diff --git a/README.md b/README.md
index af32512187..1ca28e1e90 100644
--- a/README.md
+++ b/README.md
@@ -71,7 +71,7 @@ This repository periodically synchronizes all official Kubeflow components from
| KServe | applications/kserve/kserve | [v0.15.0](https://github.com/kserve/kserve/releases/tag/v0.15.0/install/v0.15.0) | 600m | 1200Mi | 0GB |
| KServe Models Web Application | applications/kserve/models-web-app | [v0.14.0](https://github.com/kserve/models-web-app/tree/v0.14.0/config) | 6m | 259Mi | 0GB |
| Kubeflow Pipelines | applications/pipeline/upstream | [2.14.0](https://github.com/kubeflow/pipelines/tree/2.14.0/manifests/kustomize) | 970m | 3552Mi | 35GB |
-| Kubeflow Model Registry | applications/model-registry/upstream | [v0.2.21](https://github.com/kubeflow/model-registry/tree/v0.2.21/manifests/kustomize) | 510m | 2112Mi | 20GB |
+| Kubeflow Model Registry | applications/model-registry/upstream | [v0.2.22](https://github.com/kubeflow/model-registry/tree/v0.2.22/manifests/kustomize) | 510m | 2112Mi | 20GB |
| Spark Operator | applications/spark/spark-operator | [2.3.0](https://github.com/kubeflow/spark-operator/tree/v2.3.0) | 9m | 41Mi | 0GB |
| Istio | common/istio | [1.26.1](https://github.com/istio/istio/releases/tag/1.26.1) | 750m | 2364Mi | 0GB |
| Knative | common/knative/knative-serving
common/knative/knative-eventing | [v1.16.2](https://github.com/knative/serving/releases/tag/knative-v1.16.2)
[v1.16.4](https://github.com/knative/eventing/releases/tag/knative-v1.16.4) | 1450m | 1038Mi | 0GB |
diff --git a/applications/model-registry/upstream/base/kustomization.yaml b/applications/model-registry/upstream/base/kustomization.yaml
index 735b59464d..64e0230f11 100644
--- a/applications/model-registry/upstream/base/kustomization.yaml
+++ b/applications/model-registry/upstream/base/kustomization.yaml
@@ -8,4 +8,4 @@ resources:
images:
- name: ghcr.io/kubeflow/model-registry/server
newName: ghcr.io/kubeflow/model-registry/server
- newTag: v0.2.21
+ newTag: v0.2.22
diff --git a/applications/model-registry/upstream/base/model-registry-deployment.yaml b/applications/model-registry/upstream/base/model-registry-deployment.yaml
index 90ad46526f..e098c11650 100644
--- a/applications/model-registry/upstream/base/model-registry-deployment.yaml
+++ b/applications/model-registry/upstream/base/model-registry-deployment.yaml
@@ -61,17 +61,28 @@ spec:
containerPort: 8080
livenessProbe:
initialDelaySeconds: 30
- periodSeconds: 5
- tcpSocket:
+ periodSeconds: 10
+ httpGet:
+ path: /readyz/isDirty
port: http-api
- timeoutSeconds: 2
- readinessProbe:
+ timeoutSeconds: 5
+ failureThreshold: 3
+ startupProbe:
initialDelaySeconds: 10
- periodSeconds: 60
+ periodSeconds: 5
httpGet:
path: /readyz/isDirty
port: http-api
- timeoutSeconds: 2
+ timeoutSeconds: 5
+ failureThreshold: 6
+ readinessProbe:
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ httpGet:
+ path: /readyz/health
+ port: http-api
+ timeoutSeconds: 5
+ failureThreshold: 3
securityContext:
allowPrivilegeEscalation: false
capabilities:
diff --git a/applications/model-registry/upstream/options/catalog/README.md b/applications/model-registry/upstream/options/catalog/README.md
index c00b4eef89..1d51a09cf1 100644
--- a/applications/model-registry/upstream/options/catalog/README.md
+++ b/applications/model-registry/upstream/options/catalog/README.md
@@ -8,4 +8,61 @@ kubectl apply -k . -n NAMESPACE
Replace `NAMESPACE` with your desired Kubernetes namespace.
-Update `sources.yaml` and `sample-catalog.yaml` to configure catalog models.
+## sources.yaml Configuration
+
+The `sources.yaml` file configures the model catalog sources. It contains a top-level `catalogs` list, where each entry defines a single catalog source.
+
+### Common Properties
+
+Each catalog source entry supports the following common properties:
+
+- **`name`** (*string*, required): A user-friendly name for the catalog source.
+- **`id`** (*string*, required): A unique identifier for the catalog source.
+- **`type`** (*string*, required): The type of catalog source. Supported values are `yaml` and `rhec`.
+- **`enabled`** (*boolean*, optional): Whether the catalog source is enabled. Defaults to `true` if not specified.
+
+### Catalog Source Types
+
+Below are the supported catalog source types and their specific `properties`.
+
+#### `yaml`
+
+The `yaml` type sources model metadata from a local YAML file.
+
+##### Properties
+
+- **`yamlCatalogPath`** (*string*, required): The path to the YAML file containing the model definitions. This path is relative to the directory where the `sources.yaml` file is located.
+
+##### Example
+
+```yaml
+catalogs:
+ - name: Sample Catalog
+ id: sample_custom_catalog
+ type: yaml
+ enabled: true
+ properties:
+ yamlCatalogPath: sample-catalog.yaml
+```
+
+#### `rhec`
+
+The `rhec` type sources model metadata from the Red Hat Ecosystem Catalog.
+
+##### Properties
+
+- **`models`** (*list*, required): A list of models to include from the Red Hat Ecosystem Catalog. Each entry in the list must contain a `repository` field.
