-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs #326
base: main
Are you sure you want to change the base?
Conversation
Hi @shalberd. Thanks for your PR. I'm waiting for a opendatahub-io member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
@@ -221,6 +224,29 @@ func InjectOAuthProxy(notebook *nbv1.Notebook, oauth OAuthConfig) error { | |||
return nil | |||
} | |||
|
|||
func (w *NotebookWebhook) ClusterWideProxyIsEnabled() bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func (w *NotebookWebhook) ClusterWideProxyIsEnabled() bool { | |
func (w *NotebookWebhook) ClusterWideProxyIsEnabled() (map[string]string, bool) { |
I think that proxyEnvVars
does not need to be a global variable, especially since every call to ClusterWideProxyIsEnabled
creates its content anew. Can you return the proxy env vars from the function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jiridanek very good point in general. There are certainly improvements possible, I am unsure whether now (adding back previous functionality) or later. I or you could create a new ticket for tracking with your suggestion and link it to issue #291
@@ -221,6 +224,29 @@ func InjectOAuthProxy(notebook *nbv1.Notebook, oauth OAuthConfig) error { | |||
return nil | |||
} | |||
|
|||
func (w *NotebookWebhook) ClusterWideProxyIsEnabled() bool { | |||
proxyResourceList := &configv1.ProxyList{} | |||
err := w.Client.List(context.TODO(), proxyResourceList) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's already some context available in
kubeflow/components/odh-notebook-controller/controllers/notebook_webhook.go
Lines 250 to 251 in 7401baf
// Handle transforms the Notebook objects. | |
func (w *NotebookWebhook) Handle(ctx context.Context, req admission.Request) admission.Response { |
why don't you pass it in as parameter and use that, instead of creating a TODO context?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also very good point, I am still learning about all the ins and outs / details of odh notebook controller and the possibilities in golang. For here, I was merely adding back @VaishnaviHire code from way back then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is adding back previously removed code. So it is IMO fair to ignore the possible "improvements" I suggested, or that others may come up with, and merge it as it is / as it was.
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jiridanek The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Agreed, for tracking, I created issue #344 |
Hi @shalberd could you rebase your PR when you get a chance please? There have been many changes since it was opened :) Current built image of this implementation is here: |
Hi @atheo89 I don't get the message that my forked branch is out of date compared to base branch, so I cannot rebase via GUI https://stackoverflow.com/questions/69839124/update-branch-with-rebase-instead-of-merge Also, changes since April upstream in v1.7 branch (your odh-io/kubeflow commits ahead shown here: shalberd/kubeflow@add_back_default_proxy_env_vars_from_openshift_central_proxy_config...opendatahub-io:kubeflow:v1.7-branch Is a rebase really necessary here? If yes, then yes, I'll rebase via command line and in a home network this evening. |
/retest |
…o notebook containers have HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars injected if central cluster proxy config exists
7401baf
to
83f0f33
Compare
@atheo89 ok, I see where you're coming from ... the whole pull request image build process and so on. https://quay.io/repository/opendatahub/odh-notebook-controller?tab=tags&tag=pr-326 Current built image by digest:
i.e. when used by kustomization.yaml, replace newTag line with
there are a couple of golang x/net vulnerabilities related to http2, but that is best done and looked at in a separately. Ah, I guess depend-a-bot already created a PR #324 |
Here's a tracking jira for it, https://issues.redhat.com/browse/RHOAIENG-8450 /lgtm |
@harshad16 ready to merge? This PR here is exclusively about proxy env var and value injection |
Hey @shalberd , i will get this prioritized for next week 👍 |
/cherrypick v1.9-branch |
@jiridanek: once the present PR merges, I will cherry-pick it on top of v1.9-branch in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/cherrypick stable |
@jiridanek: once the present PR merges, I will cherry-pick it on top of stable in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
/retitle RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs |
shall I change this PR to v1.9 branch? |
no, against the i don't have any news about the odh/rhoai version this will be scheduled for, still |
No problem, just wanted to prepare, given that you work with 2 branches now and cherry-picking. |
if proxy.Status.HTTPProxy != "" && proxy.Status.HTTPSProxy != "" && | ||
proxy.Status.NoProxy != "" { | ||
// Update Proxy Env variables map | ||
proxyEnvVars["HTTP_PROXY"] = proxy.Status.HTTPProxy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing these on a running notebook will restart the notebook. So if I create a notebook with previous version of controller, and then update to a controller that contains this patch, in a cluster with proxy it will inject the proxy variables and that will restart my running notebooks.
We need to postpone the env vars update to when the notebook is restarted by the user, to prevent unexpected restart.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, because there are running pods with notebook container in the podSpec that did not have proxy envs in it, and when anything in a pod spec changes, the container in the pod restarts.
@harshad16 @jiridanek
Is this a huge problem? I mean, where do you have long-running notebook pods? In RHOSDS, there is no central cluster proxy anyways, so the envs would not be set, and as far as I am aware, in the ODH community, nobody ever mentioned a concept of long-running, never to be stopped and restarted, notebook containers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to postpone the env vars update to when the notebook is restarted by the user, to prevent unexpected restart.
If that is really necessary, I would not know how to achieve this. In my view, it is overkill, but I realize you sometimes have differing requirements with environments with long running notebook containers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is rewuirement that was discussed someehat in the Notebooks 2.0 designs that @thesuperzapper is leading.
There, admin initiated change to workspace config should display a Restart required notification and the user then decides when to restart and accept the config update.
I never saw this requirement of avoiding pod restarts spelled out explicitly, though.
/fixes #291
notebook containers have HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars injected if central cluster proxy config exists
Description
During the last round of updates related to CA trust, code was removed that looks for an openshift central proxy config and adds the centrally configured values for HTTP_PROXY, HTTPS_PROXY, NO_PROXY
How Has This Been Tested?
not tested yet, I'd take the built image from quay.io and test whether the three variables appear in my notebooks / workbench containers.
Merge criteria: