feat: Add TLS ConfigMap parameter

Update ODH and RHOAI overlays
trustyai-explainability · Aug 2, 2024 · e0e0c7f · e0e0c7f
1 parent 91ba2c5
commit e0e0c7f
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 5 deletions.
diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml
@@ -47,4 +47,11 @@ vars:
       name: config
       apiVersion: v1
     fieldref:
-      fieldpath: data.kServeServerless
+      fieldpath: data.kServeServerless
+  - name: tls
+    objref:
+      kind: ConfigMap
+      name: config
+      apiVersion: v1
+    fieldref:
+      fieldpath: data.tls
diff --git a/config/base/params.env b/config/base/params.env
@@ -1,4 +1,5 @@
 trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest
 trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest
 oauthProxyImage=quay.io/openshift/origin-oauth-proxy:4.14.0
-kServeServerless=disabled
+kServeServerless=disabled
+tls=enabled
diff --git a/config/overlays/odh/params.env b/config/overlays/odh/params.env
@@ -1,3 +1,5 @@
-trustyaiServiceImage=quay.io/trustyai/trustyai-service:v0.13.0
-trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:v1.19.0
+trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest
+trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest
 oauthProxyImage=quay.io/openshift/origin-oauth-proxy:4.14.0
+kServeServerless=enabled
+tls=disabled
diff --git a/config/overlays/rhoai/kustomization.yaml b/config/overlays/rhoai/kustomization.yaml
@@ -3,3 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../base
+configMapGenerator:
+  - env: params.env
+    behavior: merge
+    name: config
diff --git a/config/overlays/rhoai/params.env b/config/overlays/rhoai/params.env
@@ -0,0 +1,5 @@
+trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest
+trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest
+oauthProxyImage=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33
+kServeServerless=disabled
+tls=enabled
diff --git a/controllers/config_maps.go b/controllers/config_maps.go
@@ -84,6 +84,44 @@ func (r *TrustyAIServiceReconciler) getKServeServerlessConfig(ctx context.Contex
 	}
 }
 
+// getTLSConfig checks the tls value in a ConfigMap in the operator's namespace
+func (r *TrustyAIServiceReconciler) getTLSConfig(ctx context.Context) (bool, error) {
+
+	if r.Namespace != "" {
+		// Define the key for the ConfigMap
+		configMapKey := types.NamespacedName{
+			Namespace: r.Namespace,
+			Name:      imageConfigMap,
+		}
+
+		// Create an empty ConfigMap object
+		var cm corev1.ConfigMap
+
+		// Try to get the ConfigMap
+		if err := r.Get(ctx, configMapKey, &cm); err != nil {
+			if errors.IsNotFound(err) {
+				// ConfigMap not found, return false as the default behavior
+				return false, nil
+			}
+			// Other error occurred when trying to fetch the ConfigMap
+			return false, fmt.Errorf("error reading configmap %s", configMapKey)
+		}
+
+		// ConfigMap is found, extract the tls value
+		tls, ok := cm.Data[configMapTLSKey]
+
+		if !ok || tls != "enabled" {
+			// Key is missing or its value is not "enabled", return false
+			return false, nil
+		}
+
+		// tls is "enabled"
+		return true, nil
+	} else {
+		return false, nil
+	}
+}
+
 // getConfigMapNamesWithLabel retrieves the names of ConfigMaps that have the specified label
 func (r *TrustyAIServiceReconciler) getConfigMapNamesWithLabel(ctx context.Context, namespace string, labelSelector client.MatchingLabels) ([]string, error) {
 	configMapList := &corev1.ConfigMapList{}

diff --git a/controllers/constants.go b/controllers/constants.go
@@ -30,6 +30,7 @@ const (
 	configMapOAuthProxyImageKey  = "oauthProxyImage"
 	configMapServiceImageKey     = "trustyaiServiceImage"
 	configMapkServeServerlessKey = "kServeServerless"
+	configMapTLSKey              = "tls"
 )
 
 // OAuth constants

diff --git a/controllers/inference_services.go b/controllers/inference_services.go
@@ -146,8 +146,19 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsByLabelForDeployments(ctx contex
 		return false, err
 	}
 
+	tlsEnabled, err := r.getTLSConfig(ctx)
+	if err != nil {
+		log.FromContext(ctx).Error(err, "Could not read TLS configuration. Defaulting to enabled")
+		tlsEnabled = true
+	}
+
 	// Build the payload processor endpoint
-	url := generateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2"
+	var url string
+	if tlsEnabled {
+		url = generateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2"
+	} else {
+		url = generateNonTLSServiceURL(crName, namespace) + "/consumer/kserve/v2"
+	}
 
 	// Patch environment variables for the Deployments
 	if shouldContinue, err := r.patchEnvVarsForDeployments(ctx, instance, deployments, envVarName, url, remove); err != nil {