[RayCluster][Feature] add redis username to head pod from GcsFaultToleranceOptions

[win5923]

Why are these changes needed?

This PR addresses the following selected part:

Currently, the example YAML file for GCS FT has Redis version 5.0.9, which does not support ACL. This causes a CrashLoopBackOff when setting redisUsername.

Ref: https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/

Manual Tests

kind: ConfigMap
apiVersion: v1
metadata:
  name: redis-config
  labels:
    app: redis
data:
  redis.conf: |-
    dir /data
    port 6379
    bind 0.0.0.0
    appendonly yes
    protected-mode no
    requirepass 5241590000000000
    pidfile /data/redis-6379.pid

    user username on >5241590000000000 ~* +@all
---
apiVersion: v1
kind: Service
metadata:
  name: redis
  labels:
    app: redis
spec:
  type: ClusterIP
  ports:
    - name: redis
      port: 6379
  selector:
    app: redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  labels:
    app: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  template:
    metadata:
      labels:
        app: redis
    spec:
      containers:
        - name: redis
          image: redis:7.4.2 <--- Use the version that supports ACL.
          command:
            - "sh"
            - "-c"
            - "redis-server /usr/local/etc/redis/redis.conf"
          ports:
            - containerPort: 6379
          volumeMounts:
            - name: config
              mountPath: /usr/local/etc/redis/redis.conf
              subPath: redis.conf
      volumes:
        - name: config
          configMap:
            name: redis-config
---
# Redis password
apiVersion: v1
kind: Secret
metadata:
  name: redis-password-secret
type: Opaque
data:
  # echo -n "username" | base64
  # echo -n "5241590000000000" | base64
  username: dXNlcm5hbWU=
  password: NTI0MTU5MDAwMDAwMDAwMA==
---
apiVersion: ray.io/v1
kind: RayCluster
metadata:
  name: raycluster-external-redis-3
spec:
  rayVersion: 'nightly'
  gcsFaultToleranceOptions:
    redisAddress: redis:6379
    redisUsername:
      valueFrom:
        secretKeyRef:
          name: redis-password-secret
          key: username
    redisPassword:
      valueFrom:
        secretKeyRef:
          name: redis-password-secret
          key: password
  headGroupSpec:
    rayStartParams:
      num-cpus: "0"
    template:
      spec:
        containers:
          - name: ray-head
            image: rayproject/ray:nightly
            resources:
              limits:
                cpu: "1"
              requests:
                cpu: "1"
            ports:
              - containerPort: 6379
                name: redis
              - containerPort: 8265
                name: dashboard
              - containerPort: 10001
                name: client
            volumeMounts:
              - mountPath: /tmp/ray
                name: ray-logs
              - mountPath: /home/ray/samples
                name: ray-example-configmap
        volumes:
          - name: ray-logs
            emptyDir: {}
          - name: ray-example-configmap
            configMap:
              name: ray-example
              defaultMode: 0777
              items:
                - key: detached_actor.py
                  path: detached_actor.py
                - key: increment_counter.py
                  path: increment_counter.py
  workerGroupSpecs:
    - replicas: 1
      minReplicas: 1
      maxReplicas: 10
      groupName: small-group
      rayStartParams: {}
      template:
        spec:
          containers:
            - name: ray-worker
              image: rayproject/ray:nightly
              volumeMounts:
                - mountPath: /tmp/ray
                  name: ray-logs
              resources:
                limits:
                  cpu: "1"
                requests:
                  cpu: "1"
          volumes:
            - name: ray-logs
              emptyDir: {}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ray-example
data:
  detached_actor.py: |
    import ray

    @ray.remote(num_cpus=1)
    class Counter:
      def __init__(self):
          self.value = 0

      def increment(self):
          self.value += 1
          return self.value

    ray.init(namespace="default_namespace")
    Counter.options(name="counter_actor", lifetime="detached").remote()
  increment_counter.py: |
    import ray

    ray.init(namespace="default_namespace")
    counter = ray.get_actor("counter_actor")
    print(ray.get(counter.increment.remote()))

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ray-example
data:
  detached_actor.py: |
    import ray

    @ray.remote(num_cpus=1)
    class Counter:
      def __init__(self):
          self.value = 0

      def increment(self):
          self.value += 1
          return self.value

    ray.init(namespace="default_namespace")
    Counter.options(name="counter_actor", lifetime="detached").remote()
  increment_counter.py: |
    import ray

    ray.init(namespace="default_namespace")
    counter = ray.get_actor("counter_actor")
    print(ray.get(counter.increment.remote()))

Related issue number

Resolves #2720

Checks

• I've made sure the tests are passing.
• Testing Strategy
  • Unit tests
  • Manual tests
  • This PR is not tested :(

[win5923]

@rueian PTAL when you are free

[kevin85421]

@win5923 would you mind rebasing with the master branch?

[win5923]

@kevin85421 Done! PTAL

[kevin85421]

@win5923 would you mind resolving the conflict? Thanks!

[kevin85421]

I am considering not adding any specific logic for redis-username (i.e. remove the change from L151 to L159) in the old configurations to avoid maintenance costs and to provide an incentive for users to migrate to the new API, GcsFaultToleranceOptions. HDYT @rueian?

[rueian]

ok, then should we make the incentive clear in the validateRayClusterSpec?

[kevin85421]

Please add tests in TestConfigureGCSFaultToleranceWithGcsFTOptions too.

[win5923]

Done.

[andrewsykim]

I think only one of Value or ValurFrom can be set, not both

[andrewsykim]

(same for redis password)