From f3fdc8dd8cf6cd39656b133e513496ee7d3099ff Mon Sep 17 00:00:00 2001 From: Kevin Date: Mon, 19 Feb 2024 17:13:13 -0500 Subject: [PATCH 1/5] odh configmap configuration to default template I also changed the removal of raycluster tls objects so it is done by name rather than all at once Signed-off-by: Kevin --- .../templates/base-template.yaml | 52 +++++++++++++++++++ src/codeflare_sdk/utils/generate_yaml.py | 42 +++++++-------- 2 files changed, 73 insertions(+), 21 deletions(-) diff --git a/src/codeflare_sdk/templates/base-template.yaml b/src/codeflare_sdk/templates/base-template.yaml index 960d7383..0f142c71 100644 --- a/src/codeflare_sdk/templates/base-template.yaml +++ b/src/codeflare_sdk/templates/base-template.yaml @@ -157,6 +157,18 @@ spec: - name: server-cert mountPath: "/home/ray/workspace/tls" readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt initContainers: - command: - sh @@ -181,6 +193,20 @@ spec: optional: false - name: server-cert emptyDir: {} + - name: odh-trusted-ca-cert + configMap: + name: odh-trusted-ca-bundle + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + optional: true + - name: odh-ca-cert + configMap: + name: odh-trusted-ca-bundle + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + optional: true workerGroupSpecs: # the pod replicas in this group typed worker - replicas: 3 @@ -277,6 +303,18 @@ spec: - name: server-cert mountPath: "/home/ray/workspace/tls" readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt volumes: - name: ca-vol secret: @@ -284,6 +322,20 @@ spec: optional: false - name: server-cert emptyDir: {} + - name: odh-trusted-ca-cert + configMap: + name: odh-trusted-ca-bundle + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + optional: true + - name: odh-ca-cert + configMap: + name: odh-trusted-ca-bundle + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + optional: true - replicas: 1 generictemplate: apiVersion: networking.k8s.io/v1 diff --git a/src/codeflare_sdk/utils/generate_yaml.py b/src/codeflare_sdk/utils/generate_yaml.py index bfbce859..1a1212eb 100755 --- a/src/codeflare_sdk/utils/generate_yaml.py +++ b/src/codeflare_sdk/utils/generate_yaml.py @@ -17,6 +17,7 @@ (in the cluster sub-module) for AppWrapper generation. """ +import typing import yaml import sys import os @@ -466,35 +467,34 @@ def enable_local_interactive(resources, cluster_name, namespace, ingress_domain) ][0].get("command")[2] = command +def del_from_list_by_name(l: list, target: typing.List[str]): + for item in l: + if item["name"] in ["ca-vol", "server-cert"]: + l.remove(item) + + def disable_raycluster_tls(resources): generic_template_spec = resources["GenericItems"][0]["generictemplate"]["spec"] - if "volumes" in generic_template_spec["headGroupSpec"]["template"]["spec"]: - del generic_template_spec["headGroupSpec"]["template"]["spec"]["volumes"] + del_from_list_by_name( + generic_template_spec["headGroupSpec"]["template"]["spec"].get("volumes", []), + ["ca-vol", "server-cert"], + ) - if ( - "volumeMounts" - in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"][0] - ): - del generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"][0][ - "volumeMounts" - ] + c: dict + for c in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"]: + del_from_list_by_name(c.get("volumeMounts", []), ["ca-vol", "server-cert"]) if "initContainers" in generic_template_spec["headGroupSpec"]["template"]["spec"]: del generic_template_spec["headGroupSpec"]["template"]["spec"]["initContainers"] - if "volumes" in generic_template_spec["workerGroupSpecs"][0]["template"]["spec"]: - del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"]["volumes"] - - if ( - "volumeMounts" - in generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][ - "containers" - ][0] - ): - del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][ - "containers" - ][0]["volumeMounts"] + for workerGroup in generic_template_spec.get("workerGroupSpecs"): + del_from_list_by_name( + workerGroup["template"]["spec"].get("volumes", []), + ["ca-vol", "server-cert"], + ) + for c in workerGroup["template"]["spec"].get("containers", []): + del_from_list_by_name(c.get("volumeMounts", []), ["ca-vol", "server-cert"]) del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][ "initContainers" From 45b8cbbf3370b1b8e2c44dae41f347d8d4dfa4e0 Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Tue, 20 Feb 2024 11:54:32 +0000 Subject: [PATCH 2/5] Altered tests so they pass --- tests/test-case-no-mcad.yamls | 66 +++++++++++++++++++++++++++++++++++ tests/test-case-prio.yaml | 66 +++++++++++++++++++++++++++++++++++ tests/test-case.yaml | 66 +++++++++++++++++++++++++++++++++++ tests/unit_test.py | 21 ++++++++++- 4 files changed, 218 insertions(+), 1 deletion(-) diff --git a/tests/test-case-no-mcad.yamls b/tests/test-case-no-mcad.yamls index 38109dfc..180c4c5b 100644 --- a/tests/test-case-no-mcad.yamls +++ b/tests/test-case-no-mcad.yamls @@ -77,8 +77,41 @@ spec: cpu: 2 memory: 8G nvidia.com/gpu: 0 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert rayVersion: 2.7.0 workerGroupSpecs: - groupName: small-group-unit-test-cluster-ray @@ -136,8 +169,41 @@ spec: cpu: 3 memory: 5G nvidia.com/gpu: 7 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert --- apiVersion: networking.k8s.io/v1 kind: Ingress diff --git a/tests/test-case-prio.yaml b/tests/test-case-prio.yaml index 9f907135..77ec3bbe 100644 --- a/tests/test-case-prio.yaml +++ b/tests/test-case-prio.yaml @@ -107,9 +107,42 @@ spec: cpu: 2 memory: 8G nvidia.com/gpu: 0 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret priorityClassName: default + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert rayVersion: 2.7.0 workerGroupSpecs: - groupName: small-group-prio-test-cluster @@ -167,9 +200,42 @@ spec: cpu: 3 memory: 5G nvidia.com/gpu: 7 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret priorityClassName: default + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert replicas: 1 - generictemplate: apiVersion: networking.k8s.io/v1 diff --git a/tests/test-case.yaml b/tests/test-case.yaml index f7e287cf..73fdd42d 100644 --- a/tests/test-case.yaml +++ b/tests/test-case.yaml @@ -106,8 +106,41 @@ spec: cpu: 2 memory: 8G nvidia.com/gpu: 0 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert rayVersion: 2.7.0 workerGroupSpecs: - groupName: small-group-unit-test-cluster @@ -165,8 +198,41 @@ spec: cpu: 3 memory: 5G nvidia.com/gpu: 7 + volumeMounts: + - mountPath: /home/ray/workspace/tls + name: server-cert + readOnly: true + - mountPath: /etc/pki/tls/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs + name: odh-ca-cert + subPath: odh-ca-bundle.crt imagePullSecrets: - name: unit-test-pull-secret + volumes: + - emptyDir: {} + name: server-cert + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert replicas: 1 - generictemplate: apiVersion: networking.k8s.io/v1 diff --git a/tests/unit_test.py b/tests/unit_test.py index fc9ecde2..dd9fad63 100644 --- a/tests/unit_test.py +++ b/tests/unit_test.py @@ -2709,10 +2709,26 @@ def test_enable_local_interactive(mocker): volumes = [ { "name": "ca-vol", - "secret": {"secretName": f"ca-secret-{cluster_name}"}, + "secret": {"secretName": "ca-secret-test-enable-local"}, "optional": False, }, {"name": "server-cert", "emptyDir": {}}, + { + "name": "odh-trusted-ca-cert", + "configMap": { + "name": "odh-trusted-ca-bundle", + "items": [{"key": "ca-bundle.crt", "path": "odh-custom-ca-bundle.crt"}], + "optional": True, + }, + }, + { + "name": "odh-ca-cert", + "configMap": { + "name": "odh-trusted-ca-bundle", + "items": [{"key": "odh-ca-bundle.crt", "path": "odh-ca-bundle.crt"}], + "optional": True, + }, + }, ] tls_env = [ {"name": "RAY_USE_TLS", "value": "1"}, @@ -2740,6 +2756,9 @@ def test_enable_local_interactive(mocker): head_group_spec["template"]["spec"]["initContainers"][0]["volumeMounts"] == volume_mounts ) + print(head_group_spec["template"]["spec"]["volumes"]) + print("----------------") + print(volumes) assert head_group_spec["template"]["spec"]["volumes"] == volumes # 2. workerGroupSpec has the initContainers command to generated TLS cert from the mounted CA cert. From 2b748ade4ea6511d59edb7cd07f9cf3dcfa8c47f Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Tue, 20 Feb 2024 16:01:36 +0000 Subject: [PATCH 3/5] Specificed mount paths and fixed unit tests --- src/codeflare_sdk/templates/base-template.yaml | 16 ++++++++-------- tests/test-case-no-mcad.yamls | 16 ++++++++-------- tests/test-case-prio.yaml | 16 ++++++++-------- tests/test-case.yaml | 16 ++++++++-------- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/codeflare_sdk/templates/base-template.yaml b/src/codeflare_sdk/templates/base-template.yaml index 0f142c71..1cb65d5a 100644 --- a/src/codeflare_sdk/templates/base-template.yaml +++ b/src/codeflare_sdk/templates/base-template.yaml @@ -157,16 +157,16 @@ spec: - name: server-cert mountPath: "/home/ray/workspace/tls" readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt initContainers: @@ -303,16 +303,16 @@ spec: - name: server-cert mountPath: "/home/ray/workspace/tls" readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt volumes: diff --git a/tests/test-case-no-mcad.yamls b/tests/test-case-no-mcad.yamls index 180c4c5b..d17e979a 100644 --- a/tests/test-case-no-mcad.yamls +++ b/tests/test-case-no-mcad.yamls @@ -81,16 +81,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: @@ -173,16 +173,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: diff --git a/tests/test-case-prio.yaml b/tests/test-case-prio.yaml index 77ec3bbe..1eb8ad48 100644 --- a/tests/test-case-prio.yaml +++ b/tests/test-case-prio.yaml @@ -111,16 +111,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: @@ -204,16 +204,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: diff --git a/tests/test-case.yaml b/tests/test-case.yaml index 73fdd42d..563ebf90 100644 --- a/tests/test-case.yaml +++ b/tests/test-case.yaml @@ -110,16 +110,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: @@ -202,16 +202,16 @@ spec: - mountPath: /home/ray/workspace/tls name: server-cert readOnly: true - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt - - mountPath: /etc/pki/tls/certs + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt - - mountPath: /etc/ssl/certs + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt name: odh-ca-cert subPath: odh-ca-bundle.crt imagePullSecrets: From 00f6b5950fbdd0556de50e77c87f5b328afeb60a Mon Sep 17 00:00:00 2001 From: Kevin Date: Tue, 20 Feb 2024 11:40:50 -0500 Subject: [PATCH 4/5] fix remove by name function to not be in place Signed-off-by: Kevin --- .../templates/base-template.yaml | 4 +-- src/codeflare_sdk/utils/generate_yaml.py | 26 +++++++++++-------- tests/test-case-no-mcad.yamls | 10 ------- tests/test-case-prio.yaml | 10 ------- tests/test-case.yaml | 10 ------- tests/unit_test.py | 3 --- 6 files changed, 17 insertions(+), 46 deletions(-) diff --git