update driver & launcher image handling

HumairAK · HumairAK · commit 2b496434912d · 2025-01-16T17:54:00.000-05:00
This change relies on manifest yamls to specify the launcher &amp; driver
that is pinned to a specific KFP version. The goal is to decouple having
to build launcher/driver at separate stages compared to api server.

This is accomplished by setting the hardcoded default to point to
"latest" and during release, api server is built with this hardcoding,
and the images for driver/launcher are patched into manifests post build
along with the other images.

The apiserver deployment manifest is reformatted using yq so the next
time the release.sh is ran, the user is not surprised by the entire file
reformatting unexpectedly.

Signed-off-by: Humair Khan &lt;HumairAK@users.noreply.github.com&gt;
diff --git a/backend/src/v2/compiler/argocompiler/container.go b/backend/src/v2/compiler/argocompiler/container.go
@@ -30,9 +30,9 @@ import (
 const (
 	volumeNameKFPLauncher    = "kfp-launcher"
 	volumeNameCABundle       = "ca-bundle"
-	DefaultLauncherImage     = "ghcr.io/kubeflow/kfp-launcher:2.4.0"
+	DefaultLauncherImage     = "ghcr.io/kubeflow/kfp-launcher:latest"
 	LauncherImageEnvVar      = "V2_LAUNCHER_IMAGE"
-	DefaultDriverImage       = "ghcr.io/kubeflow/kfp-driver:2.4.0"
+	DefaultDriverImage       = "ghcr.io/kubeflow/kfp-driver:latest"
 	DriverImageEnvVar        = "V2_DRIVER_IMAGE"
 	DefaultDriverCommand     = "driver"
 	DriverCommandEnvVar      = "V2_DRIVER_COMMAND"
diff --git a/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml
@@ -16,158 +16,162 @@ spec:
         cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
     spec:
       containers:
-      - env:
-        - name: LOG_LEVEL
-          value: "info"
-        - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: autoUpdatePipelineDefaultVersion
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: OBJECTSTORECONFIG_SECURE
-          value: "false"
-        - name: OBJECTSTORECONFIG_BUCKETNAME
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: bucketName
-        # relic variables
-        - name: DBCONFIG_USER
-          valueFrom:
-            secretKeyRef:
-              name: mysql-secret
-              key: username
-        - name: DBCONFIG_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mysql-secret
-              key: password
-        - name: DBCONFIG_DBNAME
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: pipelineDb
-        - name: DBCONFIG_HOST
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: dbHost
-        - name: DBCONFIG_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: dbPort
-        # end of relic variables
-        - name: DBCONFIG_CONMAXLIFETIME
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: ConMaxLifeTime
-        - name: DB_DRIVER_NAME
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: dbType
-        # MySQL Config
-        - name: DBCONFIG_MYSQLCONFIG_USER
-          valueFrom:
-            secretKeyRef:
-              name: mysql-secret
-              key: username
-        - name: DBCONFIG_MYSQLCONFIG_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mysql-secret
-              key: password
-        - name: DBCONFIG_MYSQLCONFIG_DBNAME
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: pipelineDb
-        - name: DBCONFIG_MYSQLCONFIG_HOST
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: mysqlHost
-        - name: DBCONFIG_MYSQLCONFIG_PORT
-          valueFrom:
-            configMapKeyRef:
-              name: pipeline-install-config
-              key: mysqlPort
-        # end of MySQL Config
-        - name: OBJECTSTORECONFIG_ACCESSKEY
-          valueFrom:
-            secretKeyRef:
-              name: mlpipeline-minio-artifact
-              key: accesskey
-        - name: OBJECTSTORECONFIG_SECRETACCESSKEY
-          valueFrom:
-            secretKeyRef:
-              name: mlpipeline-minio-artifact
-              key: secretkey
-        image: ghcr.io/kubeflow/kfp-api-server:dummy
-        imagePullPolicy: IfNotPresent
-        name: ml-pipeline-api-server
-        ports:
-        - name: http
-          containerPort: 8888
-        - name: grpc
-          containerPort: 8887
-        readinessProbe:
-          exec:
-            command:
-              - wget
-              - -q # quiet
-              - -S # show server response
-              - -O
-              - "-" # Redirect output to stdout
-              - http://localhost:8888/apis/v1beta1/healthz
-          initialDelaySeconds: 3
-          periodSeconds: 5
-          timeoutSeconds: 2
-        livenessProbe:
-          exec:
-            command:
-              - wget
-              - -q # quiet
-              - -S # show server response
-              - -O
-              - "-" # Redirect output to stdout
-              - http://localhost:8888/apis/v1beta1/healthz
-          initialDelaySeconds: 3
-          periodSeconds: 5
-          timeoutSeconds: 2
-        # This startup probe provides up to a 60 second grace window before the
-        # liveness probe takes over to accomodate the occasional database
-        # migration.
-        startupProbe:
-          exec:
-            command:
-              - wget
-              - -q # quiet
-              - -S # show server response
-              - -O
-              - "-" # Redirect output to stdout
-              - http://localhost:8888/apis/v1beta1/healthz
-          failureThreshold: 12
-          periodSeconds: 5
-          timeoutSeconds: 2
-        securityContext:
