only use the default-dsci applicationsNamespace in openshift #676
Conversation
the codeflare operator checks for kuberay namespaces to apply network policies so it uses opendatahub DSCInitialization CRD which isn't available on vanilla k8s clusters so added a condition to check for DSCInitialization only when running on openshift This fixes the gatejobs running the codeflare-sdk repo as the e2e test jobs are failing because DSCInitialization isn't available on kind cluster that is being used for testing.
szaher
changed the title
| return ctrl.Result{}, err | ||
| } else { | ||
| kubeRayNamespaces = []string{dsci.Spec.ApplicationsNamespace} | ||
| kubeRayNamespaces = []string{"opendatahub", "redhat-ods-applications"} |
There was a problem hiding this comment.
@szaher We're still passing these namespaces (which I assume are openshift specific) to the network policy creation below. I may be wrong but on a native k8s installation, kuberay won't be installed in either of those namespaces. The OpenShift specific kustomization.yaml points to opendatahub by default but the deployments namespace by default I think is just ray-system. So wouldn't this still set up those network policies to point to ODH/RHOAI namespaces?
There was a problem hiding this comment.
Thanks @kryanbeane, I think the kuberay operator namespace is added via https://github.com/project-codeflare/codeflare-operator/blob/main/pkg/controllers/raycluster_controller.go#L553
|
@kryanbeane: changing LGTM is restricted to collaborators In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
| kubeRayNamespaces = []string{"opendatahub", "redhat-ods-applications"} | ||
|
|
||
| if r.IsOpenShift { | ||
| dsci := &dsciv1.DSCInitialization{} | ||
| err := r.Client.Get(ctx, client.ObjectKey{Name: "default-dsci"}, dsci) | ||
| if err != nil { | ||
| return ctrl.Result{}, err | ||
| } else { | ||
| kubeRayNamespaces = []string{dsci.Spec.ApplicationsNamespace} | ||
| } |
There was a problem hiding this comment.
| kubeRayNamespaces = []string{"opendatahub", "redhat-ods-applications"} | |
| if r.IsOpenShift { | |
| dsci := &dsciv1.DSCInitialization{} | |
| err := r.Client.Get(ctx, client.ObjectKey{Name: "default-dsci"}, dsci) | |
| if err != nil { | |
| return ctrl.Result{}, err | |
| } else { | |
| kubeRayNamespaces = []string{dsci.Spec.ApplicationsNamespace} | |
| } | |
| var kubeRayNamespaces []string | |
| if r.IsOpenShift { | |
| dsci := &dsciv1.DSCInitialization{} | |
| if err := r.Client.Get(ctx, client.ObjectKey{Name: "default-dsci"}, dsci); err != nil { | |
| return ctrl.Result{}, err | |
| } | |
| kubeRayNamespaces = []string{dsci.Spec.ApplicationsNamespace} | |
| } else { | |
| kubeRayNamespaces = []string{"opendatahub", "redhat-ods-applications"} |
There was a problem hiding this comment.
Thanks @eoinfennessy actually there is a missing condition that needs to be handled. if the dsci is not found error we use the fall back namespaces if it's available we use it.
otherwise if it's not openshift, I will use the cluster namespace
Signed-off-by: Saad Zaher <[email protected]>
| err := r.Client.Get(ctx, client.ObjectKey{Name: "default-dsci"}, dsci) | ||
| if err != nil { | ||
| if errors.IsNotFound(err) { | ||
| kubeRayNamespaces = []string{"opendatahub", "redhat-ods-applications"} |
There was a problem hiding this comment.
This variable always gets changed on line 285, so kubeRayNamespaces will never be set to []string{"opendatahub", "redhat-ods-applications"}.
There was a problem hiding this comment.
good catch, you're right 👍 I'll fix it now
Signed-off-by: Saad Zaher <[email protected]>
| return ctrl.Result{}, err | ||
| } else { | ||
| kubeRayNamespaces = []string{dsci.Spec.ApplicationsNamespace} | ||
| kubeRayNamespaces = []string{cluster.Namespace} |
There was a problem hiding this comment.
Why is RayCluster namespace used here for KubeRay namespace?
There was a problem hiding this comment.
@sutaakar This ns would only be used in a non-OpenShift cluster in which I believe we we would be using ray-system for both, correct me if I'm wrong Saad. If it is OpenShift, the ODH and ODS-App.. namespaces get added to this
There was a problem hiding this comment.
This code implicates that KubeRay operator and RayCluster CR are installed in the same namespace for Kubernetes.
Which IMHO is not correct.
There was a problem hiding this comment.
From my perspective we can provide some specific default value (i.e. ray-system) which would be configurable using KubeRayConfiguration so admin can provide own value for custom installation.
There was a problem hiding this comment.
@sutaakar are you suggesting that we add a new config item to the KubeRayConfiguration to allow users to use their own namespace for ray operator if not default one or is it already available?
checked here https://github.com/project-codeflare/codeflare-operator/blob/main/pkg/config/config.go#L47 has no namespace in the config
There was a problem hiding this comment.
@sutaakar would it make sense to work on this config item later as feature not a bug fix?
There was a problem hiding this comment.
fine for me to adjust it later
Signed-off-by: Saad Zaher <[email protected]>
Signed-off-by: Saad Zaher <[email protected]>
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chipspeak, kryanbeane, sutaakar The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit 9d1836d
into
project-codeflare:main
the codeflare operator checks for kuberay namespaces to apply network policies so it uses opendatahub DSCInitialization CRD which isn't available on vanilla k8s clusters so added a condition to check for DSCInitialization only when running on openshift
This fixes the gatejobs running the codeflare-sdk repo as the e2e test jobs are failing because DSCInitialization isn't available on kind cluster that is being used for testing.
Issue link
What changes have been made
Verification steps
Checks