Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SSL context for TLS Payload Processor connections #147

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update SSL context for TLS Payload Processor connections #147

wants to merge 2 commits into from

Conversation

ruivieira
Copy link
Contributor

Motivation

To support a TLS payload processor, the SSL context should use ModelMesh's trust store certificates

Modifications

Load the ModelMesh truststore and build the appropriate SSL context when the payload processor is of https type.
Skip this if the payload processor is of http type.

Result

Payload processors are able to use the stored certificates for sending https requests on the payload processor.

This PR builds on #146, which adds support for https payload processors.

@oss-prow-bot oss-prow-bot bot requested review from ckadner and rafvasq July 22, 2024 08:55
@oss-prow-bot OSS-prow-bot
Copy link

oss-prow-bot bot commented Jul 22, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ruivieira
Once this PR has been reviewed and has the lgtm label, please assign njhill for approval by writing /assign @njhill in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ruivieira
Use SSL context/params in RPP for HTTPS
549b450 
Signed-off-by: Rui Vieira <ruidevieira@googlemail.com>
@ruivieira
feat: Add SSL context loading
ed8161a 
Signed-off-by: Rui Vieira <ruidevieira@googlemail.com>
ruivieira added a commit to ruivieira/trustyai-service-operator that referenced this pull request Jul 22, 2024
@ruivieira
Revert from http to https until kserve/modelmesh#147 is merged
89d69b2
ruivieira added a commit to trustyai-explainability/trustyai-service-operator that referenced this pull request Jul 22, 2024
@ruivieira
feat: Add TLS certificate mount on ModelMesh (#255)
e9a0204 
* feat: Add TLS certificate mount on ModelMesh

* Revert from http to https until kserve/modelmesh#147 is merged
@ruivieira ruivieira marked this pull request as draft July 22, 2024 11:10
@ruivieira ruivieira marked this pull request as ready for review July 22, 2024 11:30
@oss-prow-bot oss-prow-bot bot requested a review from njhill July 22, 2024 11:30
ruivieira added a commit to trustyai-explainability/trustyai-service-operator that referenced this pull request Jul 24, 2024
@yhwang @ruivieira
Add lm-eval-service controller (#258)
7e1a712 
* feat: Initial database support (#246)

* Initial database support

- Add status checking
- Add better storage flags
- Add spec.storage.format validation
- Add DDL
-Add HIBERNATE format to DB (test)
- Update service image
- Revert identifier to DATABASE
- Update CR options (remove mandatory data)

* Remove default DDL generation env var

* Update service image to latest tag

* Add migration awareness

* Add updating pods for migration

* Change JDBC url from mysql to mariadb

* Fix TLS mount

* Revert images

* Remove redundant logic

* Fix comments

* feat: Add TLS certificate mount on ModelMesh (#255)

* feat: Add TLS certificate mount on ModelMesh

* Revert from http to https until kserve/modelmesh#147 is merged

* Add lm-eval-service controller

refactor the existing TrustyAIService controller and
add LMEvalService controller

Signed-off-by: Yihong Wang <yh.wang@ibm.com>

---------

Signed-off-by: Yihong Wang <yh.wang@ibm.com>
Co-authored-by: Rui Vieira <ruidevieira@googlemail.com>
@ruivieira
Copy link
Contributor Author

cc @njhill @ckadner

@spolti
Copy link
Contributor

spolti commented Aug 1, 2024

@ckadner a few more context discussed here: opendatahub-io#65

ruivieira added a commit to trustyai-explainability/trustyai-service-operator that referenced this pull request Aug 5, 2024
@yhwang @ruivieira @RobGeada
sync: sync dev/lm-eval with main branch (#271)
427d102 
* feat: Initial database support (#246)

* Initial database support

- Add status checking
- Add better storage flags
- Add spec.storage.format validation
- Add DDL
-Add HIBERNATE format to DB (test)
- Update service image
- Revert identifier to DATABASE
- Update CR options (remove mandatory data)

* Remove default DDL generation env var

* Update service image to latest tag

* Add migration awareness

* Add updating pods for migration

* Change JDBC url from mysql to mariadb

* Fix TLS mount

* Revert images

* Remove redundant logic

* Fix comments

* feat: Add TLS certificate mount on ModelMesh (#255)

* feat: Add TLS certificate mount on ModelMesh

* Revert from http to https until kserve/modelmesh#147 is merged

* Pin oc version, ubi version (#263)

* Restore checkout of trustyai-exp (#265)

* Add operator installation robustness (#266)

* fix: Skip InferenceService patching for KServe RawDeployment (#262)

* feat: ConfigMap key to disable KServe Serverless configuration (#267)

* feat: Add support for custom certificates in database connection (#259)

* Add TLS endpoint for ModelMesh payload processors. (#268)

Keep non-TLS endpoint for KServe Serverless (disabled by default)

---------

Signed-off-by: Yihong Wang <yh.wang@ibm.com>
Co-authored-by: Rui Vieira <ruidevieira@googlemail.com>
Co-authored-by: Rob Geada <rob@geada.net>
ruivieira added a commit to trustyai-explainability/trustyai-service-operator that referenced this pull request Aug 23, 2024
@yhwang @ruivieira @RobGeada
Weekly sync up of dev/lm-eval branch (#278)
342d1e2 
* feat: Initial database support (#246)

* Initial database support

- Add status checking
- Add better storage flags
- Add spec.storage.format validation
- Add DDL
-Add HIBERNATE format to DB (test)
- Update service image
- Revert identifier to DATABASE
- Update CR options (remove mandatory data)

* Remove default DDL generation env var

* Update service image to latest tag

* Add migration awareness

* Add updating pods for migration

* Change JDBC url from mysql to mariadb

* Fix TLS mount

* Revert images

* Remove redundant logic

* Fix comments

* feat: Add TLS certificate mount on ModelMesh (#255)

* feat: Add TLS certificate mount on ModelMesh

* Revert from http to https until kserve/modelmesh#147 is merged

* Pin oc version, ubi version (#263)

* Restore checkout of trustyai-exp (#265)

* Add operator installation robustness (#266)

* fix: Skip InferenceService patching for KServe RawDeployment (#262)

* feat: ConfigMap key to disable KServe Serverless configuration (#267)

* feat: Add support for custom certificates in database connection (#259)

* Add TLS endpoint for ModelMesh payload processors. (#268)

Keep non-TLS endpoint for KServe Serverless (disabled by default)

* fix: Correct maxSurge and maxUnavailable (#275)

* feat: Add support for custom DB names (#257)

* feat: Add support for custom DB names

* fix: Correct custom DB name

---------

Signed-off-by: Yihong Wang <yh.wang@ibm.com>
Co-authored-by: Rui Vieira <ruidevieira@googlemail.com>
Co-authored-by: Rob Geada <rob@geada.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ckadner ckadner Awaiting requested review from ckadner

@rafvasq rafvasq Awaiting requested review from rafvasq

@njhill njhill Awaiting requested review from njhill

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ruivieira @spolti