diff --git a/clients/ui/manifests/base/README.md b/clients/ui/manifests/base/README.md index 33b8e414..a39024f4 100644 --- a/clients/ui/manifests/base/README.md +++ b/clients/ui/manifests/base/README.md @@ -79,3 +79,4 @@ Events: To fix this, you'll need to increase the amount of memory available to the VM. This can be done through either the Podman Desktop or Docker Desktop GUI. 6-8GB of memory is generally a sufficient amount to use. +## TODO: Add istio instructions \ No newline at end of file diff --git a/clients/ui/manifests/base/model-registry-bff-service.yaml b/clients/ui/manifests/base/model-registry-bff-service.yaml index 20c1e0df..9efe6fd1 100644 --- a/clients/ui/manifests/base/model-registry-bff-service.yaml +++ b/clients/ui/manifests/base/model-registry-bff-service.yaml @@ -8,4 +8,5 @@ spec: ports: - protocol: TCP port: 4000 - targetPort: 4000 \ No newline at end of file + targetPort: 4000 + name: http \ No newline at end of file diff --git a/clients/ui/manifests/base/model-registry-service-account.yaml b/clients/ui/manifests/base/model-registry-service-account.yaml index 86cbfc9b..8bf1774f 100644 --- a/clients/ui/manifests/base/model-registry-service-account.yaml +++ b/clients/ui/manifests/base/model-registry-service-account.yaml @@ -1,4 +1,10 @@ +--- kind: ServiceAccount apiVersion: v1 metadata: - name: model-registry-bff \ No newline at end of file + name: model-registry-bff +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: model-registry-ui \ No newline at end of file diff --git a/clients/ui/manifests/base/model-registry-ui-deployment.yaml b/clients/ui/manifests/base/model-registry-ui-deployment.yaml index 23c55eb0..decc6fd6 100644 --- a/clients/ui/manifests/base/model-registry-ui-deployment.yaml +++ b/clients/ui/manifests/base/model-registry-ui-deployment.yaml @@ -14,9 +14,11 @@ spec: labels: app: model-registry-ui spec: + serviceAccountName: model-registry-ui containers: - name: model-registry-ui image: model-registry-ui-image + imagePullPolicy: Never resources: limits: cpu: 500m @@ -27,5 +29,13 @@ spec: ports: - containerPort: 8080 env: + # TODO: Add env variables - name: API_URL - value: "http://model-registry-bff-service:4000" + value: "http://model-registry-bff-service.kubeflow.svc.cluster.local:4000" + - name: APP_PREFIX + value: /model-registry + - name: USERID_HEADER + value: kubeflow-userid + # TODO: Come back to this before committing + # - name: USERID_PREFIX + # value: "" \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/authorization-policy.yaml b/clients/ui/manifests/overlays/istio/authorization-policy.yaml new file mode 100644 index 00000000..64d14707 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/authorization-policy.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account + - to: + - {} + selector: + matchLabels: + app: model-registry-ui + +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: model-registry-bff + namespace: kubeflow +spec: + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account + - cluster.local/ns/kubeflow/sa/model-registry-ui + selector: + matchLabels: + app: model-registry-bff \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/destination-rule.yaml b/clients/ui/manifests/overlays/istio/destination-rule.yaml new file mode 100644 index 00000000..04e50424 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/destination-rule.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + host: model-registry-ui-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: model-registry-bff + namespace: kubeflow +spec: + host: model-registry-bff-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/kustomization.yaml b/clients/ui/manifests/overlays/istio/kustomization.yaml new file mode 100644 index 00000000..6c4796c2 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base +- virtual-service.yaml +- authorization-policy.yaml +- destination-rule.yaml +namespace: kubeflow +commonLabels: + app: model-registry-ui + kustomize.component: model-registry-ui +configurations: +- params.yaml diff --git a/clients/ui/manifests/overlays/istio/params.yaml b/clients/ui/manifests/overlays/istio/params.yaml new file mode 100644 index 00000000..eea869e0 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/clients/ui/manifests/overlays/istio/virtual-service.yaml b/clients/ui/manifests/overlays/istio/virtual-service.yaml new file mode 100644 index 00000000..86cfb5a6 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/virtual-service.yaml @@ -0,0 +1,27 @@ + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + # Rule for the main application path + - match: + - uri: + prefix: /model-registry/ + rewrite: + uri: / + headers: + request: + add: + x-forwarded-prefix: /model-registry + route: + - destination: + host: model-registry-ui-service.kubeflow.svc.cluster.local + port: + number: 8080