Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Altered network policy to allow all trafic for head & worker pods #544

Merged
merged 7 commits into from
Apr 24, 2024
Merged

Altered network policy to allow all trafic for head & worker pods #544

merged 7 commits into from
Apr 24, 2024

Conversation

Bobbins228
Copy link
Contributor

@Bobbins228 Bobbins228 commented Apr 23, 2024
edited

Issue link

RHOAIENG-6385

What changes have been made

Replaced hard coded ports for the Ray Cluster Network Policy with label selectors that will allow traffic to and from the head & worker pods.

Verification steps

Setup

  • Ensure the Codeflare Operator is not installed on your cluster.
  • Clone the repo locally and clone this branch
  • Run make image-build -e IMG=quay.io/<quay-user>/<repo>:<tag>
  • Run make image-push -e IMG=quay.io/<quay-user>/<repo>:<tag>
  • Run make deploy IMG=quay.io/<quay-user>/<repo>:<tag>

Testing

Run through the job client demo with SDK v0.16.0
Ensure the example job succeeds

Checks

  • I've made sure the tests are passing.
  • Testing Strategy
    • Unit tests
    • Manual tests
    • Testing is not required for this change

@Bobbins228
Copy link
Contributor Author

@astefanutti @KPostOffice
Added the worker pod NWP and set the pod selectors to equal just the cluster name so they both will work with head/worker
One thing that I am looking into is a failed connection when mTLS=False

astefanutti
astefanutti reviewed Apr 23, 2024
View reviewed changes
pkg/controllers/raycluster_controller.go Outdated Show resolved Hide resolved
pkg/controllers/raycluster_controller.go Outdated Show resolved Hide resolved
pkg/controllers/raycluster_controller.go Outdated Show resolved Hide resolved
@astefanutti
Copy link
Contributor

@astefanutti @KPostOffice Added the worker pod NWP and set the pod selectors to equal just the cluster name so they both will work with head/worker One thing that I am looking into is a failed connection when mTLS=False

@Bobbins228 it works when mTLS is enabled because the client port is added to allSecuredPorts.

@Bobbins228
Copy link
Contributor Author

@astefanutti Of course!
Only added P2P communications for this.
I will add the client port back 🥇

@astefanutti
Copy link
Contributor

/lgtm

I think there is still the issue for local interactive use case when mTLS is disabled, but that's an existing / separate issue that we can address separately. Actually we may not want to enable local interactive with mTLS disabled...

@openshift-ci openshift-ci bot added the lgtm label Apr 23, 2024
@astefanutti
Copy link
Contributor

@KPostOffice leaving the final approval to you :).

@openshift-ci openshift-ci bot removed the lgtm label Apr 24, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 24, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from astefanutti. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Bobbins228 @astefanutti
Update pkg/controllers/raycluster_controller.go
778c478 
Co-authored-by: Antonin Stefanutti <astefanutti@users.noreply.github.com>
@astefanutti
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Apr 24, 2024
@astefanutti astefanutti merged commit 12b72cb into project-codeflare:main Apr 24, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@astefanutti astefanutti astefanutti left review comments

@KPostOffice KPostOffice KPostOffice left review comments

@ChristianZaccaria ChristianZaccaria Awaiting requested review from ChristianZaccaria

@dimakis dimakis Awaiting requested review from dimakis

Assignees

@astefanutti astefanutti

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Bobbins228 @astefanutti @KPostOffice