Add the ability to create CloudEndpoint resources using kfctl.

[jlewi]

• This is GCP specific code that allows CloudEndpoints to be created using
  the CloudEndpoint controller. A Cloud endpoint is a KRM style resource
  so we can kust have kfctl apply -f {path} invoke the appropriate
  logic.

• For GCP this addresses CLI (kfctl)? to apply CloudEndpoints resources  GoogleCloudPlatform/kubeflow-distribution#36; specifically when
  deploying private GKE the CloudEndpoints controller won't be able
  to contact the servicemanagement API. This provides a work around
  by running it locally.

• This pattern seems extensible; i.e. other platforms could link in
  code to handle CR's specific to their platforms. This could basically
  be an alternative to plugins.

• I added a context flag to control the kubecontext that apply applies to.
  Unfortunately, it doesn't look like there is an easy way to use
  that in the context of applying KFDef. It looks like the current logic
  assumes the cluster will be added to the KFDef metadata and then
  look up that cluster in .kubeconfig.

  • Modifying that logic to support the context flag seemed riskier
    then simply adding a comment to the flag.

• Added some warnings that KFUpgrade is deprecated since per Upgrades in 1.1 should follow kustomize off the shelf workflow #304
  we want to follow the off shelf workflow.

[kubeflow-bot]

This change is 

[jlewi]

/assign @adrian555

[adrian555]

Reviewed 4 of 4 files at r1.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @jlewi and @Tomcli)

---

cmd/kfctl/cmd/apply.go, line 89 at r1 (raw file):

			}
			return nil
		case ep.Kind:

kubeContext is not used by other config, but is it mandatory for ep? If so, would it help check a valid kubeContext is part of the command line?

[adrian555]

@jlewi review is done above.

I do have one general question. From the description above I am not clear whether there will be one or two commands to deploy Kubeflow.

If as you said that this can be an alternative to the plugins, then I would suspect it will take two commands (or, two runs of kfctl command) to deploy. The new command option creates the CloudEndpoints with the kubeContext. But then if you want to deploy the Kubeflow, you will need to run the command with a KfDef configuration. And this time, you have to make sure that the KUBECONFIG is correctly pointed to the same cluster.

If I get it right, my concern would be whether this model is sustainable in the long term. I probably need to read more on the CloudEndPoint controller. But not quite sure about the reason to have this ep.Process wrapped in the kfctl. I would rather expect that one command to complete two functionalities (eg. kfctl apply -f <config> -p <ep-config> --kubeconfig <cluster-config>).

Hope this does not add more confusion. :)

[jlewi]

@adrian555 Thanks for the thoughtful response.

So the first problem is as follows:

We as GCP want/need to ship additional CLI functionality to support our customers. The question is whether we should bake this into the existing kfctl or ship a new GCP specific binary.

Our preference would be to ship it as part of kfctl and not require users to install a separate CLI.

I have tried to do it in a way that is extensible to other performs and Kubernetes native. In particular, the syntax

kfctl apply -f  ${FILE}

means we aren't adding a new flag sub command. So in this regard I think its not a one off hack for GCP. i.e. if other platforms wanted to follow this approach they could do so and we wouldn't have to worry that we would end up with 1000 flags and commands that nobody would understand.

There is a risk of binary bloat and possibly conflicting version dependencies but arguably that's not a new problem since we already allow platform specific logic to be baked into kfctl.

I do have one general question. From the description above I am not clear whether there will be one or two commands to deploy Kubeflow.

On GCP there will be multiple commands to deploy kubeflow. Initially we are using Makefile to glue these commands together. My hope is that we will find a more cloud native solution to glue it together. That could be a KF specific solution (e.g. some iteration on the current approach) but I'm hoping a more generic, cloud native solution will emerge. skaffold for example has a very pipeline centric view but it currently wouldn't work for our use cases.

If I get it right, my concern would be whether this model is sustainable in the long term

This is any area where multiple oppionions are possible and it may not be a place where one size fits all.

My personal oppinion is that treating it as a composable build pipeline makes it easier for folks to customize to meet their particular needs.

Fundamentally our process is two step

build | apply

Increasingly we see the need for folks to introduce additional steps in the pipeline. So with this pr the process is

build | apply | create DNS entry

[jlewi]

Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @adrian555 and @Tomcli)

---

cmd/kfctl/cmd/apply.go, line 89 at r1 (raw file):

Previously, adrian555 (Adrian Zhuang) wrote…

kubeContext is not used by other config, but is it mandatory for ep? If so, would it help check a valid kubeContext is part of the command line?

A context is not required. If none is supplied the current context is used. Validation happens within ep.Process; i.e. ep.Process will throw an error if the context doesn't exist.

So the semantics are the same as other K8s CLI tools.

[adrian555]

Thanks @jlewi for the detailed info!

I totally agree on the pipelining aspect and we already see there are multiple sub commands/functions such as alpha mirror, set-image-name etc. So I am all in with the intention to bake things related with Kubeflow with kfctl.

One thing I may point out is the example of build | apply | create DNS entry may not be the case for GCP however since it is now using the kustomize to build and apply. :)

So my problem is more about whether the ep.Process should be part of the apply command. And I agree it depends on individual's opinion on how to interpret it. To me, running apply command means to apply the KfDef configuration of a set of Kubeflow applications. The result or output of it is a deployment of Kubeflow. Then if we compare the ep with KfDef plugins, we either treat that as an add-on (which can be a new kfctl addon command) or extra-config (which can be kfctl apply -p <ep-config>.

[jlewi]

Then if we compare the ep with KfDef plugins, we either treat that as an add-on (which can be a new kfctl addon command) or extra-config (which can be kfctl apply -p .

Both of those options diverge from kubectl semantics which is what we've modeled kfctl on.

The kubernetes approach to bulk operations is to specify a single directory or file with multiple resources.

We don't need to add new subcommands or flags precisely because the KRM (i.e. metadata) allows the binary to figure out what resource to handle it appropriately.

So if we really wanted to we could support the having a single file with both resources separated by "---".

[adrian555]

/lgtm
/approve

Thanks @jlewi .

[jlewi]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adrian555, jlewi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [adrian555,jlewi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment