Add OAuth config to reconciler struct

Author: ChristianZaccaria

go.mod

@@ -3,7 +3,6 @@ module github.com/project-codeflare/codeflare-operator
 go 1.20
 
 require (
-	github.com/go-logr/logr v1.2.4
 	github.com/onsi/ginkgo/v2 v2.11.0
 	github.com/onsi/gomega v1.27.10
 	github.com/openshift/api v0.0.0-20230213134911-7ba313770556
@@ -43,6 +42,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.2.4 // indirect
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect

main.go

@@ -189,7 +189,7 @@ func main() {
 
 	v, err := HasAPIResourceForGVK(kubeClient.DiscoveryClient, rayv1.GroupVersion.WithKind("RayCluster"))
 	if v {
-		rayClusterController := controllers.RayClusterReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme()}
+		rayClusterController := controllers.RayClusterReconciler{Client: mgr.GetClient(), Scheme: mgr.GetScheme(), Config: cfg}
 		exitOnError(rayClusterController.SetupWithManager(mgr), "Error setting up RayCluster controller")
 	} else if err != nil {
 		exitOnError(err, "Could not determine if RayCluster CR present on cluster.")

pkg/controllers/raycluster_controller.go

@@ -52,6 +52,7 @@ type RayClusterReconciler struct {
 	routeClient *routev1client.RouteV1Client
 	Scheme      *runtime.Scheme
 	CookieSalt  string
+	Config      *config.CodeFlareOperatorConfiguration
 }
 
 const (
@@ -60,14 +61,13 @@ const (
 	oAuthFinalizer         = "ray.openshift.ai/oauth-finalizer"
 	oAuthServicePort       = 443
 	oAuthServicePortName   = "oauth-proxy"
-	regularServicePortName = "dashboard"
+	ingressServicePortName = "dashboard"
 	logRequeueing          = "requeueing"
 )
 
 var (
-	deletePolicy   = metav1.DeletePropagationForeground
-	deleteOptions  = client.DeleteOptions{PropagationPolicy: &deletePolicy}
-	configInstance *config.CodeFlareOperatorConfiguration
+	deletePolicy  = metav1.DeletePropagationForeground
+	deleteOptions = client.DeleteOptions{PropagationPolicy: &deletePolicy}
 )
 
 // +kubebuilder:rbac:groups=ray.io,resources=rayclusters,verbs=get;list;watch;create;update;patch;delete
@@ -101,9 +101,9 @@ func (r *RayClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, client.IgnoreNotFound(err)
 	}
 
-	isLocalInteractive := annotationBoolVal(logger, &cluster, "sdk.codeflare.dev/local_interactive")
-	isOpenShift, ingressHost := getClusterType(logger, r.kubeClient, &cluster)
-	ingressDomain := cluster.ObjectMeta.Annotations["sdk.codeflare.dev/ingress_domain"]
+	isLocalInteractive := annotationBoolVal(ctx, &cluster, "sdk.codeflare.dev/local_interactive", false)
+	ingressDomain := "" // FIX - CFO will retrieve it.
+	isOpenShift, ingressHost := getClusterType(ctx, r.kubeClient, &cluster, ingressDomain)
 
 	if cluster.ObjectMeta.DeletionTimestamp.IsZero() {
 		if !controllerutil.ContainsFinalizer(&cluster, oAuthFinalizer) {
@@ -138,63 +138,63 @@ func (r *RayClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 		return ctrl.Result{}, nil
 	}
 
-	if cluster.Status.State != "suspended" && isRayDashboardOAuthEnabled() && isOpenShift {
+	if cluster.Status.State != "suspended" && r.isRayDashboardOAuthEnabled() && isOpenShift {
 		logger.Info("Creating OAuth Objects")
 		_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, desiredClusterRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			logger.Error(err, "Failed to update OAuth Route")
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 
 		_, err = r.kubeClient.CoreV1().Secrets(cluster.Namespace).Apply(ctx, desiredOAuthSecret(&cluster, r), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			logger.Error(err, "Failed to create OAuth Secret")
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 
 		_, err = r.kubeClient.CoreV1().Services(cluster.Namespace).Apply(ctx, desiredOAuthService(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			logger.Error(err, "Failed to update OAuth Service")
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 
 		_, err = r.kubeClient.CoreV1().ServiceAccounts(cluster.Namespace).Apply(ctx, desiredServiceAccount(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			logger.Error(err, "Failed to update OAuth ServiceAccount")
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 
 		_, err = r.kubeClient.RbacV1().ClusterRoleBindings().Apply(ctx, desiredOAuthClusterRoleBinding(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			logger.Error(err, "Failed to update OAuth ClusterRoleBinding")
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 
-	} else if cluster.Status.State != "suspended" && !isRayDashboardOAuthEnabled() && isOpenShift {
-		logger.Info("Creating Dashboard Route")
-		_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, createRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
-		if err != nil {
-			logger.Error(err, "Failed to update Dashboard Route")
-		}
-		if isLocalInteractive && ingressDomain != "" {
+		if isLocalInteractive {
 			logger.Info("Creating RayClient Route")
-			_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, createRayClientRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
+			_, err := r.routeClient.Routes(cluster.Namespace).Apply(ctx, desiredRayClientRoute(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 			if err != nil {
 				logger.Error(err, "Failed to update RayClient Route")
+				return ctrl.Result{RequeueAfter: requeueTime}, err
 			}
 		}
-		return ctrl.Result{}, nil
 
-	} else if cluster.Status.State != "suspended" && !isRayDashboardOAuthEnabled() && !isOpenShift {
+	} else if cluster.Status.State != "suspended" && !r.isRayDashboardOAuthEnabled() && !isOpenShift {
 		logger.Info("Creating Dashboard Ingress")
-		_, err := r.kubeClient.NetworkingV1().Ingresses(cluster.Namespace).Apply(ctx, createIngressApplyConfiguration(&cluster, ingressHost), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
+		_, err := r.kubeClient.NetworkingV1().Ingresses(cluster.Namespace).Apply(ctx, desiredClusterIngress(&cluster, ingressHost), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 		if err != nil {
 			// This log is info level since errors are not fatal and are expected
 			logger.Info("WARN: Failed to update Dashboard Ingress", "error", err.Error(), logRequeueing, true)
+			return ctrl.Result{RequeueAfter: requeueTime}, err
 		}
 		if isLocalInteractive && ingressDomain != "" {
 			logger.Info("Creating RayClient Ingress")
-			_, err := r.kubeClient.NetworkingV1().Ingresses(cluster.Namespace).Apply(ctx, createRayClientIngress(&cluster), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
+			_, err := r.kubeClient.NetworkingV1().Ingresses(cluster.Namespace).Apply(ctx, desiredRayClientIngress(&cluster, ingressDomain), metav1.ApplyOptions{FieldManager: controllerName, Force: true})
 			if err != nil {
 				logger.Error(err, "Failed to update RayClient Ingress")
+				return ctrl.Result{RequeueAfter: requeueTime}, err
 			}
 		}
-		return ctrl.Result{}, nil
 	}
 
 	return ctrl.Result{}, nil

pkg/controllers/support.go

@@ -6,7 +6,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/go-logr/logr"
 	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
 
 	networkingv1 "k8s.io/api/networking/v1"
@@ -27,26 +26,11 @@ func serviceNameFromCluster(cluster *rayv1.RayCluster) string {
 	return cluster.Name + "-head-svc"
 }
 
-func createRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfiguration {
-	return routeapply.Route(dashboardNameFromCluster(cluster), cluster.Namespace).
-		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
-		WithSpec(routeapply.RouteSpec().
-			WithTo(routeapply.RouteTargetReference().WithKind("Service").WithName(serviceNameFromCluster(cluster))).
-			WithPort(routeapply.RoutePort().WithTargetPort(intstr.FromString(regularServicePortName))).
-			WithTLS(routeapply.TLSConfig().
-				WithTermination("edge")),
-		).
-		WithOwnerReferences(
-			v1.OwnerReference().WithUID(cluster.UID).WithName(cluster.Name).WithKind(cluster.Kind).WithAPIVersion(cluster.APIVersion),
-		)
-}
-
-func createRayClientRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfiguration {
-	ingress_domain := cluster.ObjectMeta.Annotations["sdk.codeflare.dev/ingress_domain"]
+func desiredRayClientRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfiguration {
 	return routeapply.Route(rayClientNameFromCluster(cluster), cluster.Namespace).
 		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
 		WithSpec(routeapply.RouteSpec().
-			WithHost(rayClientNameFromCluster(cluster) + "-" + cluster.Namespace + "." + ingress_domain).
+			WithHost(rayClientNameFromCluster(cluster) + "-" + cluster.Namespace).
 			WithTo(routeapply.RouteTargetReference().WithKind("Service").WithName(serviceNameFromCluster(cluster)).WithWeight(100)).
 			WithPort(routeapply.RoutePort().WithTargetPort(intstr.FromString("client"))).
 			WithTLS(routeapply.TLSConfig().WithTermination("passthrough")),
@@ -57,8 +41,7 @@ func createRayClientRoute(cluster *rayv1.RayCluster) *routeapply.RouteApplyConfi
 }
 
