diff --git a/Makefile b/Makefile index ba4aa3af18..62e5924aa4 100644 --- a/Makefile +++ b/Makefile @@ -11,18 +11,24 @@ endif SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) REPO := github.com/kubeflow/trainer -TRAINER_CHART_PATH := charts/trainer +TRAINER_CHART_DIR := charts/trainer -## Location to install binaries -LOCALBIN ?= $(shell pwd)/bin +# Location to install tool binaries +LOCALBIN ?= $(PROJECT_DIR)/bin -## Versions +# Tool versions +CONTROLLER_GEN_VERSION ?= v0.16.5 +ENVTEST_VERSION ?= release-0.19 +ENVTEST_K8S_VERSION ?= 1.31 HELM_VERSION ?= v3.15.3 HELM_UNITTEST_VERSION ?= 0.5.1 HELM_DOCS_VERSION ?= v1.14.2 -## Binaries +# Tool binaries +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_GEN_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) HELM ?= $(LOCALBIN)/helm-$(HELM_VERSION) HELM_DOCS ?= $(LOCALBIN)/helm-docs-$(HELM_DOCS_VERSION) @@ -44,24 +50,6 @@ help: ## Display this help. ##@ Development -PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) - -# Tool Binaries -LOCALBIN ?= $(PROJECT_DIR)/bin -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen -ENVTEST ?= $(LOCALBIN)/setup-envtest - -ENVTEST_K8S_VERSION ?= 1.31 - -# Instructions to download tools for development. -.PHONY: envtest -envtest: ## Download the setup-envtest binary if required. - GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.19 - -.PHONY: controller-gen -controller-gen: ## Download the controller-gen binary if required. - GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.16.5 - # Download external CRDs for Go integration testings. EXTERNAL_CRDS_DIR ?= $(PROJECT_DIR)/manifests/external-crds @@ -147,7 +135,7 @@ sync-manifests: ## Sync Kustomize manifests from manifests templated from Helm c .PHONY: helm-unittest helm-unittest: helm-unittest-plugin ## Run Helm chart unittests. - $(HELM) unittest $(TRAINER_CHART_PATH) --strict --file "tests/**/*_test.yaml" + $(HELM) unittest $(TRAINER_CHART_DIR) --strict --file "tests/**/*_test.yaml" .PHONY: helm-lint helm-lint: ## Run Helm chart lint test. @@ -159,6 +147,14 @@ helm-docs: helm-docs-plugin ## Generates markdown documentation for helm charts ##@ Dependencies +.PHONY: envtest +envtest: ## Download the setup-envtest binary if necessary. + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: controller-gen +controller-gen: ## Download the controller-gen binary if necessary. + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_GEN_VERSION)) + .PHONY: helm helm: $(HELM) ## Download helm locally if necessary. $(HELM): $(LOCALBIN) diff --git a/manifests/base/rbac/role.yaml b/manifests/base/rbac/role.yaml index 6716c2f6c5..77c8151eaa 100644 --- a/manifests/base/rbac/role.yaml +++ b/manifests/base/rbac/role.yaml @@ -1,23 +1,72 @@ -# Source: kubeflow-trainer/templates/rbac/role.yaml +--- apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: - name: kubeflow-trainer-controller - namespace: kubeflow-system - labels: - app.kubernetes.io/name: kubeflow-trainer - app.kubernetes.io/instance: kubeflow-trainer - app.kubernetes.io/version: "2.0.0" - app.kubernetes.io/managed-by: Kustomize - app.kubernetes.io/part-of: kubeflow - app.kubernetes.io/component: controller + name: kubeflow-trainer-controller-manager rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - update + - watch +- apiGroups: + - jobset.x-k8s.io + resources: + - jobsets + verbs: + - create + - get + - list + - watch +- apiGroups: + - scheduling.x-k8s.io + resources: + - podgroups + verbs: + - create + - get + - list + - watch +- apiGroups: + - trainer.kubeflow.org + resources: + - clustertrainingruntimes + - trainingruntimes + verbs: + - get + - list + - watch +- apiGroups: + - trainer.kubeflow.org + resources: + - trainjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - trainer.kubeflow.org + resources: + - trainjobs/finalizers + - trainjobs/status + verbs: + - get + - patch + - update diff --git a/manifests/base/webhook/manifests.yaml b/manifests/base/webhook/manifests.yaml new file mode 100644 index 0000000000..721773af05 --- /dev/null +++ b/manifests/base/webhook/manifests.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-trainer-kubeflow-org-v1alpha1-clustertrainingruntime + failurePolicy: Fail + name: validator.clustertrainingruntime.trainer.kubeflow.org + rules: + - apiGroups: + - trainer.kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clustertrainingruntimes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-trainer-kubeflow-org-v1alpha1-trainingruntime + failurePolicy: Fail + name: validator.trainingruntime.trainer.kubeflow.org + rules: + - apiGroups: + - trainer.kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - trainingruntimes + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-trainer-kubeflow-org-v1alpha1-trainjob + failurePolicy: Fail + name: validator.trainjob.trainer.kubeflow.org + rules: + - apiGroups: + - trainer.kubeflow.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - trainjobs + sideEffects: None