[RHOAIENG-16851] - Rawdeployment bug fixes #462
Conversation
|
what are these other commits? |
|
@spolti created this PR from the source branch for #459 (i.e https://github.com/spolti/kserve/tree/sync23). The reason for doing that is so that when #459 is merged, this PR will not have to rebase. Also, I needed the commits related to serviceIPNone from the sync PR. |
|
@VedantMahabaleshwarkar The sync PR is merged. A rebase is needed, anyway, to remove the foreign commits. |
VedantMahabaleshwarkar
force-pushed
the
j-16851-new
branch
from
42438c5 to
a98d801
Compare
|
What is the issue / PR that this PR is fixing? |
@spolti It is already mentioned in the description, but adding it here again : https://issues.redhat.com/browse/RHOAIENG-16851 |
VedantMahabaleshwarkar
changed the title
|
I meant the commit msg, see, my point is after it is merged, it does not have info about the jira/issue was fixed. |
… for rawdeployment Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
VedantMahabaleshwarkar
force-pushed
the
j-16851-new
branch
from
a98d801 to
ef6b4d6
Compare
|
@spolti added jira number to all commit messages |
…roxy if a transformer-container is present Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
pkg/controller/v1beta1/inferenceservice/reconcilers/deployment/deployment_reconciler.go
Show resolved
Hide resolved
| @@ -80,9 +80,15 @@ func createRawURL(client client.Client, isvc *v1beta1.InferenceService, authEnab | |||
| return nil, err | |||
| } | |||
| } else { | |||
| var scheme string | |||
| if authEnabled { | |||
There was a problem hiding this comment.
not sure about it, why are you enforcing auth only with SSL?
There was a problem hiding this comment.
doing this, the code looks cleaner.
var scheme string
url = &apis.URL{
Host: getRawServiceHost(isvc, client),
Scheme: "http",
Scheme: scheme,
Path: "",
}
if authEnabled {
url.Scheme = "https"
} There was a problem hiding this comment.
Another question, as ssl is being enforced, how the certificates are configured?
There was a problem hiding this comment.
All reported ISVC status schemes are according to what is expected in each case according to #419 (comment)
There was a problem hiding this comment.
also, code change is included in latest commit
| if authEnabled { | ||
| internalHost += ":" + strconv.Itoa(constants.OauthProxyPort) | ||
| scheme = "https" | ||
| } else { | ||
| scheme = "http" |
There was a problem hiding this comment.
same here:
scheme = "http"
if authEnabled {
internalHost += ":" + strconv.Itoa(constants.OauthProxyPort)
scheme = "https"
} considering, the logic you wrote is the correct behavior for both cases.
There was a problem hiding this comment.
addressed in latest commit
Signed-off-by: Vedant Mahabaleshwarkar <[email protected]>
|
/retest |
|
@VedantMahabaleshwarkar: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
This code is working great 💯
Suggested follow-up: when using auth, the internal endpoint has the form https://{something}.svc.cluster.local:8443. It will be much nicer/better if the Service would be mapping port 80 -> 8443 to prevent the explicit port in the URL.
/lgtm
There was a problem hiding this comment.
@VedantMahabaleshwarkar can you please create a jira for the follow-up suggested by @israel-hdez ?
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: israel-hdez, spolti, VedantMahabaleshwarkar The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
VedantMahabaleshwarkar
merged commit 13b5166
into
opendatahub-io:master
* [RHOAIENG-16851] fix scheme bugs in status.url and status.address.url for rawdeployment Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] Remove component url temporarily Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] Use transformer spec to set upstream port in oauth-proxy if a transformer-container is present Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] address feedback Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> --------- Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> (cherry picked from commit 13b5166)
* add oauth-proxy to rawdeployments if odh auth label is present (#419) * add oauth-proxy to rawdeployments if odh auth label is present * remove ingress modifications * bug fix * consume oauth proxy params from configmap * fix oauth proxy sar and minor bugs * revert some unneeded changes * add oauth proxy flag to prevent login page redirect on invalid request * address feedback * update to newer oauth proxy image * minor fix * fix unit test * more feedback * cookie secret * test and other fixes * fix lint issues * address latest feedback * missed import sort * address more feedback * bug fix * fix lint error (cherry picked from commit d987799) Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * introduce service configuration at configmap level (kserve#3672) (cherry picked from commit 23c0396) Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-17229] - Routing and Headless Service Support in KServe Raw Mode Deployment chore: Follow up: remove the hardcoded clsuterIP setting and add the service configuration. Signed-off-by: Spolti <[email protected]> (cherry picked from commit 33b1600) * [RHOAIENG-16851] - Rawdeployment bug fixes (#462) * [RHOAIENG-16851] fix scheme bugs in status.url and status.address.url for rawdeployment Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] Remove component url temporarily Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] Use transformer spec to set upstream port in oauth-proxy if a transformer-container is present Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> * [RHOAIENG-16851] address feedback Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> --------- Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> (cherry picked from commit 13b5166) * go.mod fixes Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> --------- Signed-off-by: Vedant Mahabaleshwarkar <[email protected]> Co-authored-by: Filippe Spolti <[email protected]>
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes # https://issues.redhat.com/browse/RHOAIENG-16851
Type of changes
Please delete options that are not relevant.
Feature/Issue validation/testing:
Please describe the tests that you ran to verify your changes and relevant result summary. Provide instructions so it can be reproduced.
Please also list any relevant details for your test configuration.
inferenceservice-configConfigMap in the ODH application namespace (opendatahub) as follows-- Add annotation
opendatahub.io/managed: false-- Modify
to
-- this is in line with previous tests done here
-- results for this test (to address all the yellows in the previous round of testing) : https://gist.github.com/VedantMahabaleshwarkar/fdc6b4bf4226a0ffdf7b76219a2365f1
-- addressing the red (failure to perform inference against unprotected exposed isvc)
Special notes for your reviewer:
Checklist:
Release note:
Re-running failed tests
/rerun-all- rerun all failed workflows./rerun-workflow <workflow name>- rerun a specific failed workflow. Only one workflow name can be specified. Multiple /rerun-workflow commands are allowed per comment.