From a176ec8f8e599af41572ee1926d55aade1b6dcc6 Mon Sep 17 00:00:00 2001 From: tunahanertekin Date: Wed, 4 Sep 2024 16:40:10 +0300 Subject: [PATCH 1/3] refactor(host-network): add host network regex and config props --- internal/shared.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/internal/shared.go b/internal/shared.go index dd006cd..491fa44 100644 --- a/internal/shared.go +++ b/internal/shared.go @@ -176,15 +176,17 @@ const ( VDI_CUSTOM_PORT_RANGE_KEY = "VDI_CUSTOM_PORT_RANGE" NOTEBOOK_CUSTOM_PORT_RANGE_KEY = "NOTEBOOK_CUSTOM_PORT_RANGE" SHARED_MEMORY_SIZE_KEY = "SHARED_MEMORY_SIZE" + HOST_NETWORK_SELECTION_KEY = "USE_HOST_NETWORK" ) // regex const ( - GRANT_PERMISSION_REGEX = "^(/([A-Za-z0-9./_-])+:)*(/[A-Za-z0-9./_-]+)$" - PERSISTENT_DIRS_REGEX = "^(/([A-Za-z0-9./_-])+:)*(/[A-Za-z0-9./_-]+)$" - HOST_DIRS_REGEX = "^(((/[A-Za-z0-9./_-]+):(/[A-Za-z0-9./_-]+))+,)*(((/[A-Za-z0-9./_-]+):(/[A-Za-z0-9./_-]+))+)$" - CUSTOM_PORT_RANGE_REGEX = "^([a-z0-9]{4}-[0-9]{5}:[0-9]{2,5}/)*([a-z0-9]{4}-[0-9]{5}:[0-9]{2,5})$" - SHARED_MEMORY_SIZE_REGEX = "^([0-9]{1,2}Gi)$" + GRANT_PERMISSION_REGEX = "^(/([A-Za-z0-9./_-])+:)*(/[A-Za-z0-9./_-]+)$" + PERSISTENT_DIRS_REGEX = "^(/([A-Za-z0-9./_-])+:)*(/[A-Za-z0-9./_-]+)$" + HOST_DIRS_REGEX = "^(((/[A-Za-z0-9./_-]+):(/[A-Za-z0-9./_-]+))+,)*(((/[A-Za-z0-9./_-]+):(/[A-Za-z0-9./_-]+))+)$" + CUSTOM_PORT_RANGE_REGEX = "^([a-z0-9]{4}-[0-9]{5}:[0-9]{2,5}/)*([a-z0-9]{4}-[0-9]{5}:[0-9]{2,5})$" + SHARED_MEMORY_SIZE_REGEX = "^([0-9]{1,2}Gi)$" + HOST_NETWORK_SELECTION_REGEX = "^(true|false)$" ) // file browser ports From c7c3b3012ac90ece06dc819aa558e32be0f4e536 Mon Sep 17 00:00:00 2001 From: tunahanertekin Date: Wed, 4 Sep 2024 16:54:59 +0300 Subject: [PATCH 2/3] refactor(host-network): validate the field --- pkg/api/roboscale.io/v1alpha1/robot_webhook.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/api/roboscale.io/v1alpha1/robot_webhook.go b/pkg/api/roboscale.io/v1alpha1/robot_webhook.go index ee83fb9..655c930 100644 --- a/pkg/api/roboscale.io/v1alpha1/robot_webhook.go +++ b/pkg/api/roboscale.io/v1alpha1/robot_webhook.go @@ -280,6 +280,16 @@ func (r *Robot) checkAdditionalConfigs() error { } } + if val, ok := r.Spec.AdditionalConfigs[internal.HOST_NETWORK_SELECTION_KEY]; ok && val.ConfigType == AdditionalConfigTypeOperator { + matched, err := regexp.MatchString(internal.HOST_NETWORK_SELECTION_REGEX, val.Value) + if !matched { + return errors.New("cannot set host network, use this pattern " + internal.HOST_NETWORK_SELECTION_REGEX) + } + if err != nil { + return err + } + } + return nil } From bfef7b0a90e63deab480e676b7450a98df6a48e5 Mon Sep 17 00:00:00 2001 From: tunahanertekin Date: Wed, 4 Sep 2024 16:55:26 +0300 Subject: [PATCH 3/3] refactor(host-network): inject the config to the pods --- internal/resources/v1alpha1/notebook.go | 9 ++++++++- internal/resources/v1alpha1/robot_ide.go | 10 +++++++++- internal/resources/v1alpha1/robot_vdi.go | 9 ++++++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/internal/resources/v1alpha1/notebook.go b/internal/resources/v1alpha1/notebook.go index f96f64e..eaf69dd 100644 --- a/internal/resources/v1alpha1/notebook.go +++ b/internal/resources/v1alpha1/notebook.go @@ -82,6 +82,13 @@ func GetNotebookPod(notebook *robotv1alpha1.Notebook, podNamespacedName *types.N if ports, ok := robot.Spec.AdditionalConfigs[internal.NOTEBOOK_CUSTOM_PORT_RANGE_KEY]; ok { containerCfg.InjectCustomPortConfiguration(&nbContainer, ports) } + // apply host network selection + useHostNetwork := false + if hostNetwork, ok := robot.Spec.AdditionalConfigs[internal.HOST_NETWORK_SELECTION_KEY]; ok { + if hostNetwork.Value == "true" { + useHostNetwork = true + } + } nbPod := corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ @@ -90,7 +97,7 @@ func GetNotebookPod(notebook *robotv1alpha1.Notebook, podNamespacedName *types.N Labels: labels, }, Spec: corev1.PodSpec{ - // HostNetwork: notebook.Spec.Privileged, + HostNetwork: useHostNetwork, Containers: []corev1.Container{ nbContainer, }, diff --git a/internal/resources/v1alpha1/robot_ide.go b/internal/resources/v1alpha1/robot_ide.go index 73386bd..254c0a5 100644 --- a/internal/resources/v1alpha1/robot_ide.go +++ b/internal/resources/v1alpha1/robot_ide.go @@ -82,6 +82,14 @@ func GetRobotIDEPod(robotIDE *robotv1alpha1.RobotIDE, podNamespacedName *types.N containerCfg.InjectCustomPortConfiguration(&ideContainer, ports) } + // apply host network selection + useHostNetwork := false + if hostNetwork, ok := robot.Spec.AdditionalConfigs[internal.HOST_NETWORK_SELECTION_KEY]; ok { + if hostNetwork.Value == "true" { + useHostNetwork = true + } + } + idePod := corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: podNamespacedName.Name, @@ -89,7 +97,7 @@ func GetRobotIDEPod(robotIDE *robotv1alpha1.RobotIDE, podNamespacedName *types.N Labels: labels, }, Spec: corev1.PodSpec{ - // HostNetwork: robotIDE.Spec.Privileged, + HostNetwork: useHostNetwork, Containers: []corev1.Container{ ideContainer, }, diff --git a/internal/resources/v1alpha1/robot_vdi.go b/internal/resources/v1alpha1/robot_vdi.go index db7c661..6b105b0 100644 --- a/internal/resources/v1alpha1/robot_vdi.go +++ b/internal/resources/v1alpha1/robot_vdi.go @@ -141,6 +141,13 @@ func GetRobotVDIPod(robotVDI *robotv1alpha1.RobotVDI, podNamespacedName *types.N if ports, ok := robot.Spec.AdditionalConfigs[internal.VDI_CUSTOM_PORT_RANGE_KEY]; ok { containerCfg.InjectCustomPortConfiguration(&vdiContainer, ports) } + // apply host network selection + useHostNetwork := false + if hostNetwork, ok := robot.Spec.AdditionalConfigs[internal.HOST_NETWORK_SELECTION_KEY]; ok { + if hostNetwork.Value == "true" { + useHostNetwork = true + } + } vdiPod := &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ @@ -149,7 +156,7 @@ func GetRobotVDIPod(robotVDI *robotv1alpha1.RobotVDI, podNamespacedName *types.N Labels: labels, }, Spec: corev1.PodSpec{ - // HostNetwork: robotVDI.Spec.Privileged, + HostNetwork: useHostNetwork, Containers: []corev1.Container{ vdiContainer, },