RHOAIENG-33283: Change ConfigMaps to Secrets and exclude .ipynb files in zipping

Author: kryanbeane

.github/workflows/rayjob_e2e_tests.yaml

@@ -115,8 +115,8 @@ jobs:
           kubectl create clusterrolebinding sdk-user-service-reader --clusterrole=service-reader --user=sdk-user
           kubectl create clusterrole port-forward-pods --verb=create --resource=pods/portforward
           kubectl create clusterrolebinding sdk-user-port-forward-pods-binding --clusterrole=port-forward-pods --user=sdk-user
-          kubectl create clusterrole configmap-manager --verb=get,list,create,delete,update,patch --resource=configmaps
-          kubectl create clusterrolebinding sdk-user-configmap-manager --clusterrole=configmap-manager --user=sdk-user
+          kubectl create clusterrole secret-manager --verb=get,list,create,delete,update,patch --resource=secrets
+          kubectl create clusterrolebinding sdk-user-secret-manager --clusterrole=secret-manager --user=sdk-user
           kubectl create clusterrole workload-reader --verb=get,list,watch --resource=workloads
           kubectl create clusterrolebinding sdk-user-workload-reader --clusterrole=workload-reader --user=sdk-user
           kubectl config use-context sdk-user

src/codeflare_sdk/ray/rayjobs/config.py

@@ -24,6 +24,8 @@
 from kubernetes.client import (
     V1ConfigMapVolumeSource,
     V1KeyToPath,
+    V1LocalObjectReference,
+    V1SecretVolumeSource,
     V1Toleration,
     V1Volume,
     V1VolumeMount,
@@ -415,8 +417,6 @@ def _build_pod_spec(self, container: V1Container, is_head: bool) -> V1PodSpec:
 
         # Add image pull secrets if specified
         if hasattr(self, "image_pull_secrets") and self.image_pull_secrets:
-            from kubernetes.client import V1LocalObjectReference
-
             pod_spec.image_pull_secrets = [
                 V1LocalObjectReference(name=secret)
                 for secret in self.image_pull_secrets
@@ -448,12 +448,12 @@ def _build_env_vars(self) -> list:
         """Build environment variables list."""
         return [V1EnvVar(name=key, value=value) for key, value in self.envs.items()]
 
-    def add_file_volumes(self, configmap_name: str, mount_path: str = MOUNT_PATH):
+    def add_file_volumes(self, secret_name: str, mount_path: str = MOUNT_PATH):
         """
         Add file volume and mount references to cluster configuration.
 
         Args:
-            configmap_name: Name of the ConfigMap containing files
+            secret_name: Name of the Secret containing files
             mount_path: Where to mount files in containers (default: /home/ray/scripts)
         """
         # Check if file volume already exists
@@ -478,7 +478,7 @@ def add_file_volumes(self, configmap_name: str, mount_path: str = MOUNT_PATH):
 
         # Add file volume to cluster configuration
         file_volume = V1Volume(
-            name=volume_name, config_map=V1ConfigMapVolumeSource(name=configmap_name)
+            name=volume_name, secret=V1SecretVolumeSource(secret_name=secret_name)
         )
         self.volumes.append(file_volume)
 
@@ -487,36 +487,37 @@ def add_file_volumes(self, configmap_name: str, mount_path: str = MOUNT_PATH):
         self.volume_mounts.append(file_mount)
 
         logger.info(
-            f"Added file volume '{configmap_name}' to cluster config: mount_path={mount_path}"
+            f"Added file volume '{secret_name}' to cluster config: mount_path={mount_path}"
         )
 
-    def validate_configmap_size(self, files: Dict[str, str]) -> None:
+    def validate_secret_size(self, files: Dict[str, str]) -> None:
         total_size = sum(len(content.encode("utf-8")) for content in files.values())
         if total_size > 1024 * 1024:  # 1MB
             raise ValueError(
-                f"ConfigMap size exceeds 1MB limit. Total size: {total_size} bytes"
+                f"Secret size exceeds 1MB limit. Total size: {total_size} bytes"
             )
 
-    def build_file_configmap_spec(
+    def build_file_secret_spec(
         self, job_name: str, namespace: str, files: Dict[str, str]
     ) -> Dict[str, Any]:
         """
-        Build ConfigMap specification for files
+        Build Secret specification for files
 
         Args:
-            job_name: Name of the RayJob (used for ConfigMap naming)
+            job_name: Name of the RayJob (used for Secret naming)
             namespace: Kubernetes namespace
             files: Dictionary of file_name -> file_content
 
         Returns:
-            Dict: ConfigMap specification ready for Kubernetes API
+            Dict: Secret specification ready for Kubernetes API
         """
-        configmap_name = f"{job_name}-files"
+        secret_name = f"{job_name}-files"
         return {
             "apiVersion": "v1",
-            "kind": "ConfigMap",
+            "kind": "Secret",
+            "type": "Opaque",
             "metadata": {
-                "name": configmap_name,
+                "name": secret_name,
                 "namespace": namespace,
                 "labels": {
                     "ray.io/job-name": job_name,
@@ -528,19 +529,19 @@ def build_file_configmap_spec(
         }
 
     def build_file_volume_specs(
-        self, configmap_name: str, mount_path: str = MOUNT_PATH
+        self, secret_name: str, mount_path: str = MOUNT_PATH
     ) -> Tuple[Dict[str, Any], Dict[str, Any]]:
         """
         Build volume and mount specifications for files
 
         Args:
-            configmap_name: Name of the ConfigMap containing files
+            secret_name: Name of the Secret containing files
             mount_path: Where to mount files in containers
 
         Returns:
             Tuple of (volume_spec, mount_spec) as dictionaries
         """
-        volume_spec = {"name": "ray-job-files", "configMap": {"name": configmap_name}}
+        volume_spec = {"name": "ray-job-files", "secret": {"secretName": secret_name}}
 
         mount_spec = {"name": "ray-job-files", "mountPath": mount_path}
 

src/codeflare_sdk/ray/rayjobs/rayjob.py

@@ -31,7 +31,7 @@
 from python_client.kuberay_cluster_api import RayClusterApi
 from codeflare_sdk.ray.rayjobs.config import ManagedClusterConfig
 from codeflare_sdk.ray.rayjobs.runtime_env import (
-    create_file_configmap,
+    create_file_secret,
     extract_all_local_files,
     process_runtime_env,
 )
@@ -169,10 +169,10 @@ def submit(self) -> str:
         # Extract files from entrypoint and runtime_env working_dir
         files = extract_all_local_files(self)
 
-        # Create ConfigMap for files (will be mounted to submitter pod)
-        configmap_name = None
+        # Create Secret for files (will be mounted to submitter pod)
+        secret_name = None
         if files:
-            configmap_name = f"{self.name}-files"
+            secret_name = f"{self.name}-files"
 
         rayjob_cr = self._build_rayjob_cr()
 
@@ -182,9 +182,9 @@ def submit(self) -> str:
         if result:
             logger.info(f"Successfully submitted RayJob {self.name}")
 
-            # Create ConfigMap with owner reference after RayJob exists
+            # Create Secret with owner reference after RayJob exists
             if files:
-                create_file_configmap(self, files, result)
+                create_file_secret(self, files, result)
 
             return self.name
         else:
@@ -285,10 +285,10 @@ def _build_rayjob_cr(self) -> Dict[str, Any]:
 
         # Add submitterPodTemplate if we have files to mount
         if files:
-            configmap_name = f"{self.name}-files"
+            secret_name = f"{self.name}-files"
             rayjob_cr["spec"][
                 "submitterPodTemplate"
-            ] = self._build_submitter_pod_template(files, configmap_name)
+            ] = self._build_submitter_pod_template(files, secret_name)
 
         # Configure cluster: either use existing or create new
         if self._cluster_config is not None:
@@ -311,17 +311,17 @@ def _build_rayjob_cr(self) -> Dict[str, Any]:
         return rayjob_cr
 
     def _build_submitter_pod_template(
-        self, files: Dict[str, str], configmap_name: str
+        self, files: Dict[str, str], secret_name: str
     ) -> Dict[str, Any]:
         """
-        Build submitterPodTemplate with ConfigMap volume mount for local files.
+        Build submitterPodTemplate with Secret volume mount for local files.
 
         If files contain working_dir.zip, an init container will unzip it before
         the main submitter container runs.
 
         Args:
             files: Dict of file_name -> file_content
-            configmap_name: Name of the ConfigMap containing the files
+            secret_name: Name of the Secret containing the files
 
         Returns:
             submitterPodTemplate specification
@@ -337,8 +337,8 @@ def _build_submitter_pod_template(
         ):
             image = self._cluster_config.image
 
-        # Build ConfigMap items for each file
-        config_map_items = []
+        # Build Secret items for each file
+        secret_items = []
         entrypoint_path = files.get(
             "__entrypoint_path__"
         )  # Metadata for single file case
@@ -349,9 +349,9 @@ def _build_submitter_pod_template(
 
             # For single file case, use the preserved path structure
             if entrypoint_path:
-                config_map_items.append({"key": file_name, "path": entrypoint_path})
+                secret_items.append({"key": file_name, "path": entrypoint_path})
             else:
-                config_map_items.append({"key": file_name, "path": file_name})
+                secret_items.append({"key": file_name, "path": file_name})
 
         # Check if we need to unzip working_dir
         has_working_dir_zip = "working_dir.zip" in files
@@ -378,9 +378,9 @@ def _build_submitter_pod_template(
                 "volumes": [
                     {
                         "name": "ray-job-files",
-                        "configMap": {
-                            "name": configmap_name,
-                            "items": config_map_items,
+                        "secret": {
+                            "secretName": secret_name,
+                            "items": secret_items,
                         },
                     }
                 ],