Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs #326

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+88 −3
Open

RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs #326

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 88 additions & 3 deletions components/odh-notebook-controller/controllers/notebook_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"context"
"encoding/json"
"fmt"
configv1 "github.com/openshift/api/config/v1"
"net/http"
"sort"
"strings"
Expand Down Expand Up @@ -53,6 +54,8 @@ type NotebookWebhook struct {
Namespace string
}

var proxyEnvVars = make(map[string]string, 3)

// InjectReconciliationLock injects the kubeflow notebook controller culling
// stop annotation to explicitly start the notebook pod when the ODH notebook
// controller finishes the reconciliation. Otherwise, a race condition may happen
Expand Down Expand Up @@ -230,6 +233,29 @@ func InjectOAuthProxy(notebook *nbv1.Notebook, oauth OAuthConfig) error {
return nil
}

func (w *NotebookWebhook) ClusterWideProxyIsEnabled() bool {
shalberd marked this conversation as resolved.
Show resolved Hide resolved
proxyResourceList := &configv1.ProxyList{}
err := w.Client.List(context.TODO(), proxyResourceList)
shalberd marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return false
}

for _, proxy := range proxyResourceList.Items {
if proxy.Name == "cluster" {
if proxy.Status.HTTPProxy != "" && proxy.Status.HTTPSProxy != "" &&
proxy.Status.NoProxy != "" {
// Update Proxy Env variables map
proxyEnvVars["HTTP_PROXY"] = proxy.Status.HTTPProxy
shalberd marked this conversation as resolved.
Show resolved Hide resolved
proxyEnvVars["HTTPS_PROXY"] = proxy.Status.HTTPSProxy
proxyEnvVars["NO_PROXY"] = proxy.Status.NoProxy
return true
}
}
}
return false

}

// Handle transforms the Notebook objects.
func (w *NotebookWebhook) Handle(ctx context.Context, req admission.Request) admission.Response {

Expand Down Expand Up @@ -279,6 +305,14 @@ func (w *NotebookWebhook) Handle(ctx context.Context, req admission.Request) adm
}
}

// If cluster-wide-proxy is enabled add environment variables
if w.ClusterWideProxyIsEnabled() {
err = InjectProxyConfigEnvVars(notebook)
if err != nil {
return admission.Errored(http.StatusInternalServerError, err)
}
}

// RHOAIENG-14552: Running notebook cannot be updated carelessly, or we may end up restarting the pod when
// the webhook runs after e.g. the oauth-proxy image has been updated
mutatedNotebook, needsRestart, err := w.maybeRestartRunningNotebook(ctx, req, notebook)
Expand All @@ -290,9 +324,9 @@ func (w *NotebookWebhook) Handle(ctx context.Context, req admission.Request) adm
mutatedNotebook.ObjectMeta.Annotations[updatePendingAnnotation] = needsRestart.Reason
} else {
delete(mutatedNotebook.ObjectMeta.Annotations, updatePendingAnnotation)
}

// Create the mutated notebook object
}
// Create the mutated notebook object
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jiridanek no idea why the diff tools thinks there is a diff here ... all I did was rebase with main and resolve some merge conflicts

marshaledNotebook, err := json.Marshal(mutatedNotebook)
if err != nil {
return admission.Errored(http.StatusInternalServerError, err)
Expand Down Expand Up @@ -369,6 +403,57 @@ func (w *NotebookWebhook) maybeRestartRunningNotebook(ctx context.Context, req a
return mutatedNotebook, &UpdatesPending{Reason: diff}, nil
}

func InjectProxyConfigEnvVars(notebook *nbv1.Notebook) error {
notebookContainers := &notebook.Spec.Template.Spec.Containers
var imgContainer corev1.Container

// Update Notebook Image container with env variables from central cluster proxy config
for _, container := range *notebookContainers {
// Update notebook image container with env Variables
if container.Name == notebook.Name {
var newVars []corev1.EnvVar
imgContainer = container

for key, val := range proxyEnvVars {
keyExists := false
for _, env := range imgContainer.Env {
if key == env.Name {
keyExists = true
// Update if Proxy spec is updated
if env.Value != val {
env.Value = val
}
}
}
if !keyExists {
newVars = append(newVars, corev1.EnvVar{Name: key, Value: val})
}
}

// Update container only when required env variables are not present
imgContainerExists := false
if len(newVars) != 0 {
imgContainer.Env = append(imgContainer.Env, newVars...)
}

// Update container with Proxy Env Changes
for index, container := range *notebookContainers {
if container.Name == notebook.Name {
(*notebookContainers)[index] = imgContainer
imgContainerExists = true
break
}
}

if !imgContainerExists {
return fmt.Errorf("notebook image container not found %v", notebook.Name)
}
break
}
}
return nil
}

// CheckAndMountCACertBundle checks if the odh-trusted-ca-bundle ConfigMap is present
func CheckAndMountCACertBundle(ctx context.Context, cli client.Client, notebook *nbv1.Notebook, log logr.Logger) error {

Expand Down
Loading