feat(scheduledsparkapplication): configurable timestampPrecision (nan…

charts/spark-operator-chart/README.md

@@ -96,17 +96,10 @@ See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall) for command docum
 | controller.workers | int | `10` | Reconcile concurrency, higher values might increase memory usage. |
 | controller.logLevel | string | `"info"` | Configure the verbosity of logging, can be one of `debug`, `info`, `error`. |
 | controller.logEncoder | string | `"console"` | Configure the encoder of logging, can be one of `console` or `json`. |
-| controller.driverPodCreationGracePeriod | string | `"10s"` | Grace period after a successful spark-submit when driver pod not found errors will be retried. Useful if the driver pod can take some time to be created. |
-| controller.maxTrackedExecutorPerApp | int | `1000` | Specifies the maximum number of Executor pods that can be tracked by the controller per SparkApplication. |
-| controller.uiService.enable | bool | `true` | Specifies whether to create service for Spark web UI. |
-| controller.uiIngress.enable | bool | `false` | Specifies whether to create ingress for Spark web UI. `controller.uiService.enable` must be `true` to enable ingress. |
-| controller.uiIngress.urlFormat | string | `""` | Ingress URL format. Required if `controller.uiIngress.enable` is true. |
-| controller.uiIngress.ingressClassName | string | `""` | Optionally set the ingressClassName. |
-| controller.uiIngress.tls | list | `[]` | Optionally set default TLS configuration for the Spark UI's ingress. `ingressTLS` in the SparkApplication spec overrides this. |
-| controller.uiIngress.annotations | object | `{}` | Optionally set default ingress annotations for the Spark UI's ingress. `ingressAnnotations` in the SparkApplication spec overrides this. |
 | controller.batchScheduler.enable | bool | `false` | Specifies whether to enable batch scheduler for spark jobs scheduling. If enabled, users can specify batch scheduler name in spark application. |
 | controller.batchScheduler.kubeSchedulerNames | list | `[]` | Specifies a list of kube-scheduler names for scheduling Spark pods. |
 | controller.batchScheduler.default | string | `""` | Default batch scheduler to be used if not specified by the user. If specified, this value must be either "volcano" or "yunikorn". Specifying any other value will cause the controller to error on startup. |
+| controller.scheduledSparkApplication.timestampPrecision | string | `"nanos"` | Default timestamp precision for the ScheduledSparkApplication name suffix. Can be one of `nanos`, `micros`, `millis`, `seconds`, `minutes`. Defaults to `nanos` to preserve current behavior. |
 | controller.serviceAccount.create | bool | `true` | Specifies whether to create a service account for the controller. |
 | controller.serviceAccount.name | string | `""` | Optional name for the controller service account. |
 | controller.serviceAccount.annotations | object | `{}` | Extra annotations for the controller service account. |

charts/spark-operator-chart/templates/controller/deployment.yaml

@@ -69,6 +69,7 @@ spec:
         {{- end }}
         - --controller-threads={{ .Values.controller.workers }}
         - --enable-ui-service={{ .Values.controller.uiService.enable }}
+        - --scheduled-sa-timestamp-precision={{ .Values.controller.scheduledSparkApplication.timestampPrecision }}
         {{- if .Values.controller.uiIngress.enable }}
         {{- with .Values.controller.uiIngress.urlFormat }}
         - --ingress-url-format={{ . }}

charts/spark-operator-chart/values.yaml

@@ -82,35 +82,6 @@ controller:
   # -- Configure the encoder of logging, can be one of `console` or `json`.
   logEncoder: console
 
-  # -- Grace period after a successful spark-submit when driver pod not found errors will be retried. Useful if the driver pod can take some time to be created.
-  driverPodCreationGracePeriod: 10s
-
-  # -- Specifies the maximum number of Executor pods that can be tracked by the controller per SparkApplication.
-  maxTrackedExecutorPerApp: 1000
-
-  uiService:
-    # -- Specifies whether to create service for Spark web UI.
-    enable: true
-
-  uiIngress:
-    # -- Specifies whether to create ingress for Spark web UI.
-    # `controller.uiService.enable` must be `true` to enable ingress.
-    enable: false
-    # -- Ingress URL format.
-    # Required if `controller.uiIngress.enable` is true.
-    urlFormat: ""
-    # -- Optionally set the ingressClassName.
-    ingressClassName: ""
-    # -- Optionally set default TLS configuration for the Spark UI's ingress. `ingressTLS` in the SparkApplication spec overrides this.
-    tls: []
-    # - hosts:
-    #   - "*.example.com"
-    #   secretName: "example-secret"
-    # -- Optionally set default ingress annotations for the Spark UI's ingress. `ingressAnnotations` in the SparkApplication spec overrides this.
-    annotations: {}
-      # key1: value1
-      # key2: value2
-
   batchScheduler:
     # -- Specifies whether to enable batch scheduler for spark jobs scheduling.
     # If enabled, users can specify batch scheduler name in spark application.
@@ -123,6 +94,13 @@ controller:
     # value will cause the controller to error on startup.
     default: ""
 
+  # ScheduledSparkApplication controller configurations.
+  scheduledSparkApplication:
+    # -- Default timestamp precision for the ScheduledSparkApplication name suffix.
+    # Can be one of `nanos`, `micros`, `millis`, `seconds`, `minutes`.
+    # Defaults to `nanos` to preserve current behavior.
+    timestampPrecision: nanos
+
   serviceAccount:
     # -- Specifies whether to create a service account for the controller.
     create: true

cmd/operator/controller/start.go

@@ -65,7 +65,6 @@ import (
 	"github.com/kubeflow/spark-operator/v2/pkg/util"
 	// +kubebuilder:scaffold:imports
 )
-
 var (
 	logger = ctrl.Log.WithName("")
 )
@@ -119,6 +118,9 @@ var (
 	enableHTTP2            bool
 	development            bool
 	zapOptions             = logzap.Options{}
+
+	// Controller-wide scheduled SA timestamp precision (flag)
+	scheduledSATimestampPrecision string
 )
 
 func NewStartCommand() *cobra.Command {
@@ -167,6 +169,9 @@ func NewStartCommand() *cobra.Command {
 	command.Flags().StringVar(&ingressTLSstring, "ingress-tls", "", "JSON format string for the default TLS config on the Spark UI ingresses. e.g. '[{\"hosts\":[\"*.example.com\"],\"secretName\":\"example-secret\"}]'. `ingressTLS` in the SparkApplication spec will override this value.")
 	command.Flags().StringVar(&ingressAnnotationsString, "ingress-annotations", "", "JSON format string for the default ingress annotations for the Spark UI ingresses. e.g. '[{\"cert-manager.io/cluster-issuer\": \"letsencrypt\"}]'. `ingressAnnotations` in the SparkApplication spec will override this value.")
 
+	// New flag for scheduled SA timestamp precision
+	command.Flags().StringVar(&scheduledSATimestampPrecision, "scheduled-sa-timestamp-precision", "", "Default timestamp precision for ScheduledSparkApplication run name suffixes. One of: nanos,micros,millis,seconds,minutes. If unset, defaults to nanos.")
+
 	command.Flags().BoolVar(&enableLeaderElection, "leader-election", false, "Enable leader election for controller manager. "+
 		"Enabling this will ensure there is only one active controller manager.")
 	command.Flags().StringVar(&leaderElectionLockName, "leader-election-lock-name", "spark-operator-lock", "Name of the ConfigMap for leader election.")
@@ -232,17 +237,6 @@ func start() {
 		LeaseDuration:           &leaderElectionLeaseDuration,
 		RenewDeadline:           &leaderElectionRenewDeadline,
 		RetryPeriod:             &leaderElectionRetryPeriod,
-		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
-		// when the Manager ends. This requires the binary to immediately end when the
-		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
-		// speeds up voluntary leader transitions as the new leader don't have to wait
-		// LeaseDuration time first.
-		//
-		// In the default scaffold provided, the program ends immediately after
-		// the manager stops, so would be fine to enable this option. However,
-		// if you are doing or is intended to do any operation such as perform cleanups
-		// after the manager stops then its usage might be unsafe.
-		// LeaderElectionReleaseOnCancel: true,
 	})
 	if err != nil {
 		logger.Error(err, "failed to create manager")
@@ -318,8 +312,6 @@ func start() {
 		os.Exit(1)
 	}
 
-	// +kubebuilder:scaffold:builder
-
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		logger.Error(err, "Failed to set up health check")
 		os.Exit(1)
@@ -354,12 +346,6 @@ func setupLog() {
 }
 
 func newTLSOptions() []func(c *tls.Config) {
-	// if the enable-http2 flag is false (the default), http/2 should be disabled
-	// due to its vulnerabilities. More specifically, disabling http/2 will
-	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
-	// Rapid Reset CVEs. For more information see:
-	// - https://github.com/advisories/GHSA-qppj-fm5r-hxr3
-	// - https://github.com/advisories/GHSA-4374-p667-p6c8
 	disableHTTP2 := func(c *tls.Config) {
 		logger.Info("disabling http/2")
 		c.NextProtos = []string{"http/1.1"}
@@ -372,7 +358,6 @@ func newTLSOptions() []func(c *tls.Config) {
 	return tlsOpts
 }
 
-// newCacheOptions creates and returns a cache.Options instance configured with default namespaces and object caching settings.
 func newCacheOptions() cache.Options {
 	defaultNamespaces := make(map[string]cache.Config)
 	if !util.ContainsString(namespaces, cache.AllNamespaces) {
@@ -402,7 +387,6 @@ func newCacheOptions() cache.Options {
 	return options
 }
 
-// newControllerOptions creates and returns a controller.Options instance configured with the given options.
 func newControllerOptions() controller.Options {
 	options := controller.Options{
 		MaxConcurrentReconciles: controllerThreads,
@@ -442,7 +426,8 @@ func newSparkApplicationReconcilerOptions() sparkapplication.Options {
 
 func newScheduledSparkApplicationReconcilerOptions() scheduledsparkapplication.Options {
 	options := scheduledsparkapplication.Options{
-		Namespaces: namespaces,
+		Namespaces:                    namespaces,
+		ScheduledSATimestampPrecision: strings.TrimSpace(scheduledSATimestampPrecision),
 	}
 	return options
 }

config/rbac/role.yaml

@@ -70,7 +70,6 @@ rules:
 - apiGroups:
   - sparkoperator.k8s.io
   resources:
-  - scheduledsparkapplications
   - sparkapplications
   - sparkconnects
   verbs:
@@ -84,14 +83,12 @@ rules:
 - apiGroups:
   - sparkoperator.k8s.io
   resources:
-  - scheduledsparkapplications/finalizers
   - sparkapplications/finalizers
   verbs:
   - update
 - apiGroups:
   - sparkoperator.k8s.io
   resources:
-  - scheduledsparkapplications/status
   - sparkapplications/status
   - sparkconnects/status
   verbs: