Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add image trigger annotation for filling in image-field-value of container. Use imagestream name and tag for JUPYTER_IMAGE #800

Closed
wants to merge 1 commit into from
+35 −25
Closed

Add image trigger annotation for filling in image-field-value of container. Use imagestream name and tag for JUPYTER_IMAGE #800

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions backend/src/utils/notebookUtils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,15 +160,13 @@ export const assembleNotebook = async (

const notebookSize = getNotebookSize(notebookSizeName);

let imageUrl = ``;
shalberd marked this conversation as resolved.
Show resolved Hide resolved
let imageSelection = ``;

try {
const image = await getImageInfo(fastify, imageName);

const selectedImage = getImageTag(image, imageTagName);

imageUrl = `${selectedImage.image?.dockerImageRepo}:${selectedImage.tag?.name}`;
imageSelection = `${selectedImage.image?.name}:${selectedImage.tag?.name}`;
} catch (e) {
fastify.log.error(`Error getting the image for ${imageName}:${imageTagName}`);
Expand Down Expand Up @@ -268,6 +266,7 @@ export const assembleNotebook = async (
'opendatahub.io/username': username,
'kubeflow-resource-stopped': null,
'opendatahub.io/accelerator-name': accelerator.accelerator?.metadata.name || '',
'image.openshift.io/triggers': `[{"from":{"kind":"ImageStreamTag","name":"${imageSelection}", "namespace":"${namespace}"},"fieldPath":"spec.template.spec.containers[?(@.name==\\"${name}\\")].image"}]`,
shalberd marked this conversation as resolved.
Show resolved Hide resolved
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the preview test of this,

In case of the change of referencePolicy from Local to Source or vice-versa; or change to the image tag source. The annotation quickly updates the resources, which causes the pods to restart.
As it restarts, in case of a change of image tag, this becomes an issue for long-running notebooks.
We have a requirement for not hindering long-running notebook, and also that we update tag for the same imagestream tag based on cve fix.

In this case, we would need to use the image-trigger annotation field called paused, based on notebook scale down or up. If the user scales down, then only the image should be changed or else it should stay the same.

Perhaps, we should do this whole action directly on Notebook-Controller, which notebook-controller takes care of the Notebook Image, based on its type.

Copy link
Contributor Author

@shalberd shalberd May 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Harshad, sorry for the delay, thank you for your thoughts. Generally speaking, you are right when it comes to long-running notebooks (of course, if a node is ever down, even the best notebook when not replicated is not truly long-running, there is no guarantee).

In case of the change of referencePolicy from Local to Source or vice-versa; or change to the image tag source. The annotation quickly updates the resources, which causes the pods to restart.

Yes, that is true, it kind of "ripples through" without much delay, leading to pod restarts. We have that currently in our private Harbor repo that imagestream tag.from.name is based on, when the sha hash changes, yup. Leads to restarts of workbench pods.

We have a requirement for not hindering long-running notebook ... In this case, we would need to use the image-trigger annotation field called paused, based on notebook scale down or up. If the user scales down, then only the image should be changed

paused: true or false could be based on a custom notebook annotation. Possibly together with a slider in dashboard GUI that allows a user to override if they want to update.

About stopped slider in Dashboard GUI, so a stopped workbench and notebook / statefulset: the change in the imagestream tag underlying digest applies there, too, which is good. What I mean:
I looked up a workbench statefulset with replicas: 0 and looked at the notebook container image field value.
It contained the latest digest behind the tag of the imgestream / docker image base. So when paused: false is set in the annotation (which is the default) https://docs.openshift.com/container-platform/4.12/openshift_images/triggering-updates-on-imagestream-changes.html then changes ripple though to even a replicas: 0 statefulset / podspec.

You wrote: "if the user scales down, then only should the image be changed". It does not matter whether scaled down or not, image is always changed. What matters only the the value of paused: in the image change trigger annotation.

