From eee8d57f57256803ba05f41afe6e7da635b1ac39 Mon Sep 17 00:00:00 2001 From: Hansini Karunarathne <107214435+hansinikarunarathne@users.noreply.github.com> Date: Mon, 30 Sep 2024 15:57:20 +0000 Subject: [PATCH 1/4] Update inf on create namespace step Signed-off-by: Hansini Karunarathne <107214435+hansinikarunarathne@users.noreply.github.com> --- contrib/ray/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/contrib/ray/README.md b/contrib/ray/README.md index 6283f30a6b..c8e13b0fab 100644 --- a/contrib/ray/README.md +++ b/contrib/ray/README.md @@ -54,6 +54,7 @@ kubectl get pod -l app.kubernetes.io/component=kuberay-operator -n kubeflow # NAME READY STATUS RESTARTS AGE # kuberay-operator-5b8cd69758-rkpvh 1/1 Running 0 6m23s ``` +> If you are creating a new namespace other than the kubeflow-user-example-com please follow below step otherwise skip the step. ## Step 3: Create a namespace ```sh # Create a namespace: example-"development" @@ -74,7 +75,7 @@ kubectl label namespace development istio-injection=enabled node-ip-address: $(hostname -I | tr -d ' ' | sed 's/\./-/g').raycluster-istio-headless-svc.development.svc.cluster.local ``` -## Step 3: Install RayCluster +## Step 4: Install RayCluster ```sh # Create a RayCluster CR, and the KubeRay operator will reconcile a Ray cluster # with 1 head Pod and 1 worker Pod. @@ -95,17 +96,17 @@ kubectl get svc -n $MY_KUBEFLOW_USER_NAMESPACE * Python 3.11 * Ray 2.23.0 -## Step 4: Forward the port of Istio's Ingress-Gateway +## Step 5: Forward the port of Istio's Ingress-Gateway * Follow the [instructions](https://github.com/kubeflow/manifests/tree/v1.7-branch#port-forward) to forward the port of Istio's Ingress-Gateway and log in to Kubeflow Central Dashboard. -## Step 5: Create a JupyterLab via Kubeflow Central Dashboard +## Step 6: Create a JupyterLab via Kubeflow Central Dashboard * Click "Notebooks" icon in the left panel. * Click "New Notebook" * Select `kubeflownotebookswg/jupyter-scipy:v1.9.1` as OCI image (or any other with the same python version) * Click "Launch" * Click "CONNECT" to connect into the JupyterLab instance. -## Step 6: Use Ray client in the JupyterLab to connect to the RayCluster +## Step 7: Use Ray client in the JupyterLab to connect to the RayCluster * As I mentioned in Step 3, Ray is very sensitive to the Python versions and Ray versions between the server (RayCluster) and client (JupyterLab) sides. ```sh # Check Python version. The version's MAJOR and MINOR should match with RayCluster (i.e. Python 3.11.9) From 147cec244bc05b2845473d1e9d80006d15892dee Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 5 Feb 2025 14:20:51 +0530 Subject: [PATCH 2/4] use master branch Signed-off-by: Your Name --- contrib/ray/README.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/contrib/ray/README.md b/contrib/ray/README.md index c8e13b0fab..162f4c6a07 100644 --- a/contrib/ray/README.md +++ b/contrib/ray/README.md @@ -35,11 +35,10 @@ TODO
Note: (1) Kubeflow Central Dashboard will be renamed to workbench in the future. (2) Kubeflow Pipeline (KFP) is an important component of Kubeflow, but it is not included in this example.
-## Step 1: Install Kubeflow v1.7-branch -* This example installs Kubeflow with the [v1.9-branch](https://github.com/kubeflow/manifests/tree/v1.9-branch). - -* Install all Kubeflow official components and all common services using [one command](https://github.com/kubeflow/manifests/tree/v1.7-branch#install-with-a-single-command). - * If you do not want to install all components, you can comment out **KNative**, **Katib**, **Tensorboards Controller**, **Tensorboard Web App**, **Training Operator**, and **KServe** from [example/kustomization.yaml](https://github.com/kubeflow/manifests/blob/v1.7-branch/example/kustomization.yaml). +## Step 1: Install Kubeflow +* This example installs Kubeflow with the master branch. +* Install all Kubeflow official components and all common services using [one command](https://github.com/kubeflow/manifests/tree/master#install-with-a-single-command). +* If you do not want to install all components, you can comment out **KNative**, **Katib**, **Tensorboards Controller**, **Tensorboard Web App**, **Training Operator**, and **KServe** from [example/kustomization.yaml](https://github.com/kubeflow/manifests/blob/master/example/kustomization.yaml). ## Step 2: Install KubeRay operator @@ -97,7 +96,7 @@ kubectl get svc -n $MY_KUBEFLOW_USER_NAMESPACE * Ray 2.23.0 ## Step 5: Forward the port of Istio's Ingress-Gateway -* Follow the [instructions](https://github.com/kubeflow/manifests/tree/v1.7-branch#port-forward) to forward the port of Istio's Ingress-Gateway and log in to Kubeflow Central Dashboard. +* Follow the [instructions](https://github.com/kubeflow/manifests/tree/master#port-forward) to forward the port of Istio's Ingress-Gateway and log in to Kubeflow Central Dashboard. ## Step 6: Create a JupyterLab via Kubeflow Central Dashboard * Click "Notebooks" icon in the left panel. From 39eae631e7bc787b282ce80c271b21ac7c619b42 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 5 Feb 2025 14:21:13 +0530 Subject: [PATCH 3/4] fix kustomization file Signed-off-by: Your Name --- .../ray/kuberay-operator/base/kustomization.