feat: Add ambient mode support to profile-controller #244
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: End-to-End Dashboard Integration Test | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - components/** | |
| - releasing/version/VERSION | |
| - .github/workflows/end_to_end_integration_test.yaml | |
| branches: | |
| - main | |
| - v*-branch | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.number }} | |
| cancel-in-progress: true | |
| env: | |
| CENTRALDASHBOARD_IMG: ghcr.io/kubeflow/kubeflow/centraldashboard | |
| CENTRALDASHBOARD_ANGULAR_IMG: ghcr.io/kubeflow/kubeflow/centraldashboard-angular | |
| PROFILE_CONTROLLER_IMG: ghcr.io/kubeflow/kubeflow/profile-controller | |
| KFAM_IMG: ghcr.io/kubeflow/kubeflow/kfam | |
| ADMISSION_WEBHOOK_IMG: ghcr.io/kubeflow/kubeflow/poddefaults-webhook | |
| TAG: e2e-test | |
| jobs: | |
| end-to-end-test: | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 60 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install KinD | |
| run: ./testing/gh-actions/install_kind.sh | |
| - name: Create KinD Cluster | |
| run: kind create cluster --config testing/gh-actions/kind-1-33.yaml | |
| - name: Install kustomize | |
| run: ./testing/gh-actions/install_kustomize.sh | |
| - name: Install cert-manager | |
| run: ./testing/gh-actions/install_cert_manager.sh | |
| - name: Install Istio | |
| run: ./testing/gh-actions/install_istio.sh | |
| - name: Create Kubeflow Namespace | |
| run: kubectl create namespace kubeflow | |
| - name: Make Scripts Executable | |
| run: chmod +x testing/gh-actions/*.sh | |
| - name: Deploy Profile Controller Component | |
| run: | | |
| ./testing/gh-actions/deploy_component.sh \ | |
| "profile-controller" \ | |
| "components/profile-controller" \ | |
| "${PROFILE_CONTROLLER_IMG}" \ | |
| "${TAG}" \ | |
| "config" \ | |
| "overlays/kubeflow" | |
| - name: Wait for Profile Controller to be Ready | |
| run: | | |
| kubectl wait --for=condition=Available deployment -n kubeflow profiles-deployment --timeout=300s | |
| - name: Wait for Profile CRD to be Available | |
| run: | | |
| timeout=300 | |
| interval=5 | |
| elapsed=0 | |
| while ! kubectl get crd profiles.kubeflow.org >/dev/null 2>&1; do | |
| if [ $elapsed -ge $timeout ]; then | |
| exit 1 | |
| fi | |
| sleep $interval | |
| elapsed=$((elapsed + interval)) | |
| done | |
| kubectl wait --for condition=established --timeout=60s crd/profiles.kubeflow.org | |
| - name: Wait for KFAM to be Ready | |
| run: | | |
| kubectl wait --for=condition=Ready pods -n kubeflow -l app=kfam --timeout=300s || { | |
| echo "KFAM pods not found with label app=kfam, checking for profiles-kfam service..." | |
| kubectl get service profiles-kfam -n kubeflow || { | |
| echo "KFAM service not found, KFAM might be deployed as part of profiles deployment" | |
| kubectl wait --for=condition=Ready pods -n kubeflow -l kustomize.component=profiles --timeout=300s | |
| } | |
| } | |
| - name: Deploy Admission Webhook Component | |
| run: | | |
| ./testing/gh-actions/deploy_component.sh \ | |
| "admission-webhook" \ | |
| "components/admission-webhook" \ | |
| "${ADMISSION_WEBHOOK_IMG}" \ | |
| "${TAG}" \ | |
| "manifests" \ | |
| "overlays/cert-manager" | |
| - name: Wait for Admission Webhook to be Ready | |
| run: | | |
| kubectl wait --for=condition=Available deployment -n kubeflow admission-webhook-deployment --timeout=300s | |
| - name: Deploy CentralDashboard Angular Component | |
| run: | | |
| # Set required environment variables for domain name substitution | |
| export CD_NAMESPACE=kubeflow | |
| export CD_CLUSTER_DOMAIN=cluster.local | |
| ./testing/gh-actions/deploy_component.sh \ | |
| "centraldashboard-angular" \ | |
| "components/centraldashboard-angular" \ | |
| "${CENTRALDASHBOARD_ANGULAR_IMG}" \ | |
| "${TAG}" \ | |
| "manifests" \ | |
| "overlays/kserve" | |
| - name: Wait for CentralDashboard Angular to be Ready | |
| run: | | |
| kubectl wait --for=condition=Available deployment -n kubeflow centraldashboard-angular --timeout=300s | |
| - name: Deploy CentralDashboard Component | |
| run: | | |
| export CD_NAMESPACE=kubeflow | |
| export CD_CLUSTER_DOMAIN=cluster.local | |
| export CD_NAMESPACE_PLACEHOLDER=kubeflow | |
| export CD_CLUSTER_DOMAIN_PLACEHOLDER=cluster.local | |
| ./testing/gh-actions/deploy_component.sh \ | |
| "centraldashboard" \ | |
| "components/centraldashboard" \ | |
| "${CENTRALDASHBOARD_IMG}" \ | |
| "${TAG}" \ | |
| "manifests" \ | |
| "overlays/kserve" | |
| - name: Wait for CentralDashboard to be Ready | |
| run: | | |
| kubectl wait --for=condition=Available deployment -n kubeflow centraldashboard --timeout=300s | |
| - name: Create Test Profiles | |
| run: | | |
| ./testing/gh-actions/test_profile.sh create e2e-admin [email protected] | |
| ./testing/gh-actions/test_profile.sh create-simple e2e-user [email protected] | |
| - name: Validate Profile Integration | |
| run: | | |
| ./testing/gh-actions/test_profile.sh validate e2e-admin | |
| ./testing/gh-actions/test_profile.sh validate e2e-user | |
| - name: Test PodDefault Integration | |
| run: | | |
| ./testing/gh-actions/test_poddefault.sh create-namespace e2e-test | |
| ./testing/gh-actions/test_poddefault.sh create-poddefault e2e-test e2e-poddefault | |
| ./testing/gh-actions/test_poddefault.sh test-mutation e2e-test e2e-poddefault e2e-test-pod | |
| - name: Test KFAM Service Integration | |
| run: | | |
| kubectl get services -n kubeflow | grep kfam | |
| kubectl get services -n kubeflow -l kustomize.component=profiles | |
| POD_NAME=$(kubectl get pods -n kubeflow -l kustomize.component=profiles -o jsonpath="{.items[0].metadata.name}") | |
| if [ -z "$POD_NAME" ]; then exit 1; fi | |
| kubectl port-forward -n kubeflow pod/$POD_NAME 8081:8081 & | |
| PF_PID=$! | |
| echo $PF_PID > /tmp/kfam_pf.pid | |
| sleep 5 | |
| curl -v --max-time 10 http://localhost:8081/kfam/ || \ | |
| curl -v --max-time 10 http://localhost:8081/metrics || \ | |
| curl -v --max-time 10 http://localhost:8081/kfam/v1/bindings | |
| curl -v --max-time 10 -H "kubeflow-userid: [email protected]" \ | |
| http://localhost:8081/kfam/v1/bindings?namespace=e2e-admin | |
| if [ -f "/tmp/kfam_pf.pid" ]; then | |
| kill $(cat /tmp/kfam_pf.pid) | |
| rm -f /tmp/kfam_pf.pid | |
| fi | |
| - name: Test CentralDashboard Angular Integration | |
| run: | | |
| POD_NAME=$(kubectl get pods -n kubeflow -l app=centraldashboard-angular -o jsonpath="{.items[0].metadata.name}") | |
