diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5d514c83..a62ef6b9 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -45,6 +45,14 @@ rules: - patch - update - watch +- apiGroups: + - datasciencecluster.opendatahub.io + resources: + - datascienceclusters + verbs: + - get + - list + - watch - apiGroups: - extensions resources: diff --git a/controllers/inferenceservice_controller.go b/controllers/inferenceservice_controller.go index 31cd8fc6..6f1e54e8 100644 --- a/controllers/inferenceservice_controller.go +++ b/controllers/inferenceservice_controller.go @@ -17,7 +17,6 @@ package controllers import ( "context" - "github.com/go-logr/logr" kservev1alpha1 "github.com/kserve/kserve/pkg/apis/serving/v1alpha1" kservev1beta1 "github.com/kserve/kserve/pkg/apis/serving/v1beta1" @@ -122,7 +121,6 @@ func (r *OpenshiftInferenceServiceReconciler) SetupWithManager(mgr ctrl.Manager) Owns(&networkingv1.NetworkPolicy{}). Owns(&monitoringv1.ServiceMonitor{}). Owns(&monitoringv1.PodMonitor{}). - Owns(&authorinov1beta2.AuthConfig{}). Watches(&source.Kind{Type: &kservev1alpha1.ServingRuntime{}}, handler.EnqueueRequestsFromMapFunc(func(o client.Object) []reconcile.Request { r.log.Info("Reconcile event triggered by serving runtime: " + o.GetName()) @@ -152,7 +150,22 @@ func (r *OpenshiftInferenceServiceReconciler) SetupWithManager(mgr ctrl.Manager) } return reconcileRequests })) - err := builder.Complete(r) + + // check if kserve is enabled, otherwise don't require Authorino. + enabled, err := utils.VerifyIfComponentIsEnabled(context.TODO(), r.client, "kserve") + if err != nil { + r.log.V(1).Error(err, "could not determine if kserve is enabled, default is enabled") + enabled = true + } + + if enabled { + builder.Owns(&authorinov1beta2.AuthConfig{}) + r.log.Info("kserve component is enabled, Authorino is required") + } else { + r.log.Info("kserve component is disabled, ignoring Authorino requirement") + } + + err = builder.Complete(r) if err != nil { return err } diff --git a/controllers/utils/utils.go b/controllers/utils/utils.go index d13fa1ed..8ee7e810 100644 --- a/controllers/utils/utils.go +++ b/controllers/utils/utils.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "os" "reflect" @@ -23,6 +24,8 @@ var ( const ( inferenceServiceDeploymentModeAnnotation = "serving.kserve.io/deploymentMode" KserveConfigMapName = "inferenceservice-config" + dataScienceClusterKind = "DataScienceCluster" + dataScienceClusterApiVersion = "datasciencecluster.opendatahub.io/v1" ) func GetDeploymentModeForIsvc(ctx context.Context, cli client.Client, isvc *kservev1beta1.InferenceService) (IsvcDeploymentMode, error) { @@ -69,6 +72,31 @@ func GetDeploymentModeForIsvc(ctx context.Context, cli client.Client, isvc *kser } } +// VerifyIfComponentIsEnabled will query the DCS in the cluster and see if the desired componentName is enabled +func VerifyIfComponentIsEnabled(ctx context.Context, cli client.Client, componentName string) (bool, error) { + // Query the custom object + objectList := &unstructured.UnstructuredList{} + objectList.SetAPIVersion(dataScienceClusterApiVersion) + objectList.SetKind(dataScienceClusterKind) + + if err := cli.List(ctx, objectList); err != nil { + return false, fmt.Errorf("not able to read %s: %w", objectList, err) + } + + // there must be only one dsc + if len(objectList.Items) == 1 { + fields := []string{"spec", "components", componentName, "managementState"} + val, _, err := unstructured.NestedString(objectList.Items[0].Object, fields...) + if err != nil { + return false, fmt.Errorf("failed to retrieve the component [%s] status from %+v", + componentName, objectList.Items[0]) + } + return val == "Managed", nil + } else { + return false, fmt.Errorf("there is no %s available in the cluster", dataScienceClusterKind) + } +} + func IsNil(i any) bool { return reflect.ValueOf(i).IsNil() } diff --git a/main.go b/main.go index a82c9073..929edc3b 100644 --- a/main.go +++ b/main.go @@ -68,6 +68,7 @@ func init() { //nolint:gochecknoinits //reason this way we ensure schemes are al // +kubebuilder:rbac:groups="",resources=namespaces;pods;services;endpoints,verbs=get;list;watch;create;update;patch // +kubebuilder:rbac:groups="",resources=secrets;configmaps;serviceaccounts,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=authorino.kuadrant.io,resources=authconfigs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=datasciencecluster.opendatahub.io,resources=datascienceclusters,verbs=get;list;watch func getEnvAsBool(name string, defaultValue bool) bool { valStr := os.Getenv(name)