Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs #326

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

shalberd
Copy link

@shalberd shalberd commented Apr 23, 2024

/fixes #291

notebook containers have HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars injected if central cluster proxy config exists

Description

During the last round of updates related to CA trust, code was removed that looks for an openshift central proxy config and adds the centrally configured values for HTTP_PROXY, HTTPS_PROXY, NO_PROXY

How Has This Been Tested?

not tested yet, I'd take the built image from quay.io and test whether the three variables appear in my notebooks / workbench containers.

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

Copy link

openshift-ci bot commented Apr 23, 2024

Hi @shalberd. Thanks for your PR.

I'm waiting for a opendatahub-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@harshad16
Copy link
Member

/ok-to-test

Copy link
Member

@jiridanek jiridanek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is adding back previously removed code. So it is IMO fair to ignore the possible "improvements" I suggested, or that others may come up with, and merge it as it is / as it was.

@shalberd
Copy link
Author

This is adding back previously removed code. So it is IMO fair to ignore the possible "improvements" I suggested, or that others may come up with, and merge it as it is / as it was.

Agreed, for tracking, I created issue kubeflow#344

@atheo89
Copy link
Member

atheo89 commented Jun 12, 2024

Hi @shalberd could you rebase your PR when you get a chance please? There have been many changes since it was opened :)

Current built image of this implementation is here: quay.io/opendatahub/odh-notebook-controller:pr-326

@shalberd
Copy link
Author

shalberd commented Jun 12, 2024

Hi @atheo89 I don't get the message that my forked branch is out of date compared to base branch, so I cannot rebase via GUI
.
I mean, it says here "this branch has no conflicts with the base branch"

https://stackoverflow.com/questions/69839124/update-branch-with-rebase-instead-of-merge

Also, changes since April upstream in v1.7 branch (your odh-io/kubeflow commits ahead shown here: shalberd/kubeflow@add_back_default_proxy_env_vars_from_openshift_central_proxy_config...opendatahub-io:kubeflow:v1.7-branch
don't indicate a need for either a merge or a rebase.

Is a rebase really necessary here? If yes, then yes, I'll rebase via command line and in a home network this evening.

@shalberd
Copy link
Author

/retest

@shalberd shalberd force-pushed the add_back_default_proxy_env_vars_from_openshift_central_proxy_config branch from 7401baf to 83f0f33 Compare June 12, 2024 11:54
@openshift-ci openshift-ci bot removed the lgtm label Jun 12, 2024
@shalberd
Copy link
Author

shalberd commented Jun 12, 2024

Hi could you rebase your PR when you get a chance please? There have been many changes since it was opened :)
Current built image of this implementation is here: quay.io/opendatahub/odh-notebook-controller:pr-326

@atheo89 ok, I see where you're coming from ... the whole pull request image build process and so on.
@jiridanek I did a rebase with v1.7-branch and force-pushed again, so ok now. Tests and image build re-running as of now.

https://quay.io/repository/opendatahub/odh-notebook-controller?tab=tags&tag=pr-326

Current built image by digest:

quay.io/opendatahub/odh-notebook-controller@sha256:8a375c328467bc80c8dcb7a5514add02bfdb2269b819ccb4ccc9a0e158ae9596

i.e. when used by kustomization.yaml, replace newTag line

https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/config/base/kustomization.yaml#L9

with

digest: sha256:8a375c328467bc80c8dcb7a5514add02bfdb2269b819ccb4ccc9a0e158ae9596

there are a couple of golang x/net vulnerabilities related to http2, but that is best done and looked at in a separately.

https://quay.io/repository/opendatahub/odh-notebook-controller/manifest/sha256:8a375c328467bc80c8dcb7a5514add02bfdb2269b819ccb4ccc9a0e158ae9596?tab=vulnerabilities&fixable=true

Ah, I guess depend-a-bot already created a PR #324

@jiridanek
Copy link
Member

Here's a tracking jira for it, https://issues.redhat.com/browse/RHOAIENG-8450

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jun 13, 2024
@shalberd
Copy link
Author

@harshad16 ready to merge? This PR here is exclusively about proxy env var and value injection

@harshad16
Copy link
Member

@harshad16 ready to merge? This PR here is exclusively about proxy env var and value injection

Hey @shalberd , i will get this prioritized for next week 👍

@jiridanek
Copy link
Member

/cherrypick v1.9-branch

@openshift-cherrypick-robot

@jiridanek: once the present PR merges, I will cherry-pick it on top of v1.9-branch in a new PR and assign it to you.

