Helm charts Kserve Models Web App (#3183)

* Kserve Models Web App Helm charts

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Gha for comparision

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Added permissions

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Removed duplication of comparision from the tests directory

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Removed extra files

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Update pipelines_swfs_install.sh

Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>

* Migrate model-registry helm charts to v0.2.21

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

* Migrate model registry helm charts to v0.2.21

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>

---------

Signed-off-by: kunal-511 <yoyokvunal@gmail.com>
Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>

Author: kunal-511

.github/workflows/helm-kustomize-comparison.yml

@@ -4,14 +4,18 @@ on:
   pull_request:
     branches: [master]
     paths:
-    - 'charts/**'
-    - '/applications/model-registry/**'
-    - 'tests/helm_compare_all_scenarios.sh'
+    - 'experimental/helm/charts/**'
+    - 'applications/model-registry/**'
+    - 'tests/helm_kustomize_compare.py'
     - 'tests/helm_kustomize_compare.sh'
-    - 'tests/helm_compare_manifests.py'
-    - 'helm-kustomize-comparison.yml'
+    - 'tests/helm_kustomize_compare_all.sh'
+    - '.github/workflows/helm-kustomize-comparison.yml'
   workflow_dispatch:
 
+permissions:
+  contents: read
+  actions: read
+
 jobs:
   validate-helm-kustomize-equivalence:
     runs-on: ubuntu-latest
@@ -39,4 +43,4 @@ jobs:
       env:
         VERBOSE: "true"
       run: |
-        ./tests/helm_compare_all_scenarios.sh
+        ./tests/helm_kustomize_compare_all.sh model-registry

.github/workflows/katib-helm-kustomize-comparison.yaml

@@ -1,13 +1,15 @@
-name: Helm vs Kustomize Comparison
+name: Katib Helm vs Kustomize Comparison
 
 on:
   pull_request:
     branches: [master]
     paths:
-    - 'charts/katib/**'
-    - 'apps/katib/upstream/**'
-    - 'tests/compare_all_scenarios.sh'
-    - '.github/workflows/katib-helm-kustomize-comparison.yml'
+    - 'experimental/helm/charts/katib/**'
+    - 'applications/katib/**'
+    - 'tests/helm_kustomize_compare.py'
+    - 'tests/helm_kustomize_compare.sh'
+    - 'tests/helm_kustomize_compare_all.sh'
+    - '.github/workflows/katib-helm-kustomize-comparison.yaml'
   workflow_dispatch:
 
 permissions:
@@ -47,6 +49,4 @@ jobs:
       env:
         VERBOSE: "true"
       run: |
-        cd tests
-        chmod +x ./compare_all_scenarios.sh
-        ./compare_all_scenarios.sh
+        ./tests/helm_kustomize_compare_all.sh katib

.github/workflows/kserve-models-web-app-comparison.yml

@@ -0,0 +1,50 @@
+name: KServe Models Web App - Helm vs Kustomize Comparison
+
+on:
+  pull_request:
+    branches: [master]
+    paths:
+    - 'experimental/helm/charts/kserve-models-web-app/**'
+    - 'applications/kserve/models-web-app/**'
+    - 'tests/helm_kustomize_compare.py'
+    - 'tests/helm_kustomize_compare.sh'
+    - 'tests/helm_kustomize_compare_all.sh'
+    - '.github/workflows/kserve-models-web-app-comparison.yml'
+  workflow_dispatch:
+
+jobs:
+  validate-models-web-app-equivalence:
+    runs-on: ubuntu-latest
+    name: Compare KServe Models Web App Scenarios
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+
+    - name: Install Python dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pyyaml
+
+    - name: Install Helm
+      run: |
+        curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        chmod 700 get_helm.sh
+        ./get_helm.sh
+        rm get_helm.sh
+
+    - name: Install Kustomize
+      run: ./tests/kustomize_install.sh
+
+    - name: Validate Helm chart
+      run: |
+        helm lint experimental/helm/charts/kserve-models-web-app/
+
+    - name: Run KServe Models Web App comparison
+      env:
+        VERBOSE: "true"
+      run: ./tests/helm_kustomize_compare_all.sh kserve-models-web-app

experimental/helm/charts/katib/values.yaml

@@ -94,11 +94,19 @@ controller:
   # -- Affinity rules for controller pods
   affinity: {}
 
-  # -- Security context for controller pods
+    # -- Security context for controller pods
   podSecurityContext: {}
-  
+
   # -- Security context for controller containers
-  securityContext: {}
+  securityContext:
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+      - ALL
 
   # -- Extra labels for controller pods
   labels: {}
@@ -222,9 +230,20 @@ database:
         failureThreshold: 60
 
     # Security context
-    podSecurityContext: {}
+    podSecurityContext:
+      fsGroup: 999
+      fsGroupChangePolicy: OnRootMismatch
 
-    securityContext: {}
+    securityContext:
+      allowPrivilegeEscalation: false
+      seccompProfile:
+        type: RuntimeDefault
+      runAsNonRoot: true
+      runAsUser: 999
+      runAsGroup: 999
+      capabilities:
+        drop:
+        - ALL
 
     # Volume configuration
     volumes:
@@ -453,11 +472,19 @@ dbManager:
   # -- Affinity rules for DB Manager pods
   affinity: {}
 
-  # -- Security context for DB Manager pods
+    # -- Security context for DB Manager pods
   podSecurityContext: {}
-  
+
   # -- Security context for DB Manager containers
-  securityContext: {}
+  securityContext:
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    runAsUser: 1000
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+      - ALL
 
   # -- Extra labels for DB Manager pods
   labels: {}
@@ -509,11 +536,19 @@ ui:
   # -- Affinity rules for UI pods
   affinity: {}
 
-  # -- Security context for UI pods
-  podSecurityContext: {}
-  
+    # -- Security context for UI pods
+  podSecurityContext:
+    seccompProfile:
+      type: RuntimeDefault
+
   # -- Security context for UI containers
-  securityContext: {}
+  securityContext:
+    runAsNonRoot: true
+    allowPrivilegeEscalation: false
+    runAsUser: 1000
+    capabilities:
+      drop:
+      - ALL
 
   # -- Extra labels for UI pods
   labels: {}

experimental/helm/charts/kserve-models-web-app/.helmignore

@@ -0,0 +1,46 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OS generated files
+Thumbs.db
+# Helm generated files
+*.lock
+# Documentation files
+*.md
+OWNERS
+# CI/CD files
+.github/
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+# Build files
+Makefile
+*.mk
+# Test files (keep only the test templates)
+test/
+# Scripts
+scripts/
+# Proposal files
+proposals/
+# Development environment
+devenv/ 

experimental/helm/charts/kserve-models-web-app/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+
+name: kserve-models-web-app
+
+description: A Helm chart for KServe Models Web App - Model serving management UI on Kubernetes
+
+version: 0.1.0
+
+appVersion: v0.14.0
+
+home: https://github.com/kserve/kserve
+
+annotations:
+  category: Machine Learning
+  licenses: Apache-2.0

experimental/helm/charts/kserve-models-web-app/README.md

@@ -0,0 +1,3 @@
+# KServe Models Web App Helm Chart
+
+This Helm chart deploys the KServe Models Web App