 // Create an Ingress object for the RayCluster
-func createRayClientIngress(cluster *rayv1.RayCluster) *networkingv1ac.IngressApplyConfiguration {
-	ingress_domain := cluster.ObjectMeta.Annotations["sdk.codeflare.dev/ingress_domain"]
+func desiredRayClientIngress(cluster *rayv1.RayCluster, ingressDomain string) *networkingv1ac.IngressApplyConfiguration {
 	return networkingv1ac.Ingress(rayClientNameFromCluster(cluster), cluster.Namespace).
 		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
 		WithAnnotations(map[string]string{
@@ -74,7 +57,7 @@ func createRayClientIngress(cluster *rayv1.RayCluster) *networkingv1ac.IngressAp
 		WithSpec(networkingv1ac.IngressSpec().
 			WithIngressClassName("nginx").
 			WithRules(networkingv1ac.IngressRule().
-				WithHost(rayClientNameFromCluster(cluster) + "-" + cluster.Namespace + "." + ingress_domain).
+				WithHost(rayClientNameFromCluster(cluster) + "-" + cluster.Namespace + "." + ingressDomain).
 				WithHTTP(networkingv1ac.HTTPIngressRuleValue().
 					WithPaths(networkingv1ac.HTTPIngressPath().
 						WithPath("/").
@@ -94,7 +77,7 @@ func createRayClientIngress(cluster *rayv1.RayCluster) *networkingv1ac.IngressAp
 }
 
 // Create an Ingress object for the RayCluster
-func createIngressApplyConfiguration(cluster *rayv1.RayCluster, ingressHost string) *networkingv1ac.IngressApplyConfiguration {
+func desiredClusterIngress(cluster *rayv1.RayCluster, ingressHost string) *networkingv1ac.IngressApplyConfiguration {
 	return networkingv1ac.Ingress(dashboardNameFromCluster(cluster), cluster.Namespace).
 		WithLabels(map[string]string{"ray.io/cluster-name": cluster.Name}).
 		WithOwnerReferences(v1.OwnerReference().
@@ -104,7 +87,7 @@ func createIngressApplyConfiguration(cluster *rayv1.RayCluster, ingressHost stri
 			WithUID(types.UID(cluster.UID))).
 		WithSpec(networkingv1ac.IngressSpec().
 			WithRules(networkingv1ac.IngressRule().
-				WithHost(ingressHost). // kind host name or ingress_domain
+				WithHost(ingressHost). // KinD hostname or ingressDomain
 				WithHTTP(networkingv1ac.HTTPIngressRuleValue().
 					WithPaths(networkingv1ac.HTTPIngressPath().
 						WithPath("/").
@@ -113,7 +96,7 @@ func createIngressApplyConfiguration(cluster *rayv1.RayCluster, ingressHost stri
 							WithService(networkingv1ac.IngressServiceBackend().
 								WithName(serviceNameFromCluster(cluster)).
 								WithPort(networkingv1ac.ServiceBackendPort().
-									WithName(regularServicePortName),
+									WithName(ingressServicePortName),
 								),
 							),
 						),
@@ -143,59 +126,56 @@ func getDiscoveryClient(config *rest.Config) (*discovery.DiscoveryClient, error)
 