In response to this:

/cherrypick v1.9-branch

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jiridanek
Copy link
Member

/cherrypick stable

@openshift-cherrypick-robot

@jiridanek: once the present PR merges, I will cherry-pick it on top of stable in a new PR and assign it to you.

In response to this:

/cherrypick stable

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@jiridanek
Copy link
Member

jiridanek commented Sep 26, 2024

/retitle RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs

@openshift-ci openshift-ci bot changed the title add back notebook container envs var from central proxy configs RHOAIENG-8450: feat(odh-notebook-controller): add back notebook container envs var from central proxy configs Sep 26, 2024
@shalberd
Copy link
Author

shalberd commented Oct 8, 2024

shall I change this PR to v1.9 branch?

@jiridanek
Copy link
Member

jiridanek commented Oct 8, 2024

no, against the main branch, please

i don't have any news about the odh/rhoai version this will be scheduled for, still

@shalberd shalberd changed the base branch from v1.7-branch to main October 8, 2024 11:35
@shalberd
Copy link
Author

shalberd commented Oct 8, 2024

i don't have any news about the odh/rhoai version this will be scheduled for, still

No problem, just wanted to prepare, given that you work with 2 branches now and cherry-picking.
I changed the branch to compare to here to main.

@shalberd shalberd force-pushed the add_back_default_proxy_env_vars_from_openshift_central_proxy_config branch from 83f0f33 to 8fce111 Compare December 20, 2024 15:48
@openshift-ci openshift-ci bot removed the lgtm label Dec 20, 2024
Copy link

openshift-ci bot commented Dec 20, 2024

New changes are detected. LGTM label has been removed.

Copy link

openshift-ci bot commented Dec 20, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jiridanek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@shalberd
Copy link
Author

shalberd commented Dec 20, 2024

@jiridanek @atheo89 @harshad16 this is a little related to the notebook-images R studio env var PR opendatahub-io/notebooks/issues/795

I rebased this PR to be up to date with the latest main branch changes in kubeflow itself.
Let me know if this is still ok from your perspective and whether is looks good to you, still. lgtm label has been removed :-)

new image is quay.io/opendatahub/odh-notebook-controller:pr-326 or better yet, built today 20 December with unique hash format quay.io/opendatahub/odh-notebook-controller@sha256:e237f81fe9b6d651d3ca7194e9d5dc22927d7ec01cf82f0654af0e2585ae2991

Like I think you took care of the notebook restart concern with this commit a few weeks ago:
1a1894b

This controller feature, adding proxy env vars to workbenches / notebooks if so specified at cluster-level proxy config, is one of the issues that is keeping me from upgrading from ODH 1.x to 2.x :-)
If we don't get to talk anymore this year, wishing you all happy holidays or merry Christmas.

@shalberd shalberd requested a review from jiridanek December 20, 2024 16:01
@codecov-commenter
Copy link

codecov-commenter commented Dec 20, 2024

Codecov Report

Attention: Patch coverage is 10.16949% with 53 lines in your changes missing coverage. Please review.

Project coverage is 68.29%. Comparing base (0ae60aa) to head (78d2210).

Files with missing lines Patch % Lines
...otebook-controller/controllers/notebook_webhook.go 10.16% 52 Missing and 1 partial ⚠️
Additional details and impacted files
@@             Coverage Diff             @@
##             main     #326       +/-   ##
===========================================
+ Coverage   55.27%   68.29%   +13.02%     
===========================================
  Files           9        7        -2     
  Lines        2276     1394      -882     
===========================================
- Hits         1258      952      -306     
+ Misses        922      376      -546     
+ Partials       96       66       -30     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jiridanek
Copy link
Member

Woot! Coverage! 🎉

@shalberd
Copy link
Author

shalberd commented Dec 20, 2024

Woot! Coverage!

very nice, I will have to make myself more familiar with the findings. From your perspective, did I leave out anything by error in this PR when resolving diffs, or is all ok?

I only took, like ClusterWideProxyIsEnabled, what someone else wrote wayyy back then ;-) Just Management Information Systems major, no code geek (yet) :-)

@jiridanek If you have an explanatory Web page somewhere on this topic of coverage, I'd appreciate it in the interest of learning more about it.

Sven

@jiridanek
Copy link
Member

jiridanek commented Jan 2, 2025

@jiridanek If you have an explanatory Web page somewhere on this topic of coverage, I'd appreciate it in the interest of learning more about it.

Sure, try these

  1. https://about.codecov.io/resource/what-is-code-coverage/
  2. https://martinfowler.com/bliki/TestCoverage.html
  3. https://research.swtch.com/testing

It's what I used when doing a presentation on this a few months back. I considered posting the slides, but they are mostly just screenshots from the above resources.

Advanced topic on a closely related area (covered does not mean well-tested, so how well is the covered code tested?)

  1. https://research.google/pubs/state-of-mutation-testing-at-google/

@jiridanek
Copy link
Member

very nice, I will have to make myself more familiar with the findings. From your perspective, did I leave out anything by error in this PR when resolving diffs, or is all ok?

I only took, like ClusterWideProxyIsEnabled, what someone else wrote wayyy back then ;-) Just Management Information Systems major, no code geek (yet) :-)

I don't know, would have to spend time with it. So far I had other things to mess around with. Among the repo maintainers, we're keeping this PR in mind, it's just nobody decided to take on the work to merge it in (and accept the responsibility for resolving any and all unforeseen problems that may cause ;)

…o notebook containers have HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars injected if central cluster proxy config exists

Signed-off-by: Sven Thoms <[email protected]>
@shalberd shalberd force-pushed the add_back_default_proxy_env_vars_from_openshift_central_proxy_config branch from ef25780 to 78d2210 Compare January 3, 2025 10:04
@shalberd
Copy link
Author

shalberd commented Jan 3, 2025

@jiridanek my aim is to test odh notebook controller image on one of our dev clusters in conjunction with DataScienceCluster workbenches devFlags and ODH Operator 2.22.0.
The cluster will have

  • no integrated Openshift registry
  • custom imagestreams / notebooks
  • a custom namespace tst-opendatahub
  • a central proxy config at cluster-level

@shalberd
Copy link
Author

shalberd commented Jan 9, 2025

@jiridanek @atheo89 @andrewballantyne I was just making my first steps with odh v2.22.0 operator and devFlags manifests download, could not figure out for the life of me why the creation of the folders in operator image at /opt/manifests did not work at all, meaning operator v.2.22.0 being unusable for anything devflag-related it seems like.
Found out why: opendatahub-io/opendatahub-operator#1462
Don't know if Wen will backport the change to current v2.22.0 operator.

@atheo89
Copy link
Member

atheo89 commented Jan 10, 2025

Don't know if Wen will backport the change to current v2.22.0 operator.

@shalberd I’m not sure either. However, the upcoming ODH release with the v2.23 operator is scheduled for next week.
If that’s the case, will this PR still be relevant given the changes in the ODH operator?

@shalberd
Copy link
Author

shalberd commented Jan 10, 2025

However, the upcoming ODH release with the v2.23 operator is scheduled for next week.
If that’s the case, will this PR still be relevant given the changes in the ODH operator?

@atheo89 yes, the fix for the operator has nothing do do with proxy-related env var injection into notebook main container. This PR here is still highly relevant for clusters that have proxy info in their default cluster-wide proxy config.

https://docs.openshift.com/container-platform/4.15/networking/enable-cluster-wide-proxy.html

Screenshot 2025-01-10 at 16 02 34

The change in operator is related to: devFlags manifests download into operator container not working at all currently in v2.22.0, so only related slightly, in the sense that I cannot test this custom odh notebook controller image here currently :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

add back missing default env vars from openshift proxy config, if present
6 participants