feat: Add ContainerBackend with Docker and Podman

[Fiona-Waters]

What this PR does / why we need it:

This PR introduces a unified ContainerBackend that automatically detects and uses either Docker or Podman for local training execution. This replaces the previous separate LocalDockerBackend and LocalPodmanBackend implementations with a single, cleaner abstraction. You can see the Docker and Podman implementations in separate commits.

This implementation tries Docker first, then falls back to Podman if Docker is unavailable. This can be overridden via ContainerBackendConfig.runtime to force a specific runtime ("docker" or "podman"). An error is raised if neither runtime is available.
Unit tests for the backend implementation have also been added. Examples for using Docker and Podman will be added to the Trainer repo later.

Manually testing on Mac I had to specify the container_host like so:
Docker via Colima container_host=f"unix://{os.path.expanduser('~')}/.colima/default/docker.sock"
Podman Desktop container_host=f"unix://{os.path.expanduser('~')}/.local/share/containers/podman/machine/podman.sock"

Which issue(s) this PR fixes (optional, in Fixes #<issue number>, #<issue number>, ... format, will close the issue(s) when PR gets merged):

Fixes ##114 and #108

Checklist:
I need to look at adding docs. A README has been included.

• Docs included if any changes are user facing

[google-oss-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign electronic-waste for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[andreyvelich]

Thank you for this @Fiona-Waters!
As we discussed here: #111 (comment), can we consolidate Podman and Docker under single container backend ?
Given that those backend should have similar APIs, I think it would be better to consolidate them, similar to KFP: https://www.kubeflow.org/docs/components/pipelines/user-guides/core-functions/execute-kfp-pipelines-locally/#runner-dockerrunner

[Fiona-Waters]

Thank you for this @Fiona-Waters! As we discussed here: #111 (comment), can we consolidate Podman and Docker under single container backend ? Given that those backend should have similar APIs, I think it would be better to consolidate them, similar to KFP: https://www.kubeflow.org/docs/components/pipelines/user-guides/core-functions/execute-kfp-pipelines-locally/#runner-dockerrunner

Thanks @andreyvelich I will look at updating the implementation.

[Fiona-Waters]

@andreyvelich @astefanutti regarding comments on this PR and #111 this is what I propose:

We have 3 backends:

• Kubernetes
• Subprocess
• Local Container

For the Local Container backend we automatically try Docker first, then Podman and then fallback to Subprocess if neither runtime is available. We use the adapter pattern with a container client adapter unified interface, and docker and podman specific calls are implemented in separate adapter classes.
There could also be an option where users can force a specific runtime for example:
LocalContainerBackendConfig(runtime="docker")
This implementation will make it easy to add support for other container runtimes in the future, if thats a possibility.
Please let me know what you think. Thanks!
cc @briangallagher

[andreyvelich]

Sure, that looks great @Fiona-Waters!

fallback to Subprocess if neither runtime is available

Why do we need to fallback to subprocess ?
I would imagine we have 3 backend support, and user decide what they want to use:

KubernetesBackend()
ContainerBackend()
LocalProcessBackend()

In the ContainerBackend users can select:

 ContainerBackend(
  ContainerBackendConfig(container_runtime="docker")
)
or
 ContainerBackend(
  ContainerBackendConfig(container_runtime="podman")
)

[astefanutti]

@Fiona-Waters that sounds to me. I agree the fallback logic may really apply to choose the default container runtime.

Other than that, I'd be inclined to drop the "Local" prefix entirely. Even Kubernetes could run local with KinD, and I doubt the SDK will ever do remote process.

[Fiona-Waters]

Sure, that looks great @Fiona-Waters!

fallback to Subprocess if neither runtime is available

Why do we need to fallback to subprocess ? I would imagine we have 3 backend support, and user decide what they want to use:

KubernetesBackend()
ContainerBackend()
LocalProcessBackend()

In the ContainerBackend users can select:

 ContainerBackend(
  ContainerBackendConfig(container_runtime="docker")
)
or
 ContainerBackend(
  ContainerBackendConfig(container_runtime="podman")
)

Understood. Let me see what I can do. Thank you for the swift reply!

[Fiona-Waters]

@Fiona-Waters that sounds to me. I agree the fallback logic may really apply to choose the default container runtime.

Other than that, I'd be inclined to drop the "Local" prefix entirely. Even Kubernetes could run local with KinD, and I doubt the SDK will ever do remote process.

Ok cool. Let me see what I can do. Thank you!

[Fiona-Waters]

@andreyvelich @astefanutti @briangallagher
I've updated the PR. Please take a look. Thanks

[astefanutti]

/ok-to-test

[astefanutti]

Would that be possible to avoid relying on that in-memory "registry" and consistently rely on the state from the container runtime itself?

[Fiona-Waters]

I've updated to store metadata as labels on containers and networks allowing us to query the container runtime for all job information. See this commit - please let me know what you think. Thanks

[astefanutti]

@Fiona-Waters thanks for this awesome work!

That looks good to me overall.

/assign @kubeflow/kubeflow-sdk-team @briangallagher

[astefanutti]

Maybe:

Suggested change

	LOCAL_RUNTIMES_DIR = Path(__file__).parents[1] / "config" / "local_runtimes"
	LOCAL_RUNTIMES_DIR = Path(__file__).parents[1] / "config" / "container_runtimes"

otherwise could be confusing for local process backend?

[andreyvelich]

Thank you @Fiona-Waters!
I left my initial messages.

[andreyvelich]

Can we also include docs about Trainer local execution to the user guides ?
https://www.kubeflow.org/docs/components/trainer/user-guides/
you can also add info from the @szaher PR: #95

[Fiona-Waters]

WIP PR for this kubeflow/website#4221

[andreyvelich]

I would suggest that we move this docs to the user guides for now: https://www.kubeflow.org/docs/components/trainer/user-guides/ as we discussed here: #95 (comment)

[andreyvelich]

I think, this can be simplified as follows:

runtime_map = {
    "docker": DockerClientAdapter,
    "podman": PodmanClientAdapter,
}

def get_adapter(cfg):
    runtimes_to_try = [cfg.runtime] if cfg.runtime else ["docker", "podman"]

    last_error = None
    for runtime_name in runtimes_to_try:
        if runtime_name not in runtime_map:
            continue
        try:
            adapter = runtime_map[runtime_name](cfg.container_host)
            adapter.ping()
            logger.info(f"Using {runtime_name} as container runtime")
            return adapter
        except Exception as e:
            logger.debug(f"{runtime_name} initialization failed: {e}")
            last_error = e

    raise RuntimeError(
        "Neither Docker nor Podman is available. "
        "Please install Docker or Podman, or use LocalProcessBackendConfig instead."
    ) from last_error

[andreyvelich]

Please don't use | since we still support Python 3.9 for now. Let's be consistent across backends:

sdk/kubeflow/trainer/backends/kubernetes/backend.py

Line 183 in 24f0bbd

runtime: Optional[types.Runtime] = None,

[andreyvelich]

Instead of installing the runtimes, can we just read the image version from GitHub dynamically ?

[Fiona-Waters]

Let me look into that. For offline support should we fall back to providing this?

[andreyvelich]

How this is used ?

[Fiona-Waters]

It allows you to override the default container image specified in the ClusterTrainingRuntime.

[Fiona-Waters]

I think actually you are referring to gpus. It was pulled over from a previous iteration but isn't being used currently. I can update to include GPU support.

[astefanutti]

I'm a bit confused by this as there can be multiple ClusterTraininingRuntimes and it's defined by TrainJobs.

[Fiona-Waters]

Apologies I understand now that it doesn't make sense to allow the image to be updated here as it is not per job. Will remove this. Thank you.

[andreyvelich]

Can we initially use the default dir and if users require to configure it we will give them such option ?

[Fiona-Waters]

I can remove it for now and use the default dir.

[andreyvelich]

Do we start a new container every time Job is submitted ?
If yes, this might be controlled via train() API.

[Fiona-Waters]

Yes, you're right - similar to the image param. Will remove this. Thanks

[andreyvelich]

to make it less confusing with TrainingRuntime, can we name it:

Suggested change

	runtime: Optional[Literal["docker", "podman"]] = Field(default=None)
	container_runtime: Optional[Literal["docker", "podman"]] = Field(default="docker")

[andreyvelich]

Can we call it as BaseContainerClientAdapter(), similar to:

sdk/kubeflow/trainer/backends/base.py

Line 23 in 24f0bbd

class ExecutionBackend(abc.ABC):

I would suggest, we move them to subdirectory:

container/adapters/base.py
container/adapters/docker.py
container/adapters/podman.py

WDYT @Fiona-Waters ?

[Fiona-Waters]

Yes good idea, will do.
BTW thank you for your review. Will update the PR tomorrow hopefully.

[Fiona-Waters]

@andreyvelich I have addressed all of your comments, please review again when you can. I have removed the README.md and will add it along with docs on local execution to the user guides.
@astefanutti could you please review again.
Thank you both.

[astefanutti]

Maybe ~/.kubeflow/trainer/containers/... ?

[astefanutti]

I think I've suggested "container_runtimes" before, but looking at it maybe training_runtimes would be more appropriate?

[astefanutti]

Maybe ~/.kubeflow/trainer/cache?

[astefanutti]

Note for later, we should probably find a way rely on released runtimes.

[astefanutti]

training_runtime_loader.py?

[astefanutti]

Maybe we can be more structured here and have a training_runtimes argument, that could have different options, like one to some URLs maybe.

[astefanutti]

Suggested change

	CONTAINER_RUNTIMES_DIR,
	TRAINING_RUNTIMES_DIR,

[astefanutti]

Suggested change

	get_container_runtime,
	get_training_runtime,

[astefanutti]

Suggested change

	list_container_runtimes,
	list_training_runtimes,