I think I understand what you want to achieve with either odh notebook controller or kubeflow notebook controller with respect to paused: true vs paused: false, I just think setting the value on the image change trigger annotation as a whole should start on odh dashboard. That is of course up fro discussion :-)

Perhaps, we should do this whole action directly on Notebook-Controller, which notebook-controller takes care of the Notebook Image, based on its type.

You mean based on a new notebook opendatahub annotation, like long-running: true/false or pauseable: true/false?

And by whole action, you mean the injection of the image stream change trigger annotation into the pod (not container)?

Copy link
Contributor Author

@shalberd shalberd May 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cannot just close this PR as dashboard notebook assembly won't work since it is based on imagestream status:
dockerImageRepository, which is empty when no internal openshift registry is present.

Also, on each notebook podspec update via dashboard GUI (requests and limits sizes, env vars ...), the image-field would again be set by dashboard. So we do need to touch the assemble and update logic here in some minimal way at least.

I agree on handling some aspects by odh (or kubeflow?) notebook controller, but we defininitely need some changes here in dashboard, too.

},
name: name,
namespace: namespace,
Expand All @@ -279,8 +278,8 @@ export const assembleNotebook = async (
enableServiceLinks: false,
containers: [
{
image: imageUrl,
imagePullPolicy: 'Always',
image: name,
shalberd marked this conversation as resolved.
Show resolved Hide resolved
imagePullPolicy: 'IfNotPresent',
shalberd marked this conversation as resolved.
Show resolved Hide resolved
shalberd marked this conversation as resolved.
Show resolved Hide resolved
workingDir: MOUNT_PATH,
name: name,
env: [
Expand All @@ -295,7 +294,7 @@ export const assembleNotebook = async (
},
{
name: 'JUPYTER_IMAGE',
value: imageUrl,
value: imageSelection,
shalberd marked this conversation as resolved.
Show resolved Hide resolved
},
...configMapEnvs,
...secretEnvs,
Expand Down
4 changes: 2 additions & 2 deletions frontend/src/__mocks__/mockNotebookK8sResource.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ export const mockNotebookK8sResource = ({
],
image:
'image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/s2i-minimal-notebook:py3.8-v1',
imagePullPolicy: 'Always',
imagePullPolicy: 'IfNotPresent',
shalberd marked this conversation as resolved.
Show resolved Hide resolved
livenessProbe: {
failureThreshold: 3,
httpGet: {
Expand Down Expand Up @@ -164,7 +164,7 @@ export const mockNotebookK8sResource = ({
],
image:
'registry.redhat.io/openshift4/ose-oauth-proxy@sha256:4bef31eb993feb6f1096b51b4876c65a6fb1f4401fee97fa4f4542b6b7c9bc46',
imagePullPolicy: 'Always',
imagePullPolicy: 'IfNotPresent',
livenessProbe: {
failureThreshold: 3,
httpGet: {
Expand Down
4 changes: 2 additions & 2 deletions frontend/src/__mocks__/mockPodK8sResource.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ export const mockPodK8sResource = ({
},
terminationMessagePath: '/dev/termination-log',
terminationMessagePolicy: 'File',
imagePullPolicy: 'Always',
imagePullPolicy: 'IfNotPresent',
securityContext: {
capabilities: {
drop: ['ALL'],
Expand Down Expand Up @@ -302,7 +302,7 @@ export const mockPodK8sResource = ({
},
terminationMessagePath: '/dev/termination-log',
terminationMessagePolicy: 'File',
imagePullPolicy: 'Always',
imagePullPolicy: 'IfNotPresent',
securityContext: {
capabilities: {
drop: ['ALL'],
Expand Down
19 changes: 11 additions & 8 deletions frontend/src/api/k8s/notebooks.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import { assemblePodSpecOptions, getshmVolume, getshmVolumeMount } from './utils
const assembleNotebook = (
shalberd marked this conversation as resolved.
Show resolved Hide resolved
data: StartNotebookData,
username: string,
dashboardNamespace: string,
canEnablePipelines?: boolean,
): NotebookKind => {
const {
Expand All @@ -48,9 +49,7 @@ const assembleNotebook = (
existingResources,
} = data;
const notebookId = overrideNotebookId || translateDisplayNameForK8s(notebookName);
const imageUrl = `${image.imageStream?.status?.dockerImageRepository}:${image.imageVersion?.name}`;
shalberd marked this conversation as resolved.
Show resolved Hide resolved
const imageSelection = `${image.imageStream?.metadata.name}:${image.imageVersion?.name}`;

const { affinity, tolerations, resources } = assemblePodSpecOptions(
notebookSize.resources,
accelerator,
Expand Down Expand Up @@ -106,6 +105,7 @@ const assembleNotebook = (
'notebooks.opendatahub.io/inject-oauth': 'true',
'opendatahub.io/username': username,
'opendatahub.io/accelerator-name': accelerator.accelerator?.metadata.name || '',
'image.openshift.io/triggers': `[{"from":{"kind":"ImageStreamTag","name":"${imageSelection}", "namespace":"${dashboardNamespace}"},"fieldPath":"spec.template.spec.containers[?(@.name==\\"${notebookId}\\")].image"}]`,
},
name: notebookId,
namespace: projectName,
Expand All @@ -117,8 +117,8 @@ const assembleNotebook = (
enableServiceLinks: false,
containers: [
{
image: imageUrl,
imagePullPolicy: 'Always',
image: notebookId,
imagePullPolicy: 'IfNotPresent',
workingDir: ROOT_MOUNT_PATH,
name: notebookId,
env: [
Expand All @@ -133,7 +133,7 @@ const assembleNotebook = (
},
{
name: 'JUPYTER_IMAGE',
value: imageUrl,
value: imageSelection,
shalberd marked this conversation as resolved.
Show resolved Hide resolved
},
],
envFrom,
Expand Down Expand Up @@ -240,9 +240,10 @@ export const startNotebook = async (
export const createNotebook = (
data: StartNotebookData,
username: string,
dashboardNamespace: string,
canEnablePipelines?: boolean,
): Promise<NotebookKind> => {
const notebook = assembleNotebook(data, username, canEnablePipelines);
const notebook = assembleNotebook(data, username, dashboardNamespace, canEnablePipelines);

const notebookPromise = k8sCreateResource<NotebookKind>({
model: NotebookModel,
Expand All @@ -262,9 +263,10 @@ export const updateNotebook = (
existingNotebook: NotebookKind,
data: StartNotebookData,
username: string,
dashboardNamespace: string,
): Promise<NotebookKind> => {
data.notebookId = existingNotebook.metadata.name;
const notebook = assembleNotebook(data, username);
const notebook = assembleNotebook(data, username, dashboardNamespace);

const oldNotebook = structuredClone(existingNotebook);
const container = oldNotebook.spec.template.spec.containers[0];
Expand All @@ -285,9 +287,10 @@ export const updateNotebook = (
export const createNotebookWithoutStarting = (
data: StartNotebookData,
username: string,
dashboardNamespace: string,
): Promise<NotebookKind> =>
new Promise((resolve, reject) =>
createNotebook(data, username).then((notebook) =>
createNotebook(data, username, dashboardNamespace).then((notebook) =>
setTimeout(
() =>
stopNotebook(notebook.metadata.name, notebook.metadata.namespace)
Expand Down
4 changes: 2 additions & 2 deletions frontend/src/pages/notebookController/screens/server/NotebookServerDetails.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import {
import { NotebookContainer } from '~/types';
import {
getDescriptionForTag,
getImageTagByContainer,
getImageAndTagByContainerEnvJupyterImage,
getNameVersionString,
} from '~/utilities/imageUtils';
import { useAppContext } from '~/app/AppContext';
Expand Down Expand Up @@ -42,7 +42,7 @@ const NotebookServerDetails: React.FC = () => {
);
}

