Skip to content

Mount ODH custom CA ConfigMap to default template #465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Feb 22, 2024
Merged

Mount ODH custom CA ConfigMap to default template #465

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f3fdc8d
odh configmap configuration to default template
KPostOffice Feb 19, 2024
45b8cbb
Altered tests so they pass
Bobbins228 Feb 20, 2024
2b748ad
Specificed mount paths and fixed unit tests
Bobbins228 Feb 20, 2024
00f6b59
fix remove by name function to not be in place
KPostOffice Feb 20, 2024
457bfb2
Fixed unit tests
Bobbins228 Feb 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions src/codeflare_sdk/templates/base-template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,18 @@ spec:
- name: server-cert
mountPath: "/home/ray/workspace/tls"
readOnly: true
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
initContainers:
- command:
- sh
Expand All @@ -181,6 +193,20 @@ spec:
optional: false
- name: server-cert
emptyDir: {}
- name: odh-trusted-ca-cert
configMap:
name: odh-trusted-ca-bundle
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
optional: true
- name: odh-ca-cert
configMap:
name: odh-trusted-ca-bundle
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
optional: true
workerGroupSpecs:
# the pod replicas in this group typed worker
- replicas: 3
Expand Down Expand Up @@ -277,13 +303,39 @@ spec:
- name: server-cert
mountPath: "/home/ray/workspace/tls"
readOnly: true
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
volumes:
- name: ca-vol
secret:
secretName: ca-secret-deployment-name
optional: false
- name: server-cert
emptyDir: {}
- name: odh-trusted-ca-cert
configMap:
name: odh-trusted-ca-bundle
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
optional: true
- name: odh-ca-cert
configMap:
name: odh-trusted-ca-bundle
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
optional: true
- replicas: 1
generictemplate:
apiVersion: networking.k8s.io/v1
Expand Down
46 changes: 25 additions & 21 deletions src/codeflare_sdk/utils/generate_yaml.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
(in the cluster sub-module) for AppWrapper generation.
"""

import typing
import yaml
import sys
import os
Expand Down Expand Up @@ -466,35 +467,38 @@ def enable_local_interactive(resources, cluster_name, namespace, ingress_domain)
][0].get("command")[2] = command


def del_from_list_by_name(l: list, target: typing.List[str]) -> list:
return [x for x in l if x["name"] not in target]


def disable_raycluster_tls(resources):
generic_template_spec = resources["GenericItems"][0]["generictemplate"]["spec"]

if "volumes" in generic_template_spec["headGroupSpec"]["template"]["spec"]:
del generic_template_spec["headGroupSpec"]["template"]["spec"]["volumes"]
headGroupTemplateSpec = generic_template_spec["headGroupSpec"]["template"]["spec"]
headGroupTemplateSpec["volumes"] = del_from_list_by_name(
headGroupTemplateSpec.get("volumes", []),
["ca-vol", "server-cert"],
)

if (
"volumeMounts"
in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"][0]
):
del generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"][0][
"volumeMounts"
]
c: dict
for c in generic_template_spec["headGroupSpec"]["template"]["spec"]["containers"]:
c["volumeMounts"] = del_from_list_by_name(
c.get("volumeMounts", []), ["ca-vol", "server-cert"]
)

if "initContainers" in generic_template_spec["headGroupSpec"]["template"]["spec"]:
del generic_template_spec["headGroupSpec"]["template"]["spec"]["initContainers"]

if "volumes" in generic_template_spec["workerGroupSpecs"][0]["template"]["spec"]:
del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"]["volumes"]

if (
"volumeMounts"
in generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][
"containers"
][0]
):
del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][
"containers"
][0]["volumeMounts"]
for workerGroup in generic_template_spec.get("workerGroupSpecs", []):
workerGroupSpec = workerGroup["template"]["spec"]
workerGroupSpec["volumes"] = del_from_list_by_name(
workerGroupSpec.get("volumes", []),
["ca-vol", "server-cert"],
)
for c in workerGroup["template"]["spec"].get("containers", []):
c["volumeMounts"] = del_from_list_by_name(
c.get("volumeMounts", []), ["ca-vol", "server-cert"]
)

del generic_template_spec["workerGroupSpecs"][0]["template"]["spec"][
"initContainers"
Expand Down
56 changes: 56 additions & 0 deletions tests/test-case-no-mcad.yamls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,36 @@ spec:
cpu: 2
memory: 8G
nvidia.com/gpu: 0
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
rayVersion: 2.7.0
workerGroupSpecs:
- groupName: small-group-unit-test-cluster-ray
Expand Down Expand Up @@ -136,8 +164,36 @@ spec:
cpu: 3
memory: 5G
nvidia.com/gpu: 7
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
---
apiVersion: networking.k8s.io/v1
kind: Ingress
Expand Down
56 changes: 56 additions & 0 deletions tests/test-case-prio.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,9 +107,37 @@ spec:
cpu: 2
memory: 8G
nvidia.com/gpu: 0
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
priorityClassName: default
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
rayVersion: 2.7.0
workerGroupSpecs:
- groupName: small-group-prio-test-cluster
Expand Down Expand Up @@ -167,9 +195,37 @@ spec:
cpu: 3
memory: 5G
nvidia.com/gpu: 7
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
priorityClassName: default
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
replicas: 1
- generictemplate:
apiVersion: networking.k8s.io/v1
Expand Down
56 changes: 56 additions & 0 deletions tests/test-case.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,36 @@ spec:
cpu: 2
memory: 8G
nvidia.com/gpu: 0
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
rayVersion: 2.7.0
workerGroupSpecs:
- groupName: small-group-unit-test-cluster
Expand Down Expand Up @@ -165,8 +193,36 @@ spec:
cpu: 3
memory: 5G
nvidia.com/gpu: 7
volumeMounts:
- mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt
name: odh-trusted-ca-cert
subPath: odh-trusted-ca-bundle.crt
- mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
- mountPath: /etc/ssl/certs/odh-ca-bundle.crt
name: odh-ca-cert
subPath: odh-ca-bundle.crt
imagePullSecrets:
- name: unit-test-pull-secret
volumes:
- configMap:
items:
- key: ca-bundle.crt
path: odh-trusted-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-trusted-ca-cert
- configMap:
items:
- key: odh-ca-bundle.crt
path: odh-ca-bundle.crt
name: odh-trusted-ca-bundle
optional: true
name: odh-ca-cert
replicas: 1
- generictemplate:
apiVersion: networking.k8s.io/v1
Expand Down
Loading