Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Sync] 0.12.0 branch to include all commits related to Authorino #186

Merged
merged 10 commits into from
Apr 3, 2024
Merged

[Sync] 0.12.0 branch to include all commits related to Authorino #186

merged 10 commits into from
Apr 3, 2024

Conversation

Jooho
Copy link
Contributor

@Jooho Jooho commented Apr 3, 2024

Description

Authorino-related commits are scattered so it is difficult to cherry-pick them to 0.11.1(release branch). so we need to promote the incubating branch to the release branch.

How Has This Been Tested?

Merge criteria:

  • The commits are squashed in a cohesive manner and have meaningful messages.
  • Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
  • The developer has manually tested the changes and verified that the changes work

spolti and others added 10 commits March 6, 2024 16:37
@spolti
[RHOAIENG-4191] - odh-model-controller should tolerate missing Authorino
5800133 
This commit allows to run ODH without Authorino when KServe is Removed.

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
applying review suggestion
dfd9cd6 
check if the serving is enabled as service mesh is tied with Authorino.
this will allow rawDeployments to also work without Authorin.

Signed-off-by: Spolti <fspolti@redhat.com>
@spolti
serving also needs to consider unmanaged state
b5ebbaa 
Signed-off-by: Spolti <fspolti@redhat.com>
@openshift-merge-bot
Merge pull request #177 from spolti/RHOAIENG-4191
efd4ba6 
[RHOAIENG-4191] - odh-model-controller should tolerate missing Authorino
@mkumatag
Remove GOARCH from the go build
bbf8522 
Signed-off-by: Manjunath Kumatagi <mkumatag@in.ibm.com>
@openshift-merge-bot
Merge pull request #182 from mkumatag/patch-1
148960f 
Remove GOARCH from the go build
@israel-hdez
Prevent creation of KSVC if its namespace is not in the Mesh
6a1dd19 
When a KServe InferenceService is created, odh-model-controller enrolls the ISVC namespace to the mesh, if needed. It was found that sometimes the namespace enrollment process may take a little time to be processed.

Since KServe and odh-model-controllers are (to certain extent) independent of each other, sometimes KServe controller and Knative serving controller are faster and the pod from the KSVC may be created faster than the mesh enrollment process. This would lead to the KSVC pod not having an Istio sidecar.

Since the Istio authorization rules are evaluated on the sidecar of target service, the missing sidecar on the model/ksvc pod would mean that the traffic would bypass the authorization rules and this impacts ODH KServe authorization (ref: https://istio.io/latest/docs/ops/best-practices/security/#server-first-tcp-protocols-are-not-supported).

In an effort to prevent that situation, this is adding a new validating webhook that would block creation of the Knative Service until the namespace is acknowledged to be a member of the service mesh.

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
@openshift-merge-bot
Merge pull request #181 from israel-hdez/jira-2542-fix
3904c1d 
Prevent creation of KSVC if its namespace is not in the Mesh
@bartoszmajsak
fix(test): pins k8s env test to concrete version
e75afe1 
Latest one requires go1.22 which is not the version used by prow jobs atm.

Signed-off-by: bartoszmajsak <bartosz.majsak@gmail.com>
@openshift-merge-bot
Merge pull request #184 from bartoszmajsak/envtest-fix
5db4925 
fix(test): pins k8s env test to concrete version
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jooho

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Apr 3, 2024
@Jooho Jooho changed the title [Sync] 0.12.0 branch to include all commits related to Authorino DRAFT [Sync] 0.12.0 branch to include all commits related to Authorino Apr 3, 2024
@Jooho Jooho changed the title DRAFT [Sync] 0.12.0 branch to include all commits related to Authorino [Sync] 0.12.0 branch to include all commits related to Authorino Apr 3, 2024
@Jooho
Copy link
Contributor Author

Jooho commented Apr 3, 2024

/unhold

@Jooho
Copy link
Contributor Author

Jooho commented Apr 3, 2024

/test

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Apr 3, 2024

@Jooho: No presubmit jobs available for opendatahub-io/odh-model-controller@release-0.12.0

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Jooho
Copy link
Contributor Author

Jooho commented Apr 3, 2024

/retest

@Jooho Jooho added the lgtm label Apr 3, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 7ca82e0 into release-0.12.0 Apr 3, 2024
7 checks passed
@Jooho Jooho mentioned this pull request Apr 5, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spolti spolti Awaiting requested review from spolti

@terrytangyuan terrytangyuan Awaiting requested review from terrytangyuan

Assignees
No one assigned
Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Jooho @spolti @mkumatag @israel-hdez @bartoszmajsak