-          allowPrivilegeEscalation: false
-          seccompProfile:
-            type: RuntimeDefault
-          runAsNonRoot: true
-          runAsUser: 1000
-          runAsGroup: 0
-          capabilities:
-            drop:
-            - ALL
-        resources:
-          requests:
-            cpu: 250m
-            memory: 500Mi
+        - env:
+            - name: LOG_LEVEL
+              value: "info"
+            - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: autoUpdatePipelineDefaultVersion
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OBJECTSTORECONFIG_SECURE
+              value: "false"
+            - name: OBJECTSTORECONFIG_BUCKETNAME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: bucketName
+            # relic variables
+            - name: DBCONFIG_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: username
+            - name: DBCONFIG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+            - name: DBCONFIG_DBNAME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: pipelineDb
+            - name: DBCONFIG_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: dbHost
+            - name: DBCONFIG_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: dbPort
+            # end of relic variables
+            - name: DBCONFIG_CONMAXLIFETIME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: ConMaxLifeTime
+            - name: DB_DRIVER_NAME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: dbType
+            # MySQL Config
+            - name: DBCONFIG_MYSQLCONFIG_USER
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: username
+            - name: DBCONFIG_MYSQLCONFIG_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mysql-secret
+                  key: password
+            - name: DBCONFIG_MYSQLCONFIG_DBNAME
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: pipelineDb
+            - name: DBCONFIG_MYSQLCONFIG_HOST
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: mysqlHost
+            - name: DBCONFIG_MYSQLCONFIG_PORT
+              valueFrom:
+                configMapKeyRef:
+                  name: pipeline-install-config
+                  key: mysqlPort
+            # end of MySQL Config
+            - name: OBJECTSTORECONFIG_ACCESSKEY
+              valueFrom:
+                secretKeyRef:
+                  name: mlpipeline-minio-artifact
+                  key: accesskey
+            - name: OBJECTSTORECONFIG_SECRETACCESSKEY
+              valueFrom:
+                secretKeyRef:
+                  name: mlpipeline-minio-artifact
+                  key: secretkey
+            - name: V2_DRIVER_IMAGE
+              value: ghcr.io/kubeflow/kfp-driver:2.4.0
+            - name: V2_LAUNCHER_IMAGE
+              value: ghcr.io/kubeflow/kfp-launcher:2.4.0
+          image: ghcr.io/kubeflow/kfp-api-server:dummy
+          imagePullPolicy: IfNotPresent
+          name: ml-pipeline-api-server
+          ports:
+            - name: http
+              containerPort: 8888
+            - name: grpc
+              containerPort: 8887
+          readinessProbe:
+            exec:
+              command:
+                - wget
+                - -q # quiet
+                - -S # show server response
+                - -O
+                - "-" # Redirect output to stdout
+                - http://localhost:8888/apis/v1beta1/healthz
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 2
+          livenessProbe:
+            exec:
+              command:
+                - wget
+                - -q # quiet
+                - -S # show server response
+                - -O
+                - "-" # Redirect output to stdout
+                - http://localhost:8888/apis/v1beta1/healthz
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 2
+          # This startup probe provides up to a 60 second grace window before the
+          # liveness probe takes over to accomodate the occasional database
+          # migration.
+          startupProbe:
+            exec:
+              command:
+                - wget
+                - -q # quiet
+                - -S # show server response
+                - -O
+                - "-" # Redirect output to stdout
+                - http://localhost:8888/apis/v1beta1/healthz
+            failureThreshold: 12
+            periodSeconds: 5
+            timeoutSeconds: 2
+          securityContext:
+            allowPrivilegeEscalation: false
+            seccompProfile:
+              type: RuntimeDefault
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 0
+            capabilities:
+              drop:
+                - ALL
+          resources:
+            requests:
+              cpu: 250m
+              memory: 500Mi
       serviceAccountName: ml-pipeline
diff --git a/manifests/kustomize/hack/release.sh b/manifests/kustomize/hack/release.sh
@@ -40,3 +40,14 @@ do
 done
 
 yq w -i "${MANIFEST_DIR}/base/installs/generic/pipeline-install-config.yaml" data.appVersion "$TAG_NAME"
+
+## Driver & Launcher images are added as environment variables
+API_SERVER_MANIFEST="${MANIFEST_DIR}/base/pipeline/ml-pipeline-apiserver-deployment.yaml"
+
+yq w -i ${API_SERVER_MANIFEST} \
+  "spec.template.spec.containers.(name==ml-pipeline-api-server).env.(name==V2_LAUNCHER_IMAGE).value" \
+  "ghcr.io/kubeflow/kfp-launcher:${TAG_NAME}"
+
+yq w -i ${API_SERVER_MANIFEST} \
+  "spec.template.spec.containers.(name==ml-pipeline-api-server).env.(name==V2_DRIVER_IMAGE).value" \
+  "ghcr.io/kubeflow/kfp-driver:${TAG_NAME}"
