wip on admission

AccessibleAI · Dec 11, 2023 · cdab88e · cdab88e
1 parent 5eeb8c2
commit cdab88e
Show file tree

Hide file tree

Showing 20 changed files with 375 additions and 252 deletions.
diff --git a/Makefile b/Makefile
@@ -22,6 +22,8 @@ test: generate fmt vet manifests
 	rm -f ./controllers/test-report.html ./controllers/junit.xml
 	CNVRG_OPERATOR_MAX_CONCURRENT_RECONCILES=1 go test ./controllers/ -v -timeout 40m
 
+docker:
+	docker buildx build --platform=linux/amd64 --load -t test .
 test-report:
 	docker run -v $$(pwd)/controllers:/tmp cnvrg/xunit-viewer xunit-viewer -r /tmp/junit.xml -o /tmp/test-report.html
 

diff --git a/charts/cnvrg-all-in-one/Chart.lock b/charts/cnvrg-all-in-one/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: domainpool
+  repository: https://catalog.stg.intelcloud.cnvrg.io/stage
+  version: 0.1.1
+digest: sha256:ea1793042e1ae78dda8970a565225d3fd8b8dec84714a70f150f589a58f9e08a
+generated: "2023-12-06T11:51:02.366403+02:00"
diff --git a/charts/cnvrg-all-in-one/Chart.yaml b/charts/cnvrg-all-in-one/Chart.yaml
@@ -4,3 +4,7 @@ description: A cnvrg.io AI:OS chart for K8s
 name: cnvrg-all-in-one
 type: application
 version: 5.0.0
+dependencies:
+  - name: domainpool
+    version: 0.1.1
+    repository: https://catalog.stg.intelcloud.cnvrg.io/stage
diff --git a/charts/cnvrg-all-in-one/charts/domainpool-0.1.1.tgz b/charts/cnvrg-all-in-one/charts/domainpool-0.1.1.tgz
diff --git a/charts/cnvrg-all-in-one/templates/operator.yml b/charts/cnvrg-all-in-one/templates/operator.yml
@@ -212,5 +212,20 @@ spec:
             requests:
               cpu: 500m
               memory: 200Mi
+        - command:
+            - /opt/app-root/cnvrg-operator
+            - start
+            - --max-concurrent-reconciles
+            - "3"
+          image: "docker.io/cnvrg/cnvrg-operator:5.0.0"
+          imagePullPolicy: Always
+          name: cnvrg-operator
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 1000Mi
+            requests:
+              cpu: 500m
+              memory: 200Mi
       serviceAccountName: cnvrg-operator
-      terminationGracePeriodSeconds: 10
+      terminationGracePeriodSeconds: 10¡
diff --git a/charts/cnvrg-all-in-one/values.yaml b/charts/cnvrg-all-in-one/values.yaml
@@ -1,3 +1,6 @@
+domainpool:
+  clusterGatewayRef: cluster-gateway
+  baseDomain: stg.intelcloud.cnvrg.io
 clusterDomain: ''
 clusterInternalDomain: cluster.local
 imageHub: docker.io/cnvrg

diff --git a/cmd/copctl/cmd/admission.go b/cmd/copctl/cmd/admission.go
@@ -0,0 +1,61 @@
+package cmd
+
+import (
+	"crypto/tls"
+	"fmt"
+	"github.com/AccessibleAI/cnvrg-operator/pkg/admission"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"net/http"
+)
+
+type PlatformType string
+
+const (
+	CAGPPlatform PlatformType = "cagp"
+)
+
+func init() {
+	admissionCtrlCmd.PersistentFlags().StringP("platform", "", "cagp",
+		fmt.Sprintf("one of: %s|", CAGPPlatform))
+	admissionCtrlCmd.PersistentFlags().StringP("domain-pool", "", "zerossl", "domain pool to use when deploying on CAGP")
+	admissionCtrlCmd.PersistentFlags().StringP("domain-claim", "", "cnvrg-domain-claim", "domain claim to create")
+	admissionCtrlCmd.PersistentFlags().StringP("gateway-name", "", "cnvrg-gateway", "gateway to create")
+	admissionCtrlCmd.PersistentFlags().StringP("namespace", "", "cnvrg", "namespace")
+	admissionCtrlCmd.PersistentFlags().StringP("reg-user", "", "reg-user", "registry user")
+	admissionCtrlCmd.PersistentFlags().StringP("reg-password", "", "reg-password", "registry password")
+
+	viper.BindPFlag("platform", admissionCtrlCmd.PersistentFlags().Lookup("platform"))
+	viper.BindPFlag("domain-pool", admissionCtrlCmd.PersistentFlags().Lookup("domain-pool"))
+	viper.BindPFlag("domain-claim", admissionCtrlCmd.PersistentFlags().Lookup("domain-claim"))
+	viper.BindPFlag("namespace", admissionCtrlCmd.PersistentFlags().Lookup("namespace"))
+	viper.BindPFlag("reg-user", admissionCtrlCmd.PersistentFlags().Lookup("reg-user"))
+	viper.BindPFlag("reg-password", admissionCtrlCmd.PersistentFlags().Lookup("reg-password"))
+
+	rootCmd.AddCommand(admissionCtrlCmd)
+}
+
+var admissionCtrlCmd = &cobra.Command{
+	Use:   "admission",
+	Short: "start cnvrg's operator K8s dynamic admission controller",
+	Run: func(cmd *cobra.Command, args []string) {
+		cert := viper.GetString("http.crt")
+		key := viper.GetString("http.key")
+		pair, err := tls.LoadX509KeyPair(cert, key)
+		if err != nil {
+			zap.S().Error("Failed to load key pair: %v", err)
+		}
+
+		// Handler for CnvrgCap clusterDomain deployed on AI Cloud
+		http.HandleFunc("/cap/clusterdomain/mutate", admission.MutateCnvrtAppClusterDomainHandler)
+
+		// Create HTTPS server configuration
+		s := &http.Server{
+			Addr:      "0.0.0.0:8080",
+			TLSConfig: &tls.Config{Certificates: []tls.Certificate{pair}},
+		}
+
+		zap.S().Fatal(s.ListenAndServeTLS("", ""))
+	},
+}
diff --git a/cmd/copctl/cmd/install.go b/cmd/copctl/cmd/install.go
diff --git a/controllers/app/utils.go b/controllers/app/utils.go
@@ -21,6 +21,10 @@ import (
 
 var log logr.Logger
 
+func discoverAICloudHost(clientset client.Client) () {
+
+}
+
 func discoverOcpDefaultRouteHost(clientset client.Client) (ocpDefaultRouteHost string, err error) {
 	routeCfg := &unstructured.Unstructured{}
 	routeCfg.SetGroupVersionKind(desired.Kinds["OcpIngressCfgGVK"])
@@ -97,6 +101,11 @@ func CalculateAndApplyAppDefaults(app *mlopsv1.CnvrgApp, defaultSpec *mlopsv1.Cn
 		}
 	}
 
+	if app.Spec.Networking.Ingress.Type == mlopsv1.AICloudIngress {
+
+	}
+
+	// discover defaults for OpenShift Route Ingress
 	if app.Spec.Networking.Ingress.Type == mlopsv1.OpenShiftIngress {
 		if app.Spec.ClusterDomain == "" && clientset != nil {
 			clusterDomain, err := discoverOcpDefaultRouteHost(clientset)
@@ -123,6 +132,7 @@ func CalculateAndApplyAppDefaults(app *mlopsv1.CnvrgApp, defaultSpec *mlopsv1.Cn
 		}
 	}
 
+	// configure defaults for SSO
 	if app.Spec.SSO.Enabled {
 		scheme := "http"
 		if app.Spec.Networking.HTTPS.Enabled {