SeldonIO · axsaucedo · Apr 14, 2020 · Mar 2, 2020 · Mar 3, 2020 · Mar 3, 2020
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -9,5 +9,5 @@ repos:
     rev: stable
     hooks:
       - id: black
-        args: ['python/', 'testing/', '--exclude', '(testing/scripts/proto|seldon_core/proto/|.eggs)']
+        args: ['python/', 'testing/', 'operator/helm', 'operator/seldon-operator/hack', '--exclude', '(testing/scripts/proto|seldon_core/proto/|.eggs)']
         language_version: python3.6
diff --git a/Makefile b/Makefile
@@ -28,7 +28,7 @@ run_core_builder_in_host:
 			-v /var/run/docker.sock:/var/run/docker.sock \
 			-v $${HOME}/.m2:/root/.m2 \
 			-v $(SELDON_CORE_LOCAL_DIR):/work \
-			seldonio/core-builder:0.13 bash
+			seldonio/core-builder:0.14 bash
 
 
 run_core_builder_in_minikube:
@@ -37,7 +37,7 @@ run_core_builder_in_minikube:
 			-v /var/run/docker.sock:/var/run/docker.sock \
 			-v /home/docker/.m2:/root/.m2 \
 			-v $(SELDON_CORE_VM_DIR):/work \
-			seldonio/core-builder:0.13 bash
+			seldonio/core-builder:0.14 bash
 
 show_paths:
 	@echo "local: $(SELDON_CORE_LOCAL_DIR)"

diff --git a/core-builder/Dockerfile b/core-builder/Dockerfile
@@ -125,6 +125,9 @@ ENV PATH="${PATH}:/root/go/bin"
 COPY dev_requirements.txt /tmp/requirements.txt
 RUN pip install -r /tmp/requirements.txt
 
+# Ginkgo
+RUN go get -u github.com/onsi/ginkgo/ginkgo
+
 WORKDIR /work
 
 # Define default command.

diff --git a/engine/Dockerfile b/engine/Dockerfile
@@ -10,11 +10,6 @@ RUN mvn clean verify -Dlicense.useMissingFile -B
 
 FROM openjdk:11.0.5-jre-slim
 
-RUN \
-    apt-get update -y && \
-    apt-get remove -y --auto-remove && \
-    apt-get clean -y && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
 COPY --from=builder /workspace/target/seldon-engine-*.jar app.jar
 COPY --from=builder /workspace/target/generated-resources /licenses/
 

diff --git a/engine/Dockerfile.redhat b/engine/Dockerfile.redhat
@@ -0,0 +1,26 @@
+FROM maven:3.6.3-jdk-11 as builder
+
+WORKDIR /workspace
+
+COPY pom.xml pom.xml
+COPY src/ src/
+
+# Build
+RUN mvn clean verify -Dlicense.useMissingFile -B
+
+FROM registry.access.redhat.com/ubi8/ubi
+
+RUN yum install -y java-11-openjdk.x86_64
+
+LABEL name="Seldon Engine" \
+      vendor="Seldon Technologies" \
+      version="v1.1.0" \
+      release="1" \
+      summary="The Seldon Engine that is deployed for each model to handle the data flow of each ML computational graph." \
+      description="The Seldon Engine that is deployed for each model to handle the data flow of each ML computational graph."
+
+COPY --from=builder /workspace/target/seldon-engine-*.jar app.jar
+COPY --from=builder /workspace/target/generated-resources /licenses/
+
+ENTRYPOINT [ "sh", "-c", "java -Djava.security.egd=file:/dev/./urandom $JAVA_OPTS -jar app.jar" ]
+
diff --git a/engine/Makefile b/engine/Makefile
@@ -1,5 +1,6 @@
-IMAGE_NAME=engine
 VERSION := $(shell cat ../version.txt)
+IMG ?= seldonio/engine:$(VERSION)
+IMG_REDHAT ?= seldonio/engine-ubi8:$(VERSION)
 
 version:
 	echo ${VERSION}
@@ -8,10 +9,13 @@ build_jar: update_proto update_swagger
 	mvn clean verify -Dlicense.useMissingFile -B
 
 build_image: update_proto update_swagger
-	docker build  -f Dockerfile -t seldonio/$(IMAGE_NAME):$(VERSION) .
+	docker build  -f Dockerfile -t ${IMG} .
+
+build_image_redhat: update_proto update_swagger
+	docker build  -f Dockerfile.redhat -t ${IMG_REDHAT} .
 
 push_to_registry:
-	docker push seldonio/$(IMAGE_NAME):$(VERSION)
+	docker push ${IMG}
 
 clean:
 	@mvn clean
@@ -22,15 +26,6 @@ cache_dependencies:
 	mvn -Dmaven.repo.local=./.m2 dependency:resolve
 	mvn -Dmaven.repo.local=./.m2 verify
 
-engine.json: engine.json.in Makefile
-	@cat engine.json.in | sed \
-		-e  "s|%ENGINE_IMAGE_VERSION%|$(ENGINE_IMAGE_VERSION)|" > $@ && echo "created $@"
-
-start_engine: engine.json
-	kubectl create -f engine.json
-stop_engine: engine.json
-	kubectl delete --ignore-not-found=true -f engine.json
-
 download_protos_k8s:
 	cd ../proto/k8s ; make create_protos
 
@@ -56,3 +51,9 @@ dependencies: update_proto
 	cd target/site && aws s3 cp dependencies.html s3://seldon-core-docs/master/engine/dependencies/dependencies.html --acl public-read
 	cd target/site && aws s3 cp css s3://seldon-core-docs/master/engine/dependencies/css --recursive --acl public-read
 	cd target/site && aws s3 cp images s3://seldon-core-docs/master/engine/dependencies/images --recursive --acl public-read
+
+kind-image-install: build_image
+	kind load -v 3 docker-image ${IMG}
+
+kind-image-install-redhat: build_image_redhat
+	kind load -v 3 docker-image ${IMG_REDHAT}
diff --git a/engine/pom.xml b/engine/pom.xml
@@ -10,7 +10,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xs
   </parent>
   <groupId>io.seldon.engine</groupId>
   <artifactId>seldon-engine</artifactId>
-  <version>1.0.3-SNAPSHOT</version>
+  <version>1.1.0-SNAPSHOT</version>
   <packaging>jar</packaging>
   <name>engine</name>
   <url>http://maven.apache.org</url>

diff --git a/executor/Dockerfile.redhat b/executor/Dockerfile.redhat
@@ -0,0 +1,34 @@
+# Build the manager binary
+FROM golang:1.13 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+COPY proto/ proto/
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY api/ api/
+COPY predictor/ predictor/
+COPY logger/ logger/
+COPY k8s/ k8s/
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o executor main.go
+
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+LABEL name="Seldon Executor" \
+      vendor="Seldon Technologies" \
+      version="v1.1.0" \
+      release="1" \
+      summary="The service orchestrator for Seldon Core" \
+      description="The service orchestrator for Seldon Core which manages the request/response flow through the Seldon Core inference graphs deployed via the Seldon Core Operator as SeldonDeployments custom resources"
+
+WORKDIR /
+COPY --from=builder /workspace/executor .
+COPY licenses/license.txt .
+ENTRYPOINT ["/executor"]
diff --git a/executor/Makefile b/executor/Makefile
@@ -1,6 +1,9 @@
 VERSION := $(shell cat ../version.txt)
 # Image URL to use all building/pushing image targets
-IMG ?= seldonio/seldon-core-executor:${VERSION}
+IMAGE_NAME_BASE=seldon-core-executor
+IMG ?= seldonio/${IMAGE_NAME_BASE}:${VERSION}
+IMG_VERSION_REDHAT ?= ${IMAGE_NAME_BASE}-ubi8:${VERSION}
+IMG_REDHAT ?= seldonio/${IMG_VERSION_REDHAT}
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -57,14 +60,31 @@ test: fmt vet
 docker-build: test
 	docker build -f Dockerfile -t ${IMG} .
 
+# Build the docker image for Redhat
+docker-build-redhat: test
+	docker build . -f Dockerfile.redhat -t ${IMG_REDHAT}
+
 # Push the docker image
 docker-push:
 	docker push ${IMG}
 
+# Push the docker image
+docker-push-redhat:
+	docker push ${IMG_REDHAT}
+
+# password can be found at: https://connect.redhat.com/project/1074021/view
+# TODO update to correct project
+#redhat-image-scan:
+#	docker login -u unused scan.connect.redhat.com
+#	docker tag ${IMG_REDHAT} scan.connect.redhat.com/ospid-82f819a9-f40d-4d59-b67c-136491f22cfb/${IMG_VERSION_REDHAT}
+#	docker push scan.connect.redhat.com/ospid-82f819a9-f40d-4d59-b67c-136491f22cfb/${IMG_VERSION_REDHAT}
 
 kind-image-install: docker-build
 	kind load -v 3 docker-image ${IMG}
 
+kind-image-install-redhat: docker-build-redhat
+	kind load -v 3 docker-image ${IMG_REDHAT}
+
 
 .PHONY: clean
 clean:

diff --git a/helm-charts/seldon-core-analytics/Chart.yaml b/helm-charts/seldon-core-analytics/Chart.yaml
@@ -18,4 +18,4 @@ keywords:
 name: seldon-core-analytics
 sources:
 - https://github.com/SeldonIO/seldon-core
-version: 1.0.3-SNAPSHOT
+version: 1.1.0-SNAPSHOT
diff --git a/helm-charts/seldon-core-operator/Chart.yaml b/helm-charts/seldon-core-operator/Chart.yaml
@@ -6,4 +6,4 @@ keywords:
 name: seldon-core-operator
 sources:
 - https://github.com/SeldonIO/seldon-core
-version: 1.0.3-SNAPSHOT
+version: 1.1.0-SNAPSHOT
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-webhook-role.yaml
@@ -0,0 +1,46 @@
+{{- if not .Values.createResources }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app: seldon
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
+    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  name: seldon-webhook-role-{{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - create
+  - update
+- apiGroups:
+  - apps
+  resources:
+  - deployments/finalizers
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions/finalizers
+  verbs:
+  - get
+  - patch
+  - update
+{{- end }}
diff --git a/...inding_seldon-manager-cm-rolebinding.yaml → ...lebinding_seldon-webhook-rolebinding.yaml b/...inding_seldon-manager-cm-rolebinding.yaml → ...lebinding_seldon-webhook-rolebinding.yaml
@@ -1,22 +1,19 @@
-{{- if .Values.rbac.create }}
-{{- if .Values.rbac.configmap.create }}
+{{- if not .Values.createResources }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   labels:
     app: seldon
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/name: '{{ include "seldon.name" . }}'
     app.kubernetes.io/version: '{{ .Chart.Version }}'
-  name: seldon-manager-cm-rolebinding
-  namespace: '{{ .Release.Namespace }}'
+  name: seldon-webhook-rolebinding-{{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: seldon-manager-cm-role
+  kind: ClusterRole
+  name: seldon-webhook-role-{{ .Release.Namespace }}
 subjects:
 - kind: ServiceAccount
   name: seldon-manager
   namespace: '{{ .Release.Namespace }}'
 {{- end }}
-{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml b/helm-charts/seldon-core-operator/templates/configmap_seldon-config.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.createResources }}
 apiVersion: v1
 data:
   credentials: '{{ .Values.credentials | toJson }}'
@@ -13,3 +14,4 @@ metadata:
     control-plane: seldon-controller-manager
   name: seldon-config
   namespace: '{{ .Release.Namespace }}'
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml b/helm-charts/seldon-core-operator/templates/deployment_seldon-controller-manager.yaml
@@ -34,10 +34,19 @@ spec:
       - args:
         - --enable-leader-election
         - --webhook-port={{ .Values.webhook.port }}
+        - --create-resources=$(CREATE_RESOURCES)
         - '{{- if .Values.singleNamespace }}--namespace={{ .Release.Namespace }}{{- end }}'
         command:
         - /manager
         env:
+        - name: WATCH_NAMESPACE
+          value: ''
+        - name: RELATED_IMAGE_EXECUTOR
+          value: ''
+        - name: RELATED_IMAGE_ENGINE
+          value: ''
+        - name: CREATE_RESOURCES
+          value: '{{ .Values.createResources }}'
         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
@@ -92,6 +101,8 @@ spec:
           value: '{{ .Values.executor.serviceAccount.name }}'
         - name: EXECUTOR_REQUEST_LOGGER_DEFAULT_ENDPOINT_PREFIX
           value: '{{ .Values.executor.defaultRequestLoggerEndpointPrefix }}'
+        - name: DEFAULT_USER_ID
+          value: '{{ .Values.defaultUserID }}'
         image: '{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}'
         imagePullPolicy: '{{ .Values.image.pullPolicy }}'
         name: manager
@@ -109,14 +120,18 @@ spec:
           requests:
             cpu: '{{ .Values.manager.cpuRequest }}'
             memory: '{{ .Values.manager.memoryRequest }}'
+{{- if not .Values.createResources }}
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
+{{- end }}
       serviceAccountName: seldon-manager
       terminationGracePeriodSeconds: 10
+{{- if not .Values.createResources }}
       volumes:
       - name: cert
         secret:
           defaultMode: 420
           secretName: seldon-webhook-server-cert
+{{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/role_seldon-manager-cm-role.yaml b/helm-charts/seldon-core-operator/templates/role_seldon-manager-cm-role.yaml
diff --git a/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml b/helm-charts/seldon-core-operator/templates/service_seldon-webhook-service.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.createResources }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -18,3 +19,4 @@ spec:
     app.kubernetes.io/name: seldon
     app.kubernetes.io/version: v0.5
     control-plane: seldon-controller-manager
+{{- end }}