def deploy_with_kfctl_go(kfctl_path, args, app_dir, env):
"""Deploy Kubeflow using kfctl go binary."""
# username and password are passed as env vars and won't appear in the logs
#
# TODO(https://github.com/kubeflow/kubeflow/issues/2831): We should be
# loading the config in the repo we have checked out kfctl doesn't support
# specifying a file URI. Once it does we should change --version to
# use it.
#
# TODO(zhenghuiwang): use the master of kubeflow/manifests once
# https://github.com/kubeflow/kubeflow/issues/3475 is fixed.
logging.warning("Loading configs %s.", args.kfctl_config)
if args.kfctl_config.startswith("http"):
response = requests.get(args.kfctl_config)
raw_config = response.content
else:
with open(args.kfctl_config) as hf:
raw_config = hf.read()
config_spec = yaml.load(raw_config)
# We need to specify a valid email because
# 1. We need to create appropriate RBAC rules to allow the current user
# to create the required K8s resources.
# 2. Setting the IAM policy will fail if the email is invalid.
email = util.run(["gcloud", "config", "get-value", "account"])
if not email:
raise ValueError("Could not determine GCP account being used.")
config_spec["spec"]["project"] = args.project
config_spec["spec"]["email"] = email
config_spec["spec"]["zone"] = args.zone
config_spec["spec"] = util.filter_spartakus(config_spec["spec"])
logging.info("KFDefSpec:\n%s", str(config_spec))
with tempfile.NamedTemporaryFile(suffix=".yaml", delete=False) as f:
config_file = f.name
logging.info("Writing file %s", f.name)
yaml.dump(config_spec, f)
util.run([kfctl_path, "init", app_dir, "-V", "--config=" + config_file],
env=env)
util.run([kfctl_path, "generate", "-V", "all"], env=env, cwd=app_dir)
util.run([kfctl_path, "apply", "-V", "all"], env=env, cwd=app_dir)
def deploy_with_kfctl_go(kfctl_path, args, app_dir, env, labels=None): # pylint: disable=too-many-branches
"""Deploy Kubeflow using kfctl go binary."""
# username and password are passed as env vars and won't appear in the logs
#
# We need to edit and rewrite the config file to the app dir because
# kfctl uses the path of the config file as the app dir.s
logging.warning("Loading configs %s.", args.kfctl_config)
if args.kfctl_config.startswith("http"):
response = requests.get(args.kfctl_config)
raw_config = response.content
else:
with open(args.kfctl_config) as hf:
raw_config = hf.read()
config_spec = yaml.load(raw_config)
# We need to specify a valid email because
# 1. We need to create appropriate RBAC rules to allow the current user
# to create the required K8s resources.
# 2. Setting the IAM policy will fail if the email is invalid.
email = args.email
if not email:
logging.info("email not set trying to get default from gcloud")
email = util.run(["gcloud", "auth", "list",
"--filter", "status:ACTIVE", "--format", "value(account)"])
if not email:
raise ValueError("Could not determine GCP account being used.")
kfdef_version = config_spec["apiVersion"].strip().lower()
if kfdef_version == KFDEF_V1ALPHA1:
config_spec = build_v06_spec(config_spec, args.project, email, args.zone,
args.setup_project)
else:
config_spec = build_v07_spec(config_spec, args.project, email, args.zone,
args.setup_project)
config_spec["spec"] = util.filter_spartakus(config_spec["spec"])
# Remove name because we will auto infer from directory.
if "name" in config_spec["metadata"]:
logging.info("Deleting name in kfdef spec.")
del config_spec["metadata"]["name"]
app_name = os.path.basename(app_dir)
if not "labels" in config_spec["metadata"]:
config_spec["metadata"]["labels"] = {}
if labels:
config_spec["metadata"]["labels"].update(labels)
logging.info("KFDefSpec:\n%s", yaml.safe_dump(config_spec))
if kfdef_version == KFDEF_V1ALPHA1:
logging.info("Deploying using v06 syntax")
logging.info("Checking if deployment %s already exists in project %s",
args.project, app_name)
if check_if_kfapp_exists(args.project, app_name, args.zone):
# With v0.6 kfctl can't successfully run apply a 2nd time so if
# the deployment already exists we can't redeploy.
logging.info("Deployment %s already exists in project %s; not "
"redeploying", args.project, app_name)
return
with tempfile.NamedTemporaryFile(prefix="tmpkf_config", suffix=".yaml",
delete=False) as hf:
config_file = hf.name
logging.info("Writing file %s", config_file)
yaml.dump(config_spec, hf)
util.run([kfctl_path, "init", app_dir, "-V", "--config=" + config_file],
env=env)
util.run([kfctl_path, "generate", "-V", "all"], env=env, cwd=app_dir)
util.run([kfctl_path, "apply", "-V", "all"], env=env, cwd=app_dir)
else:
logging.info("Deploying using v07 syntax")
if not os.path.exists(app_dir):
logging.info("Creating app dir %s", app_dir)
os.makedirs(app_dir)
config_file = os.path.join(app_dir, "kf_config.yaml")
with open(config_file, "w") as hf:
logging.info("Writing file %s", config_file)
yaml.dump(config_spec, hf)
util.run([kfctl_path, "apply", "-V", "-f", config_file], env=env)
# We will hit lets encrypt rate limiting with the managed certificates
# So create a self signed certificate and update the ingress to use it.
if args.use_self_cert:
logging.info("Configuring self signed certificate")
util.load_kube_credentials()
api_client = k8s_client.ApiClient()
ingress_namespace = "istio-system"
ingress_name = "envoy-ingress"
tls_endpoint = "{0}.endpoints.{1}.cloud.goog".format(app_name, args.project)
logging.info("Configuring self signed cert for %s", tls_endpoint)
util.use_self_signed_for_ingress(ingress_namespace, ingress_name,
tls_endpoint, api_client)