From 569ce0acf7bf914bc7808e743a5e9981319c1b64 Mon Sep 17 00:00:00 2001 From: kunal-511 Date: Sat, 15 Nov 2025 16:12:34 +0530 Subject: [PATCH 01/14] Update synchronize istio to include ztunnel support Signed-off-by: kunal-511 --- common/istio/split-istio-packages | 7 ++++++- scripts/synchronize-istio-manifests.sh | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/common/istio/split-istio-packages b/common/istio/split-istio-packages index bc119aeea5..4905f629a5 100755 --- a/common/istio/split-istio-packages +++ b/common/istio/split-istio-packages @@ -50,13 +50,16 @@ def main(): args = parse_args() with open(args.manifest_file, "r") as f: objects = [obj for obj in list(yaml.load_all(f)) if obj] - crds, install, cluster_local = [], [], [] + crds, install, cluster_local, ztunnel = [], [], [], [] for obj in objects: if obj.get("kind") == "CustomResourceDefinition": crds.append(obj) elif (obj.get("metadata", {}).get("name", ""). startswith("cluster-local-gateway")): cluster_local.append(obj) + elif (obj.get("metadata", {}).get("name", "") == "ztunnel" or + (obj.get("metadata", {}).get("labels", {}).get("app.kubernetes.io/name") == "ztunnel")): + ztunnel.append(obj) else: install.append(obj) @@ -66,6 +69,8 @@ def main(): yaml.dump_all(install, f) with open("cluster-local-gateway.yaml", "w") as f: yaml.dump_all(cluster_local, f) + with open("ztunnel.yaml", "w") as f: + yaml.dump_all(ztunnel, f) if __name__ == "__main__": diff --git a/scripts/synchronize-istio-manifests.sh b/scripts/synchronize-istio-manifests.sh index e89f02efb3..cf878de60e 100755 --- a/scripts/synchronize-istio-manifests.sh +++ b/scripts/synchronize-istio-manifests.sh @@ -42,6 +42,14 @@ echo "Generating non-CNI manifests (insecure overlay)..." $ISTIOCTL manifest generate -f profile.yaml -f profile-overlay.yaml \ --set components.cni.enabled=false > istio-install/overlays/insecure/install-insecure.yaml +echo "Generating ztunnel manifests (ambient mode)..." +$ISTIOCTL manifest generate -f profile.yaml -f profile-overlay.yaml \ + --set components.cni.enabled=true \ + --set components.ztunnel.enabled=true > dump-ztunnel.yaml +./split-istio-packages -f dump-ztunnel.yaml +mv $ISTIO_DIRECTORY/ztunnel.yaml $ISTIO_DIRECTORY/istio-install/components/ambient-mode/ +rm dump-ztunnel.yaml crd.yaml install.yaml cluster-local-gateway.yaml + check_uncommitted_changes SOURCE_TEXT="\[.*\](https://github.com/istio/istio/releases/tag/.*)" From 771f702b91b412e2d85aa71b9682d83acaa5322a Mon Sep 17 00:00:00 2001 From: kunal-511 Date: Sun, 16 Nov 2025 16:54:02 +0530 Subject: [PATCH 02/14] increase katib test timeout Signed-off-by: kunal-511 --- tests/katib_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/katib_test.sh b/tests/katib_test.sh index d8cbd86f60..46512d86ca 100755 --- a/tests/katib_test.sh +++ b/tests/katib_test.sh @@ -8,5 +8,5 @@ kubectl wait --for=condition=Running experiments.kubeflow.org -n $KF_PROFILE --a echo "Waiting for all Trials to be Completed..." kubectl wait --for=condition=Created trials.kubeflow.org -n $KF_PROFILE --all --timeout=60s kubectl get trials.kubeflow.org -n $KF_PROFILE -kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 600s +kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 720s kubectl get trials.kubeflow.org -n $KF_PROFILE \ No newline at end of file From a876b9acde4d2a487ab4f8e7a0a05bf37c11af20 Mon Sep 17 00:00:00 2001 From: kunal-511 Date: Mon, 17 Nov 2025 22:15:09 +0530 Subject: [PATCH 03/14] revert katib test timeout Signed-off-by: kunal-511 --- tests/katib_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/katib_test.sh b/tests/katib_test.sh index 46512d86ca..d8cbd86f60 100755 --- a/tests/katib_test.sh +++ b/tests/katib_test.sh @@ -8,5 +8,5 @@ kubectl wait --for=condition=Running experiments.kubeflow.org -n $KF_PROFILE --a echo "Waiting for all Trials to be Completed..." kubectl wait --for=condition=Created trials.kubeflow.org -n $KF_PROFILE --all --timeout=60s kubectl get trials.kubeflow.org -n $KF_PROFILE -kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 720s +kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 600s kubectl get trials.kubeflow.org -n $KF_PROFILE \ No newline at end of file From 5f22620f010815f8854fcd80370eec3914cc60dd Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 17:55:01 +0100 Subject: [PATCH 04/14] Update error handling in free-disk-space.sh Enable debugging options in free-disk-space.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- tests/free-disk-space.sh | 49 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 tests/free-disk-space.sh diff --git a/tests/free-disk-space.sh b/tests/free-disk-space.sh new file mode 100644 index 0000000000..ac3418e736 --- /dev/null +++ b/tests/free-disk-space.sh @@ -0,0 +1,49 @@ +#!