search

boozallen / aissemble

Booz Allen's lean manufacturing approach for holistically designing, developing and fielding AI solutions across the engineering lifecycle from data processing to model building, tuning, and training to secure operational deployment
Other
34 stars 8 forks source link

BUG: The spark operator doesnt have write access for certain apigroups #273

Closed J-Clingerman closed 2 months ago

J-Clingerman commented 2 months ago

Description

The sparkoperator rbac.yaml chart was updated for downstream projects. For the api group, apiextensions.k8s.io, the rule is set to only get resources. The pipeline-invocation-service, which uses the sparkoperator, requires create access to create a pipeline. This issue causes the following error when attempting to create a pipeline via the pipeline-invocation service:

customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:default:sparkoperator" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope 

Definition of Done

Testing Steps

mvn archetype:generate \ -DarchetypeGroupId=com.boozallen.aissemble \ -DarchetypeArtifactId=foundation-archetype \ -DarchetypeVersion=1.9.0-SNAPSHOT \ -DgroupId=com.issue273 \ -DartifactId=issue273 \ -DprojectGitUrl=url \ -DprojectName=issue273 

- Add the below SimpleDataDeliveryExample.json pipeline to issue273/src/main/resources/pipelines

{ "name":"SimpleDataDeliveryExample", "package":"com.boozallen.aissemble.documentation", "type":{ "name":"data-flow", "implementation":"data-delivery-spark" }, "steps":[ { "name":"IngestData", "type":"synchronous", "dataProfiling":{ "enabled":false } } ] }

- Run `mvn clean install` and resolve all manual steps 

## Verify the rbac.yaml contents in the zip file

- Check the **rbac.yaml** file under <project-name>**/src/main/resources/apps/spark-operator/charts**
  - **Note**: This is a .tgz file and some IDEs auto view this file. If yours doesnt, use the following command to unzip the file:
  - `tar -xvzf aissemble-spark-operator-chart-1.9.0-SNAPSHOT.tgz `
- In the unzipped directory, **aissemble-spark-operator-chart/charts/spark-operator/templates**, look for the **rbac.yaml** file. Ensure that you see the **get**, **create**, **delete**, and **update** under the 
**apiextensions.k8s.io** apigroup

## Test the pipeline-invocation service

- Run the tilt command and wait for the resources to be set up: `tilt up`
- Once the resources are complete, run a health check and trigger the pipeline-invocation-service:
- **Health Check**
  - The service can be accessed through an HTTP GET request
    - Using Postman:
    - Set the URL to http://localhost:8085/invoke-pipeline/healthcheck
    - Set the Action to **GET**
  - You should see: **Service Available** in the bottom section of Postman

- **Trigger the pipeline-invocation-service**
  -The service can be accessed through an HTTP POSTrequest
    - Using Postman:
    - Set the URL to http://localhost:8085/invoke-pipeline/start-spark-operator-job
    - Set the Action to **POST**
    - Set the body type to JSON 
    - Set the body content to: `{"applicationName": "simple-data-delivery-example",  "profile": "dev"}`
  - To confirm that the `simple-data-delivery-example` was installed successfully, you should see the following log when you look at the **pipeline-invocation-service** pod logs:

NAME: simple-data-delivery-example LAST DEPLOYED:     NAMESPACE: default     STATUS: deployed     REVISION: 1     TEST SUITE: None

J-Clingerman commented 2 months ago

DOD completed with @cwoods-cpointe

J-Clingerman commented 2 months ago

OTS completed with @cwoods-cpointe