Notebook update code + updated integration test (#61)

Notebook Instance Update PR

This is a PR that adds the update operation to the notebook operator and also contains a sample.

How update works:

1. Controller stops the Notebook if its not Stopped already.(Sets a status field "StoppedByControllerMETA") if it did stop the notebook.
2. Controller requeues during intermediate "Stopping" state until it reaches "Stopped"
3. Controller updates the notebook and also sets the StoppedByControllerMETA to "UpdateTriggered" if its not nil.
4. After the update the controller starts the Notebook if StoppedByControllerMETA is "UpdateTriggered".
5. The controller resets the StoppedByControllerMETA status field.

Note:

The update operation is supposed to start the notebook after an update if it was not in a stopped state and keep the notebook in the stopped state if it was in the stopped state prior to an update.

We use a status field StoppedByControllerMETA to keep track of whether the notebook was stopped by a controller and an annotation done_updating to keep track of whether an update has finished. 

Why is StoppedByControllerMETA a status and not an annotation?
After the controller stops a Notebook Instance, it can’t update the notebook because it will usually be in the stopping state and will stay in “Stopping” for at least a minute. Because of this an error is returned as the notebook can only be updated when it is in the stopped state. If we dont return an error the spec gets updated and the controller wont be able to detect a delta.
Currently it is impossible for the controller to update an annotation if an update call has failed. If an update fails the controller patches the resource status and not the metadata(https://github.com/aws-controllers-k8s/runtime/blob/055b089c6a508317ad4bb57ce037dc55061e1829/pkg/runtime/reconciler.go#L235). We can’t also not return an error because that would patch the spec too(which would end up with the controller not calling update).

Note:
Even after 0.7.1, you cant update annotations(metadata) without also updating the spec, we cannot update the spec when we stop the notebook as that would prevent the update from occurring(runtime will not detect a diff).(https://github.com/aws-controllers-k8s/runtime/blob/d7b6e45c7ba9e54664b49f681747abf275a232f9/pkg/runtime/reconciler.go#L587)

Files added:

custom_sdk_api.go: Handles api calls to Sagemaker

Hooks.go: Contains code to requeue and also customsetoutputDescribe which is used to set the resource synced conditions and also used to start the Notebook after an update(if it was not stopped before the update).


notebook_instance/sdk_read_one_post_set_output.go.tpl:
Calls custom_set_describe
notebook_instance/sdk_read_one_pre_set_output.go.tpl. 
sdk_read_one_pre_set_output.go.tpl sets the LifecycleConfigName spec field(code generator does not generate it).

notebook_instance/sdk_update_pre_build_request.go.tpl:
Requeues if in the stopping/updating/pending state. If the Notebook is in the InService state stopNotebookInstance is called, if it does not return an error, the status field StoppedByControllerMETA is set to true.

notebook_instance/sdk_update_post_set_output.go.tpl:
Sets the is_updating status and sets the resource synced condition to false so the controller requeues.
Covered in Create/Delete:
#56

Removed a check for assert for UpdateTriggered because it makes the test much more flakey because update can take as little as a minute at times

————————————————————————————————————

Custom code:
pkg/resource/notebook_instance/custom_set_delta.go : Fills in default values to prevent an update after creation
pkg/resource/notebook_instance/hooks.go :  Contains code to requeue and set sync conditions, also contains custom_set_output_describe that starts a Notebook(after an update).
templates/notebook_instance/sdk_delete_pre_build_request.go.tpl : Stops the notebook and re queues on any state other than Stopped/Failed.

Author: ananth102

apis/v1alpha1/generator.yaml

@@ -652,14 +652,18 @@ resources:
         - InvalidAction
         - UnrecognizedClientException
     hooks:
+      sdk_read_one_post_set_output: 
+        template_path: notebook_instance/sdk_read_one_post_set_output.go.tpl
+      delta_pre_compare:
+        code: customSetDefaults(a, b)
+      sdk_update_pre_build_request:
+        template_path: notebook_instance/sdk_update_pre_build_request.go.tpl
+      sdk_update_post_set_output:
+        code: rm.customSetOutputUpdate(ko, latest)
       sdk_delete_pre_build_request:
         template_path: notebook_instance/sdk_delete_pre_build_request.go.tpl
       sdk_delete_post_request:
         template_path: common/sdk_delete_post_request.go.tpl
-      delta_pre_compare:
-        code: customSetDefaults(a, b)
-      sdk_read_one_post_set_output: 
-        code: rm.customSetOutput(&resource{ko})
     fields:
       NotebookInstanceStatus:
         is_read_only: true
@@ -673,6 +677,11 @@ resources:
         from:
           operation: DescribeNotebookInstance
           path: Url
+      stoppedByControllerMetadata:
+        is_read_only: true
+        from:
+          operation: DescribeNotebookInstance
+          path: Url
       FailureReason:
         is_read_only: true
         print:

apis/v1alpha1/notebook_instance.go

@@ -224,6 +224,10 @@ spec:
               notebookInstanceStatus:
                 description: The status of the notebook instance.
                 type: string
+              stoppedByControllerMetadata:
+                description: The URL that you use to connect to the Jupyter notebook
+                  that is running in your notebook instance.
+                type: string
               url:
                 description: The URL that you use to connect to the Jupyter notebook
                   that is running in your notebook instance.

apis/v1alpha1/zz_generated.deepcopy.go

@@ -652,14 +652,18 @@ resources:
         - InvalidAction
         - UnrecognizedClientException
     hooks:
+      sdk_read_one_post_set_output: 
+        template_path: notebook_instance/sdk_read_one_post_set_output.go.tpl
+      delta_pre_compare:
+        code: customSetDefaults(a, b)
+      sdk_update_pre_build_request:
+        template_path: notebook_instance/sdk_update_pre_build_request.go.tpl
+      sdk_update_post_set_output:
+        code: rm.customSetOutputUpdate(ko, latest)
       sdk_delete_pre_build_request:
         template_path: notebook_instance/sdk_delete_pre_build_request.go.tpl
       sdk_delete_post_request:
         template_path: common/sdk_delete_post_request.go.tpl
-      delta_pre_compare:
-        code: customSetDefaults(a, b)
-      sdk_read_one_post_set_output: 
-        code: rm.customSetOutput(&resource{ko})
     fields:
       NotebookInstanceStatus:
         is_read_only: true
@@ -673,6 +677,11 @@ resources:
         from:
           operation: DescribeNotebookInstance
           path: Url
+      stoppedByControllerMetadata:
+        is_read_only: true
+        from:
+          operation: DescribeNotebookInstance
+          path: Url
       FailureReason:
         is_read_only: true
         print:

config/crd/bases/sagemaker.services.k8s.aws_notebookinstances.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: sagemaker-chart
 description: A Helm chart for the ACK service controller for sagemaker
-version: v0.0.3
-appVersion: v0.0.3
+version: v0.0.4-beta
+appVersion: v0.0.4-beta
 home: https://github.com/aws-controllers-k8s/sagemaker-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

generator.yaml

@@ -0,0 +1,249 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.1
+  creationTimestamp: null
+  name: notebookinstances.sagemaker.services.k8s.aws
+spec:
+  group: sagemaker.services.k8s.aws
+  names:
+    kind: NotebookInstance
+    listKind: NotebookInstanceList
+    plural: notebookinstances
+    singular: notebookinstance
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .status.failureReason
+      name: FAILURE-REASON
+      priority: 1
+      type: string
+    - jsonPath: .status.notebookInstanceStatus
+      name: STATUS
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: NotebookInstance is the Schema for the NotebookInstances API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: NotebookInstanceSpec defines the desired state of NotebookInstance.
+            properties:
+              acceleratorTypes:
+                description: A list of Elastic Inference (EI) instance types to associate
+                  with this notebook instance. Currently, only one instance type can
+                  be associated with a notebook instance. For more information, see
+                  Using Elastic Inference in Amazon SageMaker (https://docs.aws.amazon.com/sagemaker/latest/dg/ei.html).
+                items:
+                  type: string
+                type: array
+              additionalCodeRepositories:
+                description: An array of up to three Git repositories to associate
+                  with the notebook instance. These can be either the names of Git
+                  repositories stored as resources in your account, or the URL of
+                  Git repositories in AWS CodeCommit (https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html)
+                  or in any other Git repository. These repositories are cloned at
+                  the same level as the default repository of your notebook instance.
+                  For more information, see Associating Git Repositories with Amazon
+                  SageMaker Notebook Instances (https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html).
+                items:
+                  type: string
+                type: array
+              defaultCodeRepository:
+                description: A Git repository to associate with the notebook instance
+                  as its default code repository. This can be either the name of a
+                  Git repository stored as a resource in your account, or the URL
+                  of a Git repository in AWS CodeCommit (https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html)
+                  or in any other Git repository. When you open a notebook instance,
+                  it opens in the directory that contains this repository. For more
+                  information, see Associating Git Repositories with Amazon SageMaker
+                  Notebook Instances (https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-git-repo.html).
+                type: string
+              directInternetAccess:
+                description: "Sets whether Amazon SageMaker provides internet access
+                  to the notebook instance. If you set this to Disabled this notebook
+                  instance will be able to access resources only in your VPC, and
+                  will not be able to connect to Amazon SageMaker training and endpoint
+                  services unless your configure a NAT Gateway in your VPC. \n For
+                  more information, see Notebook Instances Are Internet-Enabled by
+                  Default (https://docs.aws.amazon.com/sagemaker/latest/dg/appendix-additional-considerations.html#appendix-notebook-and-internet-access).
+                  You can set the value of this parameter to Disabled only if you
+                  set a value for the SubnetId parameter."
+                type: string
+              instanceType:
+                description: The type of ML compute instance to launch for the notebook
+                  instance.
+                type: string
+              kmsKeyID:
+                description: The Amazon Resource Name (ARN) of a AWS Key Management
+                  Service key that Amazon SageMaker uses to encrypt data on the storage
+                  volume attached to your notebook instance. The KMS key you provide
+                  must be enabled. For information, see Enabling and Disabling Keys
+                  (https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html)
+                  in the AWS Key Management Service Developer Guide.
+                type: string
+              lifecycleConfigName:
+                description: 'The name of a lifecycle configuration to associate with
+                  the notebook instance. For information about lifestyle configurations,
+                  see Step 2.1: (Optional) Customize a Notebook Instance (https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html).'
+                type: string
+              notebookInstanceName:
+                description: The name of the new notebook instance.
+                type: string
+              roleARN:
+                description: "When you send any requests to AWS resources from the
+                  notebook instance, Amazon SageMaker assumes this role to perform
+                  tasks on your behalf. You must grant this role necessary permissions
+                  so Amazon SageMaker can perform these tasks. The policy must allow
+                  the Amazon SageMaker service principal (sagemaker.amazonaws.com)
+                  permissions to assume this role. For more information, see Amazon
+                  SageMaker Roles (https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-roles.html).
+                  \n To be able to pass this role to Amazon SageMaker, the caller
+                  of this API must have the iam:PassRole permission."
+                type: string
+              rootAccess:
+                description: "Whether root access is enabled or disabled for users
+                  of the notebook instance. The default value is Enabled. \n Lifecycle
+                  configurations need root access to be able to set up a notebook
+                  instance. Because of this, lifecycle configurations associated with
+                  a notebook instance always run with root access even if you disable
+                  root access for users."
+                type: string
+              securityGroupIDs:
+                description: The VPC security group IDs, in the form sg-xxxxxxxx.
+                  The security groups must be for the same VPC as specified in the
+                  subnet.
+                items:
+                  type: string
+                type: array
+              subnetID:
+                description: The ID of the subnet in a VPC to which you would like
+                  to have a connectivity from your ML compute instance.
+                type: string
+              tags:
+                description: An array of key-value pairs. You can use tags to categorize
+                  your AWS resources in different ways, for example, by purpose, owner,
+                  or environment. For more information, see Tagging AWS Resources
+                  (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html).
+                items:
+                  description: Describes a tag.
+                  properties:
+                    key:
+                      type: string
+                    value:
+                      type: string
+                  type: object
+                type: array
+              volumeSizeInGB:
+                description: The size, in GB, of the ML storage volume to attach to
+                  the notebook instance. The default value is 5 GB.
+                format: int64
+                type: integer
+            required:
+            - instanceType
+            - notebookInstanceName
+            - roleARN
+            type: object
+          status:
+            description: NotebookInstanceStatus defines the observed state of NotebookInstance
+            properties:
+              ackResourceMetadata:
+                description: All CRs managed by ACK have a common `Status.ACKResourceMetadata`
+                  member that is used to contain resource sync state, account ownership,
+                  constructed ARN for the resource
+                properties:
+                  arn:
+                    description: 'ARN is the Amazon Resource Name for the resource.
+                      This is a globally-unique identifier and is set only by the
+                      ACK service controller once the controller has orchestrated
+                      the creation of the resource OR when it has verified that an
+                      "adopted" resource (a resource where the ARN annotation was
+                      set by the Kubernetes user on the CR) exists and matches the
+                      supplied CR''s Spec field values. TODO(vijat@): Find a better
+                      strategy for resources that do not have ARN in CreateOutputResponse
+                      https://github.com/aws/aws-controllers-k8s/issues/270'
+                    type: string
+                  ownerAccountID:
+                    description: OwnerAccountID is the AWS Account ID of the account
+                      that owns the backend AWS service API resource.
+                    type: string
+                required:
+                - ownerAccountID
+                type: object
+              conditions:
+                description: All CRS managed by ACK have a common `Status.Conditions`
+                  member that contains a collection of `ackv1alpha1.Condition` objects
+                  that describe the various terminal states of the CR and its backend
+                  AWS service API resource
+                items:
+                  description: Condition is the common struct used by all CRDs managed
+                    by ACK service controllers to indicate terminal states  of the
+                    CR and its backend AWS service API resource
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type is the type of the Condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+              failureReason:
+                description: If status is Failed, the reason it failed.
+                type: string
+              notebookInstanceStatus:
+                description: The status of the notebook instance.
+                type: string
+              stoppedByControllerMetadata:
+                description: The URL that you use to connect to the Jupyter notebook
+                  that is running in your notebook instance.
+                type: string
+              url:
+                description: The URL that you use to connect to the Jupyter notebook
+                  that is running in your notebook instance.
+                type: string
+            required:
+            - ackResourceMetadata
+            - conditions
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

helm/Chart.yaml

@@ -262,6 +262,26 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - sagemaker.services.k8s.aws
+  resources:
+  - notebookinstances
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - sagemaker.services.k8s.aws
+  resources:
+  - notebookinstances/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - sagemaker.services.k8s.aws
   resources:

helm/crds/sagemaker.services.k8s.aws_notebookinstances.yaml

@@ -21,6 +21,7 @@ rules:
   - modelpackagegroups
   - modelqualityjobdefinitions
   - monitoringschedules
+  - notebookinstances
   - processingjobs
   - trainingjobs
   - transformjobs