New
deployKF - 0.1.4
Helpful Links
Upgrade Notes
- There will be some downtime for Kubeflow Pipelines and users will be forced to re-authenticate.
- You MUST sync with pruning enabled, as we have changed a number of resources.
- If you are using our automated ArgoCD Sync Script:
- Update to the latest script version, found in the
mainbranch. - Ensure you respond "yes" to all "Do you want to sync with PRUNING enabled?" prompts.
- To prevent the need to sync twice, please manually delete this
ClusterPolicyusing the following command BEFORE syncing:kubectl delete clusterpolicy "kubeflow-pipelines--generate-profile-resources" - (otherwise, the first sync will time-out waiting for
kf-tools--pipelinesto be healthy)
- Update to the latest script version, found in the
Important Notes
- We no longer use Kyverno to generate resources in each profile for Kubeflow Pipelines, we now include these resources directly based on your profile values, this is due to Kyverno not scaling well for large numbers of profiles. However, we still use Kyverno for cloning Secrets across namespaces, triggering restarts of Deployments, and a few other things.
- We have resolved the compatibility issues with Azure AKS. To enable the Azure-specific fixes, please set the
kubernetes.azure.admissionsEnforcerFixvalue totrue. - There have been significant changes to how authentication is implemented. These changes should allow you to bring your own Istio Gateway Deployment (Pods) without having other services end up behind deployKF's authentication system. However, please note that deployKF still manages its own Gateway Resource (CRD).
- For those experiencing "route not found" issues when using an external proxy to terminate TLS, you can now disable "SNI Matching" on the Istio Gateway by setting the
deploykf_core.deploykf_istio_gateway.gateway.tls.matchSNIvalue tofalse.
What's Changed
Significant Changes
- feat: allow other istio gateways on ingress deployment by @thesuperzapper in https://github.com/deployKF/deployKF/pull/66
- feat: allow disabling SNI matching on gateway by @thesuperzapper in https://github.com/deployKF/deployKF/pull/83
- fix: issues preventing deployment on Azure AKS by @thesuperzapper in https://github.com/deployKF/deployKF/pull/85
- improve: stop using kyverno to provision kfp profile resources by @thesuperzapper in https://github.com/deployKF/deployKF/pull/102
New Features
- feat: disable default plugins and resource-quotas in specific profiles by @thesuperzapper in https://github.com/deployKF/deployKF/pull/67
- feat: allow custom external service ports by @thesuperzapper in https://github.com/deployKF/deployKF/pull/82
- feat: allow disabling HTTPS redirect by @thesuperzapper in https://github.com/deployKF/deployKF/pull/86
- feat: add pod-labels value for cert-manager controller by @thesuperzapper in https://github.com/deployKF/deployKF/pull/88
- feat: optional sign-in page to stop background request CSRF accumulation by @thesuperzapper in https://github.com/deployKF/deployKF/pull/100
Improvements
- improve: use
__Secure-cookie prefix and remove domains config by @thesuperzapper in https://github.com/deployKF/deployKF/pull/87 - improve: increase kyverno resource limits and add values by @thesuperzapper in https://github.com/deployKF/deployKF/pull/93
- improve: use CRD-level "replace" for kyverno ArgoCD app by @thesuperzapper in https://github.com/deployKF/deployKF/pull/94
- improve: argocd sync script should only wait for app health once by @thesuperzapper in https://github.com/deployKF/deployKF/pull/104
Bug Fixes
- fix: prevent kyverno log spam on missing generate context by @thesuperzapper in https://github.com/deployKF/deployKF/pull/54
- fix: rstudio logo format for non-chrome browsers by @thesuperzapper in https://github.com/deployKF/deployKF/pull/56
- fix: using AWS IRSA with Kubeflow Pipelines by @thesuperzapper in https://github.com/deployKF/deployKF/pull/79
- fix: use 307 status for HTTP redirects by @thesuperzapper in https://github.com/deployKF/deployKF/pull/81
- fix: proxy protocol envoyfilter for istio gateway by @thesuperzapper in https://github.com/deployKF/deployKF/pull/80
- fix: disallow out-of-band KFP audience when disabled by @thesuperzapper in https://github.com/deployKF/deployKF/pull/89
- fix: support kyverno chart changes (but keep kyverno version) by @thesuperzapper in https://github.com/deployKF/deployKF/pull/92
- fix: annotate cloned imagePullSecrets to be ignored by ArgoCD by @dkhachyan in https://github.com/deployKF/deployKF/pull/90
- fix: add background filter to restart trigger policies by @thesuperzapper in https://github.com/deployKF/deployKF/pull/95
- fix: prevent CSRF cookie accumulation on auth expiry by @thesuperzapper in https://github.com/deployKF/deployKF/pull/99
Documentation
- docs: update example ArgoCD to 2.9.6 by @thesuperzapper in https://github.com/deployKF/deployKF/pull/91
New Contributors
- @dkhachyan made their first contribution in https://github.com/deployKF/deployKF/pull/90
Full Changelog: https://github.com/deployKF/deployKF/compare/v0.1.3...v0.1.4