Disable dynamic creation for admission hooks and update dependencies (#…

…1450) * Update all dependencies to the latest versions Add cert generator for the webhooks Add manifests for the webhooks * Modify Dockerfile for manager * Remove comments * Update Dockerfiles for Go images * Add signerName: kubernetes.io/kube-apiserver-client to csr Update roles for controller RBAC Changes after review * Fix not installed CRD error * Update scripts * Revert operator changes * Describe controller pod in test * Add log line to test * Move kubectl version * Change csr version to v1beta1 * Remove log * Change signerName to kubernetes.io/kubelet-serving * Modify common name Co-authored-by: Yuki Iwai <68272500+tenzen-y@users.noreply.github.com> * Add env variable to init container Co-authored-by: Yuki Iwai <68272500+tenzen-y@users.noreply.github.com> * Get namespace from env Co-authored-by: Yuki Iwai <68272500+tenzen-y@users.noreply.github.com> * Remove quotes * Remove spaces * Run cert generator script from the Job * Modify new ui Dockerfile * Disable Actions on PR * Modify setup Katib script * Fix PODNUM * Remove imagePullPolicy from PyTorch and TFJob examples * Disable Pytorch examples in e2e * Add sleep to e2e test * Activate Actions * Disable actions Co-authored-by: Yuki Iwai <68272500+tenzen-y@users.noreply.github.com>
kubeflow · Mar 6, 2021 · 12e7f1e · 12e7f1e
1 parent d9b4602
commit 12e7f1e
Show file tree

Hide file tree

Showing 115 changed files with 3,980 additions and 2,512 deletions.
diff --git a/.github/workflows/test-charmed-katib.yaml b/.github/workflows/test-charmed-katib.yaml
@@ -2,7 +2,7 @@ name: Charmed Katib
 
 on:
   - push
-  - pull_request
+  # - pull_request # TODO (andreyvelich): Actions should be fixed in: https://github.com/kubeflow/katib/issues/1453
 
 jobs:
   build:

diff --git a/cmd/cert-generator/v1beta1/Dockerfile b/cmd/cert-generator/v1beta1/Dockerfile
@@ -0,0 +1,17 @@
+FROM alpine:3.12.0
+
+ARG KUBECTL_VERSION="v1.19.3"
+
+# Fixes https://snyk.io/vuln/SNYK-LINUX-MUSL-458116
+RUN apk upgrade musl
+
+RUN apk add --update openssl
+RUN wget https://storage.googleapis.com/kubernetes-release/release/$KUBECTL_VERSION/bin/linux/amd64/kubectl \
+  && chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl
+
+COPY ./hack/cert-generator.sh /app/cert-generator.sh
+RUN chmod +x /app/cert-generator.sh
+
+WORKDIR /app
+
+ENTRYPOINT ["sh", "./cert-generator.sh"]
diff --git a/cmd/db-manager/v1beta1/Dockerfile b/cmd/db-manager/v1beta1/Dockerfile
@@ -1,13 +1,27 @@
+# Build the Katib DB manager.
 FROM golang:alpine AS build-env
-# The GOPATH in the image is /go.
-ADD . /go/src/github.com/kubeflow/katib
-WORKDIR /go/src/github.com/kubeflow/katib/cmd/db-manager
-RUN if [ "$(uname -m)" = "ppc64le" ] || [ "$(uname -m)" = "aarch64" ]; then \
-    apk --update add git gcc musl-dev && \
-    go build -o katib-db-manager ./v1beta1; \
+
+WORKDIR /go/src/github.com/kubeflow/katib
+
+# Download packages.
+COPY go.mod .
+COPY go.sum .
+RUN go mod download -x
+
+# Copy sources.
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+# Build the binary.
+RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o katib-db-manager ./cmd/db-manager/v1beta1; \
+    elif [ "$(uname -m)" = "aarch64" ]; then \
+    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o katib-db-manager ./cmd/db-manager/v1beta1; \
     else \
-    go build -o katib-db-manager ./v1beta1; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o katib-db-manager ./cmd/db-manager/v1beta1; \
     fi
+
+# Add GRPC health probe.
 RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
     if [ "$(uname -m)" = "ppc64le" ]; then \
     wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-ppc64le; \
@@ -18,9 +32,10 @@ RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
     fi && \
     chmod +x /bin/grpc_health_probe
 
+# Copy the db-manager into a thin image.
 FROM alpine:3.7
 WORKDIR /app
 COPY --from=build-env /bin/grpc_health_probe /bin/
-COPY --from=build-env /go/src/github.com/kubeflow/katib/cmd/db-manager/katib-db-manager /app/
+COPY --from=build-env /go/src/github.com/kubeflow/katib/katib-db-manager /app/
 ENTRYPOINT ["./katib-db-manager"]
 CMD ["-w", "kubernetes"]
diff --git a/cmd/katib-controller/v1beta1/Dockerfile b/cmd/katib-controller/v1beta1/Dockerfile
@@ -1,22 +1,28 @@
-# Build the manager binary
+# Build the Katib controller.
 FROM golang:alpine AS build-env
 
-# Copy in the go src
-ADD . /go/src/github.com/kubeflow/katib
+WORKDIR /go/src/github.com/kubeflow/katib
 
-WORKDIR /go/src/github.com/kubeflow/katib/cmd/katib-controller
-# Build
+# Download packages.
+COPY go.mod .
+COPY go.sum .
+RUN go mod download -x
+
+# Copy sources.
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+# Build the binary.
 RUN if [ "$(uname -m)" = "ppc64le" ]; then \
-    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o katib-controller  ./v1beta1; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o katib-controller  ./cmd/katib-controller/v1beta1; \
     elif [ "$(uname -m)" = "aarch64" ]; then \
-    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o katib-controller  ./v1beta1; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o katib-controller  ./cmd/katib-controller/v1beta1; \
     else \
-    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o katib-controller  ./v1beta1; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o katib-controller  ./cmd/katib-controller/v1beta1; \
     fi
-# Copy the controller-manager into a thin image
+
+# Copy the controller-manager into a thin image.
 FROM alpine:3.7
 WORKDIR /app
-RUN apk update && apk add ca-certificates
-COPY --from=build-env /go/src/github.com/kubeflow/katib/cmd/katib-controller/katib-controller .
-USER 1000
+COPY --from=build-env /go/src/github.com/kubeflow/katib/katib-controller .
 ENTRYPOINT ["./katib-controller"]
diff --git a/cmd/katib-controller/v1beta1/main.go b/cmd/katib-controller/v1beta1/main.go
@@ -23,9 +23,10 @@ import (
 	"github.com/spf13/viper"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
-	"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
+	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
 
 	apis "github.com/kubeflow/katib/pkg/apis/controller"
 	controller "github.com/kubeflow/katib/pkg/controller.v1beta1"
@@ -35,42 +36,40 @@ import (
 )
 
 func main() {
-	logf.SetLogger(logf.ZapLogger(false))
+	logf.SetLogger(zap.New())
 	log := logf.Log.WithName("entrypoint")
 
 	var experimentSuggestionName string
 	var metricsAddr string
 	var webhookPort int
-	var certLocalFS bool
 	var injectSecurityContext bool
-	var serviceName string
 	var enableGRPCProbeInSuggestion bool
 	var trialResources trialutil.GvkListFlag
 
 	flag.StringVar(&experimentSuggestionName, "experiment-suggestion-name",
 		"default", "The implementation of suggestion interface in experiment controller (default)")
 	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.IntVar(&webhookPort, "webhook-port", 8443, "The port number to be used for admission webhook server.")
-	flag.BoolVar(&certLocalFS, "cert-localfs", false, "Store the webhook cert in local file system")
 	flag.BoolVar(&injectSecurityContext, "webhook-inject-securitycontext", false, "Inject the securityContext of container[0] in the sidecar")
-	flag.StringVar(&serviceName, "webhook-service-name", "katib-controller", "The service name which will be used in webhook")
 	flag.BoolVar(&enableGRPCProbeInSuggestion, "enable-grpc-probe-in-suggestion", true, "enable grpc probe in suggestions")
 	flag.Var(&trialResources, "trial-resources", "The list of resources that can be used as trial template, in the form: Kind.version.group (e.g. TFJob.v1.kubeflow.org)")
+	flag.IntVar(&webhookPort, "webhook-port", 8443, "The port number to be used for admission webhook server.")
+
+	// TODO (andreyvelich): Currently it is not possible to set different webhook service name.
+	// flag.StringVar(&serviceName, "webhook-service-name", "katib-controller", "The service name which will be used in webhook")
+	// TODO (andreyvelich): Currently is is not possible to store webhook cert in the local file system.
+	// flag.BoolVar(&certLocalFS, "cert-localfs", false, "Store the webhook cert in local file system")
 
 	flag.Parse()
 
 	// Set the config in viper.
 	viper.Set(consts.ConfigExperimentSuggestionName, experimentSuggestionName)
-	viper.Set(consts.ConfigCertLocalFS, certLocalFS)
 	viper.Set(consts.ConfigInjectSecurityContext, injectSecurityContext)
 	viper.Set(consts.ConfigEnableGRPCProbeInSuggestion, enableGRPCProbeInSuggestion)
 	viper.Set(consts.ConfigTrialResources, trialResources)
 
 	log.Info("Config:",
 		consts.ConfigExperimentSuggestionName,
 		viper.GetString(consts.ConfigExperimentSuggestionName),
-		consts.ConfigCertLocalFS,
-		viper.GetBool(consts.ConfigCertLocalFS),
 		"webhook-port",
 		webhookPort,
 		"metrics-addr",
@@ -108,22 +107,22 @@ func main() {
 	}
 
 	// Setup all Controllers
-	log.Info("Setting up controller")
+	log.Info("Setting up controller.")
 	if err := controller.AddToManager(mgr); err != nil {
-		log.Error(err, "unable to register controllers to the manager")
+		log.Error(err, "Unable to register controllers to the manager")
 		os.Exit(1)
 	}
 
-	log.Info("Setting up webhooks")
-	if err := webhook.AddToManager(mgr, int32(webhookPort), serviceName); err != nil {
-		log.Error(err, "unable to register webhooks to the manager")
+	log.Info("Setting up webhooks.")
+	if err := webhook.AddToManager(mgr, webhookPort); err != nil {
+		log.Error(err, "Unable to register webhooks to the manager")
 		os.Exit(1)
 	}
 
 	// Start the Cmd
 	log.Info("Starting the Cmd.")
 	if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
-		log.Error(err, "unable to run the manager")
+		log.Error(err, "Unable to run the manager")
 		os.Exit(1)
 	}
 }
diff --git a/cmd/metricscollector/v1beta1/file-metricscollector/Dockerfile b/cmd/metricscollector/v1beta1/file-metricscollector/Dockerfile
@@ -1,22 +1,28 @@
-# Build the manager binary
+# Build the Katib file metrics collector.
 FROM golang:alpine AS build-env
 
-# Copy in the go src
-ADD . /go/src/github.com/kubeflow/katib
+WORKDIR /go/src/github.com/kubeflow/katib
 
-WORKDIR /go/src/github.com/kubeflow/katib/cmd/metricscollector/v1beta1/file-metricscollector/
+# Download packages.
+COPY go.mod .
+COPY go.sum .
+RUN go mod download -x
 
-# Build
+# Copy sources.
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+# Build the binary.
 RUN if [ "$(uname -m)" = "ppc64le" ]; then \
-    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o file-metricscollector ./; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o file-metricscollector ./cmd/metricscollector/v1beta1/file-metricscollector; \
     elif [ "$(uname -m)" = "aarch64" ]; then \
-    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o file-metricscollector ./; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o file-metricscollector ./cmd/metricscollector/v1beta1/file-metricscollector; \
     else \
-    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o file-metricscollector ./; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o file-metricscollector ./cmd/metricscollector/v1beta1/file-metricscollector; \
     fi
 
-# Copy the controller-manager into a thin image
+# Copy the file metrics collector into a thin image.
 FROM alpine:3.7
 WORKDIR /app
-COPY --from=build-env /go/src/github.com/kubeflow/katib/cmd/metricscollector/v1beta1/file-metricscollector/file-metricscollector .
+COPY --from=build-env /go/src/github.com/kubeflow/katib/file-metricscollector .
 ENTRYPOINT ["./file-metricscollector"]
diff --git a/cmd/new-ui/v1beta1/Dockerfile b/cmd/new-ui/v1beta1/Dockerfile
@@ -35,21 +35,29 @@ RUN npm run build:prod
 # --- Build the backend ---
 FROM golang:alpine AS go-build
 
