diff --git a/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml b/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml index cdd7b41b52..8132867e3a 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml @@ -5,10 +5,10 @@ metadata: name: katib-webhook-cert spec: isCA: true - commonName: $(KATIB_SERVICE_NAME).$(KATIB_NAMESPACE).svc + commonName: KATIB_SERVICE_NAME_PLACEHOLDER.KATIB_NAMESPACE_PLACEHOLDER.svc dnsNames: - - $(KATIB_SERVICE_NAME).$(KATIB_NAMESPACE).svc - - $(KATIB_SERVICE_NAME).$(KATIB_NAMESPACE).svc.cluster.local + - KATIB_SERVICE_NAME_PLACEHOLDER.KATIB_NAMESPACE_PLACEHOLDER.svc + - KATIB_SERVICE_NAME_PLACEHOLDER.KATIB_NAMESPACE_PLACEHOLDER.svc.cluster.local issuerRef: kind: Issuer name: katib-selfsigned-issuer diff --git a/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml b/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml index 670b72d0b6..8e81678679 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml @@ -22,40 +22,123 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.17.0 + newTag: latest - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.17.0 + newTag: latest - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.17.0 + newTag: latest -patchesStrategicMerge: - - patches/katib-cert-injection.yaml - -vars: - - fieldref: - fieldPath: metadata.namespace - name: KATIB_NAMESPACE - objref: - apiVersion: v1 - kind: Service - name: katib-controller - - fieldref: - fieldPath: metadata.name - name: KATIB_SERVICE_NAME - objref: - apiVersion: v1 - kind: Service - name: katib-controller - - name: KATIB_CERT_NAME - objref: +patches: +- path: patches/katib-cert-injection.yaml +replacements: +- source: + fieldPath: metadata.namespace + kind: Service + name: katib-controller + version: v1 + targets: + - fieldPaths: + - spec.commonName + options: + delimiter: . + index: 1 + select: + group: cert-manager.io kind: Certificate + name: katib-webhook-cert + version: v1 + - fieldPaths: + - spec.dnsNames.0 + options: + delimiter: . + index: 1 + select: group: cert-manager.io + kind: Certificate + name: katib-webhook-cert version: v1 + - fieldPaths: + - spec.dnsNames.1 + options: + delimiter: . + index: 1 + select: + group: cert-manager.io + kind: Certificate name: katib-webhook-cert - fieldref: - fieldpath: metadata.name + version: v1 + - fieldPaths: + - metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: / + index: 1 + select: + kind: ValidatingWebhookConfiguration + name: katib.kubeflow.org + - fieldPaths: + - metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: / + index: 1 + select: + kind: MutatingWebhookConfiguration + name: katib.kubeflow.org +- source: + fieldPath: metadata.name + kind: Service + name: katib-controller + version: v1 + targets: + - fieldPaths: + - spec.commonName + options: + delimiter: . + select: + group: cert-manager.io + kind: Certificate + name: katib-webhook-cert + version: v1 + - fieldPaths: + - spec.dnsNames.0 + options: + delimiter: . + select: + group: cert-manager.io + kind: Certificate + name: katib-webhook-cert + version: v1 + - fieldPaths: + - spec.dnsNames.1 + options: + delimiter: . + select: + group: cert-manager.io + kind: Certificate + name: katib-webhook-cert + version: v1 +- source: + fieldPath: metadata.name + kind: Certificate + name: katib-webhook-cert + targets: + - fieldPaths: + - metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: / + index: 1 + select: + kind: ValidatingWebhookConfiguration + name: katib.kubeflow.org + - fieldPaths: + - metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: / + index: 1 + select: + kind: MutatingWebhookConfiguration + name: katib.kubeflow.org configurations: - params.yaml diff --git a/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml b/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml index ec259194e0..e5b03ce8af 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml @@ -4,11 +4,11 @@ kind: ValidatingWebhookConfiguration metadata: name: katib.kubeflow.org annotations: - cert-manager.io/inject-ca-from: $(KATIB_NAMESPACE)/$(KATIB_CERT_NAME) + cert-manager.io/inject-ca-from: KATIB_NAMESPACE_PLACEHOLDER/KATIB_CERT_NAME_PLACEHOLDER --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: katib.kubeflow.org annotations: - cert-manager.io/inject-ca-from: $(KATIB_NAMESPACE)/$(KATIB_CERT_NAME) + cert-manager.io/inject-ca-from: KATIB_NAMESPACE_PLACEHOLDER/KATIB_CERT_NAME_PLACEHOLDER diff --git a/apps/katib/upstream/installs/katib-external-db/kustomization.yaml b/apps/katib/upstream/installs/katib-external-db/kustomization.yaml index e8f9a95cdd..6242b0cb2d 100644 --- a/apps/katib/upstream/installs/katib-external-db/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-external-db/kustomization.yaml @@ -25,8 +25,10 @@ images: - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui newTag: v0.17.0 -patchesStrategicMerge: - - patches/db-manager.yaml + +patches: +- path: patches/db-manager.yaml + # Modify katib-mysql-secrets with parameters for the DB. secretGenerator: - name: katib-mysql-secrets diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml index d74de93c9f..8f304238b8 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml @@ -19,10 +19,8 @@ images: newName: docker.io/kubeflowkatib/katib-ui newTag: v0.17.0 -patchesStrategicMerge: - - patches/remove-namespace.yaml - patches: + - path: patches/remove-namespace.yaml # Extend RBAC permission list of katib-ui so it can # create SubjectAccessReview resources. - target: @@ -54,14 +52,24 @@ patches: namespace: kubeflow path: patches/katib-mysql-service-select-app.yaml -vars: - - fieldref: - fieldPath: metadata.namespace - name: KATIB_UI_NAMESPACE - objref: - apiVersion: apps/v1 - kind: Deployment +replacements: +- source: + fieldPath: metadata.namespace + group: apps + kind: Deployment + name: katib-ui + version: v1 + targets: + - fieldPaths: + - spec.http.0.route.0.destination.host + options: + delimiter: . + index: 1 + select: + group: networking.istio.io + kind: VirtualService name: katib-ui + version: v1alpha3 configurations: - params.yaml diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml index 4ed0f3d1b5..fec5aa06c2 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml @@ -16,6 +16,6 @@ spec: uri: /katib/ route: - destination: - host: katib-ui.$(KATIB_UI_NAMESPACE).svc.cluster.local + host: katib-ui.KATIB_UI_NAMESPACE_PLACEHOLDER.svc.cluster.local port: number: 80