WIP - Creation/Deletion of ingress and routes in RayCluster Controller

Author: ChristianZaccaria

controllers/raycluster_controller.go

@@ -22,6 +22,12 @@ import (
 	"crypto/sha1"
 	"encoding/base64"
 	"strconv"
+	"strings"
+
+	"github.com/go-logr/logr"
+
+	networkingv1 "k8s.io/api/networking/v1"
+	networkingv1ac "k8s.io/client-go/applyconfigurations/networking/v1"
 
 	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
 
@@ -35,7 +41,9 @@ import (
 	coreapply "k8s.io/client-go/applyconfigurations/core/v1"
 	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
 	rbacapply "k8s.io/client-go/applyconfigurations/rbac/v1"
+	"k8s.io/client-go/discovery"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -52,6 +60,20 @@ type RayClusterReconciler struct {
 	routeClient *routev1client.RouteV1Client
 	Scheme      *runtime.Scheme
 	CookieSalt  string
+	IsOpenShift bool
+}
+
+type IngressOptions struct {
+	Ingresses []Ingress `json:"ingresses"`
+}
+
+type Ingress struct {
+	IngressName string            `json:"ingressName"`
+	Port        int               `json:"port"`
+	PathType    string            `json:"pathType"`
+	Path        string            `json:"path"`
+	Host        string            `json:"host"`
+	Annotations map[string]string `json:"annotations"`
 }
 
 const (
@@ -61,6 +83,7 @@ const (
 	CodeflareOAuthFinalizer = "codeflare.dev/oauth-finalizer"
 	OAuthServicePort        = 443
 	OAuthServicePortName    = "oauth-proxy"
+	RegularServicePortName  = "dashboard"
 	strTrue                 = "true"
 	strFalse                = "false"
 	logRequeueing           = "requeueing"
@@ -94,6 +117,8 @@ func (r *RayClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 	var cluster rayv1.RayCluster
 