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/contrib/ray/kuberay-operator/base/kustomization.yaml b/contrib/ray/kuberay-operator/base/kustomization.yaml index d4d26302fc..94cdcb2d2b 100644 --- a/contrib/ray/kuberay-operator/base/kustomization.yaml +++ b/contrib/ray/kuberay-operator/base/kustomization.yaml @@ -1,3 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kubeflow + +resources: +- resources.yaml +- aggregated-roles.yaml + patches: # Add securityContext to KubeRay operator Pod. - target: @@ -14,7 +23,3 @@ patches: runAsNonRoot: true seccompProfile: type: RuntimeDefault -namespace: kubeflow -resources: -- resources.yaml -- aggregated-roles.yaml From c90451cb08ba67153c13b8316ad29b7ad1461aae Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 7 Feb 2025 15:04:14 +0530 Subject: [PATCH 4/4] fix readme.md typos Signed-off-by: Your Name --- common/networkpolicies/README.md | 4 ++-- common/oauth2-proxy/README.md | 2 +- contrib/ray/README.md | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/common/networkpolicies/README.md b/common/networkpolicies/README.md index cbf4ae31d7..0906de28d4 100644 --- a/common/networkpolicies/README.md +++ b/common/networkpolicies/README.md @@ -1,8 +1,8 @@ ### 1. Why would a user apply the extra policies? -It is a second line of defence after Istio autorization policies and it protects pods and services that are not protected by Istio +It is a second line of defence after Istio authorization policies and it protects pods and services that are not protected by Istio. ### 2. Effects they will have in the cluster Please consult the name of and comments in each networkpolicy for further information. ### 3. We should achieve the same with AuthorizationPolicies -But there are components, e.g. Katib that are not secured by istio +But there are components, e.g. Katib that are not secured by istio. diff --git a/common/oauth2-proxy/README.md b/common/oauth2-proxy/README.md index 05302fd5e0..4aa6e7deac 100644 --- a/common/oauth2-proxy/README.md +++ b/common/oauth2-proxy/README.md @@ -292,7 +292,7 @@ This is based on the following: The docs above mention that while it's possible to enable authentication, authorization is more complicated and probably we need to add - `AuthorizationPolicy`... + `AuthorizationPolicy` > create an [Istio AuthorizationPolicy](https://istio.io/latest/docs/reference/config/security/authorization-policy/) to grant access to the pods or disable it diff --git a/contrib/ray/README.md b/contrib/ray/README.md index 162f4c6a07..14454b1dea 100644 --- a/contrib/ray/README.md +++ b/contrib/ray/README.md @@ -36,7 +36,7 @@ TODO ## Step 1: Install Kubeflow -* This example installs Kubeflow with the master branch. +* This example installs Kubeflow with the master branch * Install all Kubeflow official components and all common services using [one command](https://github.com/kubeflow/manifests/tree/master#install-with-a-single-command). * If you do not want to install all components, you can comment out **KNative**, **Katib**, **Tensorboards Controller**, **Tensorboard Web App**, **Training Operator**, and **KServe** from [example/kustomization.yaml](https://github.com/kubeflow/manifests/blob/master/example/kustomization.yaml). @@ -59,7 +59,7 @@ kubectl get pod -l app.kubernetes.io/component=kuberay-operator -n kubeflow # Create a namespace: example-"development" kubectl create ns development -# Enable isito-injection for the namespace +# Enable istio-injection for the namespace kubectl label namespace development istio-injection=enabled # After creating the namespace, You have to do below mentioned changes in raycluster_example.yaml file(Required changes are also mentioned as comments in yaml file itself) @@ -69,7 +69,7 @@ kubectl label namespace development istio-injection=enabled principals: - "cluster.local/ns/development/sa/default-editor" -# 02. Replace the nampespace of node-ip-address of headGroupSpec and workerGroupSpec +# 02. Replace the namespace of node-ip-address of headGroupSpec and workerGroupSpec node-ip-address: $(hostname -I | tr -d ' ' | sed 's/\./-/g').raycluster-istio-headless-svc.development.svc.cluster.local ``` @@ -78,7 +78,7 @@ kubectl label namespace development istio-injection=enabled ```sh # Create a RayCluster CR, and the KubeRay operator will reconcile a Ray cluster # with 1 head Pod and 1 worker Pod. -# $MY_KUBEFLOW_USER_NAMESPACE is the namesapce that has been created in the above step. +# $MY_KUBEFLOW_USER_NAMESPACE is the namespace that has been created in the above step. export MY_KUBEFLOW_USER_NAMESPACE=development kubectl apply -f raycluster_example.yaml -n $MY_KUBEFLOW_USER_NAMESPACE