const { image, tag } = getImageTagByContainer(images, container);
const { image, tag } = getImageAndTagByContainerEnvJupyterImage(images, container);

const tagSoftware = getDescriptionForTag(tag);
const tagDependencies = tag?.content.dependencies ?? [];
Expand Down
5 changes: 4 additions & 1 deletion frontend/src/pages/projects/screens/detail/notebooks/useNotebookImageData.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@ const useNotebookImageData = (
const container: NotebookContainer | undefined = notebook.spec.template.spec.containers.find(
(container) => container.name === notebook.metadata.name,
);
const imageTag = container?.image.split('/').at(-1)?.split(':');

const imageStreamTagAndName =
container?.env?.find((i) => i?.name === 'JUPYTER_IMAGE')?.value ?? '';
const imageTag = imageStreamTagAndName.toString().split('/').at(-1)?.split(':');

if (!imageTag || imageTag.length < 2 || !container) {
return [null, true];
Expand Down
6 changes: 4 additions & 2 deletions frontend/src/pages/projects/screens/spawner/SpawnerFooter.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import {
DataConnectionData,
} from '~/pages/projects/types';
import { useUser } from '~/redux/selectors';
import { useDashboardNamespace } from '~/redux/selectors';
import { ProjectDetailsContext } from '~/pages/projects/ProjectDetailsContext';
import { AppContext } from '~/app/AppContext';
import { fireTrackingEvent } from '~/utilities/segmentIOUtils';
Expand Down Expand Up @@ -61,6 +62,7 @@ const SpawnerFooter: React.FC<SpawnerFooterProps> = ({
);
const editNotebook = notebookState?.notebook;
const { projectName } = startNotebookData;
const { dashboardNamespace } = useDashboardNamespace();
const navigate = useNavigate();
const [createInProgress, setCreateInProgress] = React.useState(false);
const isButtonDisabled =
Expand Down Expand Up @@ -154,7 +156,7 @@ const SpawnerFooter: React.FC<SpawnerFooterProps> = ({
envFrom,
tolerationSettings,
};
updateNotebook(editNotebook, newStartNotebookData, username)
updateNotebook(editNotebook, newStartNotebookData, username, dashboardNamespace)
.then((notebook) => afterStart(notebook.metadata.name, 'updated'))
.catch(handleError);
}
Expand Down Expand Up @@ -212,7 +214,7 @@ const SpawnerFooter: React.FC<SpawnerFooterProps> = ({
tolerationSettings,
};

createNotebook(newStartData, username, canEnablePipelines)
createNotebook(newStartData, username, dashboardNamespace, canEnablePipelines)
.then((notebook) => afterStart(notebook.metadata.name, 'created'))
.catch(handleError);
};
Expand Down
7 changes: 5 additions & 2 deletions frontend/src/utilities/imageUtils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,11 +151,14 @@ export const getDescriptionForTag = (imageTag?: ImageTagInfo): string => {
return softwareDescriptions.join(', ');
};

export const getImageTagByContainer = (
export const getImageAndTagByContainerEnvJupyterImage = (
shalberd marked this conversation as resolved.
Show resolved Hide resolved
images: ImageInfo[],
container?: NotebookContainer,
): ImageTag => {
const imageTag = container?.image.split('/').at(-1)?.split(':');
const imageStreamTagAndName =
container?.env?.find((i) => i?.name === 'JUPYTER_IMAGE')?.value ?? '';
const imageTag = imageStreamTagAndName.toString().split('/').at(-1)?.split(':');

if (!imageTag || imageTag.length < 2) {
return { image: undefined, tag: undefined };
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/base/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
containers:
- name: odh-dashboard
image: odh-dashboard
imagePullPolicy: Always
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
resources:
Expand Down
Loading