diff --git a/charts/cnvrg-all-in-one/templates/operator.yml b/charts/cnvrg-all-in-one/templates/operator.yml index 1e286ddf..be8d3db2 100644 --- a/charts/cnvrg-all-in-one/templates/operator.yml +++ b/charts/cnvrg-all-in-one/templates/operator.yml @@ -10,156 +10,169 @@ kind: ClusterRole metadata: name: cnvrg-operator-role rules: -- apiGroups: - - "" - - admissionregistration.k8s.io - - apiextensions.k8s.io - - apps - - extensions - - authentication.k8s.io - - authorization.k8s.io - - authorization.openshift.io - - autoscaling - - batch - - config.openshift.io - - events.k8s.io - - mlops.cnvrg.io - - policy - - rbac.authorization.k8s.io - - route.openshift.io - - security.openshift.io - - storage.k8s.io - - scheduling.k8s.io - - networking.k8s.io - - istio.io - - config.istio.io - - networking.istio.io - - rbac.istio.io - - authentication.istio.io - - metrics.k8s.io - - install.istio.io - resources: - - bindings - - cnvrgapps - - cnvrgapps/status - - cnvrgapps/finalizers - - cnvrgthirdparties - - cnvrgthirdparties/status - - cnvrgthirdparties/finalizers - - configmaps - - cronjobs - - cronjobs/status - - customresourcedefinitions - - customresourcedefinitions/status - - daemonsets - - daemonsets/status - - deployments - - deployments/rollback - - deployments/scale - - deployments/status - - endpoints - - endpointslices - - events - - groups - - horizontalpodautoscalers - - horizontalpodautoscalers/status - - ingresses - - ingresses/status - - jobs - - jobs/status - - leases - - limitranges - - persistentvolumeclaims - - persistentvolumeclaims/status - - persistentvolumes - - persistentvolumes/status - - poddisruptionbudgets - - poddisruptionbudgets/status - - pods - - pods/attach - - pods/binding - - pods/ephemeralcontainers - - pods/eviction - - pods/exec - - pods/log - - pods/portforward - - pods/proxy - - pods/status - - priorityclasses - - replicasets - - replicasets/scale - - replicasets/status - - replicationcontrollers - - replicationcontrollers/scale - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - - rolebindingrestrictions - - rolebindings - - roles - - routes - - routes/status - - routes/custom-host - - schedulers - - schedulers/status - - secrets - - securitycontextconstraints - - serviceaccounts - - serviceaccounts/token - - services - - services/proxy - - services/status - - statefulsets - - statefulsets/scale - - statefulsets/status - - storages - - storages/status - - clusterrolebindings - - clusterroles - - storageclasses - - controllerrevisions - - nodes - - istiooperators - - virtualservices - verbs: - - get - - list - - watch - - create - - update - - use - - delete - - deletecollection - - impersonate - - patch -- apiGroups: - - istio.io - - config.istio.io - - networking.istio.io - - rbac.istio.io - - authentication.istio.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - kubeflow.org - resources: - - "*" - verbs: - - "*" -- apiGroups: - - mlops.cnvrg.io - resources: - - cnvrgclusterprovisioners - verbs: - - "*" -- apiGroups: - - metacloud.cnvrg.io - resources: - - domainpools - verbs: - - delete + - apiGroups: + - "" + - admissionregistration.k8s.io + - apiextensions.k8s.io + - apps + - extensions + - authentication.k8s.io + - authorization.k8s.io + - authorization.openshift.io + - autoscaling + - batch + - config.openshift.io + - events.k8s.io + - mlops.cnvrg.io + - policy + - rbac.authorization.k8s.io + - route.openshift.io + - security.openshift.io + - storage.k8s.io + - scheduling.k8s.io + - networking.k8s.io + - istio.io + - config.istio.io + - networking.istio.io + - rbac.istio.io + - authentication.istio.io + - metrics.k8s.io + - install.istio.io + resources: + - bindings + - cnvrgapps + - cnvrgapps/status + - cnvrgapps/finalizers + - cnvrgthirdparties + - cnvrgthirdparties/status + - cnvrgthirdparties/finalizers + - configmaps + - cronjobs + - cronjobs/status + - customresourcedefinitions + - customresourcedefinitions/status + - daemonsets + - daemonsets/status + - deployments + - deployments/rollback + - deployments/scale + - deployments/status + - endpoints + - endpointslices + - events + - groups + - horizontalpodautoscalers + - horizontalpodautoscalers/status + - ingresses + - ingresses/status + - jobs + - jobs/status + - leases + - limitranges + - persistentvolumeclaims + - persistentvolumeclaims/status + - persistentvolumes + - persistentvolumes/status + - poddisruptionbudgets + - poddisruptionbudgets/status + - pods + - pods/attach + - pods/binding + - pods/ephemeralcontainers + - pods/eviction + - pods/exec + - pods/log + - pods/portforward + - pods/proxy + - pods/status + - priorityclasses + - replicasets + - replicasets/scale + - replicasets/status + - replicationcontrollers + - replicationcontrollers/scale + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status + - rolebindingrestrictions + - rolebindings + - roles + - routes + - routes/status + - routes/custom-host + - schedulers + - schedulers/status + - secrets + - securitycontextconstraints + - serviceaccounts + - serviceaccounts/token + - services + - services/proxy + - services/status + - statefulsets + - statefulsets/scale + - statefulsets/status + - storages + - storages/status + - clusterrolebindings + - clusterroles + - storageclasses + - controllerrevisions + - nodes + - istiooperators + - virtualservices + verbs: + - get + - list + - watch + - create + - update + - use + - delete + - deletecollection + - impersonate + - patch + - apiGroups: + - istio.io + - config.istio.io + - networking.istio.io + - rbac.istio.io + - authentication.istio.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - kubeflow.org + resources: + - "*" + verbs: + - "*" + - apiGroups: + - mlops.cnvrg.io + resources: + - cnvrgclusterprovisioners + verbs: + - "*" + - apiGroups: + - metacloud.cnvrg.io + resources: + - domainpools + verbs: + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - create + - delete + - apiGroups: + - metacloud.cnvrg.io + resources: + - domains + verbs: + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -210,10 +223,10 @@ spec: /opt/app-root/copctl \ create \ status \ - --name={{ .Release.Name }} - --namespace={{ .Release.Namespace }} + --name={{ .Release.Name }} \ + --namespace={{ .Release.Namespace }} \ --interval=5 - image: "docker.io/cnvrg/copctl:latest" + image: "cnvrg/cnvrg-operator:mlops-demo" imagePullPolicy: Always name: service-instance-status-reporter resources: @@ -228,7 +241,7 @@ spec: - start - --max-concurrent-reconciles - "3" - image: "docker.io/cnvrg/cnvrg-operator:5.0.0" + image: "docker.io/cnvrg/cnvrg-operator:mlops-demo" imagePullPolicy: Always name: cnvrg-operator resources: @@ -239,4 +252,17 @@ spec: cpu: 500m memory: 200Mi serviceAccountName: cnvrg-operator - terminationGracePeriodSeconds: 10 \ No newline at end of file + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: Service +metadata: + name: cnvrg-operator-admission + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8080 + selector: + control-plane: cnvrg-operator \ No newline at end of file diff --git a/charts/cnvrg-all-in-one/values.yaml b/charts/cnvrg-all-in-one/values.yaml index 7fce3d18..07ad68d2 100644 --- a/charts/cnvrg-all-in-one/values.yaml +++ b/charts/cnvrg-all-in-one/values.yaml @@ -5,13 +5,13 @@ domainpool: annotations: "helm.sh/hook": "pre-install" copadmission: - enabled: true + enabled: false admissionHook: annotations: "helm.sh/hook": "pre-install" "helm.sh/hook-weight": "-5" startupJob: - enabled: true + enabled: false annotations: "helm.sh/hook": "pre-install" "helm.sh/hook-weight": "0" diff --git a/controllers/app/utils.go b/controllers/app/utils.go index 925f0880..6875f34c 100644 --- a/controllers/app/utils.go +++ b/controllers/app/utils.go @@ -5,6 +5,7 @@ import ( "fmt" mlopsv1 "github.com/AccessibleAI/cnvrg-operator/api/v1" "github.com/AccessibleAI/cnvrg-operator/controllers" + "github.com/AccessibleAI/cnvrg-operator/pkg/admission" "github.com/AccessibleAI/cnvrg-operator/pkg/app/networking" "github.com/AccessibleAI/cnvrg-operator/pkg/desired" "github.com/go-logr/logr" @@ -166,5 +167,16 @@ func CalculateAndApplyAppDefaults(app *mlopsv1.CnvrgApp, defaultSpec *mlopsv1.Cn } } + if app.Spec.ClusterDomain == "" { + + domainDiscovery := admission.NewAICloudDomainHandler() + clusterDomain, err := domainDiscovery.DiscoverClusterDomain(app) + if err != nil { + return err + } + app.Spec.ClusterDomain = clusterDomain + + } + return nil } diff --git a/pkg/admission/domain.go b/pkg/admission/domain.go index 4de3e8ad..a52ab437 100644 --- a/pkg/admission/domain.go +++ b/pkg/admission/domain.go @@ -51,7 +51,7 @@ func (h *AICloudDomainHandler) Handler(w http.ResponseWriter, r *http.Request) { return } - clusterDomain, err := h.discoverClusterDomain(cnvrgApp) + clusterDomain, err := h.DiscoverClusterDomain(cnvrgApp) if err != nil { endWithError(err, w) return @@ -142,7 +142,7 @@ func (h *AICloudDomainHandler) cnvrgAppDecode(b []byte) (*mlopsv1.CnvrgApp, erro return cnvrgApp, nil } -func (h *AICloudDomainHandler) discoverClusterDomain(cap *mlopsv1.CnvrgApp) (clusterDomain string, err error) { +func (h *AICloudDomainHandler) DiscoverClusterDomain(cap *mlopsv1.CnvrgApp) (clusterDomain string, err error) { // do nothing if cluster domain already set if cap.Spec.ClusterDomain != "" {