_path / "crds" / manifest_name + elif manifest["kind"] == "Namespace": + manifest_path = crd_chart_path / "templates" / manifest_name else: - manifest_path = main_chart_path / 'templates' / manifest_name - print(f'{i+1}.\t Writing {manifest_path}') - + manifest_path = main_chart_path / "templates" / manifest_name + print(f"{i+1}.\t Writing {manifest_path}") + # NOTE: Some manifest files have '{{' and '}}' instances in comments # These need to be escaped so that helm doesn't try to template them # Regex should match everying within a curly bracket that isn't a curly bracket itself - manifest_str = re.sub(r"{{([^\{\}]*)}}", r'{{ "{{" }}\1{{ "}}" }}', manifest_str) + manifest_str = re.sub( + r"{{([^\{\}]*)}}", r'{{ "{{" }}\1{{ "}}" }}', manifest_str + ) # Replace mirrored container images with path to stackhpc mirror for image in MIRRORED_IMAGES: - manifest_str = re.sub(image, 'ghcr.io/stackhpc/azimuth-charts/' + image, manifest_str) + manifest_str = re.sub( + image, "ghcr.io/stackhpc/azimuth-charts/" + image, manifest_str + ) # Write manifest to file # NOTE: Avoid using yaml.dumps here as it doesn't properly preserve multi-line - # yaml blocks (e.g. key: | \n ...) and instead replaces all newlines with '\n' + # yaml blocks (e.g. key: | \n ...) and instead replaces all newlines with '\n' # inside blocks, making final manifests less readable. - with open(manifest_path, 'w') as output_file: + with open(manifest_path, "w") as output_file: output_file.write(manifest_str) - \ No newline at end of file From d5da99eeea7bf5db7764c32b8add68d8cc6136e8 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 14:38:54 +0100 Subject: [PATCH 41/54] Fix traefik image config --- daskhub-azimuth/values.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daskhub-azimuth/values.yaml b/daskhub-azimuth/values.yaml index 1d520764..13d61c33 100644 --- a/daskhub-azimuth/values.yaml +++ b/daskhub-azimuth/values.yaml @@ -20,8 +20,9 @@ daskhub: handler=option_handler, ) traefik: - image: ghcr.io/stackhpc/azimuth-charts/docker.io/library/traefik - tag: 2.6.3 + image: + name: ghcr.io/stackhpc/azimuth-charts/docker.io/library/traefik + tag: 2.6.3 jupyterhub: prePuller: From 29b285a2e64029b528cc8aa40ad9a2606987216e Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 15:45:40 +0100 Subject: [PATCH 42/54] Fix container image paths --- kubeflow-azimuth/to-helm-chart.py | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 21cfa7c0..31ab434b 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -110,20 +110,20 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): "gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7", "gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance", "gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0", - "kserve/kserve-controller:v0.10.0", - "kserve/models-web-app:v0.10.0", - "kubeflow/training-operator:v1-5a5f92d", - "kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0", - "kubeflownotebookswg/jupyter-pytorch-full:v1.7.0", - "kubeflownotebookswg/jupyter-scipy:v1.7.0", - "kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0", - "kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0", - "mysql:8.0.29", - "python:3.7", + "docker.io/kserve/kserve-controller:v0.10.0", + "docker.io/kserve/models-web-app:v0.10.0", + "docker.io/kubeflow/training-operator:v1-5a5f92d", + "docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0", + "docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0", + "docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0", + "docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0", + "docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0", + "docker.io/library/mysql:8.0.29", + "docker.io/library/python:3.7", "quay.io/jetstack/cert-manager-cainjector:v1.10.1", "quay.io/jetstack/cert-manager-controller:v1.10.1", "quay.io/jetstack/cert-manager-webhook:v1.10.1", - "tensorflow/tensorflow:2.5.1", + "docker.io/tensorflow/tensorflow:2.5.1", ] From c1a5f32b190a3746967b2dcab6245823e2ea8758 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 16:33:13 +0100 Subject: [PATCH 43/54] Fix ghcr image paths --- kubeflow-azimuth/to-helm-chart.py | 107 +++++++++++------------------- 1 file changed, 38 insertions(+), 69 deletions(-) diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 31ab434b..8b9adf66 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -61,71 +61,10 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): with open(main_chart_path / "values.schema.json", "w") as schema_file: schema_file.write(json_schema) - -# List of container images that have been synced to stackhpc's ghcr -# by the skopeo github workflow, we want to patch the relevant k8s -# manifests to prepend 'ghcr.io/stackhpc/azimuth-charts/' to these -# images paths so that the images are pulled from the ghcr mirror -# (doing so via a loop in this script is far simpler than adding a -# separate kustomize patch for each image) -MIRRORED_IMAGES = [ - "docker.io/istio/pilot:1.16.0", - "docker.io/istio/proxyv2:1.16.0", - "docker.io/kubeflowkatib/katib-controller:v0.15.0", - "docker.io/kubeflowkatib/katib-db-manager:v0.15.0", - "docker.io/kubeflowkatib/katib-ui:v0.15.0", - "docker.io/kubeflownotebookswg/centraldashboard:v1.7.0", - "docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0", - "docker.io/kubeflownotebookswg/kfam:v1.7.0", - "docker.io/kubeflownotebookswg/notebook-controller:v1.7.0", - "docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0", - "docker.io/kubeflownotebookswg/profile-controller:v1.7.0", - "docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0", - "docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0", - "docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0", - "docker.io/metacontrollerio/metacontroller:v2.0.4", - "gcr.io/arrikto/kubeflow/oidc-authservice:e236439", - "gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f", - "gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba", - "gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918", - "gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d", - "gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1", - "gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f", - "gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95", - "gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470", - "gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96", - "gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae", - "gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1", - "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0", - "gcr.io/ml-pipeline/api-server:2.0.0-alpha.7", - "gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7", - "gcr.io/ml-pipeline/frontend:2.0.0-alpha.7", - "gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7", - "gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7", - "gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance", - "gcr.io/ml-pipeline/mysql:8.0.26", - "gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7", - "gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7", - "gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7", - "gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7", - "gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance", - "gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0", - "docker.io/kserve/kserve-controller:v0.10.0", - "docker.io/kserve/models-web-app:v0.10.0", - "docker.io/kubeflow/training-operator:v1-5a5f92d", - "docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0", - "docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0", - "docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0", - "docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0", - "docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0", - "docker.io/library/mysql:8.0.29", - "docker.io/library/python:3.7", - "quay.io/jetstack/cert-manager-cainjector:v1.10.1", - "quay.io/jetstack/cert-manager-controller:v1.10.1", - "quay.io/jetstack/cert-manager-webhook:v1.10.1", - "docker.io/tensorflow/tensorflow:2.5.1", -] - +# Read the skopeo container manifest so that we can redirect image pulls to +# stackhpc's ghcr mirror +with open("../skopeo-manifests/kubeflow.yml", "r") as container_manifests_file: + CONTAINER_MANIFEST = yaml.safe_load(container_manifests_file) # Write manifest files with open("kustomize-build-output.yml", "r") as input_file: @@ -156,10 +95,40 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): ) # Replace mirrored container images with path to stackhpc mirror - for image in MIRRORED_IMAGES: - manifest_str = re.sub( - image, "ghcr.io/stackhpc/azimuth-charts/" + image, manifest_str - ) + # for image in MIRRORED_IMAGES: + # manifest_str = re.sub( + # image, "ghcr.io/stackhpc/azimuth-charts/" + image, manifest_str + # ) + for registry, contents in CONTAINER_MANIFEST.items(): + images = contents["images"] + for image, versions in images.items(): + for v in versions: + # NOTE: since some container image paths omit the registry + # and rely on k8s defaulting to docker.io, we have to be careful + # with the logic here and handle several cases explicitly + + image_url = ( + f"{image}:{v}" if "sha256" not in v else f"{image}@sha256:{v}" + ) + + # Case where registry is given upstream + if f"{registry}/{image_url}" in manifest_str: + new_prefix = "ghcr.io/stackhpc/azimuth-charts/" + # Replace image url in k8s manifest + manifest_str = re.sub( + f"{registry}/{image_url}", new_prefix + f"{registry}/{image_url}", manifest_str + ) + # Case where default registry is omitted upstream + elif image_url in manifest_str: + new_prefix = "ghcr.io/stackhpc/azimuth-charts/docker.io/" + # NOTE: Skopeo seems to sync these two images to ghcr as docker.io/library/, + # haven't worked out why so handle it here for now + if image in ["python", "mysql"]: + new_prefix += f"library/" + # Replace image url in k8s manifest + manifest_str = re.sub( + image_url, new_prefix + image_url, manifest_str + ) # Write manifest to file # NOTE: Avoid using yaml.dumps here as it doesn't properly preserve multi-line From e8c502ee6a9aca89830f530d97d4e465c7cd4998 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 16:33:33 +0100 Subject: [PATCH 44/54] Formatting --- kubeflow-azimuth/to-helm-chart.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 8b9adf66..1ef697a9 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -116,7 +116,9 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): new_prefix = "ghcr.io/stackhpc/azimuth-charts/" # Replace image url in k8s manifest manifest_str = re.sub( - f"{registry}/{image_url}", new_prefix + f"{registry}/{image_url}", manifest_str + f"{registry}/{image_url}", + new_prefix + f"{registry}/{image_url}", + manifest_str, ) # Case where default registry is omitted upstream elif image_url in manifest_str: From 295f1aed988fcfb91bbd041d98e20aa9e26f9f8f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Tue, 30 May 2023 16:59:35 +0100 Subject: [PATCH 45/54] Comments and formatting --- kubeflow-azimuth/to-helm-chart.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 1ef697a9..1955b2dc 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -95,10 +95,6 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): ) # Replace mirrored container images with path to stackhpc mirror - # for image in MIRRORED_IMAGES: - # manifest_str = re.sub( - # image, "ghcr.io/stackhpc/azimuth-charts/" + image, manifest_str - # ) for registry, contents in CONTAINER_MANIFEST.items(): images = contents["images"] for image, versions in images.items(): @@ -107,6 +103,7 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): # and rely on k8s defaulting to docker.io, we have to be careful # with the logic here and handle several cases explicitly + # Handle discrepancy in sha256 version tag format image_url = ( f"{image}:{v}" if "sha256" not in v else f"{image}@sha256:{v}" ) From 65f97ceb4c14dfbacd72d5844c639f1ce815c57f Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 31 May 2023 16:32:26 +0100 Subject: [PATCH 46/54] Force ghcr images as kustomization instead --- kubeflow-azimuth/overlay/kustomization.yaml | 127 +++++++++++++++++++- kubeflow-azimuth/to-helm-chart.py | 40 ------ 2 files changed, 126 insertions(+), 41 deletions(-) diff --git a/kubeflow-azimuth/overlay/kustomization.yaml b/kubeflow-azimuth/overlay/kustomization.yaml index 57cb36fc..9e7145d4 100644 --- a/kubeflow-azimuth/overlay/kustomization.yaml +++ b/kubeflow-azimuth/overlay/kustomization.yaml @@ -37,4 +37,129 @@ patches: value: autoscaling/v2 target: kind: HorizontalPodAutoscaler - version: v2beta2 \ No newline at end of file + version: v2beta2 + +# Use StackHPC's ghcr for relevant container images +images: +- name: docker.io/istio/pilot:1.16.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/pilot:1.16.0 +- name: docker.io/istio/proxyv2:1.16.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/proxyv2:1.16.0 +- name: docker.io/kubeflowkatib/katib-controller:v0.15.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-controller:v0.15.0 +- name: docker.io/kubeflowkatib/katib-db-manager:v0.15.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-db-manager:v0.15.0 +- name: docker.io/kubeflowkatib/katib-ui:v0.15.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-ui:v0.15.0 +- name: docker.io/kubeflownotebookswg/centraldashboard:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/centraldashboard:v1.7.0 +- name: docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0 +- name: docker.io/kubeflownotebookswg/kfam:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/kfam:v1.7.0 +- name: docker.io/kubeflownotebookswg/notebook-controller:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/notebook-controller:v1.7.0 +- name: docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0 +- name: docker.io/kubeflownotebookswg/profile-controller:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/profile-controller:v1.7.0 +- name: docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0 +- name: docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0 +- name: docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0 +- name: docker.io/metacontrollerio/metacontroller:v2.0.4 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/metacontrollerio/metacontroller:v2.0.4 +- name: gcr.io/arrikto/kubeflow/oidc-authservice:e236439 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/arrikto/kubeflow/oidc-authservice:e236439 +- name: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f +- name: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba +- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 +- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d +- name: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 +- name: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f +- name: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 +- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 +- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 +- name: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae +- name: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 +- name: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 +- name: gcr.io/ml-pipeline/api-server:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/api-server:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/frontend:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/frontend:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance +- name: gcr.io/ml-pipeline/mysql:8.0.26 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/mysql:8.0.26 +- name: gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7 +- name: gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance +- name: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 +- name: docker.io/kserve/kserve-controller:v0.10.