+	IsOpenShift := getClusterType(logger)
+
 	if err := r.Get(ctx, req.NamespacedName, &cluster); err != nil {
 		if !errors.IsNotFound(err) {
 			logger.Error(err, "Error getting RayCluster resource")
@@ -126,75 +151,97 @@ func (r *RayClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		logger.Info("Successfully removed finalizer.", logRequeueing, strFalse)
 		return ctrl.Result{}, nil
 	}
-
-	val, ok := cluster.ObjectMeta.Annotations["codeflare.dev/oauth"]
-	boolVal, err := strconv.ParseBool(val)
-	if err != nil {
-		logger.Error(err, "Could not convert codeflare.dev/oauth value to bool", "codeflare.dev/oauth", val)
+	if IsOpenShift {
+		val, ok := cluster.ObjectMeta.Annotations["codeflare.dev/oauth"]
+		boolVal, err := strconv.ParseBool(val)
+		if err != nil {
+			logger.Error(err, "Could not convert codeflare.dev/oauth value to bool", "codeflare.dev/oauth", val)
+		}
+		if !ok || err != nil || !boolVal {
+			logger.Info("Removing all OAuth Objects")
+			err := r.deleteIfNotExist(
+				ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: oauthSecretNameFromCluster(&cluster)}, &corev1.Secret{},
+			)
+			if err != nil {
+				logger.Error(err, "Error deleting OAuth Secret, retrying", logRequeueing, strTrue)
+				return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, nil
+			}
+			err = r.deleteIfNotExist(
+				ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: oauthServiceNameFromCluster(&cluster)}, &corev1.Service{},
+			)
+			if err != nil {
+				logger.Error(err, "Error deleting OAuth Service, retrying", logRequeueing, strTrue)
+				return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, nil
+			}
+			err = r.deleteIfNotExist(
+				ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: cluster.Name}, &corev1.ServiceAccount{},
+			)
+			if err != nil {
+				logger.Error(err, "Error deleting OAuth ServiceAccount, retrying", logRequeueing, strTrue)
+				return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, nil
+			}
+			err = r.deleteIfNotExist(
+				ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: crbNameFromCluster(&cluster)}, &rbacv1.ClusterRoleBinding{},
+			)
+			if err != nil {
+				logger.Error(err, "Error deleting OAuth CRB, retrying", logRequeueing, strTrue)
+				return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, nil
+			}
+			err = r.deleteIfNotExist(
+				ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: cluster.Name}, &routev1.Route{},
+			)
+			if err != nil {
+				logger.Error(err, "Error deleting OAuth Route, retrying", logRequeueing, strTrue)
+				return ctrl.Result{Requeue: true, RequeueAfter: requeueTime}, nil
+			}
+		}
 	}
-	if !ok || err != nil || !boolVal {
-		logger.Info("Removing all OAuth Objects")
-		err := r.deleteIfNotExist(
-			ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: oauthSecretNameFromCluster(&cluster)}, &corev1.Secret{},
-		)
+
+	if cluster.Status.State != "suspended" && cluster.ObjectMeta.Annotations["codeflare.dev/oauth"] == "True" && IsOpenShift {
+		logger.Info("Creating OAuth Objects")
+		_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, desiredClusterRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
-			logger.Error(err, "Error deleting OAuth Secret, retrying", logRequeueing, strTrue)
-			return ctrl.Result{RequeueAfter: requeueTime}, nil
+			logger.Error(err, "Failed to update OAuth Route")
 		}
-		err = r.deleteIfNotExist(
-			ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: oauthServiceNameFromCluster(&cluster)}, &corev1.Service{},
-		)
+
+		_, err = r.kubeClient.CoreV1().Secrets(cluster.Namespace).Apply(ctx, desiredOAuthSecret(&cluster, r), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
-			logger.Error(err, "Error deleting OAuth Service, retrying", logRequeueing, strTrue)
-			return ctrl.Result{RequeueAfter: requeueTime}, nil
+			logger.Error(err, "Failed to create OAuth Secret")
 		}
-		err = r.deleteIfNotExist(
-			ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: oauthServiceAccountNameFromCluster(&cluster)}, &corev1.ServiceAccount{},
-		)
+
+		_, err = r.kubeClient.CoreV1().Services(cluster.Namespace).Apply(ctx, desiredOAuthService(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
-			logger.Error(err, "Error deleting OAuth ServiceAccount, retrying", logRequeueing, strTrue)
-			return ctrl.Result{RequeueAfter: requeueTime}, nil
+			logger.Error(err, "Failed to update OAuth Service")
 		}
-		err = r.deleteIfNotExist(
-			ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: crbNameFromCluster(&cluster)}, &rbacv1.ClusterRoleBinding{},
-		)
+
+		_, err = r.kubeClient.CoreV1().ServiceAccounts(cluster.Namespace).Apply(ctx, desiredServiceAccount(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
-			logger.Error(err, "Error deleting OAuth CRB, retrying", logRequeueing, strTrue)
-			return ctrl.Result{RequeueAfter: requeueTime}, nil
+			logger.Error(err, "Failed to update OAuth ServiceAccount")
 		}
-		err = r.deleteIfNotExist(
-			ctx, types.NamespacedName{Namespace: cluster.Namespace, Name: routeNameFromCluster(&cluster)}, &routev1.Route{},
-		)
+
+		_, err = r.kubeClient.RbacV1().ClusterRoleBindings().Apply(ctx, desiredOAuthClusterRoleBinding(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
-			logger.Error(err, "Error deleting OAuth Route, retrying", logRequeueing, strTrue)
-			return ctrl.Result{RequeueAfter: requeueTime}, nil
+			logger.Error(err, "Failed to update OAuth ClusterRoleBinding")
+		}
+	} else if cluster.Status.State != "suspended" && cluster.ObjectMeta.Annotations["codeflare.dev/oauth"] != "True" && IsOpenShift {
+		logger.Info(string(cluster.Status.State))
+		// create a route
+		logger.Info("Creating Route")
+		_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, createRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
+		if err != nil {
+			logger.Error(err, "Failed to update Route")
 		}
 		return ctrl.Result{}, nil
-	}
-
-	_, err = r.routeClient.Routes(cluster.Namespace).Apply(ctx, desiredClusterRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-	if err != nil {
-		logger.Error(err, "Failed to update OAuth Route")
-	}
-
-	_, err = r.kubeClient.CoreV1().Secrets(cluster.Namespace).Apply(ctx, desiredOAuthSecret(&cluster, r), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-	if err != nil {
-		logger.Error(err, "Failed to create OAuth Secret")
-	}
-
-	_, err = r.kubeClient.CoreV1().Services(cluster.Namespace).Apply(ctx, desiredOAuthService(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-	if err != nil {
-		logger.Error(err, "Failed to update OAuth Service")
-	}
-
-	_, err = r.kubeClient.CoreV1().ServiceAccounts(cluster.Namespace).Apply(ctx, desiredServiceAccount(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-	if err != nil {
-		logger.Error(err, "Failed to update OAuth ServiceAccount")
-	}
-
-	_, err = r.kubeClient.RbacV1().ClusterRoleBindings().Apply(ctx, desiredOAuthClusterRoleBinding(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-	if err != nil {
-		logger.Error(err, "Failed to update OAuth ClusterRoleBinding")
+	} else if cluster.Status.State != "suspended" && cluster.ObjectMeta.Annotations["codeflare.dev/oauth"] != "True" && !IsOpenShift {
+		logger.Info(string(cluster.Status.State))
+		// create an ingress
+		logger.Info("Creating Ingress")
+		_, err := r.kubeClient.NetworkingV1().Ingresses(cluster.Namespace).Apply(ctx, createIngressApplyConfiguration(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
+		if err != nil {
+			logger.Error(err, "Failed to update Ingress")
+		}
+		logger.Info("Ingress HAS BEEN CREATED")
+		return ctrl.Result{}, nil
 	}
 
 	return ctrl.Result{}, nil
@@ -335,3 +382,95 @@ func (r *RayClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		For(&rayv1.RayCluster{}).
 		Complete(r)
 }
+
+// getDiscoveryClient returns a discovery client for the current reconciler
+func getDiscoveryClient(config *rest.Config) (*discovery.DiscoveryClient, error) {
+	return discovery.NewDiscoveryClientForConfig(config)
+}
+
+// Check where we are running. We are trying to distinguish here whether
+// this is vanilla kubernetes cluster or Openshift
+func getClusterType(logger logr.Logger) bool {
+	// The discovery package is used to discover APIs supported by a Kubernetes API server.
+	config, err := ctrl.GetConfig()
+	if err == nil && config != nil {
+		dclient, err := getDiscoveryClient(config)
+		if err == nil && dclient != nil {
+			apiGroupList, err := dclient.ServerGroups()
+			if err != nil {
+				logger.Info("Error while querying ServerGroups, assuming we're on Vanilla Kubernetes")
+				return false
+			} else {
+				for i := 0; i < len(apiGroupList.Groups); i++ {
+					if strings.HasSuffix(apiGroupList.Groups[i].Name, ".openshift.io") {
+						logger.Info("We detected being on OpenShift!")
+						return true
+					}
+				}
+				logger.Info("We detected being on Vanilla Kubernetes!")
+				return false
+			}
+		} else {
+			logger.Info("Cannot retrieve a DiscoveryClient, assuming we're on Vanilla Kubernetes")
+			return false
+		}
+	} else {
+		logger.Info("Cannot retrieve config, assuming we're on Vanilla Kubernetes")
+		return false
+	}
+}
+
+func serviceNameFromCluster(cluster *rayv1.RayCluster) string {
+	return cluster.Name + "-head-svc"
+}
+
+func createRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfiguration {
+	return routeapply.Route(routeNameFromCluster(cluster), cluster.Namespace).
+		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
+		WithSpec(routeapply.RouteSpec().
+			WithTo(routeapply.RouteTargetReference().WithKind("Service").WithName(serviceNameFromCluster(cluster))).
+			WithPort(routeapply.RoutePort().WithTargetPort(intstr.FromString(RegularServicePortName))).
+			WithTLS(routeapply.TLSConfig().
+				WithTermination("edge")),
+		).
+		WithOwnerReferences(
+			v1.OwnerReference().WithUID(cluster.UID).WithName(cluster.Name).WithKind(cluster.Kind).WithAPIVersion(cluster.APIVersion),
+		)
+}
+
+// Create an Ingress object for the RayCluster
+func createIngressApplyConfiguration(cluster *rayv1.RayCluster) *networkingv1ac.IngressApplyConfiguration {
+	pt := networkingv1.PathTypeImplementationSpecific
+
+	return networkingv1ac.Ingress(cluster.Name, cluster.Namespace).
+		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
+		WithOwnerReferences(v1.OwnerReference().
+			WithAPIVersion(cluster.APIVersion).
+			WithKind(cluster.Kind).
+			WithName(cluster.Name).
+			WithUID(types.UID(cluster.UID))).
+		WithSpec(networkingv1ac.IngressSpec().
+			WithRules(networkingv1ac.IngressRule().
+				WithHost("kind"). // Specify the host name here
+				WithHTTP(networkingv1ac.HTTPIngressRuleValue().
+					WithPaths(networkingv1ac.HTTPIngressPath().
+						WithPath("/"). // Specify the path here
+						WithPathType(pt).
+						WithBackend(networkingv1ac.IngressBackend().
+							WithService(networkingv1ac.IngressServiceBackend().
+								WithName(serviceNameFromCluster(cluster)).
+								WithPort(networkingv1ac.ServiceBackendPort().
+									WithName(RegularServicePortName), // Assuming RegularServicePortName is a string constant defining the port name
+								),
+							),
+						),
+					),
+				),
+			),
+		)
+	// Optionally, add TLS configuration here if needed
+}
+
+// Need to create route for Ray Client for local_interactive
+// No more ingress_options - Removing completely.
+// What to do about ingress_domain?