Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add oauth-proxy to rawdeployments if odh auth label is present #419

Merged
merged 20 commits into from
Dec 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion cmd/manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ import (
v1beta1controller "github.com/kserve/kserve/pkg/controller/v1beta1/inferenceservice"
"github.com/kserve/kserve/pkg/webhook/admission/pod"
"github.com/kserve/kserve/pkg/webhook/admission/servingruntime"
routev1 "github.com/openshift/api/route/v1"
)

var (
Expand Down Expand Up @@ -187,7 +188,10 @@ func main() {
}
}
}

if err = routev1.AddToScheme(mgr.GetScheme()); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure if we should do this, can. Could you please elaborate on why this might be needed?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to fetch the routes to update the isvc status with the correct URL since the route is created by ODH Model Controller. So we have to add the route api to the scheme

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any resource can be fetched without it, still not sure why it is really needed.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

without this the controller throws errors along the lines of "no kind for "Route" registered"

setupLog.Error(err, "unable to add routev1 APIs to scheme")
os.Exit(1)
}
setupLog.Info("Setting up core scheme")
if err := v1.AddToScheme(mgr.GetScheme()); err != nil {
setupLog.Error(err, "unable to add Core APIs to scheme")
Expand Down
8 changes: 8 additions & 0 deletions config/overlays/odh/inferenceservice-config-patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,14 @@ metadata:
namespace: kserve
data:
explainers: "{}"
oauthProxy: |-
{
"image" : "$(oauth-proxy)",
"memoryRequest": "64Mi",
"memoryLimit": "128Mi",
"cpuRequest": "100m",
"cpuLimit": "200m"
}
storageInitializer: |-
{
"image" : "$(kserve-storage-initializer)",
Expand Down
7 changes: 7 additions & 0 deletions config/overlays/odh/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,13 @@ vars:
apiVersion: v1
kind: ConfigMap
name: kserve-parameters
- fieldref:
fieldpath: data.oauth-proxy
name: oauth-proxy
objref:
apiVersion: v1
kind: ConfigMap
name: kserve-parameters

configurations:
- params.yaml
1 change: 1 addition & 0 deletions config/overlays/odh/params.env
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@ kserve-controller=quay.io/opendatahub/kserve-controller:latest
kserve-agent=quay.io/opendatahub/kserve-agent:latest
kserve-router=quay.io/opendatahub/kserve-router:latest
kserve-storage-initializer=quay.io/opendatahub/kserve-storage-initializer:latest
oauth-proxy=registry.redhat.io/openshift4/ose-oauth-proxy@sha256:234af927030921ab8f7333f61f967b4b4dee37a1b3cf85689e9e63240dd62800
8 changes: 8 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,14 @@ rules:
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- get
- list
- watch
- apiGroups:
- serving.knative.dev
resources:
Expand Down
17 changes: 10 additions & 7 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ require (
github.com/kelseyhightower/envconfig v1.4.0
github.com/onsi/ginkgo/v2 v2.20.1
github.com/onsi/gomega v1.34.2
github.com/openshift/api v0.0.0-20241108213852-e22f17d9b7f5
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
Expand All @@ -30,18 +31,18 @@ require (
gopkg.in/go-playground/validator.v9 v9.31.0
istio.io/api v1.23.0
istio.io/client-go v1.23.0
k8s.io/api v0.30.4
k8s.io/apimachinery v0.30.4
k8s.io/client-go v0.30.4
k8s.io/code-generator v0.30.4
k8s.io/api v0.31.2
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.0
k8s.io/code-generator v0.31.0
k8s.io/component-helpers v0.30.4
k8s.io/klog v1.0.0
k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2
k8s.io/utils v0.0.0-20240821151609-f90d01438635
knative.dev/networking v0.0.0-20240815142417-37fdbdd0854b
knative.dev/pkg v0.0.0-20240815051656-89743d9bbf7c
knative.dev/serving v0.42.2
sigs.k8s.io/controller-runtime v0.18.5
sigs.k8s.io/controller-runtime v0.19.1
sigs.k8s.io/yaml v1.4.0
)

Expand All @@ -59,9 +60,9 @@ require (
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
Expand Down Expand Up @@ -107,6 +108,7 @@ require (
github.com/prometheus/statsd_exporter v0.27.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
Expand All @@ -130,11 +132,12 @@ require (
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/grpc v1.66.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.30.4 // indirect
k8s.io/apiextensions-apiserver v0.31.0 // indirect
k8s.io/gengo/v2 v2.0.0-20240826214909-a7b603a56eb7 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
Expand Down
Loading
Loading