From ccbf4575d4fd49f00feb026e290dc3cd71df2235 Mon Sep 17 00:00:00 2001 From: alex-treebeard Date: Fri, 8 Mar 2024 14:51:38 +0000 Subject: [PATCH 1/2] bootstrap vals --- README.md | 40 +---- examples/eks-https-loadbalancer/README.md | 1 + examples/eks-https-loadbalancer/kubeflow.tf | 132 +++++++------- examples/k3s-existing-istio/main.tf | 33 +--- examples/k3s/README.md | 1 - helm/kubeflow-argo-apps/README.md | 182 ++++++++++++++++++++ helm/kubeflow-bootstrap/Chart.yaml | 2 +- helm/kubeflow-bootstrap/README.md | 24 +++ helm/kubeflow-bootstrap/templates/all.yaml | 69 +++++--- helm/kubeflow-bootstrap/values.yaml | 28 +++ main.tf | 25 +-- variables.tf | 9 - 12 files changed, 365 insertions(+), 181 deletions(-) create mode 100644 helm/kubeflow-argo-apps/README.md create mode 100644 helm/kubeflow-bootstrap/README.md create mode 100644 helm/kubeflow-bootstrap/values.yaml diff --git a/README.md b/README.md index dc571ae..17b667a 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,6 @@ This module is built on top of the official [Kubeflow Manifests repo](https://gi |------|---------| | [helm](#provider\_helm) | >= 2.12 | | [null](#provider\_null) | >= 3.0 | -| [time](#provider\_time) | >= 0.9 | ## Modules @@ -143,47 +142,18 @@ No modules. | Name | Type | |------|------| -| [helm_release.admission_webhook](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.argo_cd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.central_dashboard](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.cert_manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.cluster_issuer](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.dex](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.jupyter_web_app](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.kubeflow_istio_resources](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.kubeflow_namespace](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.kubeflow_roles](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.notebook_controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.oidc_authservice](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.profile](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.profiles_kfam](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.pvc_viewer_controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.volumes_web_app](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [null_resource.kf_apps_end](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.kf_apps_start](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.kf_core_end](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.kf_core_start](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.kf_dependencies_end](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [null_resource.kf_dependencies_start](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [helm_release.kubeflow_bootstrap](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [null_resource.start](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [enable\_argocd](#input\_enable\_argocd) | n/a | `bool` | `true` | no | -| [enable\_cert\_manager](#input\_enable\_cert\_manager) | n/a | `bool` | `true` | no | -| [enable\_example\_profile](#input\_enable\_example\_profile) | n/a | `bool` | `true` | no | -| [enable\_https](#input\_enable\_https) | n/a | `bool` | `false` | no | -| [enable\_istio\_base](#input\_enable\_istio\_base) | n/a | `bool` | `true` | no | -| [enable\_istio\_resources](#input\_enable\_istio\_resources) | Enable istio resources for clusters with pre-existing istio | `bool` | `true` | no | -| [enable\_istiod](#input\_enable\_istiod) | n/a | `bool` | `true` | no | -| [hostname](#input\_hostname) | n/a | `string` | `"*"` | no | -| [issuer\_name](#input\_issuer\_name) | Required if enable\_https is true | `string` | `"null"` | no | -| [user\_password](#input\_user\_password) | The password for the user | `string` | `"12341234"` | no | +| [kubeflow\_set](#input\_kubeflow\_set) | Value block with custom STRING values to be merged with the values yaml. |
list(object({
name = string
value = string
}))
| `null` | no | +| [kubeflow\_set\_sensitive](#input\_kubeflow\_set\_sensitive) | Value block with custom sensitive values to be merged with the values yaml that won't be exposed in the plan's diff. |
list(object({
path = string
value = string
}))
| `null` | no | +| [kubeflow\_values](#input\_kubeflow\_values) | Extra values | `list(string)` | `[]` | no | ## Outputs diff --git a/examples/eks-https-loadbalancer/README.md b/examples/eks-https-loadbalancer/README.md index 0d98594..cdac0fd 100644 --- a/examples/eks-https-loadbalancer/README.md +++ b/examples/eks-https-loadbalancer/README.md @@ -52,6 +52,7 @@ | [enable\_treebeardkf](#input\_enable\_treebeardkf) | Enable Treebeard KF | `bool` | `false` | no | | [host](#input\_host) | n/a | `any` | n/a | yes | | [hosted\_zone\_id](#input\_hosted\_zone\_id) | n/a | `any` | n/a | yes | +| [password](#input\_password) | password for user@example.com | `any` | n/a | yes | ## Outputs diff --git a/examples/eks-https-loadbalancer/kubeflow.tf b/examples/eks-https-loadbalancer/kubeflow.tf index 7a8358f..b167123 100644 --- a/examples/eks-https-loadbalancer/kubeflow.tf +++ b/examples/eks-https-loadbalancer/kubeflow.tf @@ -3,69 +3,75 @@ module "treebeardkf" { source = "../.." kubeflow_values = [ < [helm](#requirement\_helm) | ~> 2.12.1 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.25.2 | ## Providers diff --git a/helm/kubeflow-argo-apps/README.md b/helm/kubeflow-argo-apps/README.md new file mode 100644 index 0000000..e897de4 --- /dev/null +++ b/helm/kubeflow-argo-apps/README.md @@ -0,0 +1,182 @@ +# kubeflow-argo-apps + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| admissionWebhook.enabled | bool | `true` | | +| admissionWebhook.spec.destination.name | string | `"in-cluster"` | | +| admissionWebhook.spec.destination.namespace | string | `"argocd"` | | +| admissionWebhook.spec.project | string | `"default"` | | +| admissionWebhook.spec.source.path | string | `"apps/admission-webhook/upstream/overlays/cert-manager"` | | +| admissionWebhook.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| admissionWebhook.spec.source.targetRevision | string | `"776d4f4"` | | +| admissionWebhook.spec.syncPolicy.automated.prune | bool | `false` | | +| admissionWebhook.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| centralDashboard.enabled | bool | `true` | | +| centralDashboard.spec.destination.name | string | `"in-cluster"` | | +| centralDashboard.spec.destination.namespace | string | `"argocd"` | | +| centralDashboard.spec.project | string | `"default"` | | +| centralDashboard.spec.source.kustomize.patches[0].patch | string | `"- op: replace\n path: /data/links\n value: |\n {\n \"menuLinks\": [\n {\n \"type\": \"item\",\n \"link\": \"/jupyter/\",\n \"text\": \"Notebooks\",\n \"icon\": \"book\"\n },\n {\n \"type\": \"item\",\n \"link\": \"/volumes/\",\n \"text\": \"Volumes\",\n \"icon\": \"device:storage\"\n }\n ],\n \"externalLinks\": [ ],\n \"quickLinks\": [\n {\n \"text\": \"Create a new Notebook server\",\n \"desc\": \"Notebook Servers\",\n \"link\": \"/jupyter/new?namespace=kubeflow\"\n }\n ],\n \"documentationItems\": [\n {\n \"text\": \"Getting Started with Kubeflow\",\n \"desc\": \"Get your machine-learning workflow up and running on Kubeflow\",\n \"link\": \"https://www.kubeflow.org/docs/started/getting-started/\"\n }\n ]\n }"` | | +| centralDashboard.spec.source.kustomize.patches[0].target.kind | string | `"ConfigMap"` | | +| centralDashboard.spec.source.kustomize.patches[0].target.name | string | `"centraldashboard-config"` | | +| centralDashboard.spec.source.path | string | `"apps/centraldashboard/upstream/overlays/kserve"` | | +| centralDashboard.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| centralDashboard.spec.source.targetRevision | string | `"776d4f4"` | | +| centralDashboard.spec.syncPolicy.automated.prune | bool | `false` | | +| centralDashboard.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| certManager.enabled | bool | `true` | | +| certManager.spec.destination.name | string | `"in-cluster"` | | +| certManager.spec.destination.namespace | string | `"cert-manager"` | | +| certManager.spec.project | string | `"default"` | | +| certManager.spec.sources[0].chart | string | `"cert-manager"` | | +| certManager.spec.sources[0].helm.ignoreMissingValueFiles | bool | `true` | | +| certManager.spec.sources[0].helm.releaseName | string | `"cert-manager"` | | +| certManager.spec.sources[0].helm.valueFiles | list | `[]` | | +| certManager.spec.sources[0].helm.values | string | `"installCRDs: true\n"` | | +| certManager.spec.sources[0].repoURL | string | `"https://charts.jetstack.io"` | | +| certManager.spec.sources[0].targetRevision | string | `"1.14.3"` | | +| certManager.spec.syncPolicy.automated.prune | bool | `false` | | +| certManager.spec.syncPolicy.syncOptions[0] | string | `"CreateNamespace=true"` | | +| certManager.spec.syncPolicy.syncOptions[1] | string | `"ServerSideApply=true"` | | +| dex.enabled | bool | `true` | | +| dex.spec.destination.name | string | `"in-cluster"` | | +| dex.spec.destination.namespace | string | `"argocd"` | | +| dex.spec.project | string | `"default"` | | +| dex.spec.source.path | string | `"common/dex/overlays/istio"` | | +| dex.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| dex.spec.source.targetRevision | string | `"776d4f4"` | | +| dex.spec.syncPolicy.automated.prune | bool | `false` | | +| dex.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| exampleProfile.enabled | bool | `true` | | +| exampleProfile.spec.destination.name | string | `"in-cluster"` | | +| exampleProfile.spec.destination.namespace | string | `"argocd"` | | +| exampleProfile.spec.project | string | `"default"` | | +| exampleProfile.spec.source.path | string | `"common/user-namespace/base"` | | +| exampleProfile.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| exampleProfile.spec.source.targetRevision | string | `"776d4f4"` | | +| exampleProfile.spec.syncPolicy.automated.prune | bool | `false` | | +| exampleProfile.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| gateway.enabled | bool | `true` | | +| gateway.spec.destination.name | string | `"in-cluster"` | | +| gateway.spec.destination.namespace | string | `"istio-system"` | | +| gateway.spec.project | string | `"default"` | | +| gateway.spec.sources[0].chart | string | `"gateway"` | | +| gateway.spec.sources[0].helm.ignoreMissingValueFiles | bool | `true` | | +| gateway.spec.sources[0].helm.releaseName | string | `"istio-ingressgateway"` | | +| gateway.spec.sources[0].helm.valueFiles | list | `[]` | | +| gateway.spec.sources[0].helm.values | string | `"service:\n type: ClusterIP\nserviceAccount:\n name: istio-ingressgateway-service-account\nresources:\n requests:\n cpu: 10m\n memory: 64Mi\n limits:\n cpu: 2000m\n memory: 1024Mi\n"` | | +| gateway.spec.sources[0].repoURL | string | `"https://istio-release.storage.googleapis.com/charts"` | | +| gateway.spec.sources[0].targetRevision | string | `"1.18.7"` | | +| gateway.spec.syncPolicy.automated.prune | bool | `false` | | +| gateway.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| istioBase.enabled | bool | `true` | | +| istioBase.spec.destination.name | string | `"in-cluster"` | | +| istioBase.spec.destination.namespace | string | `"istio-system"` | | +| istioBase.spec.project | string | `"default"` | | +| istioBase.spec.sources[0].chart | string | `"base"` | | +| istioBase.spec.sources[0].helm.ignoreMissingValueFiles | bool | `true` | | +| istioBase.spec.sources[0].helm.releaseName | string | `"istio-base"` | | +| istioBase.spec.sources[0].helm.valueFiles | list | `[]` | | +| istioBase.spec.sources[0].repoURL | string | `"https://istio-release.storage.googleapis.com/charts"` | | +| istioBase.spec.sources[0].targetRevision | string | `"1.18.7"` | | +| istioBase.spec.syncPolicy.automated.prune | bool | `false` | | +| istioBase.spec.syncPolicy.syncOptions[0] | string | `"CreateNamespace=true"` | | +| istioBase.spec.syncPolicy.syncOptions[1] | string | `"ServerSideApply=true"` | | +| istioResources.enabled | bool | `true` | | +| istioResources.spec.destination.name | string | `"in-cluster"` | | +| istioResources.spec.destination.namespace | string | `"argocd"` | | +| istioResources.spec.project | string | `"default"` | | +| istioResources.spec.source.path | string | `"common/istio-1-17/kubeflow-istio-resources/base"` | | +| istioResources.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| istioResources.spec.source.targetRevision | string | `"776d4f4"` | | +| istioResources.spec.syncPolicy.automated.prune | bool | `false` | | +| istioResources.