diff --git a/manifests/v1alpha3/katib-controller/rbac.yaml b/manifests/v1alpha3/katib-controller/rbac.yaml index f2bf88a3ba2..ec56d617735 100644 --- a/manifests/v1alpha3/katib-controller/rbac.yaml +++ b/manifests/v1alpha3/katib-controller/rbac.yaml @@ -11,6 +11,7 @@ rules: - services - secrets - events + - namespaces verbs: - "*" - apiGroups: diff --git a/pkg/webhook/v1alpha3/common/const.go b/pkg/webhook/v1alpha3/common/const.go new file mode 100644 index 00000000000..2ec4b28efaa --- /dev/null +++ b/pkg/webhook/v1alpha3/common/const.go @@ -0,0 +1,22 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package common + +const ( + KatibMetricsCollectorInjection = "katib-metricscollector-injection" + KatibMetricsCollectorInjectionEnabled = "enabled" +) diff --git a/pkg/webhook/v1alpha3/experiment/validation_webhook.go b/pkg/webhook/v1alpha3/experiment/validation_webhook.go index 5af160c2fee..345dc3b5dbc 100644 --- a/pkg/webhook/v1alpha3/experiment/validation_webhook.go +++ b/pkg/webhook/v1alpha3/experiment/validation_webhook.go @@ -18,8 +18,11 @@ package experiment import ( "context" + "fmt" "net/http" + v1 "k8s.io/api/core/v1" + ktypes "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/runtime/inject" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -27,6 +30,7 @@ import ( experimentsv1alpha3 "github.com/kubeflow/katib/pkg/apis/controller/experiments/v1alpha3" "github.com/kubeflow/katib/pkg/controller.v1alpha3/experiment/manifest" + "github.com/kubeflow/katib/pkg/webhook/v1alpha3/common" "github.com/kubeflow/katib/pkg/webhook/v1alpha3/experiment/validator" ) @@ -51,6 +55,26 @@ func (v *experimentValidator) Handle(ctx context.Context, req types.Request) typ if err != nil { return admission.ErrorResponse(http.StatusBadRequest, err) } + + // After metrics collector sidecar injection in Job level done, delete validation for namespace labels + ns := &v1.Namespace{} + if err := v.client.Get(context.TODO(), ktypes.NamespacedName{Name: req.AdmissionRequest.Namespace}, ns); err != nil { + return admission.ErrorResponse(http.StatusInternalServerError, err) + } + validNS := true + if ns.Labels == nil { + validNS = false + } else { + if v, ok := ns.Labels[common.KatibMetricsCollectorInjection]; !ok || v != common.KatibMetricsCollectorInjectionEnabled { + validNS = false + } + } + if !validNS { + err = fmt.Errorf("Cannot create the Experiment %q in namespace %q: the namespace lacks label \"%s: %s\"", + inst.Name, req.AdmissionRequest.Namespace, common.KatibMetricsCollectorInjection, common.KatibMetricsCollectorInjectionEnabled) + return admission.ErrorResponse(http.StatusBadRequest, err) + } + err = v.ValidateExperiment(inst) if err != nil { return admission.ErrorResponse(http.StatusBadRequest, err) diff --git a/pkg/webhook/v1alpha3/webhook.go b/pkg/webhook/v1alpha3/webhook.go index 814261d1e14..fdd93cd877e 100644 --- a/pkg/webhook/v1alpha3/webhook.go +++ b/pkg/webhook/v1alpha3/webhook.go @@ -26,14 +26,13 @@ import ( experimentsv1alpha3 "github.com/kubeflow/katib/pkg/apis/controller/experiments/v1alpha3" "github.com/kubeflow/katib/pkg/controller.v1alpha3/consts" + "github.com/kubeflow/katib/pkg/webhook/v1alpha3/common" "github.com/kubeflow/katib/pkg/webhook/v1alpha3/experiment" "github.com/kubeflow/katib/pkg/webhook/v1alpha3/pod" ) const ( - katibControllerName = "katib-controller" - katibMetricsCollectorInjection = "katib-metricscollector-injection" - katibMetricsCollectorInjectionEnabled = "enabled" + katibControllerName = "katib-controller" ) func AddToManager(m manager.Manager) error { @@ -91,7 +90,7 @@ func register(manager manager.Manager, server *webhook.Server) error { } nsSelector := &metav1.LabelSelector{ MatchLabels: map[string]string{ - katibMetricsCollectorInjection: katibMetricsCollectorInjectionEnabled, + common.KatibMetricsCollectorInjection: common.KatibMetricsCollectorInjectionEnabled, }, } injectWebhook, err := builder.NewWebhookBuilder().