diff --git a/docs/detailed-documentation/cluster/auth.html b/docs/detailed-documentation/cluster/auth.html index be649e789..61d199e52 100644 --- a/docs/detailed-documentation/cluster/auth.html +++ b/docs/detailed-documentation/cluster/auth.html @@ -65,6 +65,8 @@

Module codeflare_sdk.cluster.auth

global config_path config_path = None +WORKBENCH_CA_CERT_PATH = "/etc/pki/tls/custom-certs/ca-bundle.crt" + class Authentication(metaclass=abc.ABCMeta): """ @@ -124,7 +126,17 @@

Module codeflare_sdk.cluster.auth

self.token = token self.server = server self.skip_tls = skip_tls - self.ca_cert_path = ca_cert_path + self.ca_cert_path = self._gen_ca_cert_path(ca_cert_path) + + def _gen_ca_cert_path(self, ca_cert_path: str): + if ca_cert_path is not None: + return ca_cert_path + elif "CF_SDK_CA_CERT_PATH" in os.environ: + return os.environ.get("CF_SDK_CA_CERT_PATH") + elif os.path.exists(WORKBENCH_CA_CERT_PATH): + return WORKBENCH_CA_CERT_PATH + else: + return None def login(self) -> str: """ @@ -139,10 +151,20 @@

Module codeflare_sdk.cluster.auth

configuration.api_key_prefix["authorization"] = "Bearer" configuration.host = self.server configuration.api_key["authorization"] = self.token - if self.skip_tls == False and self.ca_cert_path == None: + + if not self.skip_tls: + if self.ca_cert_path is None: + configuration.ssl_ca_cert = None + elif os.path.isfile(self.ca_cert_path): + print( + f"Authenticated with certificate located at {self.ca_cert_path}" + ) + configuration.ssl_ca_cert = self.ca_cert_path + else: + raise FileNotFoundError( + f"Certificate file not found at {self.ca_cert_path}" + ) configuration.verify_ssl = True - elif self.skip_tls == False: - configuration.ssl_ca_cert = self.ca_cert_path else: urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) print("Insecure request warnings have been disabled") @@ -551,7 +573,17 @@

Methods

self.token = token self.server = server self.skip_tls = skip_tls - self.ca_cert_path = ca_cert_path + self.ca_cert_path = self._gen_ca_cert_path(ca_cert_path) + + def _gen_ca_cert_path(self, ca_cert_path: str): + if ca_cert_path is not None: + return ca_cert_path + elif "CF_SDK_CA_CERT_PATH" in os.environ: + return os.environ.get("CF_SDK_CA_CERT_PATH") + elif os.path.exists(WORKBENCH_CA_CERT_PATH): + return WORKBENCH_CA_CERT_PATH + else: + return None def login(self) -> str: """ @@ -566,10 +598,20 @@

Methods

configuration.api_key_prefix["authorization"] = "Bearer" configuration.host = self.server configuration.api_key["authorization"] = self.token - if self.skip_tls == False and self.ca_cert_path == None: + + if not self.skip_tls: + if self.ca_cert_path is None: + configuration.ssl_ca_cert = None + elif os.path.isfile(self.ca_cert_path): + print( + f"Authenticated with certificate located at {self.ca_cert_path}" + ) + configuration.ssl_ca_cert = self.ca_cert_path + else: + raise FileNotFoundError( + f"Certificate file not found at {self.ca_cert_path}" + ) configuration.verify_ssl = True - elif self.skip_tls == False: - configuration.ssl_ca_cert = self.ca_cert_path else: urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) print("Insecure request warnings have been disabled") @@ -622,10 +664,20 @@

