From fc8c41118a2ceacc14363ea23ba948f0b62ec620 Mon Sep 17 00:00:00 2001 From: Griffin-Sullivan Date: Tue, 26 Nov 2024 10:39:58 -0500 Subject: [PATCH] Add Istio overlay for UI integration with Central Dashboard Signed-off-by: Griffin-Sullivan --- .../base/model-registry-ui-deployment.yaml | 10 +++- .../overlays/istio/authorization-policy.yaml | 33 +++++++++++ .../overlays/istio/destination-rule.yaml | 23 ++++++++ .../overlays/istio/kustomization.yaml | 13 +++++ .../ui/manifests/overlays/istio/params.yaml | 3 + .../overlays/istio/virtual-service.yaml | 56 +++++++++++++++++++ 6 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 clients/ui/manifests/overlays/istio/authorization-policy.yaml create mode 100644 clients/ui/manifests/overlays/istio/destination-rule.yaml create mode 100644 clients/ui/manifests/overlays/istio/kustomization.yaml create mode 100644 clients/ui/manifests/overlays/istio/params.yaml create mode 100644 clients/ui/manifests/overlays/istio/virtual-service.yaml diff --git a/clients/ui/manifests/base/model-registry-ui-deployment.yaml b/clients/ui/manifests/base/model-registry-ui-deployment.yaml index 23c55eb0..9c023c24 100644 --- a/clients/ui/manifests/base/model-registry-ui-deployment.yaml +++ b/clients/ui/manifests/base/model-registry-ui-deployment.yaml @@ -28,4 +28,12 @@ spec: - containerPort: 8080 env: - name: API_URL - value: "http://model-registry-bff-service:4000" + value: "http://model-registry-bff-service.kubeflow.svc.cluster.local:4000" + - name: APP_PREFIX + value: /modelRegistry + - name: USERID_HEADER + value: kubeflow-userid + - name: USERID_PREFIX + value: /modelRegistry + - name: APP_SECURE_COOKIES + value: $(VWA_APP_SECURE_COOKIES) \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/authorization-policy.yaml b/clients/ui/manifests/overlays/istio/authorization-policy.yaml new file mode 100644 index 00000000..aac6d122 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/authorization-policy.yaml @@ -0,0 +1,33 @@ +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account + selector: + matchLabels: + app: model-registry-ui + +--- +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: model-registry-bff + namespace: kubeflow +spec: + action: ALLOW + rules: + - from: + - source: + principals: + - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account + selector: + matchLabels: + app: model-registry-bff \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/destination-rule.yaml b/clients/ui/manifests/overlays/istio/destination-rule.yaml new file mode 100644 index 00000000..04e50424 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/destination-rule.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + host: model-registry-ui-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL + +--- +apiVersion: networking.istio.io/v1alpha3 +kind: DestinationRule +metadata: + name: model-registry-bff + namespace: kubeflow +spec: + host: model-registry-bff-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL \ No newline at end of file diff --git a/clients/ui/manifests/overlays/istio/kustomization.yaml b/clients/ui/manifests/overlays/istio/kustomization.yaml new file mode 100644 index 00000000..6c4796c2 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base +- virtual-service.yaml +- authorization-policy.yaml +- destination-rule.yaml +namespace: kubeflow +commonLabels: + app: model-registry-ui + kustomize.component: model-registry-ui +configurations: +- params.yaml diff --git a/clients/ui/manifests/overlays/istio/params.yaml b/clients/ui/manifests/overlays/istio/params.yaml new file mode 100644 index 00000000..eea869e0 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/params.yaml @@ -0,0 +1,3 @@ +varReference: +- path: spec/http/route/destination/host + kind: VirtualService diff --git a/clients/ui/manifests/overlays/istio/virtual-service.yaml b/clients/ui/manifests/overlays/istio/virtual-service.yaml new file mode 100644 index 00000000..36d454d3 --- /dev/null +++ b/clients/ui/manifests/overlays/istio/virtual-service.yaml @@ -0,0 +1,56 @@ + +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: model-registry-ui + namespace: kubeflow +spec: + gateways: + - kubeflow-gateway + hosts: + - '*' + http: + # Rule for the main application path + - match: + - uri: + prefix: /modelRegistry/ + rewrite: + uri: / + headers: + request: + add: + x-forwarded-prefix: /modelRegistry + route: + - destination: + host: model-registry-ui-service.kubeflow.svc.cluster.local + port: + number: 8080 + + # Rules for static assets + - match: + - uri: + exact: /main.bundle.js + route: + - destination: + host: model-registry-ui-service.kubeflow.svc.cluster.local + port: + number: 8080 + + - match: + - uri: + exact: /styles.css + route: + - destination: + host: model-registry-ui-service.kubeflow.svc.cluster.local + port: + number: 8080 + + # Add additional static assets as needed + - match: + - uri: + prefix: /static/ + route: + - destination: + host: model-registry-ui-service.kubeflow.svc.cluster.local + port: + number: 8080 \ No newline at end of file