Config API for Kubeflow Trainer controller manager

cmd/trainer-controller-manager/main.go

@@ -23,6 +23,13 @@ import (
 	"net/http"
 	"os"
 
+	"github.com/kubeflow/trainer/pkg/apis/trainer/v1alpha1"
+	trainer "github.com/kubeflow/trainer/pkg/apis/trainer/v1alpha1"
+	"github.com/kubeflow/trainer/pkg/controller"
+	"github.com/kubeflow/trainer/pkg/runtime"
+	runtimecore "github.com/kubeflow/trainer/pkg/runtime/core"
+	"github.com/kubeflow/trainer/pkg/util/cert"
+	webhooks "github.com/kubeflow/trainer/pkg/webhooks"
 	zaplog "go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	apiruntime "k8s.io/apimachinery/pkg/runtime"
@@ -36,13 +43,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	jobsetv1alpha2 "sigs.k8s.io/jobset/api/jobset/v1alpha2"
 	schedulerpluginsv1alpha1 "sigs.k8s.io/scheduler-plugins/apis/scheduling/v1alpha1"
-
-	trainer "github.com/kubeflow/trainer/pkg/apis/trainer/v1alpha1"
-	"github.com/kubeflow/trainer/pkg/controller"
-	"github.com/kubeflow/trainer/pkg/runtime"
-	runtimecore "github.com/kubeflow/trainer/pkg/runtime/core"
-	"github.com/kubeflow/trainer/pkg/util/cert"
-	webhooks "github.com/kubeflow/trainer/pkg/webhooks"
 )
 
 const (
@@ -62,31 +62,25 @@ func init() {
 }
 
 func main() {
-	var metricsAddr string
-	var enableLeaderElection bool
-	var probeAddr string
-	var secureMetrics bool
-	var enableHTTP2 bool
-	var webhookServerPort int
-	var webhookServiceName string
-	var webhookSecretName string
 	var tlsOpts []func(*tls.Config)
 
-	flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
+	trainerCfg := &v1alpha1.TrainerControllerConfig{}
+
+	flag.StringVar(&trainerCfg.ControllerManager.MetricsBindAddress, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+
 		"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.")
-	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
+	flag.StringVar(&trainerCfg.ControllerManager.HealthProbeBindAddress, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
+	flag.BoolVar(&trainerCfg.ControllerManager.LeaderElect, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
-	flag.BoolVar(&secureMetrics, "metrics-secure", true,
+	flag.BoolVar(&trainerCfg.ControllerManager.MetricsSecure, "metrics-secure", true,
 		"If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.")
-	flag.BoolVar(&enableHTTP2, "enable-http2", false,
+	flag.BoolVar(&trainerCfg.ControllerManager.EnableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
 
 	// Cert generation flags
-	flag.IntVar(&webhookServerPort, "webhook-server-port", 9443, "Endpoint port for the webhook server.")
-	flag.StringVar(&webhookServiceName, "webhook-service-name", "kubeflow-trainer-controller-manager", "Name of the Service used as part of the DNSName")
-	flag.StringVar(&webhookSecretName, "webhook-secret-name", "kubeflow-trainer-webhook-cert", "Name of the Secret to store CA  and server certs")
+	flag.IntVar(&trainerCfg.CertGeneration.WebhookServerPort, "webhook-server-port", 9443, "Endpoint port for the webhook server.")
+	flag.StringVar(&trainerCfg.CertGeneration.WebhookServiceName, "webhook-service-name", "training-operator-v2", "Name of the Service used as part of the DNSName")
+	flag.StringVar(&trainerCfg.CertGeneration.WebhookSecretName, "webhook-secret-name", "training-operator-v2-webhook-cert", "Name of the Secret to store CA  and server certs")
 
 	opts := zap.Options{
 		TimeEncoder: zapcore.RFC3339NanoTimeEncoder,
@@ -97,7 +91,7 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
-	if !enableHTTP2 {
+	if !trainerCfg.ControllerManager.EnableHTTP2 {
 		// if the enable-http2 flag is false (the default), http/2 should be disabled
 		// due to its vulnerabilities. More specifically, disabling http/2 will
 		// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
@@ -112,15 +106,15 @@ func main() {
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme: scheme,
 		Metrics: metricsserver.Options{
-			BindAddress:   metricsAddr,
-			SecureServing: secureMetrics,
+			BindAddress:   trainerCfg.ControllerManager.MetricsBindAddress,
+			SecureServing: trainerCfg.ControllerManager.MetricsSecure,
 			TLSOpts:       tlsOpts,
 		},
 		WebhookServer: webhook.NewServer(webhook.Options{
-			Port:    webhookServerPort,
+			Port:    trainerCfg.CertGeneration.WebhookServerPort,
 			TLSOpts: tlsOpts,
 		}),
-		HealthProbeBindAddress: probeAddr,
+		HealthProbeBindAddress: trainerCfg.ControllerManager.HealthProbeBindAddress,
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -129,8 +123,8 @@ func main() {
 
 	certsReady := make(chan struct{})
 	if err = cert.ManageCerts(mgr, cert.Config{
-		WebhookSecretName:        webhookSecretName,
-		WebhookServiceName:       webhookServiceName,
+		WebhookSecretName:        trainerCfg.CertGeneration.WebhookSecretName,
+		WebhookServiceName:       trainerCfg.CertGeneration.WebhookServiceName,
 		WebhookConfigurationName: webhookConfigurationName,
 	}, certsReady); err != nil {
 		setupLog.Error(err, "unable to set up cert rotation")

pkg/apis/trainer/v1alpha1/types.go

@@ -0,0 +1,50 @@
+// Copyright 2024 The Kubeflow Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:defaulter-gen=TypeMeta
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+
+// Package v2alpha1 is the v2alpha1 version of the API.
+// +groupName=trainer.kubeflow.org
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// TrainerControllerConfig represents the configuration for the training operator.
+type TrainerControllerConfig struct {
+	metav1.TypeMeta `json:",inline"`
+
+	ControllerManager *ControllerManager `json:"controllerManager,omitempty"`
+	CertGeneration   *CertGeneration   `json:"certGeneration,omitempty"`
+}
+
+// ControllerManager holds configuration related to the controller manager.
+type ControllerManager struct {
+	MetricsBindAddress      string `json:"metricsBindAddress,omitempty"`
+	HealthProbeBindAddress  string `json:"healthProbeBindAddress,omitempty"`
+	LeaderElect             bool   `json:"leaderElect,omitempty"`
+	MetricsSecure           bool   `json:"metricsSecure,omitempty"`
+	EnableHTTP2             bool   `json:"enableHttp2,omitempty"`
+}
+
+// CertGeneration holds configuration related to webhook server certificate generation.
+type CertGeneration struct {
+	WebhookServerPort  int    `json:"webhookServerPort,omitempty"`
+	WebhookServiceName string `json:"webhookServiceName,omitempty"`
+	WebhookSecretName  string `json:"webhookSecretName,omitempty"`
+}