chore: upstream istio support

[sameerdattav]

This PR builds on #3021 and implements the suggested follow-up:

• Adds configurable selector labels for the trainer controller manager via Helm values
• Adds a Kustomize overlay patch for kubeflow-platform installs

@juliusvonkohout

[github-actions]

🎉 Welcome to the Kubeflow Trainer! 🎉

Thanks for opening your first PR! We're happy to have you as part of our community 🚀

Here's what happens next:

• If you haven't already, please check out our Contributing Guide for repo-specific guidelines and the Kubeflow Contributor Guide for general community standards.
• Our team will review your PR soon! cc @kubeflow/kubeflow-trainer-team

Join the community:

• Slack: Join our #kubeflow-trainer Slack channel.
• Meetings: Attend the Kubeflow AutoML and Training Working Group bi-weekly meetings.

Feel free to ask questions in the comments if you need any help or clarification!
Thanks again for contributing to Kubeflow! 🙏

[coveralls]

Pull Request Test Coverage Report for Build 22163625294

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 51.217%

---

Totals
Change from base Build 22163621687:	0.0%
Covered Lines:	1241
Relevant Lines:	2423

---

💛 - Coveralls

[juliusvonkohout]

Please add the actual istio labels and what was in the previous PR in the new schema.

[sameerdattav]

@juliusvonkohout ,
I made the changes that you have asked for.
Kindly check again.

[andreyvelich]

Please can you remove this label by default and update the README on how to set it:

Suggested change

	podAnnotations:
	traffic.sidecar.istio.io/excludeInboundPorts: "9443"
	podAnnotations: {}

https://github.com/sameerdattav/trainer/blob/c0369539a34d98e61f2c584a54f39f33cba7c07a/charts/kubeflow-trainer/README.md.gotmpl#L50

[andreyvelich]

Please can you also move the JobSet patch for Istio to this file?
https://github.com/sameerdattav/trainer/blob/c0369539a34d98e61f2c584a54f39f33cba7c07a/manifests/third-party/jobset/kustomization.yaml#L21-L30

[andreyvelich]

Thank you for this work @sameerdattav!
/lgtm
/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andreyvelich

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [andreyvelich]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[andreyvelich]

/hold

[andreyvelich]

@sameerdattav You should change branch to master in your PR.
cc @juliusvonkohout

[andreyvelich]

/reopen

[google-oss-prow]

@andreyvelich: Reopened this PR.

Details

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sameerdattav]

@andreyvelich , I think @juliusvonkohout wanted me to raise a pr against his branch, i.e pss-restricted-fixes?
Happy to change the branch to master, just say so.

[andreyvelich]

Yes, let's commit this feature directly to master branch please.

[sameerdattav]

/retest

[google-oss-prow]

@sameerdattav: Cannot trigger testing until a trusted user reviews the PR and leaves an /ok-to-test message.

Details

In response to this:

/retest

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sameerdattav]

@andreyvelich could you please leave an ok-to-test or a retest comment?

[andreyvelich]

/ok-to-test

@sameerdattav Our E2Es are failing due to this: kubeflow/sdk#307
@XploY04 is working on it.

[andreyvelich]

You don't need this since you already have a patch, right ?

Suggested change

	annotations:
	traffic.sidecar.istio.io/excludeInboundPorts: "9443"

[andreyvelich]

Why do you need these labels? Can we preserve the original one:

    app.kubernetes.io/name: trainer
    app.kubernetes.io/component: manager
    app.kubernetes.io/part-of: kubeflow

Suggested change

	matchLabels:
	app: kubeflow-trainer
	template:
	metadata:
	labels:
	app: kubeflow-trainer
	template:
	metadata: