pipelines
pipelines copied to clipboard
kubeflow
feat(frontend, sdk): towards namespaced pipelines. Part of #4197
Add some features to limit users' access to pipelines to pipelines in the user's own namespace and non-namespaced pipelines, in the web front end and in the Python SDK. The necessary backend RBAC hooks are already available and implemented.
Note that I think relevant CRDs, roles and rolebindings will still be needed in order to properly close the circle on this.
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by:
To complete the pull request process, please assign chensun after the PR has been reviewed.
You can assign the PR to them by writing /assign @chensun in a comment when ready.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![google-oss-prow[bot] avatar](https://avatars.githubusercontent.com/in/143327?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @grobbie ! Nice work here :) Please take a look here https://github.com/kubeflow/pipelines/issues/4197#issuecomment-1075284702
I understand your approach is to just treat every pipeline definition as namespaced. We think it's really important to support both private and shared definitions at the same time, based on the feedback we have received from enterprise customers.
We have done the work and we are about to upstream all of it.
So, the work you are doing on the swagger definitions definitely helps and needed. But may I propose you hold off the UI changes, and see what we have to propose?
Hi @grobbie ! Nice work here :) Please take a look here #4197 (comment)
I understand your approach is to just treat every pipeline definition as namespaced. We think it's really important to support both private and shared definitions at the same time, based on the feedback we have received from enterprise customers.
We have done the work and we are about to upstream all of it.
So, the work you are doing on the swagger definitions definitely helps and needed. But may I propose you hold off the UI changes, and see what we have to propose?
Sure - as long as its implemented, that's what matters to me : ) I will make the PR a draft for now.
Sure - as long as its implemented, that's what matters to me : ) I will make the PR a draft for now.
Thanks! We will be back with more within 2-3 weeks at most, we need to sort a few things out and then put together the PRs
We also have an implementation ready https://github.com/kubeflow/pipelines/pull/7406
Sure - as long as its implemented, that's what matters to me : ) I will make the PR a draft for now.
Thanks! We will be back with more within 2-3 weeks at most, we need to sort a few things out and then put together the PRs
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with https://github.com/kubeflow/pipelines/pull/7725 to have a basic level of security.
Sorry for the slow reply, was traveling to KubeCon 🙂
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with #7725 to have a basic level of security.
Well afaic it's ready to go, I'll change the status.
Sorry for the slow reply, was traveling to KubeCon 🙂
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with #7725 to have a basic level of security.
Well afaic it's ready to go, I'll change the status.
i am a bit confused. I was talking about @StefanoFioravanzo or does this here support both namespaced and shared pipelines?
Sorry for the slow reply, was traveling to KubeCon slightly_smiling_face
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with #7725 to have a basic level of security.
Well afaic it's ready to go, I'll change the status.
i am a bit confused. I was talking about @StefanoFioravanzo or does this here support both namespaced and shared pipelines?
Folks, this has been dragging on for quite some time. I'm keen to see it get at least some of this problematic stuff resolved one way or another. Can we at least try to make some progress on the front end?
@grobbie Unfortunately we had to delay by a few weeks our contribution as we had to shift some priorities. We are still targeting to send some PRs (both backend and frontend) to support this fully as soon as possible. Possibly by the end of July. This is the design doc where we detailed the changes requires, including the frontend changes that we want to contribute with https://docs.google.com/document/d/1fM4y2L1IVqVj-iiNjYFRRktdCh7FQXgU2XpaYLaqt-A/edit?resourcekey=0-kd5loyP7w3PBD0ug6ECmLQ
So this one supports using both namespaced and shared pipelines, but users can only create new pipelines that are namespaced.
I'm not sure where Stefano's PR has gotten to.
On Mon, May 16, 2022 at 4:55 PM juliusvonkohout @.***> wrote:
Sorry for the slow reply, was traveling to KubeCon 🙂
At most 2-3 weeks ;-) What is your status? I would really like to see this merged together with #7725 https://github.com/kubeflow/pipelines/pull/7725 to have a basic level of security.
Well afaic it's ready to go, I'll change the status.
i am a bit confused. I was talking about @StefanoFioravanzo https://github.com/StefanoFioravanzo or does this here support both namespaced and shared pipelines?
— Reply to this email directly, view it on GitHub https://github.com/kubeflow/pipelines/pull/7447#issuecomment-1127778566, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAY2RUFQOSHC6HJ7UHP4RSTVKJOVLANCNFSM5RLC2C3A . You are receiving this because you were mentioned.Message ID: @.***>
@grobbie please check https://github.com/kubeflow/pipelines/pull/8196