Limit Istio Sidecar Scope to reduce memory usage #78
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test KServe Secure Authentication | |
| on: | |
| pull_request: | |
| paths: | |
| - tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
| - .github/workflows/kserve_secure_test.yaml | |
| - apps/kserve/** | |
| - tests/kserve/** | |
| - tests/kserve_jwt_authentication_test.sh | |
| - tests/kserve_install.sh | |
| - common/istio*/** | |
| - common/oauth2-proxy/** | |
| - tests/oauth2-proxy_install.sh | |
| - common/cert-manager/** | |
| - tests/istio* | |
| - common/knative/** | |
| - tests/knative_install.sh | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install KinD, Create KinD cluster and Install kustomize | |
| run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
| - name: Install kubectl | |
| run: ./tests/kubectl_install.sh | |
| - name: Create kubeflow namespace | |
| run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
| - name: Install Istio CNI | |
| run: ./tests/istio-cni_install.sh | |
| - name: Install oauth2-proxy | |
| run: ./tests/oauth2-proxy_install.sh | |
| - name: Install cert-manager | |
| run: ./tests/cert_manager_install.sh | |
| - name: Install knative CNI (with secure cluster-local-gateway) | |
| run: ./tests/knative_install.sh | |
| - name: Install KServe | |
| run: ./tests/kserve_install.sh | |
| - name: Install KF Multi Tenancy | |
| run: ./tests/multi_tenancy_install.sh | |
| - name: Install kubeflow-istio-resources | |
| run: kustomize build common/istio/kubeflow-istio-resources/base | kubectl apply -f - | |
| - name: Create KF Profile | |
| run: ./tests/kubeflow_profile_install.sh | |
| - name: Setup python 3.12 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.12 | |
| - name: Port forward | |
| run: ./tests/port_forward_gateway.sh | |
| - name: Verify JWT authentication policies are applied | |
| run: | | |
| kubectl get authorizationpolicy cluster-local-gateway-require-jwt -n istio-system | |
| kubectl get requestauthentication cluster-local-gateway-jwt -n istio-system | |
| kubectl get authorizationpolicy cluster-local-gateway -n istio-system | |
| kubectl get deployment cluster-local-gateway -n istio-system | |
| kubectl wait --for=condition=Available deployment/cluster-local-gateway -n istio-system --timeout=120s | |
| kubectl get pods -n istio-system -l app=cluster-jwks-proxy | grep -q Running || kubectl get pods -n istio-system -l app=cluster-jwks-proxy | |
| - name: Wait for configurations to propagate | |
| run: sleep 60 | |
| - name: Run KServe secure authentication tests | |
| run: ./tests/kserve_jwt_authentication_test.sh kubeflow-user-example-com | |
| - name: Apply Pod Security Standards baseline levels | |
| run: ./tests/PSS_baseline_enable.sh |