diff --git a/demo/kserve/custom-manifests/opendatahub/kserve-dsc-v1alpha1.yaml b/demo/kserve/custom-manifests/opendatahub/kserve-dsc-v1alpha1.yaml deleted file mode 100644 index d82a69fa..00000000 --- a/demo/kserve/custom-manifests/opendatahub/kserve-dsc-v1alpha1.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: datasciencecluster.opendatahub.io/v1alpha1 -kind: DataScienceCluster -metadata: - labels: - app.kubernetes.io/created-by: opendatahub-operator - app.kubernetes.io/instance: default - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: datasciencecluster - app.kubernetes.io/part-of: opendatahub-operator - name: default -spec: - components: - codeflare: - enabled: false - dashboard: - enabled: false - datasciencepipelines: - enabled: false - kserve: - enabled: true - modelmeshserving: - enabled: false - ray: - enabled: false - workbenches: - enabled: false - diff --git a/demo/kserve/custom-manifests/serverless/gateways.yaml b/demo/kserve/custom-manifests/serverless/gateways.yaml index 3a73cd4b..6352a438 100644 --- a/demo/kserve/custom-manifests/serverless/gateways.yaml +++ b/demo/kserve/custom-manifests/serverless/gateways.yaml @@ -12,7 +12,7 @@ spec: protocol: TCP targetPort: 8081 selector: - istio: ingressgateway + knative: ingressgateway type: ClusterIP --- apiVersion: networking.istio.io/v1beta1 @@ -22,7 +22,7 @@ metadata: namespace: knative-serving spec: selector: - istio: ingressgateway + knative: ingressgateway servers: - hosts: - '*' @@ -41,7 +41,7 @@ metadata: namespace: knative-serving spec: selector: - istio: ingressgateway + knative: ingressgateway servers: - hosts: - '*' diff --git a/demo/kserve/custom-manifests/service-mesh/smmr-odh.yaml b/demo/kserve/custom-manifests/service-mesh/default-smmr.yaml similarity index 88% rename from demo/kserve/custom-manifests/service-mesh/smmr-odh.yaml rename to demo/kserve/custom-manifests/service-mesh/default-smmr.yaml index ce965390..42080b88 100644 --- a/demo/kserve/custom-manifests/service-mesh/smmr-odh.yaml +++ b/demo/kserve/custom-manifests/service-mesh/default-smmr.yaml @@ -6,4 +6,3 @@ metadata: spec: members: - knative-serving - - opendatahub diff --git a/demo/kserve/custom-manifests/service-mesh/operators.yaml b/demo/kserve/custom-manifests/service-mesh/operators.yaml index e1067393..e4801979 100644 --- a/demo/kserve/custom-manifests/service-mesh/operators.yaml +++ b/demo/kserve/custom-manifests/service-mesh/operators.yaml @@ -10,27 +10,3 @@ spec: installPlanApproval: Automatic source: redhat-operators sourceNamespace: openshift-marketplace ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: kiali-ossm - namespace: openshift-operators -spec: - channel: stable - name: kiali-ossm - installPlanApproval: Automatic - source: redhat-operators - sourceNamespace: openshift-marketplace ---- -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: jaeger-product - namespace: openshift-operators -spec: - channel: stable - installPlanApproval: Automatic - name: jaeger-product - source: redhat-operators - sourceNamespace: openshift-marketplace diff --git a/demo/kserve/custom-manifests/service-mesh/peer-authentication-odh.yaml b/demo/kserve/custom-manifests/service-mesh/peer-authentication-odh.yaml deleted file mode 100644 index c3d5773c..00000000 --- a/demo/kserve/custom-manifests/service-mesh/peer-authentication-odh.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: default - namespace: opendatahub -spec: - mtls: - mode: STRICT diff --git a/demo/kserve/custom-manifests/service-mesh/peer-authentication-rhods.yaml b/demo/kserve/custom-manifests/service-mesh/peer-authentication-rhods.yaml deleted file mode 100644 index 188b2a56..00000000 --- a/demo/kserve/custom-manifests/service-mesh/peer-authentication-rhods.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: default - namespace: redhat-ods-applications -spec: - mtls: - mode: STRICT diff --git a/demo/kserve/custom-manifests/service-mesh/peer-authentication-test-ns.yaml b/demo/kserve/custom-manifests/service-mesh/peer-authentication-test-ns.yaml deleted file mode 100644 index 17d5cf1a..00000000 --- a/demo/kserve/custom-manifests/service-mesh/peer-authentication-test-ns.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: default - namespace: -spec: - mtls: - mode: STRICT - portLevelMtls: - '8086': - mode: PERMISSIVE - selector: - matchLabels: - serving.knative.dev/service: caikit-example-isvc-predictor-default # replace with the appropriate label for your ksvc - diff --git a/demo/kserve/custom-manifests/service-mesh/peer-authentication.yaml b/demo/kserve/custom-manifests/service-mesh/peer-authentication.yaml deleted file mode 100644 index 1d7063b0..00000000 --- a/demo/kserve/custom-manifests/service-mesh/peer-authentication.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: default - namespace: istio-system -spec: - mtls: - mode: STRICT ---- -apiVersion: security.istio.io/v1beta1 -kind: PeerAuthentication -metadata: - name: default - namespace: knative-serving -spec: - mtls: - mode: STRICT diff --git a/demo/kserve/custom-manifests/service-mesh/smcp.yaml b/demo/kserve/custom-manifests/service-mesh/smcp.yaml index d6cba7a5..59d49fb5 100644 --- a/demo/kserve/custom-manifests/service-mesh/smcp.yaml +++ b/demo/kserve/custom-manifests/service-mesh/smcp.yaml @@ -9,15 +9,33 @@ spec: enabled: false kiali: name: kiali - enabled: true + enabled: false prometheus: enabled: false jaeger: name: jaeger + enabled: false security: dataPlane: - mtls: false # otherwise inference-graph will not work. We use PeerAuthentication resources to force mTLS + mtls: true # otherwise inference-graph will not work. We use PeerAuthentication resources to force mTLS identity: type: ThirdParty + techPreview: + meshConfig: + defaultConfig: + terminationDrainDuration: 35s + gateways: + ingress: + service: + metadata: + labels: + knative: ingressgateway + proxy: + networking: + trafficControl: + inbound: + excludedPorts: + - 8444 # metrics + - 8022 # serving: wait-for-drain k8s pre-stop hook profiles: - default diff --git a/demo/kserve/custom-manifests/service-mesh/smmr-rhods.yaml b/demo/kserve/custom-manifests/service-mesh/smmr-rhods.yaml deleted file mode 100644 index 1843a9b6..00000000 --- a/demo/kserve/custom-manifests/service-mesh/smmr-rhods.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: maistra.io/v1 -kind: ServiceMeshMemberRoll -metadata: - name: default - namespace: istio-system -spec: - members: - - knative-serving - - redhat-ods-applications diff --git a/demo/kserve/deploy-remove.md b/demo/kserve/deploy-remove.md index a878fb93..c9bf8e3c 100644 --- a/demo/kserve/deploy-remove.md +++ b/demo/kserve/deploy-remove.md @@ -41,11 +41,10 @@ Note: The **flan-t5-small** LLM model has been containerized into an S3 MinIO bu 2. Deploy the LLM model with Caikit+TGIS Serving runtime - a. Create a new namespace and patch ServiceMesh related object. + a. Create a new namespace. ~~~ export TEST_NS=kserve-demo oc new-project ${TEST_NS} - oc patch smmr/default -n istio-system --type='json' -p="[{'op': 'add', 'path': '/spec/members/-', 'value': \"$TEST_NS\"}]" ~~~ b. Create a caikit ServingRuntime. By default, it requests 4CPU and 8Gi of memory. You can adjust these values as needed. @@ -149,4 +148,4 @@ Note: The **flan-t5-small** LLM model has been containerized into an S3 MinIO bu ~~~ oc delete ns ${TEST_NS} ${MINIO_NS} - ~~~ \ No newline at end of file + ~~~ diff --git a/demo/kserve/install-manual.md b/demo/kserve/install-manual.md index 366264f7..715cc92e 100644 --- a/demo/kserve/install-manual.md +++ b/demo/kserve/install-manual.md @@ -31,6 +31,7 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack cd caikit-tgis-serving/demo/kserve source ./scripts/env.sh + source ./scripts/utils.sh export TARGET_OPERATOR_TYPE=$(getOpType $TARGET_OPERATOR) export TARGET_OPERATOR_NS=$(getOpNS) export KSERVE_OPERATOR_NS=$(getKserveNS) @@ -40,10 +41,8 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack ~~~ oc apply -f custom-manifests/service-mesh/operators.yaml - sleep 30 + sleep 10 oc wait --for=condition=ready pod -l name=istio-operator -n openshift-operators --timeout=300s - oc wait --for=condition=ready pod -l name=jaeger-operator -n openshift-operators --timeout=300s - oc wait --for=condition=ready pod -l name=kiali-operator -n openshift-operators --timeout=300s ~~~ 4. Create an Istio instance. @@ -51,11 +50,13 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack ~~~ oc create ns istio-system oc apply -f custom-manifests/service-mesh/smcp.yaml - sleep 30 + sleep 10 + wait_for_pods_ready "app=istiod" "istio-system" + wait_for_pods_ready "app=istio-ingressgateway" "istio-system" + wait_for_pods_ready "app=istio-egressgateway" "istio-system" oc wait --for=condition=ready pod -l app=istiod -n istio-system --timeout=300s oc wait --for=condition=ready pod -l app=istio-ingressgateway -n istio-system --timeout=300s oc wait --for=condition=ready pod -l app=istio-egressgateway -n istio-system --timeout=300s - oc wait --for=condition=ready pod -l app=jaeger -n istio-system --timeout=300s ~~~ 5. Install Knative Serving. @@ -63,16 +64,11 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack ~~~ oc create ns ${KSERVE_OPERATOR_NS} oc create ns knative-serving - oc -n istio-system apply -f custom-manifests/service-mesh/smmr-${TARGET_OPERATOR_TYPE}.yaml - oc apply -f custom-manifests/service-mesh/peer-authentication.yaml - oc apply -f custom-manifests/service-mesh/peer-authentication-${TARGET_OPERATOR_TYPE}.yaml - ~~~ - - Note: These commands use PeerAuthentications to enable mutual TLS (mTLS) according to [Openshift Serverless Documentation](https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1.28/html/serving/configuring-custom-domains-for-knative-services#serverless-domain-mapping-custom-tls-cert_domain-mapping-custom-tls-cert). - - ~~~ + oc -n istio-system apply -f custom-manifests/service-mesh/default-smmr.yaml + oc apply -f custom-manifests/serverless/operators.yaml - sleep 30 + sleep 10 + wait_for_csv_installed serverless-operator openshift-serverless oc wait --for=condition=ready pod -l name=knative-openshift -n openshift-serverless --timeout=300s oc wait --for=condition=ready pod -l name=knative-openshift-ingress -n openshift-serverless --timeout=300s oc wait --for=condition=ready pod -l name=knative-operator -n openshift-serverless --timeout=300s @@ -83,16 +79,16 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack ~~~ oc apply -f custom-manifests/serverless/knativeserving-istio.yaml sleep 15 - oc wait --for=condition=ready pod -l app=controller -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=net-istio-controller -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=net-istio-webhook -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=autoscaler-hpa -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=domain-mapping -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=webhook -n knative-serving --timeout=300s + wait_for_pods_ready "app=controller" "knative-serving" + wait_for_pods_ready "app=net-istio-controller" "knative-serving" + wait_for_pods_ready "app=net-istio-webhook" "knative-serving" + wait_for_pods_ready "app=autoscaler-hpa" "knative-serving" + wait_for_pods_ready "app=domain-mapping" "knative-serving" + wait_for_pods_ready "app=webhook" "knative-serving" oc delete pod -n knative-serving -l app=activator --force --grace-period=0 oc delete pod -n knative-serving -l app=autoscaler --force --grace-period=0 - oc wait --for=condition=ready pod -l app=activator -n knative-serving --timeout=300s - oc wait --for=condition=ready pod -l app=autoscaler -n knative-serving --timeout=300s + wait_for_pods_ready "app=activator" "knative-serving" + wait_for_pods_ready "app=autoscaler" "knative-serving" ~~~ 7. Generate a wildcard certification for a gateway using OpenSSL. @@ -107,12 +103,21 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack mkdir ${BASE_CERT_DIR} ./scripts/generate-wildcard-certs.sh ${BASE_CERT_DIR} ${DOMAIN_NAME} ${COMMON_NAME} + export TARGET_CUSTOM_CERT=${BASE_CERT_DIR}/wildcard.crt + export TARGET_CUSTOM_KEY=${BASE_CERT_DIR}/wildcard.key + ~~~ + + **(Note)** + If you want to use your own cert, you can set these 2 variables instead of following the step 7 above. + ~~~ + export TARGET_CUSTOM_CERT=/path/to/custom.crt + export TARGET_CUSTOM_KEY=/path/to/custom.key ~~~ 8. Create the Knative gateway. ~~~ - oc create secret tls wildcard-certs --cert=${BASE_CERT_DIR}/wildcard.crt --key=${BASE_CERT_DIR}/wildcard.key -n istio-system + oc create secret tls wildcard-certs --cert=${TARGET_CUSTOM_CERT} --key=${TARGET_CUSTOM_KEY} -n istio-system oc apply -f custom-manifests/serverless/gateways.yaml ~~~ @@ -123,26 +128,31 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack oc apply -f ./custom-manifests/service-mesh/istio-proxies-monitor.yaml ~~~ -10. Apply the cluster role to allow Prometheus access. +10. Apply the cluster role to allow Prometheus access. ~~~ oc apply -f ./custom-manifests/metrics/kserve-prometheus-k8s.yaml ~~~ -11. Deploy KServe with Open Data Hub Operator 2.0. +11. Deploy KServe with Open Data Hub Operator 2.0. ~~~ + OPERATOR_LABEL="control-plane=controller-manager" + if [[ ${TARGET_OPERATOR_TYPE} == "rhods" ]]; + then + OPERATOR_LABEL="name=rhods-operator" + fi oc create ns ${TARGET_OPERATOR_NS} oc create -f custom-manifests/opendatahub/${TARGET_OPERATOR}-operators-2.x.yaml sleep 10 - oc wait --for=condition=ready pod -l name=rhods-operator -n ${TARGET_OPERATOR_NS} --timeout=300s + wait_for_pods_ready "${OPERATOR_LABEL}" "${TARGET_OPERATOR_NS}" oc create -f custom-manifests/opendatahub/kserve-dsc.yaml ~~~ -12. (optional) Deploy KServe with OpenDataHub manifests for testing purposes by using KServe KFDef. +12. (optional) Deploy KServe with OpenDataHub manifests for testing purposes by using KServe KFDef. ~~~ - git clone git@github.com:opendatahub-io/odh-manifests.git + git clone git@github.com:opendatahub-io/odh-manifests.git rm -rf custom-manifests/opendatahub/.cache custom-manifests/opendatahub/kustomize /tmp/odh-manifests.gzip tar czvf /tmp/odh-manifests.gzip odh-manifests - kfctl build -V -f custom-manifests/opendatahub/kfdef-kserve.yaml -d | oc create -n kserve -f - + kfctl build -V -f custom-manifests/opendatahub/kfdef-kserve.yaml -d | oc create -n kserve -f - ~~~ diff --git a/demo/kserve/scripts/README.md b/demo/kserve/scripts/README.md index 2276d466..55038eea 100755 --- a/demo/kserve/scripts/README.md +++ b/demo/kserve/scripts/README.md @@ -36,11 +36,26 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack export CHECK_UWM=false ~~~ - **CUSTOM_MANIFESTS_URL:** (optional) To use a custom manifest, set the value to the custom manifest