a/src/codeflare_sdk/templates/base-template.yaml b/src/codeflare_sdk/templates/base-template.yaml index 1cb65d5a..d2c6074f 100644 --- a/src/codeflare_sdk/templates/base-template.yaml +++ b/src/codeflare_sdk/templates/base-template.yaml @@ -198,7 +198,7 @@ spec: name: odh-trusted-ca-bundle items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt optional: true - name: odh-ca-cert configMap: @@ -327,7 +327,7 @@ spec: name: odh-trusted-ca-bundle items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt optional: true - name: odh-ca-cert configMap: diff --git a/src/codeflare_sdk/utils/generate_yaml.py b/src/codeflare_sdk/utils/generate_yaml.py index 1a1212eb..49380523 100755 --- a/src/codeflare_sdk/utils/generate_yaml.py +++ b/src/codeflare_sdk/utils/generate_yaml.py @@ -467,34 +467,38 @@ def enable_local_interactive(resources, cluster_name, namespace, ingress_domain) ][0].get("command")[2] = command -def del_from_list_by_name(l: list, target: typing.List[str]): - for item in l: - if item["name"] in ["ca-vol", "server-cert"]: - l.remove(item) +def del_from_list_by_name(l: list, target: typing.List[str]) -> list: + return [x for x in l if x["name"] not in target] def disable_raycluster_tls(resources): generic_template_spec = resources["GenericItems"][0]["generictemplate"]["spec"] - del_from_list_by_name( - generic_template_spec["headGroupSpec"]["template"]["spec"].get("volumes", []), + headGroupTemplateSpec = generic_template_spec["headGroupSpec"]["template"]["spec"] + headGroupTemplateSpec["volumes"] = del_from_list_by_name( + headGroupTemplateSpec.get("volumes", []), ["ca-vol", "server-cert"], ) c: dict for c in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"]: - del_from_list_by_name(c.get("volumeMounts", []), ["ca-vol", "server-cert"]) + c["volumeMounts"] = del_from_list_by_name( + c.get("volumeMounts", []), ["ca-vol", "server-cert"] + ) if "initContainers" in generic_template_spec["headGroupSpec"]["template"]["spec"]: del generic_template_spec["headGroupSpec"]["template"]["spec"]["initContainers"] - for workerGroup in generic_template_spec.get("workerGroupSpecs"): - del_from_list_by_name( - workerGroup["template"]["spec"].get("volumes", []), + for workerGroup in generic_template_spec.get("workerGroupSpecs", []): + workerGroupSpec = workerGroup["template"]["spec"] + workerGroupSpec["volumes"] = del_from_list_by_name( + workerGroupSpec.get("volumes", []), ["ca-vol", "server-cert"], ) for c in workerGroup["template"]["spec"].get("containers", []): - del_from_list_by_name(c.get("volumeMounts", []), ["ca-vol", "server-cert"]) + c["volumeMounts"] = del_from_list_by_name( + c.get("volumeMounts", []), ["ca-vol", "server-cert"] + ) del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][ "initContainers" diff --git a/tests/test-case-no-mcad.yamls b/tests/test-case-no-mcad.yamls index d17e979a..dd05c8db 100644 --- a/tests/test-case-no-mcad.yamls +++ b/tests/test-case-no-mcad.yamls @@ -78,9 +78,6 @@ spec: memory: 8G nvidia.com/gpu: 0 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -96,8 +93,6 @@ spec: imagePullSecrets: - name: unit-test-pull-secret volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt @@ -170,9 +165,6 @@ spec: memory: 5G nvidia.com/gpu: 7 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -188,8 +180,6 @@ spec: imagePullSecrets: - name: unit-test-pull-secret volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt diff --git a/tests/test-case-prio.yaml b/tests/test-case-prio.yaml index 1eb8ad48..dc8eb2a7 100644 --- a/tests/test-case-prio.yaml +++ b/tests/test-case-prio.yaml @@ -108,9 +108,6 @@ spec: memory: 8G nvidia.com/gpu: 0 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -127,8 +124,6 @@ spec: - name: unit-test-pull-secret priorityClassName: default volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt @@ -201,9 +196,6 @@ spec: memory: 5G nvidia.com/gpu: 7 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -220,8 +212,6 @@ spec: - name: unit-test-pull-secret priorityClassName: default volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt diff --git a/tests/test-case.yaml b/tests/test-case.yaml index 563ebf90..c88c04ab 100644 --- a/tests/test-case.yaml +++ b/tests/test-case.yaml @@ -107,9 +107,6 @@ spec: memory: 8G nvidia.com/gpu: 0 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -125,8 +122,6 @@ spec: imagePullSecrets: - name: unit-test-pull-secret volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt @@ -199,9 +194,6 @@ spec: memory: 5G nvidia.com/gpu: 7 volumeMounts: - - mountPath: /home/ray/workspace/tls - name: server-cert - readOnly: true - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt name: odh-trusted-ca-cert subPath: odh-trusted-ca-bundle.crt @@ -217,8 +209,6 @@ spec: imagePullSecrets: - name: unit-test-pull-secret volumes: - - emptyDir: {} - name: server-cert - configMap: items: - key: ca-bundle.crt diff --git a/tests/unit_test.py b/tests/unit_test.py index dd9fad63..d3ef11e1 100644 --- a/tests/unit_test.py +++ b/tests/unit_test.py @@ -2756,9 +2756,6 @@ def test_enable_local_interactive(mocker): head_group_spec["template"]["spec"]["initContainers"][0]["volumeMounts"] == volume_mounts ) - print(head_group_spec["template"]["spec"]["volumes"]) - print("----------------") - print(volumes) assert head_group_spec["template"]["spec"]["volumes"] == volumes # 2. workerGroupSpec has the initContainers command to generated TLS cert from the mounted CA cert. From 457bfb264c6545039079dfcda03e0e05f286d4e6 Mon Sep 17 00:00:00 2001 From: Bobbins228 Date: Thu, 22 Feb 2024 11:18:34 +0000 Subject: [PATCH 5/5] Fixed unit tests --- tests/test-case-no-mcad.yamls | 4 ++-- tests/test-case-prio.yaml | 4 ++-- tests/test-case.yaml | 4 ++-- tests/unit_test.py | 4 +++- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/tests/test-case-no-mcad.yamls b/tests/test-case-no-mcad.yamls index dd05c8db..299ff9a8 100644 --- a/tests/test-case-no-mcad.yamls +++ b/tests/test-case-no-mcad.yamls @@ -96,7 +96,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert @@ -183,7 +183,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert diff --git a/tests/test-case-prio.yaml b/tests/test-case-prio.yaml index dc8eb2a7..1e72c442 100644 --- a/tests/test-case-prio.yaml +++ b/tests/test-case-prio.yaml @@ -127,7 +127,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert @@ -215,7 +215,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert diff --git a/tests/test-case.yaml b/tests/test-case.yaml index c88c04ab..76285209 100644 --- a/tests/test-case.yaml +++ b/tests/test-case.yaml @@ -125,7 +125,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert @@ -212,7 +212,7 @@ spec: - configMap: items: - key: ca-bundle.crt - path: odh-custom-ca-bundle.crt + path: odh-trusted-ca-bundle.crt name: odh-trusted-ca-bundle optional: true name: odh-trusted-ca-cert diff --git a/tests/unit_test.py b/tests/unit_test.py index d3ef11e1..3fde4960 100644 --- a/tests/unit_test.py +++ b/tests/unit_test.py @@ -2717,7 +2717,9 @@ def test_enable_local_interactive(mocker): "name": "odh-trusted-ca-cert", "configMap": { "name": "odh-trusted-ca-bundle", - "items": [{"key": "ca-bundle.crt", "path": "odh-custom-ca-bundle.crt"}], + "items": [ + {"key": "ca-bundle.crt", "path": "odh-trusted-ca-bundle.crt"} + ], "optional": True, }, },