apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization sortOptions: order: legacy legacySortOptions: orderFirst: - Namespace - ResourceQuota - StorageClass - CustomResourceDefinition - MutatingWebhookConfiguration - ServiceAccount - PodSecurityPolicy - NetworkPolicy - Role - ClusterRole - RoleBinding - ClusterRoleBinding - ConfigMap - Secret - Endpoints - Service - LimitRange - PriorityClass - PersistentVolume - PersistentVolumeClaim - Deployment - StatefulSet - CronJob - PodDisruptionBudget orderLast: - ValidatingWebhookConfiguration resources: # Cert-Manager - ../common/cert-manager/base - ../common/cert-manager/kubeflow-issuer/base # Istio - ../common/istio-1-24/istio-crds/base - ../common/istio-1-24/istio-namespace/base - ../common/istio-1-24/istio-install/overlays/oauth2-proxy # oauth2-proxy # NOTE: only uncomment ONE of the following overlays, depending on your cluster type - ../common/oauth2-proxy/overlays/m2m-dex-only # for all clusters #- ../common/oauth2-proxy/overlays/m2m-dex-and-kind # for KIND clusters (allows K8S JWTs for gateway auth) #- ../common/oauth2-proxy/overlays/m2m-dex-and-eks # for EKS clusters (NOTE: requires you to configure issuer, see overlay) # Dex - ../common/dex/overlays/oauth2-proxy # KNative - ../common/knative/knative-serving/overlays/gateways # Uncomment the following line if `knative-eventing` is required # - ../common/knative/knative-eventing/base - ../common/istio-1-24/cluster-local-gateway/base # Kubeflow namespace - ../common/kubeflow-namespace/base # NetworkPolicies - ../common/networkpolicies/base # Kubeflow Roles - ../common/kubeflow-roles/base # Kubeflow Istio Resources - ../common/istio-1-24/kubeflow-istio-resources/base # Kubeflow Pipelines - ../apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user # Katib - ../apps/katib/upstream/installs/katib-with-kubeflow # Central Dashboard - ../apps/centraldashboard/overlays/oauth2-proxy # Admission Webhook - ../apps/admission-webhook/upstream/overlays/cert-manager # Jupyter Web App - ../apps/jupyter/jupyter-web-app/upstream/overlays/istio # Notebook Controller - ../apps/jupyter/notebook-controller/upstream/overlays/kubeflow # Profiles + KFAM - ../apps/profiles/upstream/overlays/kubeflow # PVC Viewer - ../apps/pvcviewer-controller/upstream/base # Volumes Web App - ../apps/volumes-web-app/upstream/overlays/istio # Tensorboards Controller - ../apps/tensorboard/tensorboard-controller/upstream/overlays/kubeflow # Tensorboard Web App - ../apps/tensorboard/tensorboards-web-app/upstream/overlays/istio # Training Operator - ../apps/training-operator/upstream/overlays/kubeflow # User namespace - ../common/user-namespace/base # KServe - ../apps/kserve/kserve - ../apps/kserve/models-web-app/overlays/kubeflow # Spark Operator - ../apps/spark/spark-operator/overlays/kubeflow # Ray is an experimental integration # Here is the documentation for Ray: https://docs.ray.io/en/latest/ # Here is the internal documentation for Ray: - ../experimental/ray/README.md # - ../experimental/ray/kuberay-operator/overlays/kubeflow components: # Pod Security Standards # https://kubernetes.io/docs/concepts/security/pod-security-standards/ # Uncomment to enable baseline level standards # - ../experimental/security/PSS/static/baseline # Uncomment to enable restricted level standards # - ../experimental/security/PSS/static/restricted # Uncomment to enable baseline level standards for dynamic namespaces # - ../experimental/security/PSS/dynamic/baseline # Uncomment to enable restricted level standards for dynamic namespaces # - ../experimental/security/PSS/dynamic/restricted