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/kserve-controller:v0.10.0 +- name: docker.io/kserve/models-web-app:v0.10.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/models-web-app:v0.10.0 +- name: docker.io/kubeflow/training-operator:v1-5a5f92d + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflow/training-operator:v1-5a5f92d +- name: docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0 +- name: docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0 +- name: docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0 +- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0 +- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0 +- name: docker.io/library/mysql:8.0.29 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/mysql:8.0.29 +- name: docker.io/library/python:3.7 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/python:3.7 +- name: quay.io/jetstack/cert-manager-cainjector:v1.10.1 + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-cainjector:v1.10.1 +- name: quay.io/jetstack/cert-manager-controller:v1.10.1 + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-controller:v1.10.1 +- name: quay.io/jetstack/cert-manager-webhook:v1.10.1 + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-webhook:v1.10.1 +- name: registry.k8s.io/coredns/coredns:v1.9.3 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/coredns/coredns:v1.9.3 +- name: registry.k8s.io/etcd:3.5.6-0 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/etcd:3.5.6-0 +- name: registry.k8s.io/kube-apiserver:v1.26.3 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-apiserver:v1.26.3 +- name: registry.k8s.io/kube-controller-manager:v1.26.3 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-controller-manager:v1.26.3 +- name: registry.k8s.io/kube-proxy:v1.26.3 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-proxy:v1.26.3 +- name: registry.k8s.io/kube-scheduler:v1.26.3 + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-scheduler:v1.26.3 +- name: docker.io/tensorflow/tensorflow:2.5.1 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/tensorflow/tensorflow:2.5.1 \ No newline at end of file diff --git a/kubeflow-azimuth/to-helm-chart.py b/kubeflow-azimuth/to-helm-chart.py index 1955b2dc..6e853027 100644 --- a/kubeflow-azimuth/to-helm-chart.py +++ b/kubeflow-azimuth/to-helm-chart.py @@ -61,11 +61,6 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): with open(main_chart_path / "values.schema.json", "w") as schema_file: schema_file.write(json_schema) -# Read the skopeo container manifest so that we can redirect image pulls to -# stackhpc's ghcr mirror -with open("../skopeo-manifests/kubeflow.yml", "r") as container_manifests_file: - CONTAINER_MANIFEST = yaml.safe_load(container_manifests_file) - # Write manifest files with open("kustomize-build-output.yml", "r") as input_file: # NOTE: Read input file as str instead of yaml to preserve newlines @@ -94,41 +89,6 @@ def make_helm_chart_template(chart_path, chart_yml, values_yml): r"{{([^\{\}]*)}}", r'{{ "{{" }}\1{{ "}}" }}', manifest_str ) - # Replace mirrored container images with path to stackhpc mirror - for registry, contents in CONTAINER_MANIFEST.items(): - images = contents["images"] - for image, versions in images.items(): - for v in versions: - # NOTE: since some container image paths omit the registry - # and rely on k8s defaulting to docker.io, we have to be careful - # with the logic here and handle several cases explicitly - - # Handle discrepancy in sha256 version tag format - image_url = ( - f"{image}:{v}" if "sha256" not in v else f"{image}@sha256:{v}" - ) - - # Case where registry is given upstream - if f"{registry}/{image_url}" in manifest_str: - new_prefix = "ghcr.io/stackhpc/azimuth-charts/" - # Replace image url in k8s manifest - manifest_str = re.sub( - f"{registry}/{image_url}", - new_prefix + f"{registry}/{image_url}", - manifest_str, - ) - # Case where default registry is omitted upstream - elif image_url in manifest_str: - new_prefix = "ghcr.io/stackhpc/azimuth-charts/docker.io/" - # NOTE: Skopeo seems to sync these two images to ghcr as docker.io/library/, - # haven't worked out why so handle it here for now - if image in ["python", "mysql"]: - new_prefix += f"library/" - # Replace image url in k8s manifest - manifest_str = re.sub( - image_url, new_prefix + image_url, manifest_str - ) - # Write manifest to file # NOTE: Avoid using yaml.dumps here as it doesn't properly preserve multi-line # yaml blocks (e.g. key: | \n ...) and instead replaces all newlines with '\n' From 0b7566a9281515ca7913f2ea1c9c620eb1fec43c Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 31 May 2023 16:34:26 +0100 Subject: [PATCH 47/54] Don't hard-code image tag --- daskhub-azimuth/values.yaml | 5 +---- jupyterhub-azimuth/values.yaml | 3 --- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/daskhub-azimuth/values.yaml b/daskhub-azimuth/values.yaml index 13d61c33..9269750b 100644 --- a/daskhub-azimuth/values.yaml +++ b/daskhub-azimuth/values.yaml @@ -19,10 +19,10 @@ daskhub: String("image", default="pangeo/base-notebook:2022.05.10", label="Image"), handler=option_handler, ) + # Use