diff --git a/.dockerignore b/.dockerignore index 4c49bd78..bc978290 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,14 @@ +.DS_Store +.dev +.dockerignore .env +.github +.idea +.pre-commit.log +.tekton +.vscode +Dockerfile +devbuild +docs +fvt +temp diff --git a/.github/workflows/fvt-base.yml b/.github/workflows/fvt-base.yml index fdfafe98..d63f43bb 100644 --- a/.github/workflows/fvt-base.yml +++ b/.github/workflows/fvt-base.yml @@ -41,7 +41,7 @@ jobs: - name: Setup go uses: actions/setup-go@v4 with: - go-version: '1.19' + go-version: '1.20' - name: Start Minikube uses: medyagh/setup-minikube@v0.0.13 @@ -59,7 +59,8 @@ jobs: kubectl get pods -n kube-system - name: Set controller image tag - run: echo "IMAGE_TAG=$(date +'%Y%m%dT%H%M%S%Z')" >> $GITHUB_ENV + run: | + echo "IMAGE_TAG=$(date +'%Y%m%dT%H%M%S%Z')" >> $GITHUB_ENV - name: Update configs # Update the image tag and reduce some resource request amounts to allow FVTs to run @@ -67,7 +68,7 @@ jobs: # is also adjusted for these environments. # Disable the torchserve ServingRuntime for now (insufficient resources to run them all). run: | - sed -i 's/newTag:.*$/newTag: '"${{ env.IMAGE_TAG }}"'/' config/manager/kustomization.yaml + sed -i 's/newTag:.*$/newTag: "'${{ env.IMAGE_TAG }}'"/' config/manager/kustomization.yaml sed -i '0,/cpu:.*$/s/cpu:.*$/cpu: 100m/' \ config/default/config-defaults.yaml \ config/runtimes/mlserver-1.x.yaml \ diff --git a/.gitignore b/.gitignore index 07723262..f3187d8d 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ kustomize/ .temp_new_modelmesh_manifests kfctl* bin +.pre-commit.log diff --git a/.golangci.yaml b/.golangci.yaml index 0db2b287..f325056a 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -93,16 +93,13 @@ linters: fast: false enable: # These are the defaults for golangci-lint - - deadcode - errcheck - gosimple - govet - ineffassign - staticcheck - - structcheck - typecheck - unused - - varcheck # Also enable these - goconst @@ -248,7 +245,7 @@ issues: - lll source: "^//go:generate " - # Independently from option `exclude` we use default exclude patterns, + # Independent of option `exclude` we use default exclude patterns, # it can be disabled by this option. To list all # excluded by default patterns execute `golangci-lint run --help`. # Default value for this option is true. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6b039d1f..21ced579 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -13,9 +13,14 @@ # limitations under the License. repos: - repo: https://github.com/golangci/golangci-lint - rev: v1.48.0 + rev: v1.51.2 hooks: - id: golangci-lint + entry: golangci-lint run + exclude: ^(generated/) + args: + - --skip-dirs='^(generated/)' + log_file: .pre-commit.log - repo: https://github.com/pre-commit/mirrors-prettier rev: v2.4.1 hooks: @@ -23,3 +28,4 @@ repos: exclude: ^(.github/|.tekton/) args: - --no-bracket-spacing + log_file: .pre-commit.log diff --git a/.tekton/listener.yaml b/.tekton/listener.yaml index 946dcbd6..f5a58a59 100644 --- a/.tekton/listener.yaml +++ b/.tekton/listener.yaml @@ -17,14 +17,9 @@ spec: - name: region description: the ibmcloud registry region default: us-south - - name: org - description: organization - - name: space - description: space - default: dev - name: resource-group description: resource group - default: default + default: Default - name: docker-username description: ibm container registry username default: iamapikey @@ -112,10 +107,6 @@ spec: value: $(params.dockersandbox-namespace) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - - name: space - value: $(params.space) - name: kubernetes-cluster value: $(params.kubernetes-cluster) - name: serving-ns diff --git a/.tekton/pipeline.yaml b/.tekton/pipeline.yaml index 2aaca8b4..80f65f90 100644 --- a/.tekton/pipeline.yaml +++ b/.tekton/pipeline.yaml @@ -32,13 +32,9 @@ spec: description: dockersandbox namespace - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space - name: serving-ns description: modelmesh serving namespace default: modelmesh-serving @@ -80,12 +76,8 @@ spec: value: $(params.docker-password) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - name: region value: $(params.region) - - name: space - value: $(params.space) workspaces: - name: task-pvc workspace: pipeline-pvc @@ -260,12 +252,8 @@ spec: value: $(params.serving-ns) - name: resource-group value: $(params.resource-group) - - name: org - value: $(params.org) - name: region value: $(params.region) - - name: space - value: $(params.space) - name: test-commands value: | kubectl get