diff --git a/helm-charts/seldon-core/templates/apife-deployment.json b/helm-charts/seldon-core/templates/apife-deployment.json index fbae3be9aa..5b7af8c0b9 100644 --- a/helm-charts/seldon-core/templates/apife-deployment.json +++ b/helm-charts/seldon-core/templates/apife-deployment.json @@ -22,6 +22,9 @@ } }, "spec": { +{{- if .Values.cluster_manager.rbac }} + "serviceAccountName": "seldon", +{{- end }} "containers": [ { "env": [ diff --git a/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml b/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml index 8e423c5941..f21e5c4cb4 100644 --- a/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml +++ b/helm-charts/seldon-core/templates/cluster-manager-deployment.yaml @@ -13,6 +13,9 @@ items: labels: app: seldon-cluster-manager-server spec: +{{- if .Values.cluster_manager.rbac }} + serviceAccountName: seldon +{{- end }} containers: - env: - name: JAVA_OPTS diff --git a/helm-charts/seldon-core/templates/rbac.yaml b/helm-charts/seldon-core/templates/rbac.yaml new file mode 100644 index 0000000000..5ffa1ee860 --- /dev/null +++ b/helm-charts/seldon-core/templates/rbac.yaml @@ -0,0 +1,25 @@ +{{- if .Values.cluster_manager.rbac }} +--- +apiVersion: v1 +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: seldon + namespace: default +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: seldon + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: seldon + namespace: default +kind: List +metadata: {} +namespace: default +{{- end }} diff --git a/helm-charts/seldon-core/values.yaml b/helm-charts/seldon-core/values.yaml index 863c74caac..663173945d 100644 --- a/helm-charts/seldon-core/values.yaml +++ b/helm-charts/seldon-core/values.yaml @@ -4,6 +4,7 @@ cluster_manager: enabled: true + rbac: false spring_opts: "" # set the JAVA_OPTS #java_opts: "-agentlib:jdwp=transport=dt_socket,address=127.0.0.1:8000,server=y,suspend=n" diff --git a/notebooks/kubectl_demo_gcp.ipynb b/notebooks/kubectl_demo_gcp.ipynb index e4949f5034..4b92b0df93 100644 --- a/notebooks/kubectl_demo_gcp.ipynb +++ b/notebooks/kubectl_demo_gcp.ipynb @@ -20,11 +20,36 @@ "cell_type": "code", "execution_count": null, "metadata": { - "collapsed": true + "collapsed": false + }, + "outputs": [], + "source": [ + "!kubectl -n kube-system create sa tiller\n", + "!kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller\n", + "!helm init --service-account tiller" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Start Seldon-Core" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false }, "outputs": [], "source": [ - "!helm init" + "!helm install ../helm-charts/seldon-core --name seldon-core \\\n", + " --set cluster_manager.rbac=true \\\n", + " --set cluster_manager_client_secret=secret \\\n", + " --set cluster_manager_service_type=LoadBalancer \\\n", + " --set grafana_prom_service_type=LoadBalancer \\\n", + " --set apife_service_type=LoadBalancer" ] }, { @@ -42,13 +67,28 @@ }, "outputs": [], "source": [ - "SELDON_API_IP = \"35.205.230.74:8080\" # Replace this with the external IP and port of seldon-api-server on your cluster\n", + "!cp ../proto/prediction.proto ./proto\n", + "!python -m grpc.tools.protoc -I./proto --python_out=./proto --grpc_python_out=./proto ./proto/prediction.proto" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "#SELDON_API_IP = \"35.205.145.27:8080\" # Replace this with the external IP and port of seldon-api-server on your cluster\n", "\n", "import requests\n", "from requests.auth import HTTPBasicAuth\n", "from proto import prediction_pb2\n", "from proto import prediction_pb2_grpc\n", "import grpc\n", + "import commands\n", + "\n", + "SELDON_API_IP=commands.getoutput(\"kubectl get svc seldon-apiserver -o jsonpath='{.status.loadBalancer.ingress[0].ip}'\")\n", "\n", "def get_token():\n", " payload = {'grant_type': 'client_credentials'}\n", @@ -86,36 +126,11 @@ " print response\n" ] }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "## Start Seldon-Core" - ] - }, { "cell_type": "code", "execution_count": null, "metadata": { - "collapsed": true - }, - "outputs": [], - "source": [ - "!helm install seldon-core --name seldon-core \\\n", - " --set cluster_manager_client_secret=secret \\\n", - " --set cluster_manager_service_type=LoadBalancer \\\n", - " --set grafana_prom_service_type=LoadBalancer \\\n", - " --set apife_service_type=LoadBalancer \\\n", - " --set cluster_manager.image.tag=0.3-SNAPSHOT \\\n", - " --set apife.image.tag=0.1-SNAPSHOT \\\n", - " --set engine.image.tag=0.2-SNAPSHOT" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "metadata": { - "collapsed": true + "collapsed": false }, "outputs": [], "source": [ @@ -133,7 +148,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "Using OpenAPI schema certain basic validation can be done before the custom resource is accepted." + "Using OpenAPI schema certain basic validation can be done before the custom resource is accepted. *** OpenAPI Validation is an alpha feature in kubernetes 1.8. You must create your kubernetes cluster with alpha features enables to test this***" ] }, { @@ -212,6 +227,46 @@ "!kubectl create -f resources/model.json" ] }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "!kubectl get seldondeployments" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "!kubectl describe seldondeployments seldon-deployment-example " + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Get the status of the SeldonDeployment. **When ready the replicasAvailable should be 1**." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "!kubectl get seldondeployments seldon-deployment-example -o jsonpath='{.status}'" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -261,6 +316,24 @@ "!kubectl apply -f resources/model_with_canary.json" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Check the status of the deployments. Note: **Might need to run several times until replicasAvailable is 1 for both predictors**." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": false + }, + "outputs": [], + "source": [ + "!kubectl get seldondeployments seldon-deployment-example -o jsonpath='{.status}'" + ] + }, { "cell_type": "code", "execution_count": null, @@ -311,6 +384,15 @@ "source": [ "!helm delete seldon-core --purge" ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "collapsed": true + }, + "outputs": [], + "source": [] } ], "metadata": { @@ -329,7 +411,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython2", - "version": "2.7.6" + "version": "2.7.11" } }, "nbformat": 4,