diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 97543756fa7..0992bdff19c 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -496,6 +496,11 @@ var ( MultiNodeHead = "head" ) +// OpenShift constants +const ( + OpenShiftServiceCaConfigMapName = "openshift-service-ca.crt" +) + // GetRawServiceLabel generate native service label func GetRawServiceLabel(service string) string { return "isvc." + service diff --git a/pkg/controller/v1alpha1/inferencegraph/controller_test.go b/pkg/controller/v1alpha1/inferencegraph/controller_test.go index 5ee18d38dbd..a2634dda740 100644 --- a/pkg/controller/v1alpha1/inferencegraph/controller_test.go +++ b/pkg/controller/v1alpha1/inferencegraph/controller_test.go @@ -147,6 +147,10 @@ var _ = Describe("Inference Graph controller test", func() { { Image: "kserve/router:v0.10.0", Env: []v1.EnvVar{ + { + Name: "SSL_CERT_FILE", + Value: "/etc/odh/openshift-service-ca-bundle/service-ca.crt", + }, { Name: "PROPAGATE_HEADERS", Value: "Authorization,Intuit_tid", @@ -175,9 +179,27 @@ var _ = Describe("Inference Graph controller test", func() { Drop: []v1.Capability{v1.Capability("ALL")}, }, }, + VolumeMounts: []v1.VolumeMount{ + { + Name: "openshift-service-ca-bundle", + MountPath: "/etc/odh/openshift-service-ca-bundle", + }, + }, }, }, AutomountServiceAccountToken: proto.Bool(false), + Volumes: []v1.Volume{ + { + Name: "openshift-service-ca-bundle", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: constants.OpenShiftServiceCaConfigMapName, + }, + }, + }, + }, + }, }, }, }, @@ -283,6 +305,10 @@ var _ = Describe("Inference Graph controller test", func() { { Image: "kserve/router:v0.10.0", Env: []v1.EnvVar{ + { + Name: "SSL_CERT_FILE", + Value: "/etc/odh/openshift-service-ca-bundle/service-ca.crt", + }, { Name: "PROPAGATE_HEADERS", Value: "Authorization,Intuit_tid", @@ -311,9 +337,27 @@ var _ = Describe("Inference Graph controller test", func() { Drop: []v1.Capability{v1.Capability("ALL")}, }, }, + VolumeMounts: []v1.VolumeMount{ + { + Name: "openshift-service-ca-bundle", + MountPath: "/etc/odh/openshift-service-ca-bundle", + }, + }, }, }, AutomountServiceAccountToken: proto.Bool(false), + Volumes: []v1.Volume{ + { + Name: "openshift-service-ca-bundle", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: constants.OpenShiftServiceCaConfigMapName, + }, + }, + }, + }, + }, }, }, }, @@ -433,6 +477,10 @@ var _ = Describe("Inference Graph controller test", func() { { Image: "kserve/router:v0.10.0", Env: []v1.EnvVar{ + { + Name: "SSL_CERT_FILE", + Value: "/etc/odh/openshift-service-ca-bundle/service-ca.crt", + }, { Name: "PROPAGATE_HEADERS", Value: "Authorization,Intuit_tid", @@ -461,6 +509,12 @@ var _ = Describe("Inference Graph controller test", func() { Drop: []v1.Capability{v1.Capability("ALL")}, }, }, + VolumeMounts: []v1.VolumeMount{ + { + Name: "openshift-service-ca-bundle", + MountPath: "/etc/odh/openshift-service-ca-bundle", + }, + }, }, }, Affinity: &v1.Affinity{ @@ -487,6 +541,18 @@ var _ = Describe("Inference Graph controller test", func() { }, }, AutomountServiceAccountToken: proto.Bool(false), + Volumes: []v1.Volume{ + { + Name: "openshift-service-ca-bundle", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: constants.OpenShiftServiceCaConfigMapName, + }, + }, + }, + }, + }, }, }, }, diff --git a/pkg/controller/v1alpha1/inferencegraph/knative_reconciler.go b/pkg/controller/v1alpha1/inferencegraph/knative_reconciler.go index b61790bbd1b..2caf8dac1a4 100644 --- a/pkg/controller/v1alpha1/inferencegraph/knative_reconciler.go +++ b/pkg/controller/v1alpha1/inferencegraph/knative_reconciler.go @@ -203,6 +203,30 @@ func createKnativeService(componentMeta metav1.ObjectMeta, graph *v1alpha1api.In Drop: []v1.Capability{v1.Capability("ALL")}, }, }, + VolumeMounts: []v1.VolumeMount{ + { + Name: "openshift-service-ca-bundle", + MountPath: "/etc/odh/openshift-service-ca-bundle", + }, + }, + Env: []v1.EnvVar{ + { + Name: "SSL_CERT_FILE", + Value: "/etc/odh/openshift-service-ca-bundle/service-ca.crt", + }, + }, + }, + }, + Volumes: []v1.Volume{ + { + Name: "openshift-service-ca-bundle", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: constants.OpenShiftServiceCaConfigMapName, + }, + }, + }, }, }, Affinity: graph.Spec.Affinity, @@ -217,12 +241,12 @@ func createKnativeService(componentMeta metav1.ObjectMeta, graph *v1alpha1api.In // Only adding this env variable "PROPAGATE_HEADERS" if router's headers config has the key "propagate" value, exists := config.Headers["propagate"] if exists { - service.Spec.ConfigurationSpec.Template.Spec.PodSpec.Containers[0].Env = []v1.EnvVar{ - { - Name: constants.RouterHeadersPropagateEnvVar, - Value: strings.Join(value, ","), - }, + propagateEnv := v1.EnvVar{ + Name: constants.RouterHeadersPropagateEnvVar, + Value: strings.Join(value, ","), } + + service.Spec.ConfigurationSpec.Template.Spec.PodSpec.Containers[0].Env = append(service.Spec.ConfigurationSpec.Template.Spec.PodSpec.Containers[0].Env, propagateEnv) } return service }