Rework & Simplify Kubeflow Auth #121
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# If anyone changes or improve the following tests for Model Registry, please | |
# consider reflecting the same changes on https://github.com/kubeflow/model-registry | |
name: Deploy and test Kubeflow Model Registry | |
on: | |
pull_request: | |
paths: | |
- tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- apps/model-registry/upstream/** | |
- tests/gh-actions/install_istio.sh | |
- common/istio*/** | |
jobs: | |
build-kfmr: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install KinD, Create KinD cluster and Install kustomize | |
run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- name: Install kubectl | |
run: ./tests/gh-actions/install_kubectl.sh | |
- name: Create kubeflow namespace | |
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
- name: Install Istio with external authentication | |
run: ./tests/gh-actions/install_istio_with_ext_auth.sh* | |
- name: Install cert-manager | |
run: ./tests/gh-actions/install_cert_manager.sh | |
- name: Install knative | |
run: ./tests/gh-actions/install_knative.sh | |
- name: Build & Apply KF Model Registry manifests | |
run: | | |
kustomize build apps/model-registry/upstream/overlays/db | kubectl apply -f - | |
kustomize build apps/model-registry/upstream/options/istio | kubectl apply -f - | |
- name: Test KF Model Registry deployment | |
run: | | |
echo "Waiting for all Model Registry Pods to become ready..." | |
kubectl wait --for=condition=available -n kubeflow deployment/model-registry-db --timeout=600s | |
kubectl wait --for=condition=available -n kubeflow deployment/model-registry-deployment --timeout=600s | |
- name: Dry-run KF Model Registry API directly | |
run: | | |
echo "Dry-run KF Model Registry API directly..." | |
nohup kubectl port-forward svc/model-registry-service -n kubeflow 8081:8080 & | |
while ! curl localhost:8081; do echo "waiting for port-forwarding 8081"; sleep 1; done; echo "port-forwarding 8181 ready" | |
curl -v -X 'GET' \ | |
'http://localhost:8081/api/model_registry/v1alpha3/registered_models?pageSize=100&orderBy=ID&sortOrder=DESC' \ | |
-H 'accept: application/json' | |
# for these steps below ensure same steps as kserve (ie: Istio with external authentication, cert-manager, knative) so to achieve same setup | |
- name: Port forward Istio gateway | |
run: | | |
INGRESS_GATEWAY_SERVICE=$(kubectl get svc --namespace istio-system --selector="app=istio-ingressgateway" --output jsonpath='{.items[0].metadata.name}') | |
nohup kubectl port-forward --namespace istio-system svc/${INGRESS_GATEWAY_SERVICE} 8080:80 & | |
while ! curl localhost:8080; do echo waiting for port-forwarding; sleep 1; done; echo port-forwarding ready | |
- name: Dry-run KF Model Registry REST API | |
run: | | |
echo "Dry-run KF Model Registry REST API..." | |
export KF_TOKEN="$(kubectl -n default create token default)" | |
curl -v -H "Authorization: Bearer "$KF_TOKEN http://localhost:8080/api/model_registry/v1alpha3/registered_models |