Add script to sync the Kustomize manifests from manifests templated b…

…y the trainer Helm chart

Signed-off-by: Yi Chen <[email protected]>

Makefile

@@ -141,6 +141,9 @@ test-python-integration: ## Run Python integration test.
 	pytest ./test/integration/initializer
 
 ##@ Helm
+.PHONY: sync-manifests
+sync-manifests: ## Sync Kustomize manifests from manifests templated from Helm chart.
+	hack/sync-manifests.sh
 
 .PHONY: helm-unittest
 helm-unittest: helm-unittest-plugin ## Run Helm chart unittests.

charts/trainer/templates/controller/_helpers.tpl

@@ -45,41 +45,6 @@ app.kubernetes.io/component: controller
 {{- end }}
 {{- end -}}
 
-{{/*
-Create the name of the controller service account.
-*/}}
-{{- define "trainer.controller.serviceAccountName" -}}
-{{ include "trainer.controller.name" . }}
-{{- end -}}
-
-{{/*
-Create the name of the controller cluster role.
-*/}}
-{{- define "trainer.controller.clusterRoleName" -}}
-{{ include "trainer.controller.name" . }}
-{{- end -}}
-
-{{/*
-Create the name of the controller cluster role binding.
-*/}}
-{{- define "trainer.controller.clusterRoleBindingName" -}}
-{{ include "trainer.controller.name" . }}
-{{- end -}}
-
-{{/*
-Create the name of the controller role.
-*/}}
-{{- define "trainer.controller.roleName" -}}
-{{ include "trainer.controller.name" . }}
-{{- end -}}
-
-{{/*
-Create the name of the controller role binding.
-*/}}
-{{- define "trainer.controller.roleBindingName" -}}
-{{ include "trainer.controller.name" . }}
-{{- end -}}
-
 {{/*
 Create the name of the controller deployment.
 */}}
@@ -90,24 +55,3 @@ Create the name of the controller deployment.
 {{- define "trainer.controller.serviceName" -}}
 {{ include "trainer.controller.name" . }}-service
 {{- end -}}
-
-{{/*
-Create the name of the webhook.
-*/}}
-{{- define "trainer.webhook.name" -}}
-{{ include "trainer.name" . }}-webhook
-{{- end -}}
-
-{{/*
-Create the name of the webhook secret.
-*/}}
-{{- define "trainer.webhook.secretName" -}}
-{{ include "trainer.webhook.name" . }}-cert
-{{- end -}}
-
-{{/*
-Create the name of the validating webhook configuration.
-*/}}
-{{- define "trainer.validatingWebhookConfigurationName" -}}
-validator.trainer.kubeflow.org
-{{- end -}}

charts/trainer/templates/rbac/_helpers.tpl

@@ -0,0 +1,50 @@
+{{/*
+Copyright 2024 The Kubeflow authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+Create the name of the controller service account.
+*/}}
+{{- define "trainer.controller.serviceAccountName" -}}
+{{ include "trainer.controller.name" . }}
+{{- end -}}
+
+{{/*
+Create the name of the controller cluster role.
+*/}}
+{{- define "trainer.controller.clusterRoleName" -}}
+{{ include "trainer.controller.name" . }}
+{{- end -}}
+
+{{/*
+Create the name of the controller cluster role binding.
+*/}}
+{{- define "trainer.controller.clusterRoleBindingName" -}}
+{{ include "trainer.controller.name" . }}
+{{- end -}}
+
+{{/*
+Create the name of the controller role.
+*/}}
+{{- define "trainer.controller.roleName" -}}
+{{ include "trainer.controller.name" . }}
+{{- end -}}
+
+{{/*
+Create the name of the controller role binding.
+*/}}
+{{- define "trainer.controller.roleBindingName" -}}
+{{ include "trainer.controller.name" . }}
+{{- end -}}

charts/trainer/templates/controller/rbac.yaml → charts/trainer/templates/rbac/clusterrole.yaml

@@ -18,6 +18,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ include "trainer.controller.clusterRoleName" . }}
+  labels:
+    {{- include "trainer.controller.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ""
@@ -92,49 +94,3 @@ rules:
   - get
   - update
   - patch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "trainer.controller.clusterRoleBindingName" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "trainer.controller.clusterRoleName" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "trainer.controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "trainer.controller.roleName" . }}
-  namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "trainer.controller.roleBindingName" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "trainer.controller.roleName" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "trainer.controller.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}

charts/trainer/templates/rbac/clusterrolebinding.yaml

@@ -0,0 +1,30 @@
+{{/*
+Copyright 2024 The Kubeflow authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "trainer.controller.clusterRoleBindingName" . }}
+  labels:
+    {{- include "trainer.controller.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "trainer.controller.clusterRoleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "trainer.controller.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/trainer/templates/rbac/role.yaml

@@ -0,0 +1,33 @@
+{{/*
+Copyright 2024 The Kubeflow authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "trainer.controller.roleName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "trainer.controller.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - update

charts/trainer/templates/rbac/rolebinding.yaml

@@ -0,0 +1,31 @@
+{{/*
+Copyright 2024 The Kubeflow authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "trainer.controller.roleBindingName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "trainer.controller.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "trainer.controller.roleName" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "trainer.controller.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/trainer/templates/webhook/_helpers.tpl

@@ -0,0 +1,45 @@
+{{/*
+Copyright 2024 The Kubeflow authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+Create the name of the webhook.
+*/}}
+{{- define "trainer.webhook.name" -}}
+{{ include "trainer.name" . }}-webhook
+{{- end -}}
+
+{{/*
+Common labels for the webhook.
+*/}}
+{{- define "trainer.webhook.labels" -}}
+{{ include "trainer.labels" . }}
+app.kubernetes.io/part-of: kubeflow
+app.kubernetes.io/component: webhook
+{{- end -}}
+
+{{/*
+Create the name of the webhook secret.
+*/}}
+{{- define "trainer.webhook.secretName" -}}
+{{ include "trainer.webhook.name" . }}-cert
+{{- end -}}
+
+{{/*
+Create the name of the validating webhook configuration.
+*/}}
+{{- define "trainer.validatingWebhookConfigurationName" -}}
+{{ include "trainer.name" . }}-validating-webhook
+{{- end -}}

charts/trainer/templates/controller/secret.yaml → charts/trainer/templates/webhook/secret.yaml

@@ -20,6 +20,8 @@ kind: Secret
 metadata:
   name: {{ include "trainer.webhook.secretName" . }}
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "trainer.webhook.labels" . | nindent 4 }}
 data:
   ca.crt: ""
   ca.key: ""

charts/trainer/templates/controller/validatingwebhookconfiguration.yaml → charts/trainer/templates/webhook/validatingwebhookconfiguration.yaml

@@ -19,6 +19,8 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: {{ include "trainer.validatingWebhookConfigurationName" . }}
+  labels:
+    {{- include "trainer.webhook.labels" . | nindent 4 }}
 webhooks:
 - name: validator.clustertrainingruntime.trainer.kubeflow.org
   admissionReviewVersions:

charts/trainer/values.yaml

@@ -31,7 +31,7 @@ image:
   # -- Image registry.
   registry: docker.io
   # -- Image repository.
-  repository: kubeflow/trainer-controller-controller
+  repository: kubeflow/trainer-controller-manager
   # -- Image tag.
   # @default -- If not set, the chart appVersion will be used.
   tag: latest