add RBAC serviceaccount

SeldonIO · Jan 4, 2018 · 6f5199b · 6f5199b
1 parent ed1247a
commit 6f5199b
Show file tree

Hide file tree

Showing 5 changed files with 145 additions and 31 deletions.
diff --git a/helm-charts/seldon-core/templates/apife-deployment.json b/helm-charts/seldon-core/templates/apife-deployment.json
@@ -22,6 +22,9 @@
                         }
                     },
                     "spec": {
+{{- if .Values.cluster_manager.rbac }}
+			"serviceAccountName": "seldon",
+{{- end }}
                         "containers": [
                             {
                                 "env": [

diff --git a/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml b/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml
@@ -13,6 +13,9 @@ items:
         labels:
           app: seldon-cluster-manager-server
       spec:
+{{- if .Values.cluster_manager.rbac }}
+        serviceAccountName: seldon
+{{- end }}
         containers:
         - env:
           - name: JAVA_OPTS

diff --git a/helm-charts/seldon-core/templates/rbac.yaml b/helm-charts/seldon-core/templates/rbac.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.cluster_manager.rbac }}
+---
+apiVersion: v1
+items:
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: seldon
+    namespace: default
+- apiVersion: rbac.authorization.k8s.io/v1beta1
+  kind: ClusterRoleBinding
+  metadata:
+    name: seldon
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: cluster-admin
+  subjects:
+    - kind: ServiceAccount
+      name: seldon
+      namespace: default
+kind: List
+metadata: {}
+namespace: default
+{{- end }}
diff --git a/helm-charts/seldon-core/values.yaml b/helm-charts/seldon-core/values.yaml
@@ -4,6 +4,7 @@
 
 cluster_manager:
   enabled: true
+  rbac: false
   spring_opts: ""
   # set the JAVA_OPTS
   #java_opts: "-agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,server=y,suspend=n"

diff --git a/notebooks/kubectl_demo_gcp.ipynb b/notebooks/kubectl_demo_gcp.ipynb
@@ -20,11 +20,36 @@
    "cell_type": "code",
    "execution_count": null,
    "metadata": {
-    "collapsed": true
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "!kubectl -n kube-system create sa tiller\n",
+    "!kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller\n",
+    "!helm init --service-account tiller"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Start Seldon-Core"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
    },
    "outputs": [],
    "source": [
-    "!helm init"
+    "!helm install ../helm-charts/seldon-core --name seldon-core \\\n",
+    "        --set cluster_manager.rbac=true \\\n",
+    "        --set cluster_manager_client_secret=secret \\\n",
+    "        --set cluster_manager_service_type=LoadBalancer \\\n",
+    "        --set grafana_prom_service_type=LoadBalancer \\\n",
+    "        --set apife_service_type=LoadBalancer"
    ]
   },
   {
@@ -42,13 +67,28 @@
    },
    "outputs": [],
    "source": [
-    "SELDON_API_IP = \"35.205.230.74:8080\" # Replace this with the external IP and port of seldon-api-server on your cluster\n",
+    "!cp ../proto/prediction.proto ./proto\n",
+    "!python -m grpc.tools.protoc -I./proto --python_out=./proto --grpc_python_out=./proto ./proto/prediction.proto"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "#SELDON_API_IP = \"35.205.145.27:8080\" # Replace this with the external IP and port of seldon-api-server on your cluster\n",
     "\n",
     "import requests\n",
     "from requests.auth import HTTPBasicAuth\n",
     "from proto import prediction_pb2\n",
     "from proto import prediction_pb2_grpc\n",
     "import grpc\n",
+    "import commands\n",
+    "\n",
+    "SELDON_API_IP=commands.getoutput(\"kubectl get svc seldon-apiserver -o jsonpath='{.status.loadBalancer.ingress[0].ip}'\")\n",
     "\n",
     "def get_token():\n",
     "    payload = {'grant_type': 'client_credentials'}\n",
@@ -86,36 +126,11 @@
     "    print response\n"
    ]
   },
-  {
-   "cell_type": "markdown",
-   "metadata": {},
-   "source": [
-    "## Start Seldon-Core"
-   ]
-  },
   {
    "cell_type": "code",
    "execution_count": null,
    "metadata": {
-    "collapsed": true
-   },
-   "outputs": [],
-   "source": [
-    "!helm install seldon-core --name seldon-core \\\n",
-    "        --set cluster_manager_client_secret=secret \\\n",
-    "        --set cluster_manager_service_type=LoadBalancer \\\n",
-    "        --set grafana_prom_service_type=LoadBalancer \\\n",
-    "        --set apife_service_type=LoadBalancer \\\n",
-    "        --set cluster_manager.image.tag=0.3-SNAPSHOT \\\n",
-    "        --set apife.image.tag=0.1-SNAPSHOT \\\n",
-    "        --set engine.image.tag=0.2-SNAPSHOT"
-   ]
-  },
-  {
-   "cell_type": "code",
-   "execution_count": null,
-   "metadata": {
-    "collapsed": true
+    "collapsed": false
    },
    "outputs": [],
    "source": [
@@ -133,7 +148,7 @@
    "cell_type": "markdown",
    "metadata": {},
    "source": [
-    "Using OpenAPI schema certain basic validation can be done before the custom resource is accepted."
+    "Using OpenAPI schema certain basic validation can be done before the custom resource is accepted. *** OpenAPI Validation is an alpha feature in kubernetes 1.8. You must create your kubernetes cluster with alpha features enables to test this***"
    ]
   },
   {
@@ -212,6 +227,46 @@
     "!kubectl create -f resources/model.json"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "!kubectl get seldondeployments"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "!kubectl describe seldondeployments seldon-deployment-example "
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Get the status of the SeldonDeployment. **When ready the replicasAvailable should be 1**."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "!kubectl get seldondeployments seldon-deployment-example -o jsonpath='{.status}'"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},
@@ -261,6 +316,24 @@
     "!kubectl apply -f resources/model_with_canary.json"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Check the status of the deployments. Note: **Might need to run several times until replicasAvailable is 1 for both predictors**."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": false
+   },
+   "outputs": [],
+   "source": [
+    "!kubectl get seldondeployments seldon-deployment-example -o jsonpath='{.status}'"
+   ]
+  },
   {
    "cell_type": "code",
    "execution_count": null,
@@ -311,6 +384,15 @@
    "source": [
     "!helm delete seldon-core --purge"
    ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "collapsed": true
+   },
+   "outputs": [],
+   "source": []
   }
  ],
  "metadata": {
@@ -329,7 +411,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython2",
-   "version": "2.7.6"
+   "version": "2.7.11"
   }
  },
  "nbformat": 4,