kubeflow · google-oss-prow · Jun 30, 2025 · Jun 29, 2025 · Jun 29, 2025 · Jun 30, 2025
diff --git a/.github/workflows/helm-kustomize-comparison.yml b/.github/workflows/helm-kustomize-comparison.yml
@@ -0,0 +1,42 @@
+name: Helm vs Kustomize Comparison
+
+on:
+  pull_request:
+    branches: [master]
+    paths:
+    - 'charts/**'
+    - '/applications/model-registry/**'
+    - 'tests/helm_compare_all_scenarios.sh'
+    - 'tests/helm_kustomize_compare.sh'
+    - 'tests/helm_compare_manifests.py'
+    - 'helm-kustomize-comparison.yml'
+  workflow_dispatch:
+
+jobs:
+  validate-helm-kustomize-equivalence:
+    runs-on: ubuntu-latest
+    name: Compare All Scenarios
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+    - name: Install Python dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pyyaml
+    - name: Install Helm
+      run: |
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+        rm get_helm.sh
+    - name: Install Kustomize
+      run: ./tests/kustomize_install.sh
+    - name: Run all scenarios comparison
+      env:
+        VERBOSE: "true"
+      run: |
+        ./tests/helm_compare_all_scenarios.sh
diff --git a/experimental/helm/charts/model-registry/.helmignore b/experimental/helm/charts/model-registry/.helmignore
@@ -0,0 +1,46 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OS generated files
+Thumbs.db
+# Helm generated files
+*.lock
+# Documentation files
+*.md
+OWNERS
+# CI/CD files
+.github/
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+# Build files
+Makefile
+*.mk
+# Test files (keep only the test templates)
+test/
+# Scripts
+scripts/
+# Proposal files
+proposals/
+# Development environment
+devenv/ 
diff --git a/experimental/helm/charts/model-registry/Chart.yaml b/experimental/helm/charts/model-registry/Chart.yaml
@@ -0,0 +1,18 @@
+apiVersion: v2
+
+name: model-registry
+
+description: A Helm chart for Kubeflow Model Registry - Model versioning and metadata management on Kubernetes
+
+version: 0.1.0
+
+appVersion: 0.1.0
+
+home: https://github.com/kubeflow/model-registry
+
+sources:
+- https://github.com/kubeflow/model-registry
+
+annotations:
+  category: Machine Learning
+  licenses: Apache-2.0 
diff --git a/experimental/helm/charts/model-registry/README.md b/experimental/helm/charts/model-registry/README.md
@@ -0,0 +1,7 @@
+# Model Registry Helm Chart
+
+A Helm chart for deploying the Kubeflow Model Registry.
+
+## Description
+
+The Kubeflow Model Registry provides a centralized repository for managing machine learning model metadata, versions, and lineage. 
diff --git a/experimental/helm/charts/model-registry/ci/ci-values.yaml b/experimental/helm/charts/model-registry/ci/ci-values.yaml
@@ -0,0 +1,42 @@
+# CI values for model-registry chart
+# This file contains minimal configuration for CI/CD testing
+
+global:
+  imageTag: latest
+  imagePullPolicy: IfNotPresent
+
+server:
+  enabled: true
+  replicas: 1
+  resources:
+    limits:
+      cpu: 200m
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+database:
+  type: sqlite  
+  mysql:
+    enabled: false  
+
+ui:
+  enabled: false  
+
+controller:
+  enabled: false  
+  rbac:
+    create: false  
+
+istio:
+  enabled: false  
+
+monitoring:
+  enabled: false  
+
+security:
+  networkPolicy:
+    enabled: false  
+  podSecurityPolicy:
+    enabled: false  
diff --git a/experimental/helm/charts/model-registry/ci/values-controller-full.yaml b/experimental/helm/charts/model-registry/ci/values-controller-full.yaml
@@ -0,0 +1,113 @@
+# CI values for testing controller with all features enabled
+controller:
+  enabled: true
+  replicaCount: 1
+
+  image:
+    repository: ghcr.io/kubeflow/model-registry/controller
+    tag: "latest"
+    pullPolicy: IfNotPresent
+
+  resources:
+    limits:
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+  # controller features
+  metrics:
+    enabled: true
+    service:
+      type: ClusterIP
+      port: 8443
