-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(frontend, sdk): towards namespaced pipelines. Part of #4197 #7447
Conversation
- adapt swagger def and regenerate Go SDK - remove namespacing from pipeline_version - is implicit in Python SDK
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @grobbie ! Nice work here :) Please take a look here #4197 (comment) I understand your approach is to just treat every pipeline definition as namespaced. We think it's really important to support both private and shared definitions at the same time, based on the feedback we have received from enterprise customers. We have done the work and we are about to upstream all of it. So, the work you are doing on the swagger definitions definitely helps and needed. But may I propose you hold off the UI changes, and see what we have to propose? |
Sure - as long as its implemented, that's what matters to me : ) I will make the PR a draft for now. |
/test kubeflow-pipeline-e2e-test |
/test kubeflow-pipeline-e2e-test |
/test kubeflow-pipeline-upgrade-test |
Thanks! We will be back with more within 2-3 weeks at most, we need to sort a few things out and then put together the PRs |
We also have an implementation ready #7406 |
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with #7725 to have a basic level of security. |
Sorry for the slow reply, was traveling to KubeCon 🙂
Well afaic it's ready to go, I'll change the status. |
i am a bit confused. I was talking about @StefanoFioravanzo or does this here support both namespaced and shared pipelines? |
Folks, this has been dragging on for quite some time. I'm keen to see it get at least some of this problematic stuff resolved one way or another. Can we at least try to make some progress on the front end? |
@grobbie Unfortunately we had to delay by a few weeks our contribution as we had to shift some priorities. We are still targeting to send some PRs (both backend and frontend) to support this fully as soon as possible. Possibly by the end of July. This is the design doc where we detailed the changes requires, including the frontend changes that we want to contribute with https://docs.google.com/document/d/1fM4y2L1IVqVj-iiNjYFRRktdCh7FQXgU2XpaYLaqt-A/edit?resourcekey=0-kd5loyP7w3PBD0ug6ECmLQ |
So this one supports using both namespaced and shared pipelines, but users
can only create new pipelines that are namespaced.
I'm not sure where Stefano's PR has gotten to.
…On Mon, May 16, 2022 at 4:55 PM juliusvonkohout ***@***.***> wrote:
Sorry for the slow reply, was traveling to KubeCon 🙂
At most 2-3 weeks ;-) What is your status? I would really like to see this
merged together with #7725
<#7725> to have a basic level
of security.
Well afaic it's ready to go, I'll change the status.
i am a bit confused. I was talking about @StefanoFioravanzo
<https://github.com/StefanoFioravanzo> or does this here support both
namespaced and shared pipelines?
—
Reply to this email directly, view it on GitHub
<#7447 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAY2RUFQOSHC6HJ7UHP4RSTVKJOVLANCNFSM5RLC2C3A>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Add some features to limit users' access to pipelines to pipelines in the user's own namespace and non-namespaced pipelines, in the web front end and in the Python SDK.
The necessary backend RBAC hooks are already available and implemented.
Note that I think relevant CRDs, roles and rolebindings will still be needed in order to properly close the circle on this.