+ - **`repository`** (*string*, required): The name of the model repository in the Red Hat Ecosystem Catalog (e.g., `rhelai1/modelcar-granite-7b-starter`).
+
+##### Example
+
+```yaml
+catalogs:
+ - name: Red Hat Ecosystem Catalog
+ id: sample_rhec_catalog
+ type: rhec
+ enabled: true
+ properties:
+ models:
+ - repository: rhelai1/modelcar-granite-7b-starter
+```
diff --git a/applications/model-registry/upstream/options/catalog/hf-sources-example.yaml b/applications/model-registry/upstream/options/catalog/hf-sources-example.yaml
new file mode 100644
index 0000000000..2a9134b469
--- /dev/null
+++ b/applications/model-registry/upstream/options/catalog/hf-sources-example.yaml
@@ -0,0 +1,26 @@
+catalogs:
+ - name: Sample Catalog
+ id: sample_catalog
+ type: yaml
+ enabled: true
+ properties:
+ yamlCatalogPath: sample-catalog.yaml
+ - name: Red Hat Ecosystem Catalog
+ id: rhec
+ type: rhec
+ enabled: true
+ properties:
+ models:
+ - repository: rhelai1/modelcar-granite-7b-starter
+ - name: HuggingFace Hub
+ id: huggingface
+ type: hf
+ enabled: true
+ properties:
+ # HuggingFace API key - should be stored in a Kubernetes secret
+ # and referenced here, or set via environment variable
+ apiKey: "${HUGGINGFACE_API_KEY}"
+ # Optional: Custom HuggingFace URL (defaults to https://huggingface.co)
+ url: "https://huggingface.co"
+ # Optional: Limit the number of models to fetch (defaults to 100)
+ modelLimit: 200
diff --git a/applications/model-registry/upstream/options/catalog/sources.yaml b/applications/model-registry/upstream/options/catalog/sources.yaml
index 1dcda4147b..0e3bbeb823 100644
--- a/applications/model-registry/upstream/options/catalog/sources.yaml
+++ b/applications/model-registry/upstream/options/catalog/sources.yaml
@@ -1,6 +1,15 @@
catalogs:
- name: Sample Catalog
- id: sample_catalog
+ id: sample_custom_catalog
type: yaml
+ enabled: true
properties:
yamlCatalogPath: sample-catalog.yaml
+- name: Red Hat Ecosystem Catalog
+ id: sample_rhec_catalog
+ type: rhec
+ enabled: true
+ properties:
+ models:
+ - repository: rhelai1/modelcar-granite-7b-starter
+
diff --git a/applications/model-registry/upstream/options/csi/kustomization.yaml b/applications/model-registry/upstream/options/csi/kustomization.yaml
index 89fec79984..ef4dbf015a 100644
--- a/applications/model-registry/upstream/options/csi/kustomization.yaml
+++ b/applications/model-registry/upstream/options/csi/kustomization.yaml
@@ -7,4 +7,4 @@ resources:
images:
- name: ghcr.io/kubeflow/model-registry/storage-initializer
newName: ghcr.io/kubeflow/model-registry/storage-initializer
- newTag: v0.2.21
+ newTag: v0.2.22
diff --git a/applications/model-registry/upstream/options/ui/base/kustomization.yaml b/applications/model-registry/upstream/options/ui/base/kustomization.yaml
index 2d14770461..08bc573510 100644
--- a/applications/model-registry/upstream/options/ui/base/kustomization.yaml
+++ b/applications/model-registry/upstream/options/ui/base/kustomization.yaml
@@ -10,4 +10,4 @@ resources:
images:
- name: model-registry-ui
newName: ghcr.io/kubeflow/model-registry/ui
- newTag: v0.2.21
+ newTag: v0.2.22
diff --git a/applications/model-registry/upstream/overlays/postgres/kustomization.yaml b/applications/model-registry/upstream/overlays/postgres/kustomization.yaml
index 0f81c89a43..01634b15ab 100644
--- a/applications/model-registry/upstream/overlays/postgres/kustomization.yaml
+++ b/applications/model-registry/upstream/overlays/postgres/kustomization.yaml
@@ -11,42 +11,27 @@ resources:
configMapGenerator:
- envs:
- params.env
- name: metadata-registry-db-parameters
+ name: model-registry-db-parameters
secretGenerator:
- envs:
- secrets.env
- name: metadata-registry-db-secrets
+ name: model-registry-db-secrets
generatorOptions:
disableNameSuffixHash: true
+
images:
- name: postgres
newName: postgres
- newTag: 14.7-alpine3.17
+ newTag: "14.7-alpine3.17"
patches:
- path: patches/model-registry-deployment.yaml
replacements:
-- source:
- fieldPath: metadata.name
- kind: Service
- name: metadata-postgres-db
- version: v1
- targets:
- - fieldPaths:
- - spec.template.spec.containers.0.args.2
- options:
- delimiter: =
- index: 1
- select:
- group: apps
- kind: Deployment
- name: model-registry-deployment
- version: v1
- source:
fieldPath: data.POSTGRES_PORT
kind: ConfigMap
- name: metadata-registry-db-parameters
+ name: model-registry-db-parameters
version: v1
targets:
- fieldPaths:
@@ -56,13 +41,3 @@ replacements:
kind: Deployment
name: model-registry-deployment
version: v1
- - fieldPaths:
- - spec.template.spec.containers.0.args.3
- options:
- delimiter: =
- index: 1
- select:
- group: apps
- kind: Deployment
- name: model-registry-deployment
- version: v1
diff --git a/applications/model-registry/upstream/overlays/postgres/model-registry-db-deployment.yaml b/applications/model-registry/upstream/overlays/postgres/model-registry-db-deployment.yaml
index a2f7a00cb4..0fc056742b 100644
--- a/applications/model-registry/upstream/overlays/postgres/model-registry-db-deployment.yaml
+++ b/applications/model-registry/upstream/overlays/postgres/model-registry-db-deployment.yaml
@@ -1,7 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: metadata-postgres-db
