add additional function which creates network policy

[KPostOffice]

Issue link

What changes have been made

Verification steps

Checks

• I've made sure the tests are passing.
• Testing Strategy
  • Unit tests
  • Manual tests
  • Testing is not required for this change

[etirelli]

I am approving it, but please take a look at my comment. It seems strange to log the error but not return a failure in the reconciliation.

[etirelli]

shouldn't the error be returned? I see the same is done for the previous objects (ClusterRoleBindings, ServiceAccounts, etc)

[franciscojavierarceo]

Just reviewing this and maybe the comment got moved around but was this addressed?

[KPostOffice]

I was planning to open another PR that fixes all the instances of this issue once this is merged

[openshift-ci]

@etirelli: changing LGTM is restricted to collaborators

In response to this:

I am approving it, but please take a look at my comment. It seems strange to log the error but not return a failure in the reconciliation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: etirelli
Once this PR has been reviewed and has the lgtm label, please ask for approval from kpostoffice. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[astefanutti]

We need to expand the list of namespaces where ODH / RHOAI are known to be deployed, e.g. opendatahub.

[astefanutti]

If possible, the DSCInitialization resource should be get to read the .spec.applicationsNamespace field.

[astefanutti]

I don't think relying on the opendatahub.io/generated-namespace label is correct. The ingress traffic should be allowed from the ODH / RHOAI application namespace. So it should either be sourced from the DSCInitilization resource, or defaulted to the well-known namespaces.

[zdtsw]

should we hardcode it opendatahub for ODH and redhat-ods-applications for RHOAI to simplify the logic for now?
and think about how to get it from DSCI later?
i mentioned it in another thread, operator does make this namespace configurable, but unlikely in ODH user will change the default value

[sutaakar]

Can you load DSCI without hardcoding name? This will make code more resilient for possible naming changes.

[zdtsw]

default-dsci is the one created by ODH/RHOAI operator.
99% case i would expect it is using this name, but ofc if user tried to create CR by themselves, that will do.
for the time being, we could hardcode with this name.
a follow up PR can add more logic "check CR, get name, set here"

[sutaakar]

It would be good to provide a component test coverage, though may be added as separate PR.

[sutaakar]

Got error when testing this code for RHOAI:

2024-04-15T13:11:03+02:00	ERROR	Reconciler error	{"controller": "codeflare-raycluster-controller", "controllerGroup": "ray.io", "controllerKind": "RayCluster", "RayCluster": {"name":"jobtest","namespace":"ksuta-test"}, "namespace": "ksuta-test", "name": "jobtest", "reconcileID": "3f44de47-9706-40d1-a470-62a4db9869dc", "error": "no kind is registered for the type v1.DSCInitialization in scheme \"pkg/runtime/scheme.go:100\""}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/home/ksuta/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:324

Was able to fix it by using scheme from dsciv1 "github.com/opendatahub-io/opendatahub-operator/v2/apis/dscinitialization/v1"

[astefanutti]

I think that should be openshift-monitoring instead.

[zdtsw]

does SRE monitoring need access redhat-ods-applications (your ray controller) ? or this is for UWM?

[astefanutti]

/lgtm