 // Check where we are running. We are trying to distinguish here whether
 // this is vanilla kubernetes cluster or Openshift
-func getClusterType(logger logr.Logger, clientset *kubernetes.Clientset, cluster *rayv1.RayCluster) (bool, string) {
+func getClusterType(ctx context.Context, clientset *kubernetes.Clientset, cluster *rayv1.RayCluster, ingressDomain string) (bool, string) {
 	// The discovery package is used to discover APIs supported by a Kubernetes API server.
-	ingress_domain := cluster.ObjectMeta.Annotations["sdk.codeflare.dev/ingress_domain"]
+	logger := ctrl.LoggerFrom(ctx)
 	config, err := ctrl.GetConfig()
-	if err == nil && config != nil {
-		dclient, err := getDiscoveryClient(config)
-		if err == nil && dclient != nil {
-			apiGroupList, err := dclient.ServerGroups()
-			if err != nil {
-				logger.Info("Error while querying ServerGroups, assuming we're on Vanilla Kubernetes")
-				return false, ""
-			} else {
-				for i := 0; i < len(apiGroupList.Groups); i++ {
-					if strings.HasSuffix(apiGroupList.Groups[i].Name, ".openshift.io") {
-						logger.Info("We detected being on OpenShift!")
-						return true, ""
-					}
-				}
-				onKind, _ := isOnKindCluster(clientset)
-				if onKind && ingress_domain == "" {
-					logger.Info("We detected being on a KinD cluster!")
-					return false, "kind"
-				} else {
-					logger.Info("We detected being on Vanilla Kubernetes!")
-					return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingress_domain)
-				}
-			}
-		} else {
-			logger.Info("Cannot retrieve a DiscoveryClient, assuming we're on Vanilla Kubernetes")
-			return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingress_domain)
-		}
-	} else {
+	if err != nil && config == nil {
 		logger.Info("Cannot retrieve config, assuming we're on Vanilla Kubernetes")
-		return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingress_domain)
+		return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingressDomain)
 	}
+	dclient, err := getDiscoveryClient(config)
+	if err != nil && dclient == nil {
+		logger.Info("Cannot retrieve a DiscoveryClient, assuming we're on Vanilla Kubernetes")
+		return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingressDomain)
+	}
+	apiGroupList, err := dclient.ServerGroups()
+	if err != nil {
+		logger.Info("Error while querying ServerGroups, assuming we're on Vanilla Kubernetes")
+		return false, ""
+	}
+	for i := 0; i < len(apiGroupList.Groups); i++ {
+		if strings.HasSuffix(apiGroupList.Groups[i].Name, ".openshift.io") {
+			logger.Info("We detected being on OpenShift!")
+			return true, ""
+		}
+	}
+	onKind, _ := isOnKindCluster(clientset)
+	if onKind && ingressDomain == "" {
+		logger.Info("We detected being on a KinD cluster!")
+		return false, "kind"
+	}
+	logger.Info("We detected being on Vanilla Kubernetes!")
+	return false, fmt.Sprintf("ray-dashboard-%s-%s.%s", cluster.Name, cluster.Namespace, ingressDomain)
 }
 
-func isRayDashboardOAuthEnabled() bool {
-	if configInstance.KubeRay != nil && configInstance.KubeRay.RayDashboardOAuthEnabled != nil {
-		return *configInstance.KubeRay.RayDashboardOAuthEnabled
+func (r *RayClusterReconciler) isRayDashboardOAuthEnabled() bool {
+	if r.Config != nil && r.Config.KubeRay != nil && r.Config.KubeRay.RayDashboardOAuthEnabled != nil {
+		return *r.Config.KubeRay.RayDashboardOAuthEnabled
 	}
 	return true
 }
 
-func annotationBoolVal(logger logr.Logger, cluster *rayv1.RayCluster, annotation string) bool {
-	val := cluster.ObjectMeta.Annotations[annotation]
+func annotationBoolVal(ctx context.Context, cluster *rayv1.RayCluster, annotation string, defaultValue bool) bool {
+	logger := ctrl.LoggerFrom(ctx)
+	val, exists := cluster.ObjectMeta.Annotations[annotation]
+	if !exists || val == "" {
+		return defaultValue
+	}
 	boolVal, err := strconv.ParseBool(val)
 	if err != nil {
-		logger.Error(err, "Could not convert", annotation, "value to bool", val)
-	}
-	if boolVal {
-		return true
-	} else {
-		return false
+		logger.Error(err, "Could not convert annotation value to bool", "annotation", annotation, "value", val)
+		return defaultValue
 	}
+	return boolVal
 }