WIP

Author: TQJADE

migration/apache-spark-app-generate-policy.yaml

@@ -0,0 +1,68 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: apache-spark-app-generate
+spec:
+  rules:
+    - name: generate-apache-spark-app
+      match:
+        all:
+          - resources:
+              kinds:
+                - sparkoperator.k8s.io/v1beta2/SparkApplication
+              operations:
+                - CREATE
+      context:
+        - name: driverLabels
+          variable:
+            value: "{{ request.object.spec.driver.labels || `{}`}}"
+        - name: driverLabelsConfValues
+          variable:
+            value: "{{ driverLabels | values(@) }}"
+        - name: driverLabelsConfKeys
+          variable:
+            value: '{{ map(&join(`""`, [`"spark.kubernetes.driver.labels."`, @]), keys({{driverLabels}}))}}'
+        - name: driverLabelsConf
+          variable:
+            value: '{{object_from_lists({{driverLabelsConfKeys}}, {{driverLabelsConfValues}})}})'
+        - name: jobName
+          variable:
+            jmesPath: request.object.metadata.name
+        - name: sparkVersion
+          variable:
+            jmesPath: request.object.spec.sparkVersion
+        - name: dynamicAllocationEnabledConf
+          variable:
+            jmesPath: '{"spark.dynamicAllocation.enabled": to_string(`{{request.object.spec.dynamicAllocation.enabled || false}}`)}'
+        - name: executorInstancesContains
+          variable:
+            jmesPath: "`{{request.object.spec.executor.instances || `0`}}` != `0`"
+        - name: executorInstancesConf
+          variable:
+            jmesPath: '[{"key": `true`, "value": {"spark.executor.instances": to_string(`{{request.object.spec.executor.instances || "foo"}}`)}}, {"key": `false`, "value": `{}`}][?key==`{{executorInstancesContains}}`]|[0].value'
+      reportProperties:
+        sparkAppName: '`{{ jobName }}`'
+      generate:
+        kind: SparkApplication
+        apiVersion: spark.apache.org/v1alpha1
+        name: "{{ request.object.metadata.name }}"
+        namespace: "{{ request.object.metadata.namespace }}"
+        data:
+          kind: SparkApplication
+          apiVersion: spark.apache.org/v1alpha1
+          metadata:
+            ownerReferences:
+              - apiVersion: sparkoperator.k8s.io/v1beta2
+                kind: SparkApplication
+                name: "{{request.object.metadata.name}}"
+                uid: "{{request.object.metadata.uid}}"
+            name: "{{ request.object.metadata.name }}"
+            namespace: "{{ request.object.metadata.namespace }}"
+            labels: "{{ request.object.metadata.labels || `{}`}}"
+          spec:
+            mainClass: "{{ request.object.spec.mainClass }}"
+            jars: "{{ request.object.spec.mainApplicationFile }}"
+            driverArgs: "{{ request.object.spec.arguments }}"
+            sparkConf: "{{ merge(`{{request.object.spec.sparkConf}}`, `{{ executorInstancesConf }}`, `{{ dynamicAllocationEnabledConf }}`, `{{ driverLabelsConf }}`)}}"
+            runtimeVersions:
+              sparkVersion: "{{ sparkVersion }}"

migration/foo.yaml

@@ -0,0 +1,33 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: test
+spec:
+  rules:
+    - name: test
+      match:
+        all:
+          - resources:
+              kinds:
+                - sparkoperator.k8s.io/v1beta2/SparkApplication
+              operations:
+                - CREATE
+      context:
+        - name: driverLabels
+          variable:
+            value: "{{ request.object.spec.driver.labels || `{}`}}"
+        - name: driverLabelsConfValues3
+          variable:
+            value: "{{ driverLabels | values(@) }}"
+      generate:
+        apiVersion: v1
+        kind: ConfigMap
+        namespace: "default"
+        name: test
+        data:
+          apiVersion: v1
+          kind: ConfigMap
+          metadata:
+            name: test
+          data:
+            qi: "join(``, {{ driverLabelsConfValues3 }})"

spark-pi.json

@@ -0,0 +1,38 @@
+{
+  "apiVersion": "sparkoperator.k8s.io/v1beta2",
+  "kind": "SparkApplication",
+  "metadata": {
+    "name": "spark-pi",
+    "namespace": "default"
+  },
+  "spec": {
+    "type": "Scala",
+    "mode": "cluster",
+    "image": "spark:3.5.2",
+    "mainClass": "org.apache.spark.examples.SparkPi",
+    "mainApplicationFile": "local:///opt/spark/examples/jars/spark-examples_2.12-3.5.2.jar",
+    "sparkConf": {
+      "spark.eventLog.enabled": "true",
+      "spark.eventLog.dir": "hdfs://hdfs-namenode-1:8020/spark/spark-events"
+    },
+    "arguments": [
+      "5000"
+    ],
+    "sparkVersion": "3.5.2",
+    "driver": {
+      "labels": {
+        "version": "3.5.2"
+      },
+      "cores": 1,
+      "memory": "512m",
+      "serviceAccount": "spark"
+    },
+    "executor": {
+      "labels": {
+        "version": "3.5.2"
+      },
+      "cores": 2,
+      "memory": "512m"
+    }
+  }
+}

tests/e2e/assertions/spark-application/spark-apache-pi.yaml

@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: spark.apache.org/v1alpha1
+kind: SparkApplication
+metadata:
+  name: spark-pi
+  namespace: default
+  ownerReferences:
+    - apiVersion: "sparkoperator.k8s.io/v1beta2"
+      kind: "SparkApplication"
+      name: "spark-pi"
+#      uid: "*"
+spec:
+  mainClass: "org.apache.spark.examples.SparkPi"
+  jars: "local:///opt/spark/examples/jars/spark-examples_2.12-3.5.2.jar"
+  driverArgs: [ "5000" ]
+  sparkConf:
+    spark.eventLog.enabled: "true"
+    spark.eventLog.dir: "hdfs://hdfs-namenode-1:8020/spark/spark-events"
+    spark.kubernetes.container.image: "spark:3.5.2"
+    spark.kubernetes.driver.label.version: "3.5.2"
+    spark.kubernetes.driver.label.nodeType: "p1"
+    spark.driver.cores: "1"
+    spark.driver.memory: "512m"
+    spark.kubernetes.authenticate.driver.serviceAccountName: "spark"
+    spark.executor.memory: "512m"
+    spark.executor.instances: "10"
+    spark.executor.cores: "2"
+  runtimeVersions:
+    sparkVersion: "3.5.2"

tests/e2e/migration/chainsaw-test.yaml

@@ -0,0 +1,43 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: chainsaw.kyverno.io/v1alpha1
+kind: Test
+metadata:
+  name: add-spark-k8s-operator-cr
+spec:
+  steps:
+    - try:
+        - apply:
+            file: https://raw.githubusercontent.com/kubeflow/spark-operator/refs/heads/master/config/crd/bases/sparkoperator.k8s.io_sparkapplications.yaml
+        - apply:
+            file: kyverno-rbac.yaml
+        - apply:
+            file: "../../../migration/apache-spark-app-generate-policy.yaml"
+        - create:
+            file: spark-kubeflow-pi.yaml
+        - assert:
+            timeout: 2m
+            file: "../assertions/spark-application/spark-apache-pi.yaml"
+      finally:
+        - script:
+            timeout: 20s
+            content: |
+              kubectl delete sparkapplication.sparkoperator.k8s.io spark-pi -n default
+              kubectl delete sparkapplication.spark.apache.org spark-pi -n default
+              kubectl delete crd sparkapplications.sparkoperator.k8s.io
+              kubectl delete clusterpolicy apache-spark-app-generate

tests/e2e/migration/kyverno-rbac.yaml

@@ -0,0 +1,70 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: spark-application-watcher
+rules:
+  - apiGroups:
+      - "spark.apache.org"
+    resources:
+      - "sparkapplications"
+      - "sparkapplications/status"
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - "sparkoperator.k8s.io"
+    resources:
+      - "sparkapplications"
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kyverno-background-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: spark-application-watcher
+subjects:
+  - kind: ServiceAccount
+    name: kyverno-background-controller
+    namespace: kyverno
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kyverno-reporter-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: spark-application-watcher
+subjects:
+  - kind: ServiceAccount
+    name: kyverno-reports-controller
+    namespace: kyverno

tests/e2e/migration/spark-kubeflow-pi.yaml

@@ -0,0 +1,45 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: sparkoperator.k8s.io/v1beta2
+kind: SparkApplication
+metadata:
+  name: spark-pi
+  namespace: default
+spec:
+  type: Scala
+  mode: cluster
+  image: spark:3.5.2
+  mainClass: org.apache.spark.examples.SparkPi
+  mainApplicationFile: local:///opt/spark/examples/jars/spark-examples_2.12-3.5.2.jar
+  sparkConf:
+    spark.eventLog.enabled: "true"
+    spark.eventLog.dir: "hdfs://hdfs-namenode-1:8020/spark/spark-events"
+  arguments:
+    - "5000"
+  sparkVersion: 3.5.2
+  driver:
+    labels:
+      version: 3.5.2
+      nodeType: p1
+    cores: 1
+    memory: 512m
+    serviceAccount: spark
+  executor:
+    instances: 10
+    cores: 2
+    memory: 512m