+ name: model-registry-db
labels:
component: db
spec:
@@ -31,9 +31,9 @@ spec:
value: /var/lib/postgresql/data/pgdata
envFrom:
- configMapRef:
- name: metadata-registry-db-parameters
+ name: model-registry-db-parameters
- secretRef:
- name: metadata-registry-db-secrets
+ name: model-registry-db-secrets
ports:
- name: postgres
containerPort: 5432
diff --git a/applications/model-registry/upstream/overlays/postgres/model-registry-db-pvc.yaml b/applications/model-registry/upstream/overlays/postgres/model-registry-db-pvc.yaml
index 13790489fa..9e1d8dc60e 100644
--- a/applications/model-registry/upstream/overlays/postgres/model-registry-db-pvc.yaml
+++ b/applications/model-registry/upstream/overlays/postgres/model-registry-db-pvc.yaml
@@ -7,4 +7,4 @@ spec:
- ReadWriteOnce
resources:
requests:
- storage: 20Gi
+ storage: 10Gi
diff --git a/applications/model-registry/upstream/overlays/postgres/model-registry-db-service.yaml b/applications/model-registry/upstream/overlays/postgres/model-registry-db-service.yaml
index 63902a6661..d70d7b056c 100644
--- a/applications/model-registry/upstream/overlays/postgres/model-registry-db-service.yaml
+++ b/applications/model-registry/upstream/overlays/postgres/model-registry-db-service.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
- name: metadata-postgres-db
+ name: model-registry-db
labels:
component: db
spec:
@@ -9,6 +9,6 @@ spec:
ports:
- port: 5432
protocol: TCP
- name: postgres
+ name: dbapi
selector:
component: db
diff --git a/applications/model-registry/upstream/overlays/postgres/params.env b/applications/model-registry/upstream/overlays/postgres/params.env
index 78db337462..49282e976a 100644
--- a/applications/model-registry/upstream/overlays/postgres/params.env
+++ b/applications/model-registry/upstream/overlays/postgres/params.env
@@ -1,2 +1,3 @@
+POSTGRES_DB=metadb
POSTGRES_PORT=5432
-POSTGRES_DBNAME=mlmdpostgres
+POSTGRES_HOST=model-registry-db
diff --git a/applications/model-registry/upstream/overlays/postgres/patches/model-registry-deployment.yaml b/applications/model-registry/upstream/overlays/postgres/patches/model-registry-deployment.yaml
index 1dec4cd75a..b1261a6085 100644
--- a/applications/model-registry/upstream/overlays/postgres/patches/model-registry-deployment.yaml
+++ b/applications/model-registry/upstream/overlays/postgres/patches/model-registry-deployment.yaml
@@ -10,23 +10,20 @@ spec:
traffic.sidecar.istio.io/excludeOutboundPorts: POSTGRES_PORT_PLACEHOLDER
spec:
containers:
- - name: grpc-container
+ - name: rest-container
# Remove existing environment variables
env:
- - $patch: replace
+ - $patch: replace
envFrom:
- - configMapRef:
- name: metadata-registry-db-parameters
- - secretRef:
- name: metadata-registry-db-secrets
- - configMapRef:
- name: model-registry-configmap
- args: ["--grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)",
- "--metadata_source_config_type=postgresql",
- "--postgres_config_host=MLMD_DB_HOST_PLACEHOLDER",
- "--postgres_config_port=POSTGRES_PORT_PLACEHOLDER",
- "--postgres_config_dbname=$(POSTGRES_DBNAME)",
- "--postgres_config_user=$(POSTGRES_USER)",
- "--postgres_config_password=$(POSTGRES_PASSWORD)",
- # "--postgres_config_skip_db_creation=true",
- "--enable_database_upgrade=true"]
+ - configMapRef:
+ name: model-registry-configmap
+ - secretRef:
+ name: model-registry-db-secrets
+ - configMapRef:
+ name: model-registry-db-parameters
+ args:
+ - --hostname=0.0.0.0
+ - --port=$(MODEL_REGISTRY_REST_SERVICE_PORT)
+ - --datastore-type=embedmd
+ - --embedmd-database-type=postgres
+ - --embedmd-database-dsn=postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)?sslmode=disable
diff --git a/applications/model-registry/upstream/overlays/postgres/secrets.env b/applications/model-registry/upstream/overlays/postgres/secrets.env
index 973d158283..af52853040 100644
--- a/applications/model-registry/upstream/overlays/postgres/secrets.env
+++ b/applications/model-registry/upstream/overlays/postgres/secrets.env
@@ -1,2 +1,2 @@
POSTGRES_USER=root
-POSTGRES_PASSWORD=password
\ No newline at end of file
+POSTGRES_PASSWORD=test
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/ci/ci-values.yaml b/experimental/helm/charts/model-registry/ci/ci-values.yaml
index d43b12777e..3b8d5bdab2 100644
--- a/experimental/helm/charts/model-registry/ci/ci-values.yaml
+++ b/experimental/helm/charts/model-registry/ci/ci-values.yaml
@@ -12,7 +12,7 @@ server:
dataStoreType: embedmd
image:
- tag: "v0.2.21"
+ tag: "v0.2.22"
# Configure readiness probe
rest:
diff --git a/experimental/helm/charts/model-registry/ci/values-db.yaml b/experimental/helm/charts/model-registry/ci/values-db.yaml
index 053a4520f0..9b79f8dfeb 100644
--- a/experimental/helm/charts/model-registry/ci/values-db.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-db.yaml
@@ -10,7 +10,7 @@ server:
replicas: 1
dataStoreType: embedmd
image:
- tag: "v0.2.21"
+ tag: "v0.2.22"
resources:
limits:
cpu: 200m
diff --git a/experimental/helm/charts/model-registry/ci/values-postgres.yaml b/experimental/helm/charts/model-registry/ci/values-postgres.yaml
index 41c4a3f90f..5a090630a9 100644
--- a/experimental/helm/charts/model-registry/ci/values-postgres.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-postgres.yaml