-# The GOPATH in the image is /go.
-ADD . /go/src/github.com/kubeflow/katib
-WORKDIR /go/src/github.com/kubeflow/katib/cmd/new-ui
-RUN if [ "$(uname -m)" = "ppc64le" ] || [ "$(uname -m)" = "aarch64" ]; then \
-    apk --update add gcc musl-dev  && \
-    go build -o katib-ui ./v1beta1; \
+WORKDIR /go/src/github.com/kubeflow/katib
+
+# Download packages.
+COPY go.mod .
+COPY go.sum .
+RUN go mod download -x
+
+# Copy sources.
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+# Build the binary.
+RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+    CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o katib-ui  ./cmd/new-ui/v1beta1; \
+    elif [ "$(uname -m)" = "aarch64" ]; then \
+    CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o katib-ui  ./cmd/new-ui/v1beta1; \
     else \
-    go build -o katib-ui ./v1beta1; \
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o katib-ui  ./cmd/new-ui/v1beta1; \
     fi
 
-# --- compose the web app ---
+# --- Compose the web app ---
 FROM alpine:3.7
 WORKDIR /app
-COPY --from=go-build /go/src/github.com/kubeflow/katib/cmd/new-ui/katib-ui /app/
+COPY --from=go-build /go/src/github.com/kubeflow/katib/katib-ui /app/
 COPY --from=frontend /src/dist/static /app/build/static/
-
-USER 1000
 ENTRYPOINT ["./katib-ui"]
diff --git a/cmd/suggestion/goptuna/v1beta1/Dockerfile b/cmd/suggestion/goptuna/v1beta1/Dockerfile
@@ -1,31 +1,45 @@
-FROM golang:alpine AS go-build
-# The GOPATH in the image is /go.
-ADD . /go/src/github.com/kubeflow/katib
-WORKDIR /go/src/github.com/kubeflow/katib/cmd/suggestion/goptuna
-RUN if [ "$(uname -m)" = "ppc64le" ] || [ "$(uname -m)" = "aarch64" ]; then \
-    apk --update add gcc musl-dev  && \
-    go build -o goptuna-suggestion ./v1beta1; \
-    else \
-    go build -o goptuna-suggestion ./v1beta1; \
-    fi
+# Build the Goptuna Suggestion.
+FROM golang:alpine AS build-env
 
+WORKDIR /go/src/github.com/kubeflow/katib
+
+# Download packages.
+COPY go.mod .
+COPY go.sum .
+RUN go mod download -x
+
+# Copy sources.
+COPY cmd/ cmd/
+COPY pkg/ pkg/
+
+# Build the binary.
+RUN if [ "$(uname -m)" = "ppc64le" ]; then \
+  CGO_ENABLED=0 GOOS=linux GOARCH=ppc64le go build -a -o goptuna-suggestion ./cmd/suggestion/goptuna/v1beta1; \
+  elif [ "$(uname -m)" = "aarch64" ]; then \
+  CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -a -o goptuna-suggestion ./cmd/suggestion/goptuna/v1beta1; \
+  else \
+  CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o goptuna-suggestion ./cmd/suggestion/goptuna/v1beta1; \
+  fi
+
+# Add GRPC health probe.
 RUN GRPC_HEALTH_PROBE_VERSION=v0.3.1 && \
-    if [ "$(uname -m)" = "ppc64le" ]; then \
-    wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-ppc64le; \
-    elif [ "$(uname -m)" = "aarch64" ]; then \
-    wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-arm64; \
-    else \
-    wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64; \
-    fi && \
-    chmod +x /bin/grpc_health_probe
+  if [ "$(uname -m)" = "ppc64le" ]; then \
+  wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-ppc64le; \
+  elif [ "$(uname -m)" = "aarch64" ]; then \
+  wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-arm64; \
+  else \
+  wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64; \
+  fi && \
+  chmod +x /bin/grpc_health_probe
 
+# Copy the Goptuna suggestion into a thin image.
 FROM alpine:3.7
 
 ENV TARGET_DIR /opt/katib
 
 WORKDIR ${TARGET_DIR}
-COPY --from=go-build /bin/grpc_health_probe /bin/
-COPY --from=go-build /go/src/github.com/kubeflow/katib/cmd/suggestion/goptuna/goptuna-suggestion ${TARGET_DIR}/
+COPY --from=build-env /bin/grpc_health_probe /bin/
+COPY --from=build-env /go/src/github.com/kubeflow/katib/goptuna-suggestion ${TARGET_DIR}/
 
 RUN chgrp -R 0 ${TARGET_DIR} \
   && chmod -R g+rwX ${TARGET_DIR}