stackhpc's ghcr image copy traefik: image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/library/traefik - tag: 2.6.3 jupyterhub: prePuller: @@ -39,7 +39,6 @@ daskhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/configurable-http-proxy - tag: 4.5.3 networkPolicy: enabled: false @@ -47,7 +46,6 @@ daskhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-hub - tag: 2.0.0 networkPolicy: enabled: false # Configure the authentication to respect the X-Remote-User header sent by Zenith from Azimuth @@ -96,7 +94,6 @@ daskhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/pangeo/base-notebook - tag: 2022.10.31 networkPolicy: enabled: false defaultUrl: /lab diff --git a/jupyterhub-azimuth/values.yaml b/jupyterhub-azimuth/values.yaml index 87131bba..e22e7902 100644 --- a/jupyterhub-azimuth/values.yaml +++ b/jupyterhub-azimuth/values.yaml @@ -18,7 +18,6 @@ jupyterhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/configurable-http-proxy - tag: 4.5.3 networkPolicy: enabled: false @@ -26,7 +25,6 @@ jupyterhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-hub - tag: 2.0.0 networkPolicy: enabled: false extraConfig: @@ -74,7 +72,6 @@ jupyterhub: # Use stackhpc's ghcr image copy image: name: ghcr.io/stackhpc/azimuth-charts/docker.io/jupyterhub/k8s-singleuser-sample - tag: 2.0.0 networkPolicy: enabled: false defaultUrl: /lab From 7cc3fcd5087f0805cebcf0ed63a70a1f23dab0c1 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 31 May 2023 16:34:58 +0100 Subject: [PATCH 48/54] Ignore vscode dir --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index f599f88f..f08c267d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ */charts/* */Chart.lock +.vscode # Ignore `helm dependency build` output kubeflow-azimuth/kubeflow-azimuth-chart kubeflow-azimuth/kubeflow-crds From 4900d5d1149cff0d087f1165d4daaf18971355c5 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 31 May 2023 16:54:00 +0100 Subject: [PATCH 49/54] Remove explicit image tags --- kubeflow-azimuth/overlay/kustomization.yaml | 244 ++++++++++---------- 1 file changed, 122 insertions(+), 122 deletions(-) diff --git a/kubeflow-azimuth/overlay/kustomization.yaml b/kubeflow-azimuth/overlay/kustomization.yaml index 9e7145d4..3a469f03 100644 --- a/kubeflow-azimuth/overlay/kustomization.yaml +++ b/kubeflow-azimuth/overlay/kustomization.yaml @@ -41,125 +41,125 @@ patches: # Use StackHPC's ghcr for relevant container images images: -- name: docker.io/istio/pilot:1.16.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/pilot:1.16.0 -- name: docker.io/istio/proxyv2:1.16.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/proxyv2:1.16.0 -- name: docker.io/kubeflowkatib/katib-controller:v0.15.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-controller:v0.15.0 -- name: docker.io/kubeflowkatib/katib-db-manager:v0.15.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-db-manager:v0.15.0 -- name: docker.io/kubeflowkatib/katib-ui:v0.15.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-ui:v0.15.0 -- name: docker.io/kubeflownotebookswg/centraldashboard:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/centraldashboard:v1.7.0 -- name: docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-web-app:v1.7.0 -- name: docker.io/kubeflownotebookswg/kfam:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/kfam:v1.7.0 -- name: docker.io/kubeflownotebookswg/notebook-controller:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/notebook-controller:v1.7.0 -- name: docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/poddefaults-webhook:v1.7.0 -- name: docker.io/kubeflownotebookswg/profile-controller:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/profile-controller:v1.7.0 -- name: docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboard-controller:v1.7.0 -- name: docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboards-web-app:v1.7.0 -- name: docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/volumes-web-app:v1.7.0 -- name: docker.io/metacontrollerio/metacontroller:v2.0.4 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/metacontrollerio/metacontroller:v2.0.4 -- name: gcr.io/arrikto/kubeflow/oidc-authservice:e236439 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/arrikto/kubeflow/oidc-authservice:e236439 -- name: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:33d78536e9b38dbb2ec2952207b48ff8e05acb48e7d28c2305bd0a0f7156198f -- name: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:d217ab7e3452a87f8cbb3b45df65c98b18b8be39551e3e960cd49ea44bb415ba -- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:2b484d982ef1a5d6ff93c46d3e45f51c2605c2e3ed766e20247d1727eb5ce918 -- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:59b6a46d3b55a03507c76a3afe8a4ee5f1a38f1130fd3d65c9fe57fff583fa8d -- name: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:c3bbf3a96920048869dcab8e133e00f59855670b8a0bbca3d72ced2f512eb5e1 -- name: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:caae5e34b4cb311ed8551f2778cfca566a77a924a59b775bd516fa8b5e3c1d7f -- name: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:38f9557f4d61ec79cc2cdbe76da8df6c6ae5f978a50a2847c22cc61aa240da95 -- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:a4ba0076df2efaca2eed561339e21b3a4ca9d90167befd31de882bff69639470 -- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:763d648bf1edee2b4471b0e211dbc53ba2d28f92e4dae28ccd39af7185ef2c96 -- name: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:bc13765ba4895c0fa318a065392d05d0adc0e20415c739e0aacb3f56140bf9ae -- name: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 -- name: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 -- name: gcr.io/ml-pipeline/api-server:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/api-server:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/cache-server:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/frontend:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/frontend:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-envoy:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-writer:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/minio:RELEASE.2019-08-14T20-37-41Z-license-compliance -- name: gcr.io/ml-pipeline/mysql:8.0.26 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/mysql:8.0.26 -- name: gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/persistenceagent:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/scheduledworkflow:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/viewer-crd-controller:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/visualization-server:2.0.0-alpha.7 -- name: gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance -- name: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 - newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 -- name: docker.io/kserve/kserve-controller:v0.10.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/kserve-controller:v0.10.0 -- name: docker.io/kserve/models-web-app:v0.10.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/models-web-app:v0.10.0 -- name: docker.io/kubeflow/training-operator:v1-5a5f92d - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflow/training-operator:v1-5a5f92d -- name: docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.7.0 -- name: docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-full:v1.7.0 -- name: docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-scipy:v1.7.0 -- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.7.0 -- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-full:v1.7.0 -- name: docker.io/library/mysql:8.0.29 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/mysql:8.0.29 -- name: docker.io/library/python:3.7 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/python:3.7 -- name: quay.io/jetstack/cert-manager-cainjector:v1.10.1 - newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-cainjector:v1.10.1 -- name: quay.io/jetstack/cert-manager-controller:v1.10.1 - newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-controller:v1.10.1 -- name: quay.io/jetstack/cert-manager-webhook:v1.10.1 - newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-webhook:v1.10.1 -- name: registry.k8s.io/coredns/coredns:v1.9.3 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/coredns/coredns:v1.9.3 -- name: registry.k8s.io/etcd:3.5.6-0 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/etcd:3.5.6-0 -- name: registry.k8s.io/kube-apiserver:v1.26.3 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-apiserver:v1.26.3 -- name: registry.k8s.io/kube-controller-manager:v1.26.3 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-controller-manager:v1.26.3 -- name: registry.k8s.io/kube-proxy:v1.26.3 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-proxy:v1.26.3 -- name: registry.k8s.io/kube-scheduler:v1.26.3 - newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-scheduler:v1.26.3 -- name: docker.io/tensorflow/tensorflow:2.5.1 - newName: ghcr.io/stackhpc/azimuth-charts/docker.io/tensorflow/tensorflow:2.5.1 \ No newline at end of file +- name: docker.io/istio/pilot + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/pilot +- name: docker.io/istio/proxyv2 + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/istio/proxyv2 +- name: docker.io/kubeflowkatib/katib-controller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-controller +- name: docker.io/kubeflowkatib/katib-db-manager + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-db-manager +- name: docker.io/kubeflowkatib/katib-ui + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflowkatib/katib-ui +- name: docker.io/kubeflownotebookswg/centraldashboard + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/centraldashboard +- name: docker.io/kubeflownotebookswg/jupyter-web-app + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-web-app +- name: docker.io/kubeflownotebookswg/kfam + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/kfam +- name: docker.io/kubeflownotebookswg/notebook-controller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/notebook-controller +- name: docker.io/kubeflownotebookswg/poddefaults-webhook + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/poddefaults-webhook +- name: docker.io/kubeflownotebookswg/profile-controller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/profile-controller +- name: docker.io/kubeflownotebookswg/tensorboard-controller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboard-controller +- name: docker.io/kubeflownotebookswg/tensorboards-web-app + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/tensorboards-web-app +- name: docker.io/kubeflownotebookswg/volumes-web-app + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/volumes-web-app +- name: docker.io/metacontrollerio/metacontroller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/metacontrollerio/metacontroller +- name: gcr.io/arrikto/kubeflow/oidc-authservice + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/arrikto/kubeflow/oidc-authservice +- name: gcr.io/knative-releases/knative.dev/eventing/cmd/controller + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/controller +- name: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/eventing/cmd/webhook +- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/controller +- name: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook +- name: gcr.io/knative-releases/knative.dev/serving/cmd/activator + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/activator +- name: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler +- name: gcr.io/knative-releases/knative.dev/serving/cmd/controller + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/controller +- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook +- name: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping +- name: gcr.io/knative-releases/knative.dev/serving/cmd/webhook + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/knative-releases/knative.dev/serving/cmd/webhook +- name: gcr.io/kubebuilder/kube-rbac-proxy + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy +- name: gcr.io/kubebuilder/kube-rbac-proxy + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/kubebuilder/kube-rbac-proxy +- name: gcr.io/ml-pipeline/api-server + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/api-server +- name: gcr.io/ml-pipeline/cache-server + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/cache-server +- name: gcr.io/ml-pipeline/frontend + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/frontend +- name: gcr.io/ml-pipeline/metadata-envoy + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-envoy +- name: gcr.io/ml-pipeline/metadata-writer + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/metadata-writer +- name: gcr.io/ml-pipeline/minio + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/minio +- name: gcr.io/ml-pipeline/mysql + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/mysql +- name: gcr.io/ml-pipeline/persistenceagent + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/persistenceagent +- name: gcr.io/ml-pipeline/scheduledworkflow + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/scheduledworkflow +- name: gcr.io/ml-pipeline/viewer-crd-controller + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/viewer-crd-controller +- name: gcr.io/ml-pipeline/visualization-server + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/visualization-server +- name: gcr.io/ml-pipeline/workflow-controller + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/ml-pipeline/workflow-controller +- name: gcr.io/tfx-oss-public/ml_metadata_store_server + newName: ghcr.io/stackhpc/azimuth-charts/gcr.io/tfx-oss-public/ml_metadata_store_server +- name: docker.io/kserve/kserve-controller + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/kserve-controller +- name: docker.io/kserve/models-web-app + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kserve/models-web-app +- name: docker.io/kubeflow/training-operator + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflow/training-operator +- name: docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-cuda-full +- name: docker.io/kubeflownotebookswg/jupyter-pytorch-full + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-pytorch-full +- name: docker.io/kubeflownotebookswg/jupyter-scipy + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-scipy +- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full +- name: docker.io/kubeflownotebookswg/jupyter-tensorflow-full + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-full +- name: docker.io/library/mysql + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/mysql +- name: docker.io/library/python + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/python +- name: quay.io/jetstack/cert-manager-cainjector + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-cainjector +- name: quay.io/jetstack/cert-manager-controller + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-controller +- name: quay.io/jetstack/cert-manager-webhook + newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-webhook +- name: registry.k8s.io/coredns/coredns + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/coredns/coredns +- name: registry.k8s.io/etcd + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/etcd +- name: registry.k8s.io/kube-apiserver + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-apiserver +- name: registry.k8s.io/kube-controller-manager + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-controller-manager +- name: registry.k8s.io/kube-proxy + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-proxy +- name: registry.k8s.io/kube-scheduler + newName: ghcr.io/stackhpc/azimuth-charts/registry.k8s.io/kube-scheduler +- name: docker.io/tensorflow/tensorflow + newName: ghcr.io/stackhpc/azimuth-charts/docker.io/tensorflow/tensorflow From 34aac8b62c47915ff09f0c731a6d18684684eac1 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Wed, 31 May 2023 17:23:35 +0100 Subject: [PATCH 50/54] Fix python & mysql image names --- kubeflow-azimuth/overlay/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kubeflow-azimuth/overlay/kustomization.yaml b/kubeflow-azimuth/overlay/kustomization.yaml index 3a469f03..08b38c47 100644 --- a/kubeflow-azimuth/overlay/kustomization.yaml +++ b/kubeflow-azimuth/overlay/kustomization.yaml @@ -139,9 +139,9 @@ images: newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-cuda-full - name: docker.io/kubeflownotebookswg/jupyter-tensorflow-full newName: ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/jupyter-tensorflow-full -- name: docker.io/library/mysql +- name: mysql newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/mysql -- name: docker.io/library/python +- name: python newName: ghcr.io/stackhpc/azimuth-charts/docker.io/library/python - name: quay.io/jetstack/cert-manager-cainjector newName: ghcr.io/stackhpc/azimuth-charts/quay.io/jetstack/cert-manager-cainjector From 724ef7eb538c0a810d5cf372b7afd83de5b7abad Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 15 Jun 2023 17:23:40 +0100 Subject: [PATCH 51/54] Handle images defined in config maps --- kubeflow-azimuth/build-chart.sh | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/kubeflow-azimuth/build-chart.sh b/kubeflow-azimuth/build-chart.sh index a7364726..ec2903e5 100755 --- a/kubeflow-azimuth/build-chart.sh +++ b/kubeflow-azimuth/build-chart.sh @@ -5,6 +5,28 @@ if [[ ! $(kustomize version) == *v5.* ]]; then echo "Please install a valid version then try again." exit 1 fi -kustomize build overlay/ --output kustomize-build-output.yml + +OUTPUT_FILE=kustomize-build-output.yml +kustomize build overlay/ --output $OUTPUT_FILE + +# NOTE(scott): kustomize image source patches don't capture +# default notebook images used by kubeflow jupyterhub platform +# since these are defined within the data.'spawner_ui_config.yaml' +# field of the ConfigMap 'jupyter-web-app-config-xxxxxxx' +# Use sed here to replace these images with ghcr versions +IMAGES=( + "jupyter-scipy" + "jupyter-pytorch-full" + "jupyter-pytorch-cuda-full" + "jupyter-tensorflow-full" + "jupyter-tensorflow-cuda-full" +) +for image in ${IMAGES[@]}; do + # Handle fact that backup suffix is required on MacOS + sed -i .bak "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE + # suffix to -i option is mandatory on MacOS sed, remove backup file here + rm $OUTPUT_FILE.bak +done + +# Convert kustomize output to helm chart directory structure python3 to-helm-chart.py -# git add ../kubeflow-azimuth-chart \ No newline at end of file From 3d86b3fe4e2826cf47b6da934a8d6b72bde8a2c3 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 15 Jun 2023 17:25:23 +0100 Subject: [PATCH 52/54] Update comments --- kubeflow-azimuth/build-chart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubeflow-azimuth/build-chart.sh b/kubeflow-azimuth/build-chart.sh index ec2903e5..5a699d51 100755 --- a/kubeflow-azimuth/build-chart.sh +++ b/kubeflow-azimuth/build-chart.sh @@ -22,7 +22,7 @@ IMAGES=( "jupyter-tensorflow-cuda-full" ) for image in ${IMAGES[@]}; do - # Handle fact that backup suffix is required on MacOS + # Backup suffix is required on MacOS sed -i .bak "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE # suffix to -i option is mandatory on MacOS sed, remove backup file here rm $OUTPUT_FILE.bak From 60b39eaac675f38eb2efc7a9e8543d8398a55d11 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 15 Jun 2023 17:27:40 +0100 Subject: [PATCH 53/54] Fix linux sed usage --- kubeflow-azimuth/build-chart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubeflow-azimuth/build-chart.sh b/kubeflow-azimuth/build-chart.sh index 5a699d51..60d7c778 100755 --- a/kubeflow-azimuth/build-chart.sh +++ b/kubeflow-azimuth/build-chart.sh @@ -23,7 +23,7 @@ IMAGES=( ) for image in ${IMAGES[@]}; do # Backup suffix is required on MacOS - sed -i .bak "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE + sed -i ".bak" "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE # suffix to -i option is mandatory on MacOS sed, remove backup file here rm $OUTPUT_FILE.bak done From 6aa158dc7e1fa39d4e1ddaf2e22c5b7f6e26d504 Mon Sep 17 00:00:00 2001 From: Scott Davidson Date: Thu, 15 Jun 2023 17:34:57 +0100 Subject: [PATCH 54/54] Fix linux sed usage properly --- kubeflow-azimuth/build-chart.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubeflow-azimuth/build-chart.sh b/kubeflow-azimuth/build-chart.sh index 60d7c778..f0823896 100755 --- a/kubeflow-azimuth/build-chart.sh +++ b/kubeflow-azimuth/build-chart.sh @@ -23,7 +23,7 @@ IMAGES=( ) for image in ${IMAGES[@]}; do # Backup suffix is required on MacOS - sed -i ".bak" "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE + sed -i.bak "s|kubeflownotebookswg/${image}|ghcr.io/stackhpc/azimuth-charts/docker.io/kubeflownotebookswg/${image}|g" $OUTPUT_FILE # suffix to -i option is mandatory on MacOS sed, remove backup file here rm $OUTPUT_FILE.bak done