+      targetPort: 8443
+
+  # network policy
+  networkPolicy:
+    enabled: true
+    additionalIngress:
+    - from:
+      - namespaceSelector:
+          matchLabels:
+            name: monitoring
+      ports:
+      - port: 8443
+        protocol: TCP
+
+  # comprehensive RBAC
+  rbac:
+    create: true
+    rules:
+    - apiGroups:
+      - ""
+      resources:
+      - pods
+      - services
+      - endpoints
+      verbs:
+      - get
+      - list
+      - watch
+    - apiGroups:
+      - "serving.kserve.io"
+      resources:
+      - "inferenceservices"
+      verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+
+  serviceAccount:
+    create: true
+    automount: true
+    annotations:
+      controller.kubernetes.io/enable-metrics: "true"
+
+# comprehensive monitoring
+monitoring:
+  enabled: true
+  serviceMonitor:
+    enabled: true
+    interval: 15s
+    scrapeTimeout: 10s
+    labels:
+      prometheus: kube-prometheus
+    annotations:
+      monitoring.kubeflow.org/enabled: "true"
+
+  prometheusRule:
+    enabled: true
+    labels:
+      prometheus: kube-prometheus
+    rules:
+    - alert: ModelRegistryControllerDown
+      expr: up{job="model-registry-controller-metrics"} == 0
+      for: 5m
+      labels:
+        severity: critical
+      annotations:
+        summary: "Model Registry Controller is down"
+
+# server for controller integration
+server:
+  enabled: true
+
+database:
+  type: external
+  external:
+    enabled: true
+    host: "localhost"
+    port: "5432"
+    database: "model_registry"
+
+ui:
+  enabled: false
+
+storage:
+  csi:
+    enabled: false 
diff --git a/experimental/helm/charts/model-registry/ci/values-controller-manager.yaml b/experimental/helm/charts/model-registry/ci/values-controller-manager.yaml
@@ -0,0 +1,56 @@
+# Minimal values for controller-manager scenario
+# This matches the basic controller manager 
+
+global:
+  imageTag: latest
+  imagePullPolicy: IfNotPresent
+
+controller:
+  enabled: true
+  replicas: 1
+
+  useBasicNames: true
+
+  image:
+    repository: controller
+    tag: "latest"
+    pullPolicy: IfNotPresent
+
+  resources:
+    limits:
+      memory: 128Mi
+    requests:
+      cpu: 10m
+      memory: 64Mi
+
+  metrics:
+    enabled: false
+
+  serviceAccount:
+    create: false  
+
+  rbac:
+    create: false  
+
+server:
+  enabled: false
+
+ui:
+  enabled: false
+
+database:
+  mysql:
+    enabled: false
+  postgres:
+    enabled: false
+  external:
+    enabled: false
+
+monitoring:
+  enabled: false
+
+security:
+  networkPolicy:
+    enabled: false
+  podSecurityPolicy:
+    enabled: false 
diff --git a/experimental/helm/charts/model-registry/ci/values-controller-network-policy.yaml b/experimental/helm/charts/model-registry/ci/values-controller-network-policy.yaml
@@ -0,0 +1,62 @@
+# Values for controller-network-policy scenario
+# This matches the network-policy-only 
+
+global:
+  imageTag: latest
+  imagePullPolicy: IfNotPresent
+
+controller:
+  enabled: false
+
+  useBasicNames: true
+
+  # controller features
+  serviceAccount:
+    create: false
+
+  rbac:
+    create: false
+
+  # NetworkPolicy
+  networkPolicy:
+    enabled: true
+    name: allow-metrics-traffic
+    namespace: system
+    labels:
+      app.kubernetes.io/name: controller
+      app.kubernetes.io/managed-by: kustomize
+    podSelector:
+      matchLabels:
+        control-plane: controller-manager
+    ingress:
+      - from:
+          - namespaceSelector:
+              matchLabels:
+                metrics: enabled
+        ports:
+          - port: 8443
+            protocol: TCP
+
+# monitoring
+monitoring:
+  enabled: false
+  serviceMonitor:
+    enabled: false
+
+server:
+  enabled: false
+
+ui:
+  enabled: false
+
+database:
+  mysql:
+    enabled: false
+  postgres:
+    enabled: false
+  external:
+    enabled: false
+
+security:
+  podSecurityPolicy:
+    enabled: false