Methods

configuration.api_key_prefix["authorization"] = "Bearer" configuration.host = self.server configuration.api_key["authorization"] = self.token - if self.skip_tls == False and self.ca_cert_path == None: + + if not self.skip_tls: + if self.ca_cert_path is None: + configuration.ssl_ca_cert = None + elif os.path.isfile(self.ca_cert_path): + print( + f"Authenticated with certificate located at {self.ca_cert_path}" + ) + configuration.ssl_ca_cert = self.ca_cert_path + else: + raise FileNotFoundError( + f"Certificate file not found at {self.ca_cert_path}" + ) configuration.verify_ssl = True - elif self.skip_tls == False: - configuration.ssl_ca_cert = self.ca_cert_path else: urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) print("Insecure request warnings have been disabled") diff --git a/docs/detailed-documentation/cluster/cluster.html b/docs/detailed-documentation/cluster/cluster.html index efb6ccfed..07aea5360 100644 --- a/docs/detailed-documentation/cluster/cluster.html +++ b/docs/detailed-documentation/cluster/cluster.html @@ -573,6 +573,9 @@

Module codeflare_sdk.cluster.cluster

mcad=mcad, write_to_file=write_to_file, verify_tls=verify_tls, + local_queue=rc["metadata"] + .get("labels", dict()) + .get("kueue.x-k8s.io/queue-name", None), ) return Cluster(cluster_config) @@ -592,10 +595,10 @@

Module codeflare_sdk.cluster.cluster

.get("headGroupSpec", {}) .get("enableIngress") ) - if resource["kind"] == "RayCluster" and enable_ingress is not False: + if resource["kind"] == "RayCluster" and enable_ingress is True: name = resource["metadata"]["name"] print( - f"Forbidden: RayCluster '{name}' has 'enableIngress' set to 'True' or is unset." + f"Forbidden: RayCluster '{name}' has 'enableIngress' set to 'True'." ) return _create_resources(yamls, namespace, api_instance) @@ -662,14 +665,26 @@

Module codeflare_sdk.cluster.cluster

print("Unable to find current namespace") return None else: - try: - _, active_context = config.list_kube_config_contexts(config_check()) - except Exception as e: - return _kube_api_error_handling(e) - try: - return active_context["context"]["namespace"] - except KeyError: - return None + if os.path.isfile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"): + try: + file = open( + "/var/run/secrets/kubernetes.io/serviceaccount/namespace", "r" + ) + active_context = file.readline().strip("\n") + return active_context + except Exception as e: + print( + "unable to gather namespace from /var/run/secrets/kubernetes.io/serviceaccount/namespace trying to gather from current context" + ) + else: + try: + _, active_context = config.list_kube_config_contexts(config_check()) + except Exception as e: + return _kube_api_error_handling(e) + try: + return active_context["context"]["namespace"] + except KeyError: + return None def get_cluster( @@ -1070,14 +1085,26 @@

Functions

print("Unable to find current namespace") return None else: - try: - _, active_context = config.list_kube_config_contexts(config_check()) - except Exception as e: - return _kube_api_error_handling(e) - try: - return active_context["context"]["namespace"] - except KeyError: - return None + if os.path.isfile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"): + try: + file = open( + "/var/run/secrets/kubernetes.io/serviceaccount/namespace", "r" + ) + active_context = file.readline().strip("\n") + return active_context + except Exception as e: + print( + "unable to gather namespace from /var/run/secrets/kubernetes.io/serviceaccount/namespace trying to gather from current context" + ) + else: + try: + _, active_context = config.list_kube_config_contexts(config_check()) + except Exception as e: + return _kube_api_error_handling(e) + try: + return active_context["context"]["namespace"] + except KeyError: + return None
@@ -1640,6 +1667,9 @@

Classes

mcad=mcad, write_to_file=write_to_file, verify_tls=verify_tls, + local_queue=rc["metadata"] + .get("labels", dict()) + .get("kueue.x-k8s.io/queue-name", None), ) return Cluster(cluster_config) @@ -1659,10 +1689,10 @@

Classes

.get("headGroupSpec", {}) .get("enableIngress") ) - if resource["kind"] == "RayCluster" and enable_ingress is not False: + if resource["kind"] == "RayCluster" and enable_ingress is True: name = resource["metadata"]["name"] print( - f"Forbidden: RayCluster '{name}' has 'enableIngress' set to 'True' or is unset." + f"Forbidden: RayCluster '{name}' has 'enableIngress' set to 'True'." ) return _create_resources(yamls, namespace, api_instance) @@ -2010,6 +2040,9 @@

