Feature: Add Istio Ambient Mode Support via Overlay Method #635
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test KServe | |
on: | |
pull_request: | |
paths: | |
- tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- .github/workflows/kserve_m2m_test.yaml | |
- applications/kserve/** | |
- tests/kserve/** | |
- tests/kserve_test.sh | |
- tests/kserve_install.sh | |
- common/istio*/** | |
- common/oauth2-proxy/** | |
- tests/oauth2-proxy_install.sh | |
- common/cert-manager/** | |
- tests/istio* | |
- common/knative/** | |
- tests/knative_install.sh | |
permissions: | |
contents: read | |
actions: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install KinD, Create KinD cluster and Install kustomize | |
run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- name: Install kubectl | |
run: ./tests/kubectl_install.sh | |
- name: Create kubeflow namespace | |
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
- name: Install Istio CNI | |
run: ./tests/istio-cni_install.sh | |
- name: Install oauth2-proxy | |
run: ./tests/oauth2-proxy_install.sh | |
- name: Install cert-manager | |
run: ./tests/cert_manager_install.sh | |
- name: Install knative CNI | |
run: ./tests/knative_install.sh | |
- name: Install KServe | |
run: ./tests/kserve_install.sh | |
- name: Install KF Multi Tenancy | |
run: ./tests/multi_tenancy_install.sh | |
- name: Install kubeflow-istio-resources | |
run: kustomize build common/istio/kubeflow-istio-resources/base | kubectl apply -f - | |
- name: Create KF Profile | |
run: ./tests/kubeflow_profile_install.sh | |
- name: Setup python 3.12 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.12 | |
- name: Port forward | |
run: ./tests/port_forward_gateway.sh | |
- name: Run KServe tests | |
run: ./tests/kserve_test.sh kubeflow-user-example-com | |
- name: Detailed KServe Access Diagnostics | |
run: | | |
export KSERVE_INGRESS_HOST_PORT=localhost:8080 | |
export KSERVE_M2M_TOKEN="$(kubectl -n kubeflow-user-example-com create token default-editor)" | |
echo "=== AuthorizationPolicy Details ===" | |
kubectl get authorizationpolicy -n kubeflow-user-example-com -o yaml | |
echo "=== Detailed Curl Test ===" | |
curl -vv \ | |
-H "Host: isvc-sklearn.kubeflow-user-example-com.example.com" \ | |
-H "Authorization: Bearer ${KSERVE_M2M_TOKEN}" \ | |
-H "Content-Type: application/json" \ | |
"http://${KSERVE_INGRESS_HOST_PORT}/v1/models/isvc-sklearn:predict" \ | |
-d '{"instances": [[6.8, 2.8, 4.8, 1.4], [6.0, 3.4, 4.5, 1.6]]}' | |
- name: Run kserve models webapp test | |
run: | | |
kubectl wait --for=condition=Available --timeout=300s -n kubeflow deployment/kserve-models-web-app | |
- name: Apply Pod Security Standards restricted levels | |
run: ./tests/PSS_enable.sh |