@@ -10,7 +10,7 @@ server:
replicas: 1
dataStoreType: embedmd
image:
- tag: "v0.2.21"
+ tag: "v0.2.22"
resources:
limits:
cpu: 200m
@@ -41,9 +41,11 @@ database:
repository: postgres
tag: "14.7-alpine3.17"
auth:
- database: mlmdpostgres
+ database: metadb
username: root
- password: "password"
+ password: "test"
+ service:
+ name: model-registry-db
resources:
limits:
cpu: 200m
@@ -53,7 +55,7 @@ database:
memory: 128Mi
persistence:
enabled: true
- size: 20Gi
+ size: 10Gi
external:
enabled: false
diff --git a/experimental/helm/charts/model-registry/ci/values-ui-integrated.yaml b/experimental/helm/charts/model-registry/ci/values-ui-integrated.yaml
index ee880181cc..34ffe4e8ae 100644
--- a/experimental/helm/charts/model-registry/ci/values-ui-integrated.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-ui-integrated.yaml
@@ -5,7 +5,7 @@ ui:
image:
repository: ui
- tag: "v0.2.21"
+ tag: "v0.2.22"
pullPolicy: Always
containerPort: 8080
diff --git a/experimental/helm/charts/model-registry/ci/values-ui-istio.yaml b/experimental/helm/charts/model-registry/ci/values-ui-istio.yaml
index 7109e54856..51b8a5c088 100644
--- a/experimental/helm/charts/model-registry/ci/values-ui-istio.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-ui-istio.yaml
@@ -9,7 +9,7 @@ ui:
image:
repository: ui
- tag: "v0.2.21"
+ tag: "v0.2.22"
pullPolicy: Always
containerPort: 8080
diff --git a/experimental/helm/charts/model-registry/ci/values-ui-standalone.yaml b/experimental/helm/charts/model-registry/ci/values-ui-standalone.yaml
index a079b45386..2ce2002928 100644
--- a/experimental/helm/charts/model-registry/ci/values-ui-standalone.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-ui-standalone.yaml
@@ -9,7 +9,7 @@ ui:
image:
repository: ui
- tag: "v0.2.21"
+ tag: "v0.2.22"
pullPolicy: Always
containerPort: 8080
diff --git a/experimental/helm/charts/model-registry/ci/values-ui.yaml b/experimental/helm/charts/model-registry/ci/values-ui.yaml
index 6d9d77a34a..5136b1571e 100644
--- a/experimental/helm/charts/model-registry/ci/values-ui.yaml
+++ b/experimental/helm/charts/model-registry/ci/values-ui.yaml
@@ -5,7 +5,7 @@ ui:
image:
repository: ui
- tag: "v0.2.21"
+ tag: "v0.2.22"
pullPolicy: Always
containerPort: 8080
diff --git a/experimental/helm/charts/model-registry/templates/database/postgres/configmap.yaml b/experimental/helm/charts/model-registry/templates/database/postgres/configmap.yaml
index ba70167ab2..8d31a56061 100644
--- a/experimental/helm/charts/model-registry/templates/database/postgres/configmap.yaml
+++ b/experimental/helm/charts/model-registry/templates/database/postgres/configmap.yaml
@@ -2,8 +2,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: metadata-registry-db-parameters
+ name: model-registry-db-parameters
data:
+ POSTGRES_DB: {{ .Values.database.postgres.auth.database | quote }}
POSTGRES_PORT: {{ .Values.database.postgres.service.port | quote }}
- POSTGRES_DBNAME: {{ .Values.database.postgres.auth.database | quote }}
+ POSTGRES_HOST: {{ include "model-registry.postgres.serviceName" . | quote }}
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/database/postgres/deployment.yaml b/experimental/helm/charts/model-registry/templates/database/postgres/deployment.yaml
index 645b53444f..805cfd1083 100644
--- a/experimental/helm/charts/model-registry/templates/database/postgres/deployment.yaml
+++ b/experimental/helm/charts/model-registry/templates/database/postgres/deployment.yaml
@@ -2,54 +2,54 @@
apiVersion: apps/v1
kind: Deployment
metadata:
- name: metadata-postgres-db
+ name: model-registry-db
labels:
component: db
spec:
- replicas: 1
selector:
matchLabels:
component: db
+ replicas: 1
strategy:
type: Recreate
template:
metadata:
+ name: db
labels:
component: db
sidecar.istio.io/inject: "false"
- name: db
spec:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ runAsNonRoot: true
+ fsGroup: 70
containers:
- - env:
- - name: PGDATA
- value: /var/lib/postgresql/data/pgdata
+ - name: db-container
+ image: {{ .Values.database.postgres.image.repository }}:{{ .Values.database.postgres.image.tag }}
+ env:
+ - name: PGDATA
+ value: /var/lib/postgresql/data/pgdata
envFrom:
- configMapRef:
- name: metadata-registry-db-parameters
+ name: model-registry-db-parameters
- secretRef:
- name: metadata-registry-db-secrets
- image: {{ .Values.database.postgres.image.repository }}:{{ .Values.database.postgres.image.tag }}
- name: db-container
+ name: model-registry-db-secrets
ports:
- - containerPort: 5432
- name: postgres
+ - name: postgres
+ containerPort: {{ .Values.database.postgres.service.port }}
+ volumeMounts:
+ - name: metadata-postgres
+ mountPath: /var/lib/postgresql/data
securityContext:
+ runAsUser: 70
+ runAsGroup: 70
allowPrivilegeEscalation: false
capabilities:
drop:
- - ALL
- runAsGroup: 70
- runAsUser: 70
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: metadata-postgres
- securityContext:
- fsGroup: 70
- runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
+ - ALL
volumes:
- name: metadata-postgres
persistentVolumeClaim:
- claimName: metadata-postgres
+ claimName: {{ include "model-registry.postgres.pvcName" . }}