Methods

mcad=mcad, write_to_file=write_to_file, verify_tls=verify_tls, + local_queue=rc["metadata"] + .get("labels", dict()) + .get("kueue.x-k8s.io/queue-name", None), ) return Cluster(cluster_config) diff --git a/docs/detailed-documentation/utils/generate_yaml.html b/docs/detailed-documentation/utils/generate_yaml.html index 141901016..b2a3af84e 100644 --- a/docs/detailed-documentation/utils/generate_yaml.html +++ b/docs/detailed-documentation/utils/generate_yaml.html @@ -339,6 +339,26 @@

Module codeflare_sdk.utils.generate_yaml

) +def local_queue_exists(namespace: str, local_queue_name: str): + # get all local queues in the namespace + try: + config_check() + api_instance = client.CustomObjectsApi(api_config_handler()) + local_queues = api_instance.list_namespaced_custom_object( + group="kueue.x-k8s.io", + version="v1beta1", + namespace=namespace, + plural="localqueues", + ) + except Exception as e: # pragma: no cover + return _kube_api_error_handling(e) + # check if local queue with the name provided in cluster config exists + for lq in local_queues["items"]: + if lq["metadata"]["name"] == local_queue_name: + return True + return False + + def write_components( user_yaml: dict, output_file_name: str, @@ -355,6 +375,10 @@

Module codeflare_sdk.utils.generate_yaml

open(output_file_name, "w").close() lq_name = local_queue or get_default_kueue_name(namespace) cluster_labels = labels + if not local_queue_exists(namespace, lq_name): + raise ValueError( + "local_queue provided does not exist or is not in this namespace. Please provide the correct local_queue name in Cluster Configuration" + ) with open(output_file_name, "a") as outfile: for component in components: if "generictemplate" in component: @@ -386,6 +410,10 @@

Module codeflare_sdk.utils.generate_yaml

components = user_yaml.get("spec", "resources")["resources"].get("GenericItems") lq_name = local_queue or get_default_kueue_name(namespace) cluster_labels = labels + if not local_queue_exists(namespace, lq_name): + raise ValueError( + "local_queue provided does not exist or is not in this namespace. Please provide the correct local_queue name in Cluster Configuration" + ) for component in components: if "generictemplate" in component: if ( @@ -748,6 +776,10 @@

Functions

components = user_yaml.get("spec", "resources")["resources"].get("GenericItems") lq_name = local_queue or get_default_kueue_name(namespace) cluster_labels = labels + if not local_queue_exists(namespace, lq_name): + raise ValueError( + "local_queue provided does not exist or is not in this namespace. Please provide the correct local_queue name in Cluster Configuration" + ) for component in components: if "generictemplate" in component: if ( @@ -770,6 +802,35 @@

Functions

return user_yaml +
+def local_queue_exists(namespace: str, local_queue_name: str) +
+
+
+
+ +Expand source code + +
def local_queue_exists(namespace: str, local_queue_name: str):
+    # get all local queues in the namespace
+    try:
+        config_check()
+        api_instance = client.CustomObjectsApi(api_config_handler())
+        local_queues = api_instance.list_namespaced_custom_object(
+            group="kueue.x-k8s.io",
+            version="v1beta1",
+            namespace=namespace,
+            plural="localqueues",
+        )
+    except Exception as e:  # pragma: no cover
+        return _kube_api_error_handling(e)
+    # check if local queue with the name provided in cluster config exists
+    for lq in local_queues["items"]:
+        if lq["metadata"]["name"] == local_queue_name:
+            return True
+    return False
+
+
def read_template(template)
@@ -1091,6 +1152,10 @@

Functions

open(output_file_name, "w").close() lq_name = local_queue or get_default_kueue_name(namespace) cluster_labels = labels + if not local_queue_exists(namespace, lq_name): + raise ValueError( + "local_queue provided does not exist or is not in this namespace. Please provide the correct local_queue name in Cluster Configuration" + ) with open(output_file_name, "a") as outfile: for component in components: if "generictemplate" in component: @@ -1158,6 +1223,7 @@

Index

  • is_openshift_cluster
  • load_appwrapper
  • load_components
    • +
  • local_queue_exists
  • read_template
  • update_affinity
  • update_custompodresources