/bin/bash +set -euxo pipefail + +# This script frees up disk space on GitHub Actions runners. +# Several GHA workflows were failing with "no space left on device" errors. +# This script is only meant to run in GitHub Actions CI environment. + +# Safety check: Only run on GitHub Actions +if [[ "${GITHUB_ACTIONS:-false}" != "true" ]]; then + echo "ERROR: This script is for GitHub Actions runners only!" + exit 1 +fi + +echo "=== Initial disk usage ===" +df -h + +echo "=== Freeing up disk space ===" + +# Remove large directories not needed for KFP tests +sudo rm -rf /usr/share/dotnet +sudo rm -rf /opt/ghc +sudo rm -rf /usr/local/share/boost +sudo rm -rf /usr/local/lib/android +sudo rm -rf /usr/local/.ghcup +sudo rm -rf /usr/share/swift + +# Selectively remove large tools from hostedtoolcache while preserving Go, Node, Python +# Remove these specific large tools that aren't needed for KFP tests +sudo rm -rf /opt/hostedtoolcache/CodeQL || true +sudo rm -rf /opt/hostedtoolcache/Java_* || true +sudo rm -rf /opt/hostedtoolcache/Ruby || true +sudo rm -rf /opt/hostedtoolcache/PyPy || true +sudo rm -rf /opt/hostedtoolcache/boost || true + +# Clean package manager +sudo apt-get autoremove -y +sudo apt-get autoclean + +# Clean Docker +docker system prune -af --volumes +docker image prune -af + +# Clean containerd +sudo systemctl stop containerd || true +sudo rm -rf /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/* || true +sudo systemctl start containerd || true + +echo "=== Final disk usage ===" +df -h From 8cb492cb87bf78d8d3618c5b9606057087144f0e Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 17:56:06 +0100 Subject: [PATCH 05/14] Update full_kubeflow_integration_test.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/full_kubeflow_integration_test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/full_kubeflow_integration_test.yaml b/.github/workflows/full_kubeflow_integration_test.yaml index 9aceb08bca..1ba7d70d2d 100644 --- a/.github/workflows/full_kubeflow_integration_test.yaml +++ b/.github/workflows/full_kubeflow_integration_test.yaml @@ -24,6 +24,9 @@ jobs: # labels: ubuntu-latest-16-cores timeout-minutes: 45 steps: + - name: Free up disk space + run: ./tests/free-disk-space.sh + - name: Checkout uses: actions/checkout@v4 From 585c8bf639473f8eb591a93cfb2f4bbbf136eb24 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 17:56:43 +0100 Subject: [PATCH 06/14] Update pipeline_test.yaml Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/pipeline_test.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pipeline_test.yaml b/.github/workflows/pipeline_test.yaml index cb742ff92c..ac7e9ba3cb 100644 --- a/.github/workflows/pipeline_test.yaml +++ b/.github/workflows/pipeline_test.yaml @@ -25,6 +25,9 @@ jobs: timeout-minutes: 15 runs-on: ubuntu-latest steps: + - name: Free up disk space + run: ./tests/free-disk-space.sh + - name: Checkout uses: actions/checkout@v4 From a034b443b796d412749aef90ec671f7078950ee4 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 17:58:10 +0100 Subject: [PATCH 07/14] Upgrade checkout action from v4 to v5 Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/full_kubeflow_integration_test.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/full_kubeflow_integration_test.yaml b/.github/workflows/full_kubeflow_integration_test.yaml index 1ba7d70d2d..fa9890cf89 100644 --- a/.github/workflows/full_kubeflow_integration_test.yaml +++ b/.github/workflows/full_kubeflow_integration_test.yaml @@ -24,12 +24,12 @@ jobs: # labels: ubuntu-latest-16-cores timeout-minutes: 45 steps: + - name: Checkout + uses: actions/checkout@v5 + - name: Free up disk space run: ./tests/free-disk-space.sh - - name: Checkout - uses: actions/checkout@v4 - - name: Install KinD, Create KinD cluster and Install kustomize run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh From 67d7831699f64c7147d2de67c43dfedaa7180d00 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 17:58:34 +0100 Subject: [PATCH 08/14] Update checkout action version in pipeline test Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/pipeline_test.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pipeline_test.yaml b/.github/workflows/pipeline_test.yaml index ac7e9ba3cb..aee11be5ec 100644 --- a/.github/workflows/pipeline_test.yaml +++ b/.github/workflows/pipeline_test.yaml @@ -25,12 +25,12 @@ jobs: timeout-minutes: 15 runs-on: ubuntu-latest steps: + - name: Checkout + uses: actions/checkout@v5 + - name: Free up disk space run: ./tests/free-disk-space.sh - - name: Checkout - uses: actions/checkout@v4 - - name: Install KinD, Create KinD cluster and Install kustomize run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh From b24a6e27892b2bec779fc312b6eaeffc356d84c8 Mon Sep 17 00:00:00 2001 From: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:01:22 +0100 Subject: [PATCH 09/14] Make tests/free-disk-space.sh executable Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --- tests/free-disk-space.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/free-disk-space.sh diff --git a/tests/free-disk-space.sh b/tests/free-disk-space.sh old mode 100644 new mode 100755 From 1d47ea7152b29c56b8f935d33a166558587bc8c2 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:06:42 +0100 Subject: [PATCH 10/14] Remove apt-get autoremove from cleanup script Removed 'apt-get autoremove' command from the script. Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- tests/free-disk-space.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/free-disk-space.sh b/tests/free-disk-space.sh index ac3418e736..fe4e8dfe9b 100755 --- a/tests/free-disk-space.sh +++ b/tests/free-disk-space.sh @@ -33,7 +33,6 @@ sudo rm -rf /opt/hostedtoolcache/PyPy || true sudo rm -rf /opt/hostedtoolcache/boost || true # Clean package manager -sudo apt-get autoremove -y sudo apt-get autoclean # Clean Docker From 2a193dfcfb596da41ece9b6f35c15b375e20d65d Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:08:25 +0100 Subject: [PATCH 11/14] Update GitHub Actions workflow for disk space management Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/pipeline_swfs_test.yaml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pipeline_swfs_test.yaml b/.github/workflows/pipeline_swfs_test.yaml index 148504fdbc..3e31c85c18 100644 --- a/.github/workflows/pipeline_swfs_test.yaml +++ b/.github/workflows/pipeline_swfs_test.yaml @@ -25,15 +25,10 @@ jobs: labels: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - - name: Remove unused software - run: | - df -h # Check disk space before removal - sudo rm -rf /usr/share/dotnet # Example: Remove .NET SDK - sudo rm -rf /usr/local/lib/android # Example: Remove Android SDK - sudo rm -rf /opt/ghc # Example: Remove Haskell - df -h # Check disk space after removal + - name: Free up disk space + run: ./tests/free-disk-space.sh - name: Proactively prune OCI system on GHA runner run: docker system prune -a --volumes --force From 5df884c93554d8325206f3948c34324d426e4b64 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:41:44 +0100 Subject: [PATCH 12/14] Update katib_test.sh Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- tests/katib_test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/katib_test.sh b/tests/katib_test.sh index d8cbd86f60..9fbf5de94e 100755 --- a/tests/katib_test.sh +++ b/tests/katib_test.sh @@ -8,5 +8,5 @@ kubectl wait --for=condition=Running experiments.kubeflow.org -n $KF_PROFILE --a echo "Waiting for all Trials to be Completed..." kubectl wait --for=condition=Created trials.kubeflow.org -n $KF_PROFILE --all --timeout=60s kubectl get trials.kubeflow.org -n $KF_PROFILE -kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 600s -kubectl get trials.kubeflow.org -n $KF_PROFILE \ No newline at end of file +kubectl wait --for=condition=Succeeded trials.kubeflow.org -n $KF_PROFILE --all --timeout 720s +kubectl get trials.kubeflow.org -n $KF_PROFILE From b763c371a5a6b4958d2f89f6820fb5a2d7c70a41 Mon Sep 17 00:00:00 2001 From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:42:18 +0100 Subject: [PATCH 13/14] Upgrade checkout action and add disk space cleanup Updated checkout action version and added disk space cleanup step. Signed-off-by: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com> --- .github/workflows/pipeline_run_from_notebook.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pipeline_run_from_notebook.yaml b/.github/workflows/pipeline_run_from_notebook.yaml index be87575f19..cb159445bd 100644 --- a/.github/workflows/pipeline_run_from_notebook.yaml +++ b/.github/workflows/pipeline_run_from_notebook.yaml @@ -21,7 +21,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 + + - name: Free up disk space + run: ./tests/free-disk-space.sh - name: Install KinD, Create KinD cluster and Install kustomize run: ./tests/install_KinD_create_KinD_cluster_install_kustomize.sh From 64ba9ca10fd5c96d4b73fe41e8fe186f44fa8acf Mon Sep 17 00:00:00 2001 From: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> Date: Tue, 18 Nov 2025 13:19:33 +0100 Subject: [PATCH 14/14] already in https://github.com/kubeflow/manifests/blob/master/common/istio/istio-install/base/patches/seccomp-istiod.yaml Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com> --- common/istio/profile.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/common/istio/profile.yaml b/common/istio/profile.yaml index 4f65be4733..7b7cf01703 100644 --- a/common/istio/profile.yaml +++ b/common/istio/profile.yaml @@ -29,6 +29,3 @@ spec: global: configValidation: true istioNamespace: istio-system - proxy: - seccompProfile: - type: RuntimeDefault