ns diff --git a/.tekton/task.yaml b/.tekton/task.yaml index 6f36cd83..65e4c71a 100644 --- a/.tekton/task.yaml +++ b/.tekton/task.yaml @@ -20,13 +20,10 @@ spec: description: iam api key - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space + default: us-south - name: archive-dir description: archive directory default: "." @@ -35,7 +32,7 @@ spec: mountPath: /artifacts steps: - name: run-setup-script - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -47,10 +44,6 @@ spec: value: $(params.repository) - name: REGION value: $(params.region) - - name: ORG - value: $(params.org) - - name: SPACE - value: $(params.space) - name: RESOURCE_GROUP value: $(params.resource-group) - name: GIT_BRANCH @@ -116,13 +109,12 @@ spec: description: docker sandbox namespace - name: publish-tag description: image publish tag - workspaces: - name: task-pvc mountPath: /artifacts steps: - name: process-image - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -243,7 +235,7 @@ spec: mountPath: /artifacts steps: - name: deploy-modelmesh-serving - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: DOCKER_USERNAME value: $(params.docker-username) @@ -295,7 +287,7 @@ spec: mountPath: /artifacts steps: - name: run-test - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: IBM_CLOUD_API_KEY value: $(params.apikey) @@ -347,7 +339,7 @@ spec: mountPath: /artifacts steps: - name: run-performance-test - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: SERVING_KUBERNETES_CLUSTER_NAME value: $(params.kubernetes-cluster) @@ -384,7 +376,7 @@ spec: mountPath: /artifacts steps: - name: undeploy-modelmesh-serving - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: SERVING_KUBERNETES_CLUSTER_NAME value: $(params.kubernetes-cluster) @@ -415,13 +407,10 @@ spec: default: kubeflow - name: resource-group description: resource group - default: default - - name: org - description: organization + default: Default - name: region description: region - - name: space - description: space + default: us-south - name: archive-dir description: archive directory default: "." @@ -433,7 +422,7 @@ spec: mountPath: /artifacts steps: - name: run-cleanup-script - image: docker.io/aipipeline/pipeline-base-image:1.2 + image: docker.io/aipipeline/pipeline-base-image:1.5 env: - name: IBM_CLOUD_API_KEY value: $(params.apikey) @@ -445,10 +434,6 @@ spec: value: $(params.serving-ns) - name: REGION value: $(params.region) - - name: ORG - value: $(params.org) - - name: SPACE - value: $(params.space) - name: RESOURCE_GROUP value: $(params.resource-group) - name: PIPELINE_URL @@ -481,7 +466,7 @@ spec: # Set up kubernetes config retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region - retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" + retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" $(params.test-commands) diff --git a/Dockerfile b/Dockerfile index 78d368a8..ad17109a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1.3 + # Copyright 2021 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,6 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable multi-arch build with mount option +# see https://hub.docker.com/r/docker/dockerfile (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0) + ############################################################################### # Stage 1: Run the go build with go compiler native to the build platform # https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/ @@ -47,7 +52,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ ############################################################################### # Stage 2: Copy build assets to create the smallest final runtime image ############################################################################### -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 AS runtime +FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 AS runtime ARG USER=2000 ARG IMAGE_VERSION diff --git a/Dockerfile.develop b/Dockerfile.develop index 1271f433..f3e690ec 100644 --- a/Dockerfile.develop +++ b/Dockerfile.develop @@ -1,3 +1,5 @@ +# syntax=docker/dockerfile:1.3 + # Copyright 2021 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -12,17 +14,20 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: for syntax, either use "experimental" or "1.3" (or later) to enable multi-arch build with mount option +# see https://hub.docker.com/r/docker/dockerfile (https://github.com/moby/buildkit/releases/tag/dockerfile%2F1.3.0) + ############################################################################### # Create the develop, test, and build environment ############################################################################### -FROM registry.access.redhat.com/ubi8/go-toolset:1.19 +FROM registry.access.redhat.com/ubi8/go-toolset:1.20 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope # don't provide "default" values (e.g. 'ARG TARGETARCH=amd64') for non-buildx environments, # see https://github.com/docker/buildx/issues/510 ARG TARGETOS ARG TARGETARCH - + ARG OPENSHIFT_VERSION=4.12 ARG KUSTOMIZE_VERSION=4.5.2 ARG KUBEBUILDER_VERSION=v3.11.0 @@ -116,7 +121,7 @@ RUN true \ # Use setup-envtest for kubebuilder to use K8s version 1.23+ for autoscaling/v2 (HPA) RUN true \ && go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest \ - && setup-envtest use 1.23 \ + && setup-envtest use 1.26 \ && true # For GitHub Action 'lint', work around error "detected dubious ownership in repository at '/workspace'" diff --git a/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml b/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml index 2b434b83..425a60b0 100644 --- a/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml +++ b/config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_clusterservingruntimes.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_clusterservingruntimes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/bases/serving.kserve.io_inferenceservices.yaml b/config/crd/bases/serving.kserve.io_inferenceservices.yaml index d572d99c..9b981900 100644 --- a/config/crd/bases/serving.kserve.io_inferenceservices.yaml +++ b/config/crd/bases/serving.kserve.io_inferenceservices.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_inferenceservices.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_inferenceservices.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/config/crd/bases/serving.kserve.io_servingruntimes.yaml b/config/crd/bases/serving.kserve.io_servingruntimes.yaml index 68083880..edf8d26b 100644 --- a/config/crd/bases/serving.kserve.io_servingruntimes.yaml +++ b/config/crd/bases/serving.kserve.io_servingruntimes.yaml @@ -1,4 +1,4 @@ -# Copied from https://github.com/kserve/kserve/blob/v0.11.1/config/crd/serving.kserve.io_servingruntimes.yaml +# Copied from https://github.com/kserve/kserve/blob/v0.11.2/config/crd/serving.kserve.io_servingruntimes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/controllers/config/templating.go b/controllers/config/templating.go index 6f4b4166..f124d35e 100644 --- a/controllers/config/templating.go +++ b/controllers/config/templating.go @@ -49,7 +49,7 @@ func templateSource(r io.Reader, context interface{}) mf.Source { if err != nil { panic(err) } - t, err := template.New("foo").Parse(string(b)) + t, err := template.New("ModelMeshTemplate").Parse(string(b)) if err != nil { panic(err) } diff --git a/controllers/suite_test.go b/controllers/suite_test.go index e090467b..39075a83 100644 --- a/controllers/suite_test.go +++ b/controllers/suite_test.go @@ -11,21 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ package controllers diff --git a/docs/component-versions.md b/docs/component-versions.md index 890a2c53..0600dc84 100644 --- a/docs/component-versions.md +++ b/docs/component-versions.md @@ -1,8 +1,9 @@ # Component versions -The following table shows the component versions for the latest modelmesh-serving release (v0.11.0). -| Component | Description | Upstream Revision | -| - | - | - | -| ModelMesh | Serves as a general-purpose model serving management/routing layer | [v0.11.0](https://github.com/kserve/modelmesh/tree/v0.11.0) | -| ModelMesh Runtime Adapter | Contains the unified puller/runtime-adapter image | [v0.11.0](https://github.com/kserve/modelmesh-runtime-adapter/tree/v0.11.0) | -| REST Proxy | Supports inference requests using KServe V2 REST Predict Protocol | [v0.11.0](https://github.com/kserve/rest-proxy/tree/v0.11.0) | +The following table shows the component versions for the latest ModelMesh Serving release (v0.11.2). + +| Component | Description | Upstream Revision | +| ------------------------- | ------------------------------------------------------------------ | --------------------------------------------------------------------------- | +| ModelMesh | Serves as a general-purpose model serving management/routing layer | [v0.11.2](https://github.com/kserve/modelmesh/tree/v0.11.2) | +| ModelMesh Runtime Adapter | Contains the unified puller/runtime-adapter image | [v0.11.2](https://github.com/kserve/modelmesh-runtime-adapter/tree/v0.11.2) | +| REST Proxy | Supports inference requests