From e0e0c7f1b8b191841ba6e4a07427bded5dd57ef4 Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Fri, 2 Aug 2024 11:11:35 +0100 Subject: [PATCH] feat: Add TLS ConfigMap parameter Update ODH and RHOAI overlays --- config/base/kustomization.yaml | 9 +++++- config/base/params.env | 3 +- config/overlays/odh/params.env | 6 ++-- config/overlays/rhoai/kustomization.yaml | 4 +++ config/overlays/rhoai/params.env | 5 ++++ controllers/config_maps.go | 38 ++++++++++++++++++++++++ controllers/constants.go | 1 + controllers/inference_services.go | 13 +++++++- 8 files changed, 74 insertions(+), 5 deletions(-) create mode 100644 config/overlays/rhoai/params.env diff --git a/config/base/kustomization.yaml b/config/base/kustomization.yaml index 0247b9b..129fa06 100644 --- a/config/base/kustomization.yaml +++ b/config/base/kustomization.yaml @@ -47,4 +47,11 @@ vars: name: config apiVersion: v1 fieldref: - fieldpath: data.kServeServerless \ No newline at end of file + fieldpath: data.kServeServerless + - name: tls + objref: + kind: ConfigMap + name: config + apiVersion: v1 + fieldref: + fieldpath: data.tls \ No newline at end of file diff --git a/config/base/params.env b/config/base/params.env index a0f5419..1b63c72 100644 --- a/config/base/params.env +++ b/config/base/params.env @@ -1,4 +1,5 @@ trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest oauthProxyImage=quay.io/openshift/origin-oauth-proxy:4.14.0 -kServeServerless=disabled \ No newline at end of file +kServeServerless=disabled +tls=enabled \ No newline at end of file diff --git a/config/overlays/odh/params.env b/config/overlays/odh/params.env index 72d2cec..70a36c3 100644 --- a/config/overlays/odh/params.env +++ b/config/overlays/odh/params.env @@ -1,3 +1,5 @@ -trustyaiServiceImage=quay.io/trustyai/trustyai-service:v0.13.0 -trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:v1.19.0 +trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest +trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest oauthProxyImage=quay.io/openshift/origin-oauth-proxy:4.14.0 +kServeServerless=enabled +tls=disabled \ No newline at end of file diff --git a/config/overlays/rhoai/kustomization.yaml b/config/overlays/rhoai/kustomization.yaml index e6e984b..d4b4a2a 100644 --- a/config/overlays/rhoai/kustomization.yaml +++ b/config/overlays/rhoai/kustomization.yaml @@ -3,3 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../../base +configMapGenerator: + - env: params.env + behavior: merge + name: config diff --git a/config/overlays/rhoai/params.env b/config/overlays/rhoai/params.env new file mode 100644 index 0000000..5d49527 --- /dev/null +++ b/config/overlays/rhoai/params.env @@ -0,0 +1,5 @@ +trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest +trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest +oauthProxyImage=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:ab112105ac37352a2a4916a39d6736f5db6ab4c29bad4467de8d613e80e9bb33 +kServeServerless=disabled +tls=enabled \ No newline at end of file diff --git a/controllers/config_maps.go b/controllers/config_maps.go index a4885ab..0656e73 100644 --- a/controllers/config_maps.go +++ b/controllers/config_maps.go @@ -84,6 +84,44 @@ func (r *TrustyAIServiceReconciler) getKServeServerlessConfig(ctx context.Contex } } +// getTLSConfig checks the tls value in a ConfigMap in the operator's namespace +func (r *TrustyAIServiceReconciler) getTLSConfig(ctx context.Context) (bool, error) { + + if r.Namespace != "" { + // Define the key for the ConfigMap + configMapKey := types.NamespacedName{ + Namespace: r.Namespace, + Name: imageConfigMap, + } + + // Create an empty ConfigMap object + var cm corev1.ConfigMap + + // Try to get the ConfigMap + if err := r.Get(ctx, configMapKey, &cm); err != nil { + if errors.IsNotFound(err) { + // ConfigMap not found, return false as the default behavior + return false, nil + } + // Other error occurred when trying to fetch the ConfigMap + return false, fmt.Errorf("error reading configmap %s", configMapKey) + } + + // ConfigMap is found, extract the tls value + tls, ok := cm.Data[configMapTLSKey] + + if !ok || tls != "enabled" { + // Key is missing or its value is not "enabled", return false + return false, nil + } + + // tls is "enabled" + return true, nil + } else { + return false, nil + } +} + // getConfigMapNamesWithLabel retrieves the names of ConfigMaps that have the specified label func (r *TrustyAIServiceReconciler) getConfigMapNamesWithLabel(ctx context.Context, namespace string, labelSelector client.MatchingLabels) ([]string, error) { configMapList := &corev1.ConfigMapList{} diff --git a/controllers/constants.go b/controllers/constants.go index 2c7081b..13cb385 100644 --- a/controllers/constants.go +++ b/controllers/constants.go @@ -30,6 +30,7 @@ const ( configMapOAuthProxyImageKey = "oauthProxyImage" configMapServiceImageKey = "trustyaiServiceImage" configMapkServeServerlessKey = "kServeServerless" + configMapTLSKey = "tls" ) // OAuth constants diff --git a/controllers/inference_services.go b/controllers/inference_services.go index b49a526..bb2f6de 100644 --- a/controllers/inference_services.go +++ b/controllers/inference_services.go @@ -146,8 +146,19 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsByLabelForDeployments(ctx contex return false, err } + tlsEnabled, err := r.getTLSConfig(ctx) + if err != nil { + log.FromContext(ctx).Error(err, "Could not read TLS configuration. Defaulting to enabled") + tlsEnabled = true + } + // Build the payload processor endpoint - url := generateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2" + var url string + if tlsEnabled { + url = generateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2" + } else { + url = generateNonTLSServiceURL(crName, namespace) + "/consumer/kserve/v2" + } // Patch environment variables for the Deployments if shouldContinue, err := r.patchEnvVarsForDeployments(ctx, instance, deployments, envVarName, url, remove); err != nil {