Removed KServe DNS patches from GitHub Actions tests (#3086) #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: End-to-End Integration Test | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
env: | |
KF_PROFILE: kubeflow-user-example-com | |
jobs: | |
kubeflow-integration: | |
name: Kubeflow Installation and Testing | |
runs-on: | |
labels: ubuntu-latest-16-cores | |
timeout-minutes: 60 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install KinD, Create KinD cluster and Install kustomize | |
run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh | |
- name: Install kubectl | |
run: ./tests/gh-actions/install_kubectl.sh | |
- name: Create Kubeflow Namespace | |
run: kustomize build common/kubeflow-namespace/base | kubectl apply -f - | |
- name: Install Certificate Manager | |
run: ./tests/gh-actions/install_cert_manager.sh | |
- name: Install Istio CNI | |
run: ./tests/gh-actions/install_istio-cni.sh | |
- name: Install OAuth2 Proxy | |
run: ./tests/gh-actions/install_oauth2-proxy.sh | |
- name: Install Kubeflow Istio Resources | |
run: kustomize build common/istio-cni-1-24/kubeflow-istio-resources/base | kubectl apply -f - | |
- name: Install Multi-Tenancy | |
run: ./tests/gh-actions/install_multi_tenancy.sh | |
- name: Install Dex | |
run: ./tests/gh-actions/install_dex.sh | |
- name: Install Central Dashboard | |
run: ./tests/gh-actions/install_central_dashboard.sh | |
- name: Install Pipelines | |
run: ./tests/gh-actions/install_pipelines.sh | |
- name: Create KF Profile | |
run: ./tests/gh-actions/install_kubeflow_profile.sh | |
- name: Install Jupyter Web App | |
run: kustomize build apps/jupyter/jupyter-web-app/upstream/overlays/istio/ | kubectl apply -f - | |
- name: Install Notebook Controller | |
run: kustomize build apps/jupyter/notebook-controller/upstream/overlays/kubeflow/ | kubectl apply -f - | |
- name: Install Admission Webhook | |
run: kustomize build apps/admission-webhook/upstream/overlays/cert-manager | kubectl apply -f - | |
- name: Install PodDefaults CRD | |
run: kubectl get crd poddefaults.kubeflow.org || kubectl apply -f https://raw.githubusercontent.com/kubeflow/kubeflow/master/components/admission-webhook/manifests/base/crd.yaml | |
- name: Wait for All Pods to be Ready | |
run: kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 300s --field-selector=status.phase!=Succeeded | |
- name: Install Katib | |
run: ./tests/gh-actions/install_katib.sh | |
- name: Install Training Operator | |
run: ./tests/gh-actions/install_training_operator.sh | |
- name: Install Knative | |
run: ./tests/gh-actions/install_knative.sh | |
- name: Install KServe | |
run: ./tests/gh-actions/install_kserve.sh | |
- name: Install Spark | |
run: chmod u+x tests/gh-actions/spark_*.sh && ./tests/gh-actions/spark_install.sh | |
- name: Install Dependencies | |
run: pip install pytest kubernetes kfp==2.11.0 kserve pytest-timeout pyyaml requests | |
- name: Port-forward the istio-ingress gateway | |
run: ./tests/gh-actions/port_forward_gateway.sh | |
# name: Setup OAuth2 and Dex Credentials | |
# run: chmod +x tests/gh-actions/oauth2_dex_credentials.sh && ./tests/gh-actions/oauth2_dex_credentials.sh | |
- name: Test Dex Login | |
run: | | |
pip3 install -q requests | |
python3 tests/gh-actions/test_dex_login.py | |
echo "Dex login test completed successfully." | |
- name: Test Pipeline Access with Authorized Token | |
run: | | |
TOKEN="$(kubectl -n $KF_PROFILE create token default-editor)" | |
python3 tests/gh-actions/pipeline_test.py run_pipeline "${TOKEN}" "${KF_PROFILE}" | |
- name: Test Pipeline Access with Unauthorized Token | |
run: | | |
python3 tests/gh-actions/pipeline_test.py test_unauthorized_access "$(kubectl -n default create token default)" "${KF_PROFILE}" | |
- name: Apply PodDefault for Pipeline Access Token | |
run: sed "s/kubeflow-user-example-com/$KF_PROFILE/g" tests/gh-actions/kf-objects/poddefaults.access-ml-pipeline.kubeflow-user-example-com.yaml | kubectl apply -f - | |
- name: Create Test Notebook | |
run: | | |
sed "s/kubeflow-user-example-com/$KF_PROFILE/g" tests/gh-actions/kf-objects/notebook.test.kubeflow-user-example.com.yaml | kubectl apply -f - | |
kubectl wait --for=condition=Ready pod -l app=test -n $KF_PROFILE --timeout=300s | |
- name: Copy and execute the pipeline run script in KF Notebook | |
run: | | |
cp tests/gh-actions/run_and_wait_kubeflow_pipeline.py /tmp/run_pipeline_temp.py | |
sed -i "s/experiment_namespace = \"kubeflow-user-example-com\"/experiment_namespace = \"$KF_PROFILE\"/g" /tmp/run_pipeline_temp.py | |
sed -i 's/except Exception:/except Exception as e:/g' /tmp/run_pipeline_temp.py | |
sed -i 's/logger.info("Experiment not found, trying to create experiment.")/logger.info("Experiment not found, trying to create experiment. Error: " + str(e))/g' /tmp/run_pipeline_temp.py | |
kubectl -n $KF_PROFILE cp /tmp/run_pipeline_temp.py test-0:/home/jovyan/run_and_wait_kubeflow_pipeline.py | |
kubectl -n $KF_PROFILE exec test-0 -- python /home/jovyan/run_and_wait_kubeflow_pipeline.py | |
- name: Run Katib Test | |
run: | | |
sed "s/kubeflow-user/$KF_PROFILE/g" tests/gh-actions/kf-objects/katib_test.yaml | kubectl apply -f - | |
kubectl wait --for=condition=Running experiments.kubeflow.org -n $KF_PROFILE --all --timeout=300s | |
sleep 30 | |
- name: Run Training Operator Test | |
run: | | |
sed 's/namespace: .*/namespace: '"$KF_PROFILE"'/g' tests/gh-actions/kf-objects/training_operator_job.yaml | kubectl apply -f - | |
- name: Run Spark Test | |
run: chmod u+x tests/gh-actions/spark_*.sh && ./tests/gh-actions/spark_test.sh "${KF_PROFILE}" | |
- name: Apply Pod Security Standards Baseline | |
run: ./tests/gh-actions/enable_baseline_PSS.sh | |
- name: Remove Pod Security Labels | |
run: | | |
NAMESPACES=("istio-system" "auth" "cert-manager" "oauth2-proxy" "kubeflow" "knative-serving") | |
for namespace in "${NAMESPACES[@]}"; do | |
kubectl label namespace $namespace pod-security.kubernetes.io/enforce- | |
done | |
- name: Apply Pod Security Standards Restricted | |
run: ./tests/gh-actions/enable_restricted_PSS.sh | |
- name: Run Non-Root Test | |
run: | | |
[ -f "tests/gh-actions/runasnonroot.sh" ] && chmod +x tests/gh-actions/runasnonroot.sh && ./tests/gh-actions/runasnonroot.sh | |
- name: Verify Components | |
run: kubectl get pods --all-namespaces | grep -E '(Error|CrashLoopBackOff)' && exit 1 || true | |
- name: Collect Logs on Failure | |
if: failure() | |
run: | | |
mkdir -p logs | |
kubectl get all --all-namespaces > logs/resources.txt | |
kubectl get events --all-namespaces --sort-by=.metadata.creationTimestamp > logs/events.txt | |
for namespace in kubeflow istio-system cert-manager auth; do | |
kubectl describe pods -n $ns > logs/$ns-pods.txt | |
for pod in $(kubectl get pods -n $ns -o jsonpath='{.items[*].metadata.name}'); do | |
kubectl logs -n $ns $pod --tail=100 > logs/$ns-$pod.txt 2>&1 || true | |
done | |
done | |
- name: Upload Diagnostic Logs | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: kubeflow-test-logs | |
path: logs/ |