diff --git a/torchx/schedulers/kubernetes_mcad_scheduler.py b/torchx/schedulers/kubernetes_mcad_scheduler.py index d99130403..07d7a675d 100644 --- a/torchx/schedulers/kubernetes_mcad_scheduler.py +++ b/torchx/schedulers/kubernetes_mcad_scheduler.py @@ -175,11 +175,13 @@ def role_to_pod( network: Optional[str], ) -> "V1Pod": from kubernetes.client.models import ( # noqa: F811 redefinition of unused + V1ConfigMapVolumeSource, V1Container, V1ContainerPort, V1EmptyDirVolumeSource, V1EnvVar, V1HostPathVolumeSource, + V1KeyToPath, V1LocalObjectReference, V1ObjectMeta, V1PersistentVolumeClaimVolumeSource, @@ -233,9 +235,47 @@ def role_to_pod( medium="Memory", ), ), + V1Volume( + name="odh-trusted-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath(key="ca-bundle.crt", path="odh-custom-ca-bundle.crt") + ], + optional=True, + ), + ), + V1Volume( + name="odh-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[V1KeyToPath(key="odh-ca-bundle.crt", path="odh-ca-bundle.crt")], + optional=True, + ), + ), ] volume_mounts = [ V1VolumeMount(name=SHM_VOL, mount_path="/dev/shm"), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-ca-bundle.crt", + ), ] security_context = V1SecurityContext() diff --git a/torchx/schedulers/test/kubernetes_mcad_scheduler_test.py b/torchx/schedulers/test/kubernetes_mcad_scheduler_test.py index a027cabb9..6c4952239 100644 --- a/torchx/schedulers/test/kubernetes_mcad_scheduler_test.py +++ b/torchx/schedulers/test/kubernetes_mcad_scheduler_test.py @@ -239,11 +239,13 @@ def test_retry_not_set(self) -> None: def test_role_to_pod(self) -> None: from kubernetes.client.models import ( + V1ConfigMapVolumeSource, V1Container, V1ContainerPort, V1EmptyDirVolumeSource, V1EnvVar, V1HostPathVolumeSource, + V1KeyToPath, V1LocalObjectReference, V1ObjectMeta, V1Pod, @@ -313,6 +315,26 @@ def test_role_to_pod(self) -> None: name="dshm", mount_path="/dev/shm", ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-ca-bundle.crt", + ), V1VolumeMount( name="mount-0", mount_path="/dst", @@ -337,6 +359,30 @@ def test_role_to_pod(self) -> None: medium="Memory", ), ), + V1Volume( + name="odh-trusted-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="ca-bundle.crt", path="odh-custom-ca-bundle.crt" + ) + ], + optional=True, + ), + ), + V1Volume( + name="odh-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="odh-ca-bundle.crt", path="odh-ca-bundle.crt" + ) + ], + optional=True, + ), + ), V1Volume( name="mount-0", host_path=V1HostPathVolumeSource( @@ -627,6 +673,18 @@ def test_submit_dryrun(self) -> None: volumeMounts: - mountPath: /dev/shm name: dshm + - mountPath: /etc/pki/tls/certs/odh-trusted-ca-bundle.crt + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/ssl/certs/odh-trusted-ca-bundle.crt + name: odh-trusted-ca-cert + subPath: odh-trusted-ca-bundle.crt + - mountPath: /etc/pki/tls/certs/odh-ca-bundle.crt + name: odh-ca-cert + subPath: odh-ca-bundle.crt + - mountPath: /etc/ssl/certs/odh-ca-bundle.crt + name: odh-ca-cert + subPath: odh-ca-bundle.crt - mountPath: /dst name: mount-0 readOnly: true @@ -641,6 +699,20 @@ def test_submit_dryrun(self) -> None: - emptyDir: medium: Memory name: dshm + - configMap: + items: + - key: ca-bundle.crt + path: odh-custom-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-trusted-ca-cert + - configMap: + items: + - key: odh-ca-bundle.crt + path: odh-ca-bundle.crt + name: odh-trusted-ca-bundle + optional: true + name: odh-ca-cert - hostPath: path: /src name: mount-0 @@ -1258,7 +1330,9 @@ def test_get_role_information_no_volume_mounts( def test_volume_mounts(self) -> None: scheduler = create_scheduler("test") from kubernetes.client.models import ( + V1ConfigMapVolumeSource, V1EmptyDirVolumeSource, + V1KeyToPath, V1PersistentVolumeClaimVolumeSource, V1Volume, V1VolumeMount, @@ -1291,6 +1365,30 @@ def test_volume_mounts(self) -> None: medium="Memory", ), ), + V1Volume( + name="odh-trusted-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="ca-bundle.crt", path="odh-custom-ca-bundle.crt" + ) + ], + optional=True, + ), + ), + V1Volume( + name="odh-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="odh-ca-bundle.crt", path="odh-ca-bundle.crt" + ) + ], + optional=True, + ), + ), V1Volume( name="mount-0", persistent_volume_claim=V1PersistentVolumeClaimVolumeSource( @@ -1306,6 +1404,26 @@ def test_volume_mounts(self) -> None: name="dshm", mount_path="/dev/shm", ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-ca-bundle.crt", + ), V1VolumeMount( name="mount-0", mount_path="/dst", @@ -1317,7 +1435,9 @@ def test_volume_mounts(self) -> None: def test_device_mounts(self) -> None: scheduler = create_scheduler("test") from kubernetes.client.models import ( + V1ConfigMapVolumeSource, V1HostPathVolumeSource, + V1KeyToPath, V1Volume, V1VolumeMount, ) @@ -1344,6 +1464,30 @@ def test_device_mounts(self) -> None: self.assertEqual( pod.spec.volumes[1:], [ + V1Volume( + name="odh-trusted-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="ca-bundle.crt", path="odh-custom-ca-bundle.crt" + ) + ], + optional=True, + ), + ), + V1Volume( + name="odh-ca-cert", + config_map=V1ConfigMapVolumeSource( + name="odh-trusted-ca-bundle", + items=[ + V1KeyToPath( + key="odh-ca-bundle.crt", path="odh-ca-bundle.crt" + ) + ], + optional=True, + ), + ), V1Volume( name="mount-0", host_path=V1HostPathVolumeSource( @@ -1361,6 +1505,26 @@ def test_device_mounts(self) -> None: self.assertEqual( pod.spec.containers[0].volume_mounts[1:], [ + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-trusted-ca-cert", + sub_path="odh-trusted-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-trusted-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/pki/tls/certs/odh-ca-bundle.crt", + ), + V1VolumeMount( + name="odh-ca-cert", + sub_path="odh-ca-bundle.crt", + mount_path="/etc/ssl/certs/odh-ca-bundle.crt", + ), V1VolumeMount( name="mount-0", mount_path="bar",