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| istiod.enabled | bool | `true` | | +| istiod.spec.destination.name | string | `"in-cluster"` | | +| istiod.spec.destination.namespace | string | `"istio-system"` | | +| istiod.spec.project | string | `"default"` | | +| istiod.spec.sources[0].chart | string | `"istiod"` | | +| istiod.spec.sources[0].helm.ignoreMissingValueFiles | bool | `true` | | +| istiod.spec.sources[0].helm.releaseName | string | `"istiod"` | | +| istiod.spec.sources[0].helm.valueFiles | list | `[]` | | +| istiod.spec.sources[0].helm.values | string | `"pilot:\n resources:\n requests:\n cpu: 10m\n memory: 128Mi\nglobal:\n proxy:\n resources:\n requests:\n cpu: 10m\n memory: 64Mi\n"` | | +| istiod.spec.sources[0].repoURL | string | `"https://istio-release.storage.googleapis.com/charts"` | | +| istiod.spec.sources[0].targetRevision | string | `"1.18.7"` | | +| istiod.spec.syncPolicy.automated.prune | bool | `false` | | +| istiod.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| jupyterWebApp.enabled | bool | `true` | | +| jupyterWebApp.spec.destination.name | string | `"in-cluster"` | | +| jupyterWebApp.spec.destination.namespace | string | `"argocd"` | | +| jupyterWebApp.spec.project | string | `"default"` | | +| jupyterWebApp.spec.source.path | string | `"apps/jupyter/jupyter-web-app/upstream/overlays/istio"` | | +| jupyterWebApp.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| jupyterWebApp.spec.source.targetRevision | string | `"776d4f4"` | | +| jupyterWebApp.spec.syncPolicy.automated.prune | bool | `false` | | +| jupyterWebApp.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| kubeflowNamespace.enabled | bool | `true` | | +| kubeflowNamespace.spec.destination.name | string | `"in-cluster"` | | +| kubeflowNamespace.spec.destination.namespace | string | `"argocd"` | | +| kubeflowNamespace.spec.project | string | `"default"` | | +| kubeflowNamespace.spec.source.path | string | `"common/kubeflow-namespace/base"` | | +| kubeflowNamespace.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| kubeflowNamespace.spec.source.targetRevision | string | `"776d4f4"` | | +| kubeflowNamespace.spec.syncPolicy.automated.prune | bool | `false` | | +| kubeflowNamespace.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| kubeflowRoles.enabled | bool | `true` | | +| kubeflowRoles.spec.destination.name | string | `"in-cluster"` | | +| kubeflowRoles.spec.destination.namespace | string | `"argocd"` | | +| kubeflowRoles.spec.project | string | `"default"` | | +| kubeflowRoles.spec.source.path | string | `"common/kubeflow-roles/base"` | | +| kubeflowRoles.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| kubeflowRoles.spec.source.targetRevision | string | `"776d4f4"` | | +| kubeflowRoles.spec.syncPolicy.automated.prune | bool | `false` | | +| kubeflowRoles.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| notebookController.enabled | bool | `true` | | +| notebookController.spec.destination.name | string | `"in-cluster"` | | +| notebookController.spec.destination.namespace | string | `"argocd"` | | +| notebookController.spec.project | string | `"default"` | | +| notebookController.spec.source.path | string | `"apps/jupyter/notebook-controller/upstream/overlays/kubeflow"` | | +| notebookController.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| notebookController.spec.source.targetRevision | string | `"776d4f4"` | | +| notebookController.spec.syncPolicy.automated.prune | bool | `false` | | +| notebookController.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| oidcAuthService.enabled | bool | `true` | | +| oidcAuthService.spec.destination.name | string | `"in-cluster"` | | +| oidcAuthService.spec.destination.namespace | string | `"argocd"` | | +| oidcAuthService.spec.project | string | `"default"` | | +| oidcAuthService.spec.source.path | string | `"common/oidc-client/oidc-authservice/base"` | | +| oidcAuthService.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| oidcAuthService.spec.source.targetRevision | string | `"776d4f4"` | | +| oidcAuthService.spec.syncPolicy.automated.prune | bool | `false` | | +| oidcAuthService.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| profiles.enabled | bool | `true` | | +| profiles.spec.destination.name | string | `"in-cluster"` | | +| profiles.spec.destination.namespace | string | `"argocd"` | | +| profiles.spec.project | string | `"default"` | | +| profiles.spec.source.path | string | `"apps/profiles/upstream/overlays/kubeflow"` | | +| profiles.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| profiles.spec.source.targetRevision | string | `"776d4f4"` | | +| profiles.spec.syncPolicy.automated.prune | bool | `false` | | +| profiles.