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/database/postgres/pvc.yaml b/experimental/helm/charts/model-registry/templates/database/postgres/pvc.yaml
index 11fe8b0059..880899261f 100644
--- a/experimental/helm/charts/model-registry/templates/database/postgres/pvc.yaml
+++ b/experimental/helm/charts/model-registry/templates/database/postgres/pvc.yaml
@@ -5,8 +5,8 @@ metadata:
name: {{ include "model-registry.postgres.pvcName" . }}
spec:
accessModes:
- - ReadWriteOnce
+ - ReadWriteOnce
resources:
requests:
- storage: {{ .Values.database.postgres.persistence.size | quote }}
+ storage: {{ .Values.database.postgres.persistence.size }}
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/database/postgres/secret.yaml b/experimental/helm/charts/model-registry/templates/database/postgres/secret.yaml
index ebfd838839..65b4786214 100644
--- a/experimental/helm/charts/model-registry/templates/database/postgres/secret.yaml
+++ b/experimental/helm/charts/model-registry/templates/database/postgres/secret.yaml
@@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
- name: metadata-registry-db-secrets
+ name: model-registry-db-secrets
type: Opaque
data:
POSTGRES_USER: {{ .Values.database.postgres.auth.username | b64enc | quote }}
diff --git a/experimental/helm/charts/model-registry/templates/database/postgres/service.yaml b/experimental/helm/charts/model-registry/templates/database/postgres/service.yaml
index 23e7fb1114..e8c97d069f 100644
--- a/experimental/helm/charts/model-registry/templates/database/postgres/service.yaml
+++ b/experimental/helm/charts/model-registry/templates/database/postgres/service.yaml
@@ -2,15 +2,15 @@
apiVersion: v1
kind: Service
metadata:
+ name: {{ include "model-registry.postgres.serviceName" . }}
labels:
component: db
- name: {{ include "model-registry.postgres.serviceName" . }}
spec:
+ type: ClusterIP
ports:
- - name: postgres
- port: {{ .Values.database.postgres.service.port }}
- protocol: TCP
+ - port: {{ .Values.database.postgres.service.port }}
+ protocol: TCP
+ name: dbapi
selector:
component: db
- type: ClusterIP
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/server/configmap.yaml b/experimental/helm/charts/model-registry/templates/server/configmap.yaml
index ac26175740..5efe970db3 100644
--- a/experimental/helm/charts/model-registry/templates/server/configmap.yaml
+++ b/experimental/helm/charts/model-registry/templates/server/configmap.yaml
@@ -2,21 +2,11 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "model-registry.configMap.name" . }}
+ name: model-registry-configmap
labels:
- {{- include "model-registry.labels" . | nindent 4 }}
- app.kubernetes.io/component: server
component: model-registry-server
- {{- with .Values.commonAnnotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
data:
MODEL_REGISTRY_REST_SERVICE_HOST: {{ include "model-registry.service.name" . | quote }}
MODEL_REGISTRY_REST_SERVICE_PORT: {{ .Values.server.rest.port | quote }}
- {{- if ne .Values.server.dataStoreType "embedmd" }}
- MODEL_REGISTRY_GRPC_SERVICE_HOST: {{ include "model-registry.service.name" . | quote }}
- MODEL_REGISTRY_GRPC_SERVICE_PORT: {{ .Values.server.grpc.port | quote }}
- {{- end }}
MODEL_REGISTRY_DATA_STORE_TYPE: {{ .Values.server.dataStoreType | quote }}
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/server/deployment.yaml b/experimental/helm/charts/model-registry/templates/server/deployment.yaml
index ef0a4be63b..c3490d2187 100644
--- a/experimental/helm/charts/model-registry/templates/server/deployment.yaml
+++ b/experimental/helm/charts/model-registry/templates/server/deployment.yaml
@@ -2,191 +2,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: model-registry-deployment
labels:
component: model-registry-server
- name: model-registry-deployment
spec:
- replicas: {{ .Values.server.replicas }}
+ replicas: 1
selector:
matchLabels:
component: model-registry-server
template:
metadata:
- {{- if or (eq .Values.database.type "postgres") (eq .Values.database.type "mysql") }}
+ {{- if eq .Values.database.type "postgres" }}
+ annotations:
+ traffic.sidecar.istio.io/excludeOutboundPorts: {{ .Values.database.postgres.service.port | quote }}
+ {{- else if eq .Values.database.type "mysql" }}
annotations:
- {{- if eq .Values.database.type "postgres" }}
- traffic.sidecar.istio.io/excludeOutboundPorts: "5432"
- {{- else if eq .Values.database.type "mysql" }}
- traffic.sidecar.istio.io/excludeOutboundPorts: "3306"
- {{- end }}
+ traffic.sidecar.istio.io/excludeOutboundPorts: {{ .Values.database.mysql.service.port | quote }}
{{- end }}
labels:
- component: model-registry-server
sidecar.istio.io/inject: "true"
+ component: model-registry-server
spec:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ runAsNonRoot: true
containers:
- {{- if and (eq .Values.database.type "postgres") (eq .Values.server.dataStoreType "embedmd") }}
- - name: {{ .Values.server.grpc.containerName }}
- env: []
- envFrom:
- - configMapRef:
- name: metadata-registry-db-parameters
- - secretRef:
- name: metadata-registry-db-secrets
- - configMapRef:
- name: model-registry-configmap
- args:
- - --grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)
- - --metadata_source_config_type=postgresql
