configure webhook names (NVIDIA#564)

* Add webhook configuration name customization

- Added optional fields in Admission, PodGroupController, and QueueController to specify webhook configuration names.

Author: enoodle

CHANGELOG.md

@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
 ### Added
 - Added parent reference to SubGroup struct in PodGroup CRD to create a hierarchical SubGroup structure
+- Added the option to configure the names of the webhook configuration resources.
 
 ### Fixed
 - Fixed a bug where the scheduler would not re-try updating podgroup status after failure

deployments/kai-scheduler/crds/kai.scheduler_configs.yaml

@@ -48,6 +48,10 @@ spec:
                     description: GPUSharing enables GPU sharing functionality for
                       the admission service
                     type: boolean
+                  mutatingWebhookConfigurationName:
+                    description: MutatingWebhookConfigurationName is the name of the
+                      MutatingWebhookConfiguration for the admission service
+                    type: string
                   queueLabelSelector:
                     description: QueueLabelSelector enables the queue label MatchExpression
                       in webhooks
@@ -153,6 +157,10 @@ spec:
                             type: object
                         type: object
                     type: object
+                  validatingWebhookConfigurationName:
+                    description: ValidatingWebhookConfigurationName is the name of
+                      the ValidatingWebhookConfiguration for the admission service
+                    type: string
                   webhook:
                     description: Webhook defines configuration for the admission service
                     properties:
@@ -1846,7 +1854,13 @@ spec:
                       controller webhooks
                     properties:
                       enableValidation:
+                        description: EnableValidation enables the validation webhook
+                          for the pod group controller
                         type: boolean
+                      webhookConfigurationNamePrefix:
+                        description: WebhookConfigurationNamePrefix is the prefix
+                          used for webhook configuration names
+                        type: string
                     type: object
                 type: object
               podGrouper:
@@ -2162,7 +2176,13 @@ spec:
                       controller webhooks
                     properties:
                       enableValidation:
+                        description: EnableValidation enables the validation webhook
+                          for the queue controller
                         type: boolean
+                      webhookConfigurationNamePrefix:
+                        description: WebhookConfigurationNamePrefix is the prefix
+                          used for webhook configuration names
+                        type: string
                     type: object
                 type: object
               scheduler:

pkg/apis/kai/v1/admission/admission.go

@@ -11,7 +11,9 @@ import (
 )
 
 const (
-	imageName = "admission"
+	imageName                    = "admission"
+	defaultValidatingWebhookName = "validating-kai-admission"
+	defaultMutatingWebhookName   = "mutating-kai-admission"
 )
 
 type Admission struct {
@@ -32,6 +34,14 @@ type Admission struct {
 	// QueueLabelSelector enables the queue label MatchExpression in webhooks
 	// +kubebuilder:validation:Optional
 	QueueLabelSelector *bool `json:"queueLabelSelector,omitempty"`
+
+	// ValidatingWebhookConfigurationName is the name of the ValidatingWebhookConfiguration for the admission service
+	// +kubebuilder:validation:Optional
+	ValidatingWebhookConfigurationName *string `json:"validatingWebhookConfigurationName,omitempty"`
+
+	// MutatingWebhookConfigurationName is the name of the MutatingWebhookConfiguration for the admission service
+	// +kubebuilder:validation:Optional
+	MutatingWebhookConfigurationName *string `json:"mutatingWebhookConfigurationName,omitempty"`
 }
 
 func (b *Admission) SetDefaultsWhereNeeded(replicaCount *int32) {
@@ -47,6 +57,9 @@ func (b *Admission) SetDefaultsWhereNeeded(replicaCount *int32) {
 	b.Replicas = common.SetDefault(b.Replicas, ptr.To(ptr.Deref(replicaCount, 1)))
 	b.GPUSharing = common.SetDefault(b.GPUSharing, ptr.To(false))
 	b.QueueLabelSelector = common.SetDefault(b.QueueLabelSelector, ptr.To(false))
+
+	b.ValidatingWebhookConfigurationName = common.SetDefault(b.ValidatingWebhookConfigurationName, ptr.To(defaultValidatingWebhookName))
+	b.MutatingWebhookConfigurationName = common.SetDefault(b.MutatingWebhookConfigurationName, ptr.To(defaultMutatingWebhookName))
 }
 
 // Webhook defines configuration for the admission webhook

pkg/apis/kai/v1/admission/zz_generated.deepcopy.go

@@ -13,7 +13,8 @@ import (
 )
 
 const (
-	imageName = "podgroupcontroller"
+	imageName                      = "podgroupcontroller"
+	defaultValidatingWebhookPrefix = "kai-podgroup-validation-"
 )
 
 type PodGroupController struct {
@@ -96,9 +97,16 @@ func (p *PortMapping) SetDefaultsWhereNeeded() {
 }
 
 type PodGroupControllerWebhooks struct {
+	// EnableValidation enables the validation webhook for the pod group controller
+	// +kubebuilder:validation:Optional
 	EnableValidation *bool `json:"enableValidation,omitempty"`
+
+	// WebhookConfigurationNamePrefix is the prefix used for webhook configuration names
+	// +kubebuilder:validation:Optional
+	WebhookConfigurationNamePrefix *string `json:"webhookConfigurationNamePrefix,omitempty"`
 }
 
 func (q *PodGroupControllerWebhooks) SetDefaultsWhereNeeded() {
 	q.EnableValidation = common.SetDefault(q.EnableValidation, ptr.To(true))
+	q.WebhookConfigurationNamePrefix = common.SetDefault(q.WebhookConfigurationNamePrefix, ptr.To(defaultValidatingWebhookPrefix))
 }

pkg/apis/kai/v1/pod_group_controller/pod_group_controller.go

@@ -12,7 +12,8 @@ import (
 )
 
 const (
-	imageName = "queuecontroller"
+	imageName                      = "queuecontroller"
+	defaultValidatingWebhookPrefix = "kai-queue-validation-"
 )
 
 type QueueController struct {
@@ -110,9 +111,16 @@ func (p *PortMapping) SetDefaultsWhereNeeded() {
 }
 
 type QueueControllerWebhooks struct {
+	// EnableValidation enables the validation webhook for the queue controller
+	// +kubebuilder:validation:Optional
 	EnableValidation *bool `json:"enableValidation,omitempty"`
+
+	// WebhookConfigurationNamePrefix is the prefix used for webhook configuration names
+	// +kubebuilder:validation:Optional
+	WebhookConfigurationNamePrefix *string `json:"webhookConfigurationNamePrefix,omitempty"`
 }
 
 func (q *QueueControllerWebhooks) SetDefaultsWhereNeeded() {
 	q.EnableValidation = common.SetDefault(q.EnableValidation, ptr.To(true))
+	q.WebhookConfigurationNamePrefix = common.SetDefault(q.WebhookConfigurationNamePrefix, ptr.To(defaultValidatingWebhookPrefix))
 }

pkg/apis/kai/v1/pod_group_controller/zz_generated.deepcopy.go

@@ -25,12 +25,10 @@ import (
 )
 
 const (
-	mainResourceName                         = "admission"
-	mutatorWebhookKAIAdmissionResourceName   = "mutating-kai-admission"
-	validatorWebhookKAIAdmissionResourceName = "validating-kai-admission"
-	kaiAdmissionWebhookSecretName            = "kai-admission-webhook-tls-secret"
-	certKey                                  = "tls.crt"
-	keyKey                                   = "tls.key"
+	mainResourceName              = "admission"
+	kaiAdmissionWebhookSecretName = "kai-admission-webhook-tls-secret"
+	certKey                       = "tls.crt"
+	keyKey                        = "tls.key"
 )
 
 func deploymentForKAIConfig(
@@ -198,11 +196,12 @@ func mutatingWCForKAIConfig(
 	secret *v1.Secret, webhookName string,
 ) ([]client.Object, error) {
 	mutatingWebhookConfiguration := &admissionv1.MutatingWebhookConfiguration{}
-	err := runtimeClient.Get(ctx, types.NamespacedName{Name: mutatorWebhookKAIAdmissionResourceName}, mutatingWebhookConfiguration)
+	webhookConfigurationName := *kaiConfig.Spec.Admission.MutatingWebhookConfigurationName
+	err := runtimeClient.Get(ctx, types.NamespacedName{Name: webhookConfigurationName}, mutatingWebhookConfiguration)
 	if client.IgnoreNotFound(err) != nil {
 		return nil, err
 	}
-	mutatingWebhookConfiguration.Name = mutatorWebhookKAIAdmissionResourceName
+	mutatingWebhookConfiguration.Name = webhookConfigurationName
 
 	if mutatingWebhookConfiguration.Labels == nil {
 		mutatingWebhookConfiguration.Labels = map[string]string{}
@@ -244,12 +243,13 @@ func validatingWCForKAIConfig(
 	secret *v1.Secret, webhookName string,
 ) ([]client.Object, error) {
 	validatingWebhookConfiguration := &admissionv1.ValidatingWebhookConfiguration{}
-	err := runtimeClient.Get(ctx, types.NamespacedName{Name: validatorWebhookKAIAdmissionResourceName},
+	webhookConfigurationName := *kaiConfig.Spec.Admission.ValidatingWebhookConfigurationName
+	err := runtimeClient.Get(ctx, types.NamespacedName{Name: webhookConfigurationName},
 		validatingWebhookConfiguration)
 	if client.IgnoreNotFound(err) != nil {
 		return nil, err
 	}
-	validatingWebhookConfiguration.Name = validatorWebhookKAIAdmissionResourceName
+	validatingWebhookConfiguration.Name = webhookConfigurationName
 
 	if validatingWebhookConfiguration.Labels == nil {
 		validatingWebhookConfiguration.Labels = map[string]string{}

pkg/apis/kai/v1/queue_controller/queue_controller.go

@@ -28,8 +28,7 @@ const (
 	appName        = deploymentName
 	serviceName    = deploymentName
 
-	validatingWebhookPrefix = "kai-podgroup-validation-"
-	podGroupWebhookName     = "podgroup-validation.kai.scheduler"
+	podGroupWebhookName = "podgroup-validation.kai.scheduler"
 
 	secretName = "podgroup-webhook-tls-secret"
 	certKey    = "tls.crt"
@@ -163,7 +162,7 @@ func validatingWCForKAIConfig(
 	for _, version := range constants.PodGroupValidatedVersions() {
 		validatingWebhookConfiguration := &admissionv1.ValidatingWebhookConfiguration{}
 
-		webhookName := fmt.Sprintf("%s%s", validatingWebhookPrefix, version)
+		webhookName := fmt.Sprintf("%s%s", *kaiConfig.Spec.PodGroupController.Webhooks.WebhookConfigurationNamePrefix, version)
 		err = runtimeClient.Get(ctx, types.NamespacedName{Name: webhookName}, validatingWebhookConfiguration)
 		if client.IgnoreNotFound(err) != nil {
 			return nil, err