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| pvcViewerController.enabled | bool | `true` | | +| pvcViewerController.spec.destination.name | string | `"in-cluster"` | | +| pvcViewerController.spec.destination.namespace | string | `"argocd"` | | +| pvcViewerController.spec.project | string | `"default"` | | +| pvcViewerController.spec.source.path | string | `"apps/pvcviewer-controller/upstream/default"` | | +| pvcViewerController.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| pvcViewerController.spec.source.targetRevision | string | `"776d4f4"` | | +| pvcViewerController.spec.syncPolicy.automated.prune | bool | `false` | | +| pvcViewerController.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | +| volumesWebApp.enabled | bool | `true` | | +| volumesWebApp.spec.destination.name | string | `"in-cluster"` | | +| volumesWebApp.spec.destination.namespace | string | `"argocd"` | | +| volumesWebApp.spec.project | string | `"default"` | | +| volumesWebApp.spec.source.path | string | `"apps/volumes-web-app/upstream/overlays/istio"` | | +| volumesWebApp.spec.source.repoURL | string | `"https://github.com/kubeflow/manifests"` | | +| volumesWebApp.spec.source.targetRevision | string | `"776d4f4"` | | +| volumesWebApp.spec.syncPolicy.automated.prune | bool | `false` | | +| volumesWebApp.spec.syncPolicy.syncOptions[0] | string | `"ServerSideApply=true"` | | + diff --git a/helm/kubeflow-bootstrap/Chart.yaml b/helm/kubeflow-bootstrap/Chart.yaml index 6124dd4..0fa5556 100644 --- a/helm/kubeflow-bootstrap/Chart.yaml +++ b/helm/kubeflow-bootstrap/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: v2 -name: argo-app +name: kubeflow-bootstrap version: 0.1.0 diff --git a/helm/kubeflow-bootstrap/README.md b/helm/kubeflow-bootstrap/README.md new file mode 100644 index 0000000..ee620ec --- /dev/null +++ b/helm/kubeflow-bootstrap/README.md @@ -0,0 +1,24 @@ +# kubeflow-bootstrap + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| additionalAnnotations | object | `{}` | | +| additionalLabels | object | `{}` | | +| destination.namespace | string | `"argocd"` | | +| destination.server | string | `"https://kubernetes.default.svc"` | | +| finalizers[0] | string | `"resources-finalizer.argocd.argoproj.io"` | | +| name | string | `"000-treebeard-kubeflow"` | | +| namespace | string | `"argocd"` | | +| project | string | `"default"` | | +| sources[0].chart | string | `"kubeflow-argo-apps"` | | +| sources[0].helm.ignoreMissingValueFiles | bool | `true` | | +| sources[0].helm.values | string | `"# pass in terraform outputs from cloud resources\n# e.g. ARNs, node labels, etc.\n"` | | +| sources[0].repoURL | string | `"ghcr.io/treebeardtech"` | | +| sources[0].targetRevision | string | `"0.1-2024-03-08-T12-25-15"` | | +| syncPolicy.automated.prune | bool | `false` | | +| syncPolicy.automated.selfHeal | bool | `false` | | + diff --git a/helm/kubeflow-bootstrap/templates/all.yaml b/helm/kubeflow-bootstrap/templates/all.yaml index 9e04b47..216de4a 100644 --- a/helm/kubeflow-bootstrap/templates/all.yaml +++ b/helm/kubeflow-bootstrap/templates/all.yaml @@ -1,30 +1,51 @@ +# derived from https://artifacthub.io/packages/helm/argo/argocd-apps/1.6.2?modal=template&template=applications.yaml +{{- with .Values }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: 000-treebeard-kubeflow - namespace: argocd + {{- with .additionalAnnotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + {{- with .additionalLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ .name }} + {{- with .namespace }} + namespace: {{ . }} + {{- end }} + {{- with .finalizers }} finalizers: - - resources-finalizer.argocd.argoproj.io + {{- toYaml . | nindent 4 }} + {{- end }} spec: - destination: - name: '' - namespace: argocd - server: 'https://kubernetes.default.svc' + project: {{ .project }} + {{- with .source }} + source: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .sources }} sources: - # - repoURL: 'https://github.com/treebeardtech/gitops-bridge-argocd-control-plane-template' - # targetRevision: dev - # ref: values - - chart: {{ .Values.treebeardKubeflow.chart }} - repoURL: {{ .Values.treebeardKubeflow.repoURL }} - targetRevision: {{ .Values.treebeardKubeflow.targetRevision }} - helm: - ignoreMissingValueFiles: true - # valueFiles: - # - $values/some-dir/my-values-file.yaml # uncomment to use your own gitops values file - values: | - # pass in terraform outputs from cloud resources - # e.g. ARNs, node labels, etc. - {{ .Values.treebeardKubeflow.values | toYaml | nindent 8 }} - project: default - # syncPolicy: - # automated: {} + {{- toYaml . | nindent 4 }} + {{- end }} + destination: + {{- toYaml .destination | nindent 4 }} + {{- with .syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .revisionHistoryLimit }} + revisionHistoryLimit: {{ . }} + {{- end }} + {{- with .ignoreDifferences }} + ignoreDifferences: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .info }} + info: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/kubeflow-bootstrap/values.yaml b/helm/kubeflow-bootstrap/values.yaml new file mode 100644 index 0000000..8243d6d --- /dev/null +++ b/helm/kubeflow-bootstrap/values.yaml @@ -0,0 +1,28 @@ +name: 000-treebeard-kubeflow +namespace: argocd +additionalLabels: {} +additionalAnnotations: {} +finalizers: +- resources-finalizer.argocd.argoproj.io +project: default +sources: +# - repoURL: 'https://github.com/treebeardtech/gitops-bridge-argocd-control-plane-template' +# targetRevision: dev +# ref: values +- repoURL: ghcr.io/treebeardtech + targetRevision: 0.1-2024-03-08-T12-25-15 + chart: kubeflow-argo-apps + helm: + ignoreMissingValueFiles: true + # valueFiles: + # - $values/some-dir/my-values-file.yaml # use your own gitops values file + values: | + # pass in terraform outputs from cloud resources + # e.g. ARNs, node labels, etc. +destination: + server: https://kubernetes.default.svc + namespace: argocd +syncPolicy: + automated: + prune: false + selfHeal: false \ No newline at end of file diff --git a/main.tf b/main.tf index 2261b6b..d78bbb2 100644 --- a/main.tf +++ b/main.tf @@ -28,25 +28,12 @@ EOF ] } -locals { - user_vals = "\n${var.kubeflow_values[0]}" - top_level_values = [ - < Date: Fri, 8 Mar 2024 15:01:28 +0000 Subject: [PATCH 2/2] fix example + docs --- README.md | 28 +++++++++++++++++++++++++++- examples/k3s-existing-istio/main.tf | 7 +++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 17b667a..361319d 100644 --- a/README.md +++ b/README.md @@ -99,11 +99,37 @@ The [eks-https-loadbalancer](examples/eks-https-loadbalancer) example also shows Profiles are a Kubeflow abstraction that lets you securely isolate users from each other. See the [Kubeflow docs on profiles](https://www.kubeflow.org/docs/components/central-dash/profiles/) +### Manage your instance with GitOps + +Lots of the config used to define your Kubeflow instance has has no dependency on +Terraform resource outputs such as role ARNs. + +These may best be stored in a git repo and referenced using Argo's [multiple sources feature](https://argo-cd.readthedocs.io/en/stable/user-guide/multiple_sources/) + +Using this approach you can invoke this terraform module (or the underlying bootstrap helm chart) with config like the following that combines injected values with values from a git repo: + +```yaml +sources: +# - repoURL: 'https://github.com/treebeardtech/gitops-bridge-argocd-control-plane-template' +# targetRevision: dev +# ref: values +- repoURL: ghcr.io/treebeardtech + targetRevision: 0.1-2024-03-08-T12-25-15 + chart: kubeflow-argo-apps + helm: + ignoreMissingValueFiles: true + # valueFiles: + # - $values/some-dir/my-values-file.yaml # use your own gitops values file + values: | + # pass in terraform outputs from cloud resources + # e.g. ARNs, node labels, etc. +``` + ### Teardown 1. Manually remove any manually created Kubeflow resources, e.g. Notebook Servers and Volumes 2. Remove the terraform module, e.g. with `terraform destroy` if you have installed directly from CLI -3. Clean up remaining resources, e.g. Istio leaves behind some secrets that can prevent successful re-installation. +3. Clean up remaining resources, e.g. Istio leaves behind some secrets that can prevent successful re-installation. You may also want to clear out CRDs, persistent volumes and namespaces ## Troubleshooting diff --git a/examples/k3s-existing-istio/main.tf b/examples/k3s-existing-istio/main.tf index a44d86b..680ebc2 100644 --- a/examples/k3s-existing-istio/main.tf +++ b/examples/k3s-existing-istio/main.tf @@ -104,6 +104,13 @@ module "treebeardkf" { source = "../.." kubeflow_values = [ <