Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Remove TLS cert mounting #277

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Remove TLS cert mounting #277

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0886f8e
feat: Remove TLS cert mounting
ruivieira Aug 6, 2024
1c06baf
Update images for testing
ruivieira Aug 6, 2024
95b3768
Update images for testing
ruivieira Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions config/base/params.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
trustyaiServiceImage=quay.io/trustyai/trustyai-service:latest
trustyaiOperatorImage=quay.io/trustyai/trustyai-service-operator:latest
trustyaiServiceImage=quay.io/ruimvieira/trustyai-service:RHOAIENG-10876
trustyaiOperatorImage=quay.io/ruimvieira/trustyai-service-operator:RHOAIENG-10876
oauthProxyImage=quay.io/openshift/origin-oauth-proxy:4.14.0
kServeServerless=disabled
47 changes: 0 additions & 47 deletions controllers/inference_services.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,30 +33,8 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsForDeployments(ctx context.Conte
return false, nil
}

// If the secret volume doesn't exist, add it
volumeExists := false
for _, vol := range deployment.Spec.Template.Spec.Volumes {
if vol.Name == instance.Name+"-internal" {
volumeExists = true
break
}
}
if !volumeExists {
deployment.Spec.Template.Spec.Volumes = append(deployment.Spec.Template.Spec.Volumes, certVolumes.volume)
}

// Loop over all containers in the Deployment's Pod template
for i := range deployment.Spec.Template.Spec.Containers {
mountExists := false
for _, mount := range deployment.Spec.Template.Spec.Containers[i].VolumeMounts {
if mount.Name == instance.Name+"-internal" {
mountExists = true
break
}
}
if !mountExists {
deployment.Spec.Template.Spec.Containers[i].VolumeMounts = append(deployment.Spec.Template.Spec.Containers[i].VolumeMounts, certVolumes.volumeMount)
}

// Store the original environment variable list
// Get the existing env var
Expand Down Expand Up @@ -107,31 +85,6 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsForDeployments(ctx context.Conte
log.FromContext(ctx).Info("Updating Deployment " + deployment.Name + ", container spec " + deployment.Spec.Template.Spec.Containers[i].Name + ", env var " + envVarName + " to " + url)
}

// Check TLS environment variable on ModelMesh
if deployment.Spec.Template.Spec.Containers[i].Name == mmContainerName {
tlsKeyCertPathEnvValue := tlsMountPath + "/tls.crt"
tlsKeyCertPathExists := false
for _, envVar := range deployment.Spec.Template.Spec.Containers[i].Env {
if envVar.Name == tlsKeyCertPathName {
tlsKeyCertPathExists = true
break
}
}

// Doesn't exist, so we can add
if !tlsKeyCertPathExists {
deployment.Spec.Template.Spec.Containers[i].Env = append(deployment.Spec.Template.Spec.Containers[i].Env, corev1.EnvVar{
Name: tlsKeyCertPathName,
Value: tlsKeyCertPathEnvValue,
})

if err := r.Update(ctx, &deployment); err != nil {
log.FromContext(ctx).Error(err, "Could not update Deployment", "Deployment", deployment.Name)
return false, err
}
log.FromContext(ctx).Info("Added environment variable " + tlsKeyCertPathName + " to deployment " + deployment.Name + " for container " + mmContainerName)
}
}
}
}

Expand Down
7 changes: 6 additions & 1 deletion controllers/templates/service/deployment.tmpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ spec:
- name: trustyai-service
image: {{ .ServiceImage }}
env:
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: SERVICE_STORAGE_FORMAT
value: {{ .Instance.Spec.Storage.Format }}
{{ if eq .Instance.Spec.Storage.Format "PVC" }}
Expand Down Expand Up @@ -216,7 +221,7 @@ spec:
defaultMode: 420
- name: {{ .Instance.Name}}-internal
secret:
secretName: {{ .Instance.Name }}-internal
secretName: trustyai-certificate
defaultMode: 420
{{ if .UseDBTLSCerts }}
- name: db-tls-certs
Expand Down
5 changes: 4 additions & 1 deletion controllers/templates/service/service-internal.tmpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ metadata:
prometheus.io/path: /q/metrics
prometheus.io/scheme: http
prometheus.io/scrape: 'true'
service.beta.openshift.io/serving-cert-secret-name: {{ .Name }}-internal
name: {{ .Name }}
namespace: {{ .Namespace }}
labels:
Expand All @@ -20,6 +19,10 @@ spec:
protocol: TCP
port: 80
targetPort: 8080
- name: http-event
protocol: TCP
port: 8080
targetPort: 8080
- name: https
protocol: TCP
port: 443
Expand Down
Loading