using KServe V2 REST Predict Protocol | [v0.11.2](https://github.com/kserve/rest-proxy/tree/v0.11.2) | diff --git a/docs/configuration/tls.md b/docs/configuration/tls.md index 492db227..1a4ec916 100644 --- a/docs/configuration/tls.md +++ b/docs/configuration/tls.md @@ -4,120 +4,154 @@ TLS can be configured via the `tls.secretName` and `tls.clientAuth` parameters o When TLS is enabled for the external inferencing interface, all of the ModelMesh Serving internal (intra-Pod) communication will be secured using the same certificates. The internal links will use mutual TLS regardless of whether client authentication is required for the external connections. -There are various ways to generate TLS certificates, below are steps on how to do this using OpenSSL or CertManager. +There are various ways to generate TLS certificates. Below are steps on how to do this using OpenSSL or CertManager. ## Generating TLS Certificates for Dev/Test using OpenSSL -To create a SAN key/cert for TLS, use command: +First, define the variables that will be used in the commands below. Change the values to suit your environment: ```shell -openssl req -x509 -newkey rsa:4096 -sha256 -days 3560 -nodes -keyout example.key -out example.crt -subj '/CN=modelmesh-serving' -extensions san -config openssl-san.config +NAMESPACE="modelmesh-serving" # the controller namespace where ModelMesh Serving was deployed +SECRET_NAME="modelmesh-certificate" ``` -Where the contents of `openssl-san.config` look like: +Create an OpenSSL configuration file named `openssl-san.config`: -``` +```shell +cat > openssl-san.config << EOF [ req ] distinguished_name = req [ san ] subjectAltName = DNS:modelmesh-serving.${NAMESPACE},DNS:localhost,IP:0.0.0.0 +EOF +``` + +Use the following command to create a SAN key/cert: + +```shell +openssl req -x509 -newkey rsa:4096 -sha256 -days 3560 -nodes \ + -keyout server.key \ + -out server.crt \ + -subj "/CN=${NAMESPACE}" \ + -extensions san \ + -config openssl-san.config ``` -With the generated key/cert, create a kube secret with contents like: +From there, you can create a secret using the generated certificate and key: -```yaml +```shell +kubectl apply -f - < - tls.key: - ca.crt: + tls.crt: $(cat server.crt) + tls.key: $(cat server.key) + ca.crt: $(cat server.crt) +EOF ``` -For basic TLS, only the fields `tls.crt` and `tls.key` are needed in the kube secret. For mutual TLS, add `ca.crt` in the kube secret and set the configuration `tls.clientAuth` to `require` in the ConfigMap `model-serving-config`. - -## Creating TLS Certificates using CertManager +**Note:** For basic TLS, only the fields `tls.crt` and `tls.key` are required. For mutual TLS, `ca.crt` should be included and `tls.clientAuth` should be set to `require` in the [`model-serving-config` ConfigMap](./README.md). -1. If necessary, install `cert-manager` in the cluster - follow the steps here: https://cert-manager.io/docs/installation/. +Alternatively, you can create this secret imperatively using: -2. Create an `Issuer` CR - - kubectl apply -f - < ca.crt + ```shell + kubectl get secret ${SECRET_NAME} -o jsonpath="{.data.ca\.crt}" > ca.crt + ``` diff --git a/docs/install/install-script.md b/docs/install/install-script.md index 238b9274..572ff0d9 100644 --- a/docs/install/install-script.md +++ b/docs/install/install-script.md @@ -43,11 +43,11 @@ A secret named `model-serving-etcd` will be created and passed to the controller To install the most recent _stable release_ of [modelmesh-serving](https://github.com/kserve/modelmesh-serving/releases/latest) -follow the [Installation instructions](https://github.com/kserve/modelmesh-serving/blob/release-0.11/docs/install/install-script.md) for version `v0.11.0`. +follow the [Installation instructions](https://github.com/kserve/modelmesh-serving/blob/release-0.11.2/docs/install/install-script.md) for version `v0.11.2`. Start by cloning the [modelmesh-serving](https://github.com/kserve/modelmesh-serving.git) repository: - + ```shell RELEASE="main" diff --git a/docs/quickstart.md b/docs/quickstart.md index 75042dd6..34eb0355 100644 --- a/docs/quickstart.md +++ b/docs/quickstart.md @@ -4,19 +4,24 @@ To quickly get started using ModelMesh Serving, here is a brief guide. -> **Note**: This document describes how to install the _latest unreleased_ version of ModelMesh for developers and early adopters. To install the most recent _stable release_, please follow the [Quick Start Guide for version 0.11](https://github.com/kserve/modelmesh-serving/blob/release-0.11/docs/quickstart.md). +> **Note**: This document describes how to install the _latest unreleased_ +> version of ModelMesh for developers and early adopters. To install the +> most recent _stable release_, please follow the +> [Quick Start Guide for version 0.11.2](https://github.com/kserve/modelmesh-serving/blob/release-0.11.2/docs/quickstart.md). ## Prerequisites - A Kubernetes cluster v1.23+ with cluster administrative privileges -- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) and [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) (v4.0+) -- At least 4 vCPU and 8 GB memory. For more details, please see [here](install/README.md#deployed-components). +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) and + [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) (v4.0+) +- At least 4 vCPU and 8 GB memory. For more details, please see + [here](install/README.md#deployed-components). ## 1. Install ModelMesh Serving ### Clone the ModelMesh repository - + ```shell RELEASE="main" diff --git a/docs/release-process.md b/docs/release-process.md index 203efebe..4ef85a05 100644 --- a/docs/release-process.md +++ b/docs/release-process.md @@ -17,6 +17,15 @@ on the [`#kserve` Kubeflow Slack channel](https://kubeflow.slack.com/archives/CH Before starting the actual release process, make sure that the features and bug fixes that were designated to be part of the release are completed and fully tested. +Check the _Security_ tab for each of the ModelMesh repositories and make sure all +outstanding vulnerabilities were addressed: + +- [ ] [`modelmesh`](https://github.com/kserve/modelmesh/security) +- [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/security) +- [ ] [`modelmesh-runtime-adapter`](https://github.com/kserve/modelmesh-runtime-adapter/security) +- [ ] [`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/security) +- [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/security) + Update the `go` dependency to `github.com/kserve/kserve` in `go.mod` and run `go mod tidy`. Since the KServe and ModelMesh releases are aligned, there should already be a `v...-rc0` (or `-rc1`) of KServe before the ModelMesh release process @@ -32,6 +41,8 @@ latest pre-release version: - [ ] `config/crd/bases/serving.kserve.io_clusterservingruntimes.yaml` - [ ] `config/crd/bases/serving.kserve.io_servingruntimes.yaml` +These changes should be committed to `main`, before creating a release branch. + ## Create Release Branches A release branch should be substantially _feature complete_ with respect to the @@ -53,7 +64,7 @@ Release branches serve several purposes: particular release stream (e.g., producing a `v0.6.1` from `release-0.6`), when appropriate. -These 5 repositories need a (new) `release-*` branch: +Create a (new) `release-*` branch in these 5 repositories: - [ ] [`modelmesh`](https://github.com/kserve/modelmesh/branches) - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/branches) @@ -61,6 +72,13 @@ These 5 repositories need a (new) `release-*` branch: - [ ] [`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/branches) - [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/branches) +**Note**: Technically, it is only _required_ to create a release branch in the +[`modelmesh-serving`](https://github.com/kserve/modelmesh-serving/branches) repository, +where configuration files have to be modified with specific image tags corresponding +to the new release being drafted. For the remaining repositories, a dedicated release +branch can be created from the release tag at a later time, should the need arise to +fix/patch a previous release. + ## Update Release Tags It's generally a good idea to search the entire repo for strings of the old version @@ -81,7 +99,7 @@ with KServe. 1. Create new (pre-)release tags (`v...-rc0`) in these repositories: - [ ] [`modelmesh`](https://github.com/kserve/modelmesh/releases) - - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-runtime-adapter/releases) + - [ ] [`modelmesh-minio-examples`](https://github.com/kserve/modelmesh-minio-examples/releases) - [ ] [`modelmesh-runtime-adapter`](https://github.com/kserve/modelmesh-runtime-adapter/releases) - [ ] [`rest-proxy`](https://github.com/kserve/rest-proxy/releases) @@ -95,6 +113,7 @@ with KServe. - [ ] [kserve/modelmesh](https://hub.docker.com/r/kserve/modelmesh/tags) - [ ] [kserve/modelmesh-minio-examples](https://hub.docker.com/r/kserve/modelmesh-minio-examples/tags) + - [ ] [kserve/modelmesh-minio-dev-examples](https://hub.docker.com/r/kserve/modelmesh-minio-dev-examples/tags) - [ ] [kserve/modelmesh-runtime-adapter](https://hub.docker.com/r/kserve/modelmesh-runtime-adapter/tags) - [ ] [kserve/rest-proxy](https://hub.docker.com/r/kserve/rest-proxy/tags) @@ -104,24 +123,33 @@ with KServe. - `kserve/modelmesh` - `kserve/modelmesh-controller` - `kserve/modelmesh-minio-examples` + - `kserve/modelmesh-minio-dev-examples` - `kserve/modelmesh-runtime-adapter` - `kserve/rest-proxy` The version tags should be updated in the following files: - - [ ] `.github/workflows/fvt.yml`: + - [ ] `.github/workflows/fvt-base.yml`: - [ ] `docker pull kserve/modelmesh:v...` - [ ] `docker pull kserve/modelmesh-minio-dev-examples:v...` + - [ ] `docker pull kserve/modelmesh-minio-examples:v...` - [ ] `docker pull kserve/modelmesh-runtime-adapter:v...` - [ ] `docker pull kserve/rest-proxy:v...` - [ ] `config/default/config-defaults.yaml`: - [ ] `kserve/modelmesh` - [ ] `kserve/rest-proxy` - [ ] `kserve/modelmesh-runtime-adapter` + - [ ] `config/dependencies/fvt.yaml`: + - [ ] `image: kserve/modelmesh-minio-dev-examples:v...` + - [ ] `image: kserve/modelmesh-minio-examples:v...` - [ ] `config/dependencies/quickstart.yaml`: - - [ ] `kserve/modelmesh-minio-examples` - - [ ] `config/manager/kustomization.yaml`: edit the `newTag` - - [ ] `docs/component-versions.md`: update the version and component versions + - [ ] `image: kserve/modelmesh-minio-examples:v...` + - [ ] `config/manager/kustomization.yaml`: update the `newTag` to `v...` + - [ ] `docs/component-versions.md`: update tags and repo links + - [ ] ModelMesh Serving release + - [ ] ModelMesh + - [ ] ModelMesh Runtime Adapter + - [ ] REST Proxy - [ ] `docs/install/install-script.md`: update the `RELEASE` variable in the `Installation` section to the new `release-*` branch name and remove the note pointing to the (old) `release-*` branch @@ -140,9 +168,9 @@ with KServe. (e.g. `v0.11.0`) with the new release branch name or new version tags. Submit them in a PR to `main`, and wait for that PR to be merged: + - [ ] `docs/install/install-script.md` - [ ] `docs/component-versions.md` - [ ] `docs/quickstart.md` - - [ ] `docs/install/install-script.md` - [ ] `scripts/setup_user_namespaces.sh` ## Generate Release Artifacts and Publish the Release diff --git a/go.mod b/go.mod index 86d21415..a81ee15e 100644 --- a/go.mod +++ b/go.mod @@ -1,13 +1,13 @@ module github.com/kserve/modelmesh-serving -go 1.19 +go 1.20 require ( github.com/dereklstinson/cifar v0.0.0-20200421171932-5722a3b6a0c7 github.com/go-logr/logr v1.2.4 github.com/golang/protobuf v1.5.3 github.com/google/go-cmp v0.5.9 - github.com/kserve/kserve v0.11.1 + github.com/kserve/kserve v0.11.2 github.com/manifestival/controller-runtime-client v0.4.0 github.com/manifestival/manifestival v0.7.1 github.com/moverest/mnist v0.0.0-20160628192128-ec5d9d203b59 @@ -99,11 +99,11 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.9.1 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect @@ -131,6 +131,8 @@ replace ( // this dependency comes from k8s.io/component-base@v0.26.4 and k8s.io/apiextensions-apiserver@v0.26.4 // before removing it make sure that the next version of the related k8s dependencies contains the fix go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 + // Update Go Crypto to avoid CVE-2022-27191, CVE-2021-43565, CVE-2020-29652, CVE-2023-48795 + golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Update Go Networking to avoid CVE-2023-44487 and CVE-2023-39325 golang.org/x/net => golang.org/x/net v0.17.0 // remove when upgrade to controller-runtime 0.15.x or apimachinery to 0.27.x diff --git a/go.sum b/go.sum index af7c4b61..d4149aa7 100644 --- a/go.sum +++ b/go.sum @@ -416,8 +416,8 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/kserve/kserve v0.11.1 h1:3gh2mmCkw2tbzhbN2zKKxtqDjt71V1K2MwpaiXF4KJI= -github.com/kserve/kserve v0.11.1/go.mod h1:qCEKO7gXwWm8sx4LGrKHYjK+SKVWQ35gAEVaE1a0Wug= +github.com/kserve/kserve v0.11.2 h1:ZYwj3/04JrwIiqIrVjPhcX5umHFj3gHAhbtghfseoPo= +github.com/kserve/kserve v0.11.2/go.mod h1:x44/b0J4y8kqNUuxcHP386jN3BAk5DRoLvhebnF+VP8= github.com/logrusorgru/aurora/v3 v3.0.0 h1:R6zcoZZbvVcGMvDCKo45A9U/lzYyzl5NfYIvznmDfE4= github.com/logrusorgru/aurora/v3 v3.0.0/go.mod h1:vsR12bk5grlLvLXAYrBsb5Oc/N+LxAlxggSjiwMnCUc= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -670,25 +670,8 @@ go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -772,7 +755,6 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -795,7 +777,6 @@ golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -809,14 +790,13 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -824,7 +804,6 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -832,8 +811,9 @@ golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/pkg/predictor_source/inferenceservice_registry.go b/pkg/predictor_source/inferenceservice_registry.go index 726b6784..3c8bc21c 100644 --- a/pkg/predictor_source/inferenceservice_registry.go +++ b/pkg/predictor_source/inferenceservice_registry.go @@ -1,18 +1,16 @@ -/* -Copyright 2021 IBM Corporation - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ +// Copyright 2021 IBM Corporation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package predictor_source diff --git a/scripts/deploy/iks/build-image-dind.sh b/scripts/deploy/iks/build-image-dind.sh index 7248ad74..4b39f2bc 100644 --- a/scripts/deploy/iks/build-image-dind.sh +++ b/scripts/deploy/iks/build-image-dind.sh @@ -13,17 +13,15 @@ set -xe # The following envs could be loaded from `build.properties` that # `run-setup.sh` generates. # - REGION: cloud region (us-south as default) -# - ORG: target organization (dev-advo as default) -# - SPACE: target space (dev as default) # - GIT_BRANCH: git branch # - GIT_COMMIT: git commit hash # - GIT_COMMIT_SHORT: git commit hash short REGION=${REGION:-"us-south"} -ORG=${ORG:-"dev-advo"} -SPACE=${SPACE:-"dev"} RUN_TASK=${RUN_TASK:-"build"} +export DOCKER_BUILDKIT=1 + retry() { local max=$1; shift local interval=$1; shift @@ -39,19 +37,25 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" + ###################################################################################### # Build image # ###################################################################################### build_image() { - echo "=======================Build modelmesh controller image=======================" + echo "=======================Build ModelMesh controller image=======================" # Will build develop and then runtime images. + docker version + # docker pull docker/dockerfile:experimental # syntax=docker/dockerfile:experimental + docker pull docker/dockerfile:1.3 # syntax=docker/dockerfile:1.3 + echo "==============================Build dev image ================================" make build.develop docker images docker inspect "kserve/modelmesh-controller-develop:latest" + echo "==========================Build runtime image ================================" make build docker images diff --git a/scripts/deploy/iks/deploy-mm-serving.sh b/scripts/deploy/iks/deploy-mm-serving.sh index 7f7627b9..36a416ce 100644 --- a/scripts/deploy/iks/deploy-mm-serving.sh +++ b/scripts/deploy/iks/deploy-mm-serving.sh @@ -18,8 +18,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -46,7 +44,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" kubectl create ns "$SERVING_NS" @@ -76,7 +74,8 @@ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack mv kustomize /usr/local/bin/kustomize # Update target tag and namespace/organization -sed -i.bak 's/newTag:.*$/newTag: '"$GIT_COMMIT_SHORT"'/' config/manager/kustomization.yaml +# enclose commit short hash in quotes to avoid it being interpreted as an int +sed -i.bak 's/newTag:.*$/newTag: "'${GIT_COMMIT_SHORT}'"/' config/manager/kustomization.yaml sed -i.bak 's/newName:.*$/newName: '"$DOCKERSANDBOX_NAMESPACE\/modelmesh-controller"'/' config/manager/kustomization.yaml rm config/manager/kustomization.yaml.bak diff --git a/scripts/deploy/iks/run-perf-test.sh b/scripts/deploy/iks/run-perf-test.sh index c9616489..374676fe 100755 --- a/scripts/deploy/iks/run-perf-test.sh +++ b/scripts/deploy/iks/run-perf-test.sh @@ -23,7 +23,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" kubectl config set-context --current --namespace=${SERVING_NS} diff --git a/scripts/deploy/iks/run-setup.sh b/scripts/deploy/iks/run-setup.sh index 67798f01..90f7dd85 100644 --- a/scripts/deploy/iks/run-setup.sh +++ b/scripts/deploy/iks/run-setup.sh @@ -5,13 +5,9 @@ set -xe # Environment variables needed by this script: # - REGION: cloud region (us-south as default) -# - ORG: target organization (dev-advo as default) -# - SPACE: target space (dev as default) REGION=${REGION:-"us-south"} -ORG=${ORG:-"dev-advo"} -SPACE=${SPACE:-"dev"} -RESOURCE_GROUP=${RESOURCE_GROUP:-"default"} +RESOURCE_GROUP=${RESOURCE_GROUP:-"Default"} GIT_COMMIT_SHORT=$(git log -n1 --format=format:"%h") # Git repo cloned at $WORKING_DIR, copy into $ARCHIVE_DIR and @@ -33,8 +29,6 @@ fi echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "BUILD_NUMBER=${BUILD_NUMBER}" echo "REGION=${REGION}" - echo "ORG=${ORG}" - echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" } >> "${ARCHIVE_DIR}/build.properties" -grep -v -i password "${ARCHIVE_DIR}/build.properties" \ No newline at end of file +grep -v -i password "${ARCHIVE_DIR}/build.properties" diff --git a/scripts/deploy/iks/test-fvt.sh b/scripts/deploy/iks/test-fvt.sh index 5dd14ef4..4b7e84b3 100644 --- a/scripts/deploy/iks/test-fvt.sh +++ b/scripts/deploy/iks/test-fvt.sh @@ -10,8 +10,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -41,20 +39,20 @@ run_fvt() { export KUBECONFIG=~/.kube/config rm -rf /usr/local/go - wget https://go.dev/dl/go1.19.9.linux-amd64.tar.gz - tar -C /usr/local -xzf go1.19.9.linux-amd64.tar.gz + wget https://go.dev/dl/go1.20.4.linux-amd64.tar.gz + tar -C /usr/local -xzf go1.20.4.linux-amd64.tar.gz go install github.com/onsi/ginkgo/v2/ginkgo export PATH=/root/go/bin/:$PATH export NAMESPACE=${SERVING_NS} export NAMESPACESCOPEMODE=false - ginkgo -v --progress --fail-fast -p fvt/predictor fvt/scaleToZero --timeout 40m > fvt.out + ginkgo -v --procs=2 --compilers=2 --keep-going fvt/predictor fvt/scaleToZero fvt/storage fvt/hpa --timeout=50m --flake-attempts=3 > fvt.out cat fvt.out if [[ $(grep "Test Suite Passed" fvt.out) ]]; then export NAMESPACE="modelmesh-user" - ginkgo -v --progress --fail-fast -p fvt/predictor fvt/scaleToZero --timeout 40m > fvt.out + ginkgo -v --procs=2 --compilers=2 --keep-going fvt/predictor fvt/scaleToZero fvt/storage fvt/hpa --timeout=50m --flake-attempts=3 > fvt.out cat fvt.out if [[ $(grep "Test Suite Passed" fvt.out) ]]; then REV=0 @@ -65,7 +63,7 @@ run_fvt() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" RESULT=0 diff --git a/scripts/deploy/iks/undeploy-mm-serving.sh b/scripts/deploy/iks/undeploy-mm-serving.sh index 843b7f6e..8156bf4e 100644 --- a/scripts/deploy/iks/undeploy-mm-serving.sh +++ b/scripts/deploy/iks/undeploy-mm-serving.sh @@ -14,8 +14,6 @@ echo "GIT_BRANCH=${GIT_BRANCH}" echo "GIT_COMMIT=${GIT_COMMIT}" echo "GIT_COMMIT_SHORT=${GIT_COMMIT_SHORT}" echo "REGION=${REGION}" -echo "ORG=${ORG}" -echo "SPACE=${SPACE}" echo "RESOURCE_GROUP=${RESOURCE_GROUP}" # These env vars should come from the pipeline run environment properties @@ -37,7 +35,7 @@ retry() { } retry 3 3 ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" --no-region -retry 3 3 ibmcloud target -r "$REGION" -o "$ORG" -s "$SPACE" -g "$RESOURCE_GROUP" +retry 3 3 ibmcloud target -r "$REGION" -g "$RESOURCE_GROUP" retry 3 3 ibmcloud ks cluster config -c "$SERVING_KUBERNETES_CLUSTER_NAME" # Update kustomize diff --git a/scripts/fmt.sh b/scripts/fmt.sh index cb87320b..f8d7ac6c 100755 --- a/scripts/fmt.sh +++ b/scripts/fmt.sh @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License.# +if [ -f .pre-commit.log ]; then + rm -f .pre-commit.log +fi + pre-commit run --all-files RETURN_CODE=$? @@ -35,6 +39,10 @@ if [ $RETURN_CODE -eq 127 ]; then echoError 'how to set up your dev environment. This will automatically format' echoError 'your code when you make a new commit.' elif [ "$RETURN_CODE" -ne 0 ]; then + # cat this file for helping on identifying the root cause when some issue happens + if [ -f .pre-commit.log ]; then + cat .pre-commit.log + fi if [ "${CI}" != "true" ]; then echoError 'Pre-commit linter failed, but it may have automatically formatted your files.' echoError 'Check your changed files and/or manually fix the errors above then stage and commit.' @@ -44,6 +52,7 @@ elif [ "$RETURN_CODE" -ne 0 ]; then echoError 'fail, but may automatically format some files. Stage the changed files and' echoError 'manually correct any other issues before committing and building again.' fi + git diff -R --ws-error-highlight=all --color --exit-code fi exit $RETURN_CODE diff --git a/scripts/install.sh b/scripts/install.sh index 6b34b769..0d02e030 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -361,6 +361,7 @@ if [[ $enable_self_signed_ca == "true" ]]; then rm default/kustomization.yaml.bak fi +info "kustomize build default" kustomize build default | kubectl apply -f - if [[ $dev_mode_logging == "true" ]]; then diff --git a/scripts/setup_user_namespaces.sh b/scripts/setup_user_namespaces.sh index 81535ee5..60bfe327 100755 --- a/scripts/setup_user_namespaces.sh +++ b/scripts/setup_user_namespaces.sh @@ -32,7 +32,7 @@ EOF ctrl_ns="modelmesh-serving" user_ns_array=() -modelmesh_release="v0.11.0" # The latest release is the default +modelmesh_release="v0.11.2" # The latest release is the default create_storage_secret=false deploy_serving_runtimes=false dev_mode=false # Set to true to use locally cloned files instead of from a release