- - --postgres_config_host={{ include "model-registry.postgres.serviceName" . }}
- - --postgres_config_port={{ .Values.database.postgres.service.port }}
- - --postgres_config_dbname=$(POSTGRES_DBNAME)
- - --postgres_config_user=$(POSTGRES_USER)
- - --postgres_config_password=$(POSTGRES_PASSWORD)
- - --enable_database_upgrade=true
- - name: {{ .Values.server.rest.containerName }}
- image: "{{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}"
- args:
- - --hostname=0.0.0.0
- - --port=8080
- - --datastore-type=embedmd
- - --embedmd-database-dsn=$(DBCONFIG_USER):$(DBCONFIG_PASSWORD)@tcp($(MYSQL_HOST):$(MYSQL_PORT))/$(MYSQL_DATABASE)?charset=utf8mb4
- command:
- - /model-registry
- - proxy
- env:
- - name: DBCONFIG_USER
- valueFrom:
- secretKeyRef:
- key: username
- name: mysql-secret
- - name: DBCONFIG_PASSWORD
- valueFrom:
- secretKeyRef:
- key: password
- name: mysql-secret
- - name: MYSQL_DATABASE
- valueFrom:
- configMapKeyRef:
- key: embedmdDb
- name: pipeline-install-config
- - name: MYSQL_HOST
- valueFrom:
- configMapKeyRef:
- key: dbHost
- name: pipeline-install-config
- - name: MYSQL_PORT
- valueFrom:
- configMapKeyRef:
- key: dbPort
- name: pipeline-install-config
- ports:
- - name: http-api
- containerPort: 8080
- {{- if .Values.server.rest.livenessProbe.enabled }}
- livenessProbe:
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- tcpSocket:
- port: http-api
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.rest.readinessProbe.enabled }}
- readinessProbe:
- httpGet:
- path: /readyz/isDirty
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- else if eq .Values.database.type "postgres" }}
- - name: {{ .Values.server.grpc.containerName }}
- image: {{ .Values.server.grpc.mlmdImage }}
- env: []
- envFrom:
- - configMapRef:
- name: metadata-registry-db-parameters
- - secretRef:
- name: metadata-registry-db-secrets
- - configMapRef:
- name: model-registry-configmap
- args: ["--grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)",
- "--metadata_source_config_type=postgresql",
- "--postgres_config_host={{ include "model-registry.postgres.serviceName" . }}",
- "--postgres_config_port={{ .Values.database.postgres.service.port }}",
- "--postgres_config_dbname=$(POSTGRES_DBNAME)",
- "--postgres_config_user=$(POSTGRES_USER)",
- "--postgres_config_password=$(POSTGRES_PASSWORD)",
- "--enable_database_upgrade=true"]
- command: ["/bin/metadata_store_server"]
- ports:
- - name: grpc-api
- containerPort: {{ .Values.server.grpc.port }}
- {{- if .Values.server.grpc.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.grpc.readinessProbe.enabled }}
- readinessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.grpc.securityContext | nindent 12 }}
- - name: {{ .Values.server.rest.containerName }}
- image: "{{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}"
+ - name: rest-container
+ {{- if eq .Values.database.type "postgres" }}
args:
- - --hostname={{ .Values.server.rest.hostname }}
- - --port={{ .Values.server.rest.port }}
- - --mlmd-hostname={{ .Values.server.grpc.mlmdHostname }}
- - --mlmd-port={{ .Values.server.grpc.mlmdPort }}
- - --datastore-type={{ .Values.server.dataStoreType }}
- command:
- - /model-registry
- - proxy
- env:
- {{- toYaml .Values.server.env | nindent 12 }}
- ports:
- - name: http-api
- containerPort: {{ .Values.server.rest.port }}
- {{- if .Values.server.rest.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.rest.readinessProbe.enabled }}
- readinessProbe:
- tcpSocket:
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- with .Values.server.volumeMounts }}
- volumeMounts:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- {{- else if and (eq .Values.database.type "mysql") (eq .Values.server.dataStoreType "embedmd") }}
- - args:
- --hostname=0.0.0.0
- --port=$(MODEL_REGISTRY_REST_SERVICE_PORT)
- - --datastore-type=$(MODEL_REGISTRY_DATA_STORE_TYPE)
- - --embedmd-database-dsn=$(MYSQL_USER_NAME):$(MYSQL_ROOT_PASSWORD)@tcp(model-registry-db:$(MYSQL_PORT))/$(MYSQL_DATABASE)?charset=utf8mb4
+ - --datastore-type=embedmd
+ - --embedmd-database-type=postgres
+ - --embedmd-database-dsn=postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)?sslmode=disable
command:
- /model-registry
- proxy
@@ -198,43 +47,12 @@ spec:
name: model-registry-db-secrets
- configMapRef:
name: model-registry-db-parameters
- image: {{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}
- {{- if .Values.server.rest.livenessProbe.enabled }}
- livenessProbe:
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- tcpSocket:
- port: http-api
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- name: {{ .Values.server.rest.containerName }}
- ports:
- - containerPort: {{ .Values.server.rest.port }}
- name: http-api
- {{- if .Values.server.rest.readinessProbe.enabled }}
- readinessProbe:
- httpGet:
- path: /readyz/isDirty
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- with .Values.server.volumeMounts }}
- volumeMounts:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- {{- else if eq .Values.database.type "mysql" }}
- - name: {{ .Values.server.rest.containerName }}
- image: "{{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}"
+ {{- else if eq .Values.database.type "mysql" }}
args:
- --hostname=0.0.0.0
- --port=$(MODEL_REGISTRY_REST_SERVICE_PORT)
- - --mlmd-hostname=localhost
- - --mlmd-port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)
- --datastore-type=$(MODEL_REGISTRY_DATA_STORE_TYPE)
+ - --embedmd-database-dsn=$(MYSQL_USER_NAME):$(MYSQL_ROOT_PASSWORD)@tcp(model-registry-db:$(MYSQL_PORT))/$(MYSQL_DATABASE)?charset=utf8mb4
command:
- /model-registry
- proxy
@@ -242,76 +60,15 @@ spec:
envFrom:
- configMapRef:
name: model-registry-configmap
- ports:
- - name: http-api
- containerPort: {{ .Values.server.rest.port }}
- {{- if .Values.server.rest.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.rest.readinessProbe.enabled }}
- readinessProbe:
- tcpSocket:
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- with .Values.server.volumeMounts }}
- volumeMounts:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- - name: {{ .Values.server.grpc.containerName }}
- image: {{ .Values.server.grpc.mlmdImage }}
- env: []
- envFrom:
- - configMapRef:
- name: model-registry-db-parameters
- secretRef:
name: model-registry-db-secrets
- configMapRef:
- name: model-registry-configmap
- args: ["--grpc_port=$(MODEL_REGISTRY_GRPC_SERVICE_PORT)",
- "--mysql_config_host={{ include "model-registry.mysql.serviceName" . }}",
- "--mysql_config_database=$(MYSQL_DATABASE)",
- "--mysql_config_port={{ .Values.database.mysql.service.port }}",
- "--mysql_config_user=$(MYSQL_USER_NAME)",
- "--mysql_config_password=$(MYSQL_ROOT_PASSWORD)"]
- command: ["/bin/metadata_store_server"]
- ports:
- - name: grpc-api
- containerPort: {{ .Values.server.grpc.port }}
- {{- if .Values.server.grpc.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.grpc.readinessProbe.enabled }}
- readinessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.grpc.securityContext | nindent 12 }}
- {{- else if eq .Values.server.dataStoreType "embedmd" }}
- - name: {{ .Values.server.rest.containerName }}
- image: "{{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}"
+ name: model-registry-db-parameters
+ {{- else }}
args:
- --hostname=0.0.0.0
- --port={{ .Values.server.rest.port }}
- - --datastore-type=embedmd
+ - --datastore-type={{ .Values.server.dataStoreType }}
- --embedmd-database-dsn=$(DBCONFIG_USER):$(DBCONFIG_PASSWORD)@tcp($(MYSQL_HOST):$(MYSQL_PORT))/$(MYSQL_DATABASE)?charset=utf8mb4
command:
- /model-registry
@@ -342,147 +99,39 @@ spec:
configMapKeyRef:
name: pipeline-install-config
key: dbPort
+ {{- end }}
+ image: {{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}
ports:
- name: http-api
containerPort: {{ .Values.server.rest.port }}
- {{- if .Values.server.rest.livenessProbe.enabled }}
livenessProbe:
- tcpSocket:
- port: http-api
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.rest.readinessProbe.enabled }}
- readinessProbe:
+ initialDelaySeconds: 30
+ periodSeconds: 10
httpGet:
path: /readyz/isDirty
port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- with .Values.server.volumeMounts }}
- volumeMounts:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- {{- else }}
- - name: {{ .Values.server.rest.containerName }}
- image: "{{ .Values.global.imageRegistry }}/{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Values.global.imageTag }}"
- args:
- - --hostname={{ .Values.server.rest.hostname }}
- - --port={{ .Values.server.rest.port }}
- - --mlmd-hostname={{ .Values.server.grpc.mlmdHostname }}
- - --mlmd-port={{ .Values.server.grpc.mlmdPort }}
- - --datastore-type={{ .Values.server.dataStoreType }}
- command:
- - /model-registry
- - proxy
- env:
- {{- toYaml .Values.server.env | nindent 12 }}
- ports:
- - name: http-api
- containerPort: {{ .Values.server.rest.port }}
- {{- if .Values.server.rest.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
+ timeoutSeconds: 5
+ failureThreshold: 3
+ startupProbe:
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ httpGet:
+ path: /readyz/isDirty
port: http-api
- initialDelaySeconds: {{ .Values.server.rest.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.rest.readinessProbe.enabled }}
+ timeoutSeconds: 5
+ failureThreshold: 6
readinessProbe:
- tcpSocket:
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ httpGet:
+ path: /readyz/health
port: http-api
- initialDelaySeconds: {{ .Values.server.rest.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.rest.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.rest.readinessProbe.timeoutSeconds }}
- {{- end }}
+ timeoutSeconds: 5
+ failureThreshold: 3
securityContext:
- {{- toYaml .Values.server.securityContext | nindent 12 }}
- {{- with .Values.server.volumeMounts }}
- volumeMounts:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- - name: {{ .Values.server.grpc.containerName }}
- image: {{ .Values.server.grpc.mlmdImage }}
- env:
- - name: DBCONFIG_USER
- valueFrom:
- secretKeyRef:
- name: mysql-secret
- key: username
- - name: DBCONFIG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mysql-secret
- key: password
- - name: MYSQL_DATABASE
- valueFrom:
- configMapKeyRef:
- name: pipeline-install-config
- key: mlmdDb
- - name: MYSQL_HOST
- valueFrom:
- configMapKeyRef:
- name: pipeline-install-config
- key: dbHost
- - name: MYSQL_PORT
- valueFrom:
- configMapKeyRef:
- name: pipeline-install-config
- key: dbPort
- args: ["--grpc_port={{ .Values.server.grpc.port }}",
- "--mysql_config_database=$(MYSQL_DATABASE)",
- "--mysql_config_host=$(MYSQL_HOST)",
- "--mysql_config_port=MYSQL_PORT_PLACEHOLDER",
- "--mysql_config_user=$(DBCONFIG_USER)",
- "--mysql_config_password=$(DBCONFIG_PASSWORD)",
- "--enable_database_upgrade=true"
- ]
- command: ["/bin/metadata_store_server"]
- ports:
- - name: grpc-api
- containerPort: {{ .Values.server.grpc.port }}
- {{- if .Values.server.grpc.livenessProbe.enabled }}
- livenessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.livenessProbe.timeoutSeconds }}
- {{- end }}
- {{- if .Values.server.grpc.readinessProbe.enabled }}
- readinessProbe:
- tcpSocket:
- port: grpc-api
- initialDelaySeconds: {{ .Values.server.grpc.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.server.grpc.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.server.grpc.readinessProbe.timeoutSeconds }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.grpc.securityContext | nindent 12 }}
- {{- end }}
- securityContext:
- {{- toYaml .Values.server.podSecurityContext | nindent 8 }}
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
serviceAccountName: model-registry-server
- {{- with .Values.server.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.server.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.server.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.server.volumes }}
- volumes:
- {{- toYaml . | nindent 8 }}
- {{- end }}
{{- end }}
\ No newline at end of file
diff --git a/experimental/helm/charts/model-registry/templates/ui/deployment.yaml b/experimental/helm/charts/model-registry/templates/ui/deployment.yaml
index 21d7b200eb..8093c243fb 100644
--- a/experimental/helm/charts/model-registry/templates/ui/deployment.yaml
+++ b/experimental/helm/charts/model-registry/templates/ui/deployment.yaml
@@ -2,9 +2,9 @@
apiVersion: apps/v1
kind: Deployment
metadata:
+ name: model-registry-ui
labels:
app: model-registry-ui
- name: {{ include "model-registry.ui.fullname" . }}
{{- if .Values.global.includeNamespace }}
namespace: {{ include "model-registry.namespace" . }}
{{- end }}
@@ -17,59 +17,56 @@ spec:
metadata:
labels:
app: model-registry-ui
- {{- with .Values.ui.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- spec:
+ spec:
+ serviceAccountName: model-registry-ui
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ runAsNonRoot: true
containers:
- - {{- if .Values.ui.args }}
- args:
- {{- toYaml .Values.ui.args | nindent 10 }}
- {{- else }}
- args:
- - "--port={{ .Values.ui.containerPort }}"
- {{- end }}
- image: {{ include "model-registry.ui.image" . }}
- imagePullPolicy: {{ include "model-registry.ui.imagePullPolicy" . }}
+ - name: model-registry-ui
+ image: ghcr.io/kubeflow/model-registry/ui:v0.2.22
+ imagePullPolicy: Always
{{- if .Values.ui.livenessProbe.enabled }}
livenessProbe:
- failureThreshold: {{ .Values.ui.livenessProbe.failureThreshold }}
httpGet:
path: {{ .Values.ui.livenessProbe.path }}
port: {{ .Values.ui.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.ui.livenessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.ui.livenessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.ui.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.ui.livenessProbe.successThreshold }}
- timeoutSeconds: {{ .Values.ui.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.ui.livenessProbe.failureThreshold }}
{{- end }}
- name: {{ .Chart.Name }}-ui
- ports:
- - containerPort: {{ .Values.ui.containerPort }}
{{- if .Values.ui.readinessProbe.enabled }}
readinessProbe:
- failureThreshold: {{ .Values.ui.readinessProbe.failureThreshold }}
httpGet:
path: {{ .Values.ui.readinessProbe.path }}
port: {{ .Values.ui.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.ui.readinessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.ui.readinessProbe.timeoutSeconds }}
periodSeconds: {{ .Values.ui.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.ui.readinessProbe.successThreshold }}
- timeoutSeconds: {{ .Values.ui.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.ui.readinessProbe.failureThreshold }}
{{- end }}
resources:
{{- toYaml .Values.ui.resources | nindent 10 }}
+ ports:
+ - containerPort: {{ .Values.ui.containerPort }}
+ {{- if .Values.ui.args }}
+ args:
+ {{- toYaml .Values.ui.args | nindent 10 }}
+ {{- else }}
+ args:
+ - "--port={{ .Values.ui.containerPort }}"
+ {{- end }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- - ALL
- {{- with .Values.ui.env }}
- env:
- {{- toYaml . | nindent 10 }}
- {{- end }}
+ - ALL
{{- if .Values.ui.standalone.enabled }}
- image: nginx:1.25-alpine
name: auth-proxy
@@ -100,27 +97,11 @@ spec:
- mountPath: /var/run
name: var-run
{{- end }}
- {{- with .Values.global.imagePullSecrets }}
- imagePullSecrets:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.ui.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.ui.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- serviceAccountName: {{ include "model-registry.ui.serviceAccountName" . }}
- {{- with .Values.ui.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
+ serviceAccountName: model-registry-ui
{{- if .Values.ui.standalone.enabled }}
volumes:
- configMap: