Skip to content

Commit

Permalink
RawDeployment cherry picks (#466)
Browse files Browse the repository at this point in the history
* add oauth-proxy to rawdeployments if odh auth label is present (#419)

* add oauth-proxy to rawdeployments if odh auth label is present
* remove ingress modifications
* bug fix
* consume oauth proxy params from configmap
* fix oauth proxy sar and minor bugs
* revert some unneeded changes
* add oauth proxy flag to prevent login page redirect on invalid request
* address feedback
* update to newer oauth proxy image
* minor fix
* fix unit test
* more feedback
* cookie secret
* test and other fixes
* fix lint issues
* address latest feedback
* missed import sort
* address more feedback
* bug fix
* fix lint error

(cherry picked from commit d987799)
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

* introduce service configuration at configmap level (kserve#3672)

(cherry picked from commit 23c0396)
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

* [RHOAIENG-17229] - Routing and Headless Service Support in KServe Raw Mode Deployment

chore:	Follow up: remove the hardcoded clsuterIP setting and add the service
	configuration.

Signed-off-by: Spolti <[email protected]>
(cherry picked from commit 33b1600)

* [RHOAIENG-16851] - Rawdeployment bug fixes (#462)

* [RHOAIENG-16851] fix scheme bugs in status.url and status.address.url for rawdeployment

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

* [RHOAIENG-16851] Remove component url temporarily

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

* [RHOAIENG-16851] Use transformer spec to set upstream port in oauth-proxy if a transformer-container is present

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

* [RHOAIENG-16851] address feedback

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

---------

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
(cherry picked from commit 13b5166)

* go.mod fixes

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>

---------

Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
Co-authored-by: Filippe Spolti <[email protected]>
  • Loading branch information
VedantMahabaleshwarkar and spolti authored Jan 16, 2025
1 parent 3222f0e commit 5bdc954
Show file tree
Hide file tree
Showing 39 changed files with 1,907 additions and 175 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/e2e-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -787,11 +787,25 @@ jobs:
kubectl get pods -n kserve
kubectl describe pods -n kserve
- name: Log the config map
run: |
kubectl describe configmaps -n kserve inferenceservice-config
- name: Run E2E tests
timeout-minutes: 30
run: |
./test/scripts/gh-actions/run-e2e-tests.sh "raw" "6"
- name: Patch inferenceservice config for cluster ip none
run: |
kubectl patch configmaps -n kserve inferenceservice-config --patch-file config/overlays/test/configmap/inferenceservice-enable-cluster-ip.yaml
kubectl describe configmaps -n kserve inferenceservice-config
- name: Run E2E tests - cluster ip none
timeout-minutes: 30
run: |
./test/scripts/gh-actions/run-e2e-tests.sh "rawcipn" "1"
- name: Check system status
if: always()
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/verify-codegen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,6 @@ jobs:
for x in $(git diff-index --name-only HEAD -- ./pkg ./python ./charts); do
echo "::error file=$x::Please run make generate.%0A$(git diff $x | urlencode)"
done
echo "${{ github.repository }} is out of date. Please run make generate"
echo "${{ github.repository }} is out of date. Please run make generate | manifest"
exit 1
fi
1 change: 1 addition & 0 deletions charts/kserve-resources/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ $ helm install kserve oci://ghcr.io/kserve/charts/kserve --version v0.14.0
| kserve.router.image | string | `"kserve/router"` | |
| kserve.router.tag | string | `"v0.14.0"` | |
| kserve.security.autoMountServiceAccountToken | bool | `true` | |
| kserve.service.serviceClusterIPNone | bool | `false` | |
| kserve.servingruntime.art.defaultVersion | string | `"v0.14.0"` | |
| kserve.servingruntime.art.image | string | `"kserve/art-explainer"` | |
| kserve.servingruntime.art.imagePullSecrets | list | `[]` | |
Expand Down
17 changes: 17 additions & 0 deletions charts/kserve-resources/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -420,6 +420,19 @@ data:
"defaultDeploymentMode": "Serverless"
}
# ====================================== SERVICE CONFIGURATION ======================================
# Example
service: |-
{
"serviceClusterIPNone": "false"
}
service: |-
{
# ServiceClusterIPNone is a flag to indicate if the service should have a clusterIP set to None.
# If the DeploymentMode is Raw, the default value for ServiceClusterIPNone if not set is false
# "serviceClusterIPNone": "false"
}
# ====================================== METRICS CONFIGURATION ======================================
# Example
metricsAggregator: |-
Expand Down Expand Up @@ -503,6 +516,10 @@ data:
{
"defaultDeploymentMode": "{{ .Values.kserve.controller.deploymentMode }}"
}
service: |-
{
"serviceClusterIPNone": "{{ .Values.kserve.service.serviceClusterIPNone }}"
}
explainers: |-
{
"art": {
Expand Down
2 changes: 2 additions & 0 deletions charts/kserve-resources/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ kserve:
router:
image: kserve/router
tag: *defaultVersion
service:
serviceClusterIPNone: false
storage:
image: kserve/storage-initializer
tag: *defaultVersion
Expand Down
6 changes: 5 additions & 1 deletion cmd/manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ import (
v1beta1controller "github.com/kserve/kserve/pkg/controller/v1beta1/inferenceservice"
"github.com/kserve/kserve/pkg/webhook/admission/pod"
"github.com/kserve/kserve/pkg/webhook/admission/servingruntime"
routev1 "github.com/openshift/api/route/v1"
)

var (
Expand Down Expand Up @@ -187,7 +188,10 @@ func main() {
}
}
}

if err = routev1.AddToScheme(mgr.GetScheme()); err != nil {
setupLog.Error(err, "unable to add routev1 APIs to scheme")
os.Exit(1)
}
setupLog.Info("Setting up core scheme")
if err := v1.AddToScheme(mgr.GetScheme()); err != nil {
setupLog.Error(err, "unable to add Core APIs to scheme")
Expand Down
20 changes: 19 additions & 1 deletion config/configmap/inferenceservice.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -430,7 +430,20 @@ data:
# ModelMesh https://kserve.github.io/website/master/admin/modelmesh/
"defaultDeploymentMode": "Serverless"
}
# ====================================== SERVICE CONFIGURATION ======================================
# Example
service: |-
{
"serviceClusterIPNone": false
}
service: |-
{
# ServiceClusterIPNone is a boolean flag to indicate if the service should have a clusterIP set to None.
# If the DeploymentMode is Raw, the default value for ServiceClusterIPNone if not set is false
# "serviceClusterIPNone": false
}
# ====================================== METRICS CONFIGURATION ======================================
# Example
metricsAggregator: |-
Expand Down Expand Up @@ -584,3 +597,8 @@ data:
{
"autoMountServiceAccountToken": true
}
service: |-
{
"serviceClusterIPNone": true
}
8 changes: 8 additions & 0 deletions config/overlays/odh/inferenceservice-config-patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,14 @@ metadata:
namespace: kserve
data:
explainers: "{}"
oauthProxy: |-
{
"image" : "$(oauth-proxy)",
"memoryRequest": "64Mi",
"memoryLimit": "128Mi",
"cpuRequest": "100m",
"cpuLimit": "200m"
}
storageInitializer: |-
{
"image" : "$(kserve-storage-initializer)",
Expand Down
7 changes: 7 additions & 0 deletions config/overlays/odh/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,13 @@ vars:
apiVersion: v1
kind: ConfigMap
name: kserve-parameters
- fieldref:
fieldpath: data.oauth-proxy
name: oauth-proxy
objref:
apiVersion: v1
kind: ConfigMap
name: kserve-parameters

configurations:
- params.yaml
1 change: 1 addition & 0 deletions config/overlays/odh/params.env
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ kserve-controller=quay.io/opendatahub/kserve-controller:v0.14
kserve-agent=quay.io/opendatahub/kserve-agent:v0.14
kserve-router=quay.io/opendatahub/kserve-router:v0.14
kserve-storage-initializer=quay.io/opendatahub/kserve-storage-initializer:v0.14
oauth-proxy=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:234af927030921ab8f7333f61f967b4b4dee37a1b3cf85689e9e63240dd62800
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: inferenceservice-config
namespace: kserve
data:
service: |-
{
"serviceClusterIPNone": true
}
4 changes: 4 additions & 0 deletions config/overlays/test/configmap/inferenceservice.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,4 +74,8 @@ data:
"memoryLimit": "500Mi",
"cpuRequest": "100m",
"cpuLimit": "100m"
}
service: |-
{
"serviceClusterIPNone": false
}
8 changes: 8 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,14 @@ rules:
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- serving.knative.dev
resources:
Expand Down
30 changes: 15 additions & 15 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ require (
github.com/kelseyhightower/envconfig v1.4.0
github.com/onsi/ginkgo/v2 v2.20.1
github.com/onsi/gomega v1.34.2
github.com/openshift/api v0.0.0-20241108213852-e22f17d9b7f5
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
Expand All @@ -30,18 +31,18 @@ require (
gopkg.in/go-playground/validator.v9 v9.31.0
istio.io/api v1.23.0
istio.io/client-go v1.23.0
k8s.io/api v0.30.4
k8s.io/apimachinery v0.30.4
k8s.io/client-go v0.30.4
k8s.io/code-generator v0.30.4
k8s.io/api v0.31.2
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.0
k8s.io/code-generator v0.31.0
k8s.io/component-helpers v0.30.4
k8s.io/klog v1.0.0
k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2
k8s.io/utils v0.0.0-20240821151609-f90d01438635
knative.dev/networking v0.0.0-20240815142417-37fdbdd0854b
knative.dev/pkg v0.0.0-20240815051656-89743d9bbf7c
knative.dev/serving v0.42.2
sigs.k8s.io/controller-runtime v0.18.5
sigs.k8s.io/controller-runtime v0.19.1
sigs.k8s.io/yaml v1.4.0
)

Expand All @@ -59,9 +60,9 @@ require (
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
Expand Down Expand Up @@ -107,6 +108,7 @@ require (
github.com/prometheus/statsd_exporter v0.27.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
Expand All @@ -115,31 +117,29 @@ require (
go.opentelemetry.io/otel/trace v1.29.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.31.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect
golang.org/x/mod v0.20.0 // indirect
golang.org/x/net v0.28.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
golang.org/x/term v0.27.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/text v0.17.0 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/tools v0.24.0 // indirect
google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/grpc v1.66.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.30.4 // indirect
k8s.io/apiextensions-apiserver v0.31.0 // indirect
k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)

// Fixes CVE-2024-45338
replace golang.org/x/net => golang.org/x/net v0.33.0
Loading

0 comments on commit 5bdc954

Please sign in to comment.