This repository has been archived by the owner on Jan 31, 2022. It is now read-only.
[chatbot] Start building a KF assistant - who owns this label? #142
Labels
Comments
|
Issue-Label Bot is automatically applying the labels:
Please mark this comment with 👍 or 👎 to give our bot feedback! |
|
Issue Label Bot is not confident enough to auto-label this issue. |
|
Issue-Label Bot is automatically applying the labels:
Please mark this comment with 👍 or 👎 to give our bot feedback! |
|
Issue-Label Bot is automatically applying the labels:
Please mark this comment with 👍 or 👎 to give our bot feedback! |
jlewi
pushed a commit
to jlewi/code-intelligence
that referenced
this issue
May 15, 2020
…equests.
* This is intended to be a simple web server that will answer queries
about who owns which GitHub labels.
* This PR is just the scaffolding for the server
* The server provides an endpoint for the Dialogflow webhook but
the endpoint isn't actually returning valid responses yet.
Related to kubeflow#142
k8s-ci-robot
pushed a commit
that referenced
this issue
May 15, 2020
…equests. (#143) * This is intended to be a simple web server that will answer queries about who owns which GitHub labels. * This PR is just the scaffolding for the server * The server provides an endpoint for the Dialogflow webhook but the endpoint isn't actually returning valid responses yet. Related to #142
jlewi
pushed a commit
to jlewi/code-intelligence
that referenced
this issue
May 21, 2020
* We want to create a webhook to respond to Dialogflow. To do that we need be able to modify the ISTIO ingress policy in order to apply different JWT validation for requests routed through IAP vs calls from DialogFlow. * I initially tried that using ISTIO 1.1 and ran into problems. On ISTIO 1.4 it seemed to work. * So this PR defines a new cluster based on the Kubeflow GCP blueprint so using ASM which has ISTIO 1.4. It is also using ACM to manage the deployment. * Related to kubeflow#142
jlewi
pushed a commit
to jlewi/testing
that referenced
this issue
May 23, 2020
* For now, it looks like using multiple acm-repo (i.e. different
repos for different clusters) will work better than trying
to use a single acm-repo and cluster selectors.
* I was hitting problems with the fact that Tekton can't be installed
via ACM right now (it violates certain validation constraints).
* I only wanted to install tekton on the auto-deploy cluster (kf-ci-v1)
and not the kf-ci-management cluster but I was stil
getting errors from ACM complaining the Tekton configs were invalid.
* So as a work around I renamed acm-repo -> acm-repos with the intent
we will have multiple subdirectories corresponding to different repos
* A given cluster can then choose which cluster to enroll in
* Create a new cluster for the KF chatbot (see kubeflow/code-intelligence#142)
* The cluster will be managed using CNRM and ACM on the kf-ci-management
cluster. So we need to check in the configs.
* The source (kustomize packages for the manifests) is in
kubeflow/code-intelligence#145
jlewi
added a commit
to jlewi/code-intelligence
that referenced
this issue
May 24, 2020
* The webhook handles requests asking who owns a specific area. THe fulfillment server maps the are to owners using the Kubeflow area label owners file. The fulfillment server then responds with a list of names. * Related to kubeflow#142 Update metrics notebook to take into account the age of the log message so we can look at recent issues.
jlewi
added a commit
to jlewi/code-intelligence
that referenced
this issue
May 24, 2020
* The webhook handles requests asking who owns a specific area. THe fulfillment server maps the are to owners using the Kubeflow area label owners file. The fulfillment server then responds with a list of names. * cmd/jwt is a simple go program using jose-util used to generate JWTs. These JWTs are used as secrets to authorize Dialgoflow webhooks. * Related to kubeflow#142 * Start ops-log.md to keep track of infrastructure changes.
jlewi
added a commit
to jlewi/code-intelligence
that referenced
this issue
May 24, 2020
* The webhook handles requests asking who owns a specific area. THe fulfillment server maps the are to owners using the Kubeflow area label owners file. The fulfillment server then responds with a list of names. * cmd/jwt is a simple go program using jose-util used to generate JWTs. These JWTs are used as secrets to authorize Dialgoflow webhooks. * Related to kubeflow#142 * Start ops-log.md to keep track of infrastructure changes.
k8s-ci-robot
pushed a commit
that referenced
this issue
May 24, 2020
* The webhook handles requests asking who owns a specific area. THe fulfillment server maps the are to owners using the Kubeflow area label owners file. The fulfillment server then responds with a list of names. * cmd/jwt is a simple go program using jose-util used to generate JWTs. These JWTs are used as secrets to authorize Dialgoflow webhooks. * Related to #142 * Start ops-log.md to keep track of infrastructure changes.
k8s-ci-robot
pushed a commit
to kubeflow/testing
that referenced
this issue
May 26, 2020
* For now, it looks like using multiple acm-repo (i.e. different
repos for different clusters) will work better than trying
to use a single acm-repo and cluster selectors.
* I was hitting problems with the fact that Tekton can't be installed
via ACM right now (it violates certain validation constraints).
* I only wanted to install tekton on the auto-deploy cluster (kf-ci-v1)
and not the kf-ci-management cluster but I was stil
getting errors from ACM complaining the Tekton configs were invalid.
* So as a work around I renamed acm-repo -> acm-repos with the intent
we will have multiple subdirectories corresponding to different repos
* A given cluster can then choose which cluster to enroll in
* Create a new cluster for the KF chatbot (see kubeflow/code-intelligence#142)
* The cluster will be managed using CNRM and ACM on the kf-ci-management
cluster. So we need to check in the configs.
* The source (kustomize packages for the manifests) is in
kubeflow/code-intelligence#145
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
To continue to reduce toil, I'd like to experiment with build a virtual assistant using Dialogflow to
answer common queries.
To get some of the scaffolding in place, I'd like to start by answering a very simple query: who owns this label?
To answer this query we just need to load label-owners.yaml and map the area to the list of owners.
We can do this using a custom fulfillment in Dialogflow using a webhook.
I was expecting it to be pretty straightforward to write a server (in go or python) and then deploy it on my Kubeflow GKE clusters.
It turns out the networking piece is a bit involved.
On GCP we expose an endpoint secured with IAP. I'd like to reuse this endpoint rather than provision a new IP address, host name, and certificate.
Dialogflow can't attach an OIDC token for IAP. So we need to create a networking path that bypasses IAP. For authorization, we can still use a signed JWT that can be validated using ISTIO. Dialogflow allows us to attach a header to the webhook so we can just generate a JWT using our own public/private key and then have Dialgoflow attach it to the requests.
With ISTIO 1.4 (ASM) I was able to configure the ISTIO ingress policy to accept both IAP and non IAP JWTs.
With ISTIO 1.1.6 I couldn't make this work. I kept getting origin authentication issues. Given we want to upgrade to ASM and a newer ISTIO I'm not going to spend more time troubleshooting 1.1. Instead I'm going to focus on getting a new code-intelligence cluster spun up with ASM (#141).
Opening this issue to track progress and collect feedback.
The text was updated successfully, but these errors were encountered: