Implement an RBAC-free machanism in the driver

Create a gRPC server in the controller to receive the status updates from the driver to avoid the RBAC for the driver Pod. - Add gRPC server in the controller - Use mTLS or TLS as the secured protocol - Update the driver to use the gRPC client to update the status Signed-off-by: Yihong Wang <yh.wang@ibm.com>
foundation-model-stack · Jul 3, 2024 · 759833b · 759833b
1 parent 757bb44
commit 759833b
Show file tree

Hide file tree

Showing 25 changed files with 1,497 additions and 241 deletions.
diff --git a/Makefile b/Makefile
@@ -111,6 +111,11 @@ docker-push: ## Push docker image with the manager.
 docker-push-driver: ## Push docker image with the manager.
 	$(CONTAINER_TOOL) push ${IMG_DRIVER}
 
+.PHONY: proto
+proto: ## generate GRPC client and server code
+	protoc --experimental_allow_proto3_optional --go_out=. --go_opt=paths=source_relative --go-grpc_out=. \
+		--go-grpc_opt=paths=source_relative backend/api/v1beta1/update_status.proto
+
 # PLATFORMS defines the target platforms for the manager image be built to provide support to multiple
 # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
 # - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/

diff --git a/backend/api/v1beta1/update_status.pb.go b/backend/api/v1beta1/update_status.pb.go
diff --git a/backend/api/v1beta1/update_status.proto b/backend/api/v1beta1/update_status.proto
@@ -0,0 +1,41 @@
+// Copyright 2024.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+option go_package = "github.com/foundation-model-stack/fms-lm-eval-service/backend/api/v1beta1";
+
+enum ResponseCode {
+    OK    = 0;
+    ERROR = 1;
+}
+
+// the JobState, Reason, message, and optional Results
+message JobStatus {
+    string job_name         = 1;
+    string job_namespace    = 2;
+    string state            = 3;
+    string reason           = 4;
+    string status_message   = 5;
+    optional string results = 6;
+}
+
+message Response {
+    ResponseCode code = 1;
+    string message    = 2;
+}
+
+service LMEvalJobUpdateService {
+  rpc UpdateStatus(JobStatus) returns (Response);
+}