| if [ -z "$POD_NAME" ]; then exit 1; fi | |
| kubectl port-forward -n kubeflow pod/$POD_NAME 8082:8082 & | |
| PF_PID=$! | |
| echo $PF_PID > /tmp/angular_pf.pid | |
| sleep 5 | |
| curl -v --max-time 10 http://localhost:8082/ | |
| if [ -f "/tmp/angular_pf.pid" ]; then | |
| kill $(cat /tmp/angular_pf.pid) | |
| rm -f /tmp/angular_pf.pid | |
| fi | |
| - name: Test CentralDashboard Integration | |
| run: | | |
| POD_NAME=$(kubectl get pods -n kubeflow -l app=centraldashboard -o jsonpath="{.items[0].metadata.name}") | |
| if [ -z "$POD_NAME" ]; then exit 1; fi | |
| kubectl port-forward -n kubeflow pod/$POD_NAME 8083:8082 & | |
| PF_PID=$! | |
| echo $PF_PID > /tmp/dashboard_pf.pid | |
| sleep 5 | |
| curl -v --max-time 10 http://localhost:8083/ | |
| for i in $(seq 1 5); do | |
| curl -s --max-time 5 http://localhost:8083/ >/dev/null | |
| done | |
| if [ -f "/tmp/dashboard_pf.pid" ]; then | |
| kill $(cat /tmp/dashboard_pf.pid) | |
| rm -f /tmp/dashboard_pf.pid | |
| fi | |
| - name: Test Profile Update with Dashboard Access | |
| run: | | |
| ./testing/gh-actions/test_profile.sh update e2e-admin | |
| POD_NAME=$(kubectl get pods -n kubeflow -l app=centraldashboard -o jsonpath="{.items[0].metadata.name}") | |
| if [ -z "$POD_NAME" ]; then exit 1; fi | |
| kubectl port-forward -n kubeflow pod/$POD_NAME 8084:8082 & | |
| PF_PID=$! | |
| echo $PF_PID > /tmp/dashboard_update_pf.pid | |
| sleep 5 | |
| curl -v --max-time 10 http://localhost:8084/ | |
| if [ -f "/tmp/dashboard_update_pf.pid" ]; then | |
| kill $(cat /tmp/dashboard_update_pf.pid) | |
| rm -f /tmp/dashboard_update_pf.pid | |
| fi | |
| - name: Check Component Health and Logs | |
| run: | | |
| ./testing/gh-actions/test_service.sh check-logs profiles-deployment kubeflow 30 | |
| kubectl logs -n kubeflow -l kustomize.component=profiles -c kfam --tail=30 || kubectl logs -n kubeflow -l app=kfam --tail=30 | |
| ./testing/gh-actions/test_service.sh check-logs admission-webhook-deployment kubeflow 30 | |
| ./testing/gh-actions/test_service.sh check-logs centraldashboard-angular kubeflow 30 | |
| ./testing/gh-actions/test_service.sh check-logs centraldashboard kubeflow 30 | |
| - name: Check for Component Errors | |
| run: | | |
| ./testing/gh-actions/test_service.sh check-errors profiles-deployment kubeflow | |
| kubectl logs -n kubeflow -l kustomize.component=profiles -c kfam --tail=100 | grep -i error || true | |
| ./testing/gh-actions/test_service.sh check-errors admission-webhook-deployment kubeflow | |
| ./testing/gh-actions/test_service.sh check-errors centraldashboard-angular kubeflow | |
| ./testing/gh-actions/test_service.sh check-errors centraldashboard kubeflow | |
| - name: Final Integration Validation | |
| run: | | |
| ./testing/gh-actions/test_profile.sh list | |
| kubectl get services -n kubeflow | |
| kubectl get deployments -n kubeflow | |
| kubectl get nodes | |
| kubectl get pods -A | |
| # Cleanup | |
| - name: Cleanup Test Resources | |
| run: | | |
| ./testing/gh-actions/test_poddefault.sh cleanup e2e-test | |
| ./testing/gh-actions/test_profile.sh delete e2e-admin | |
| ./testing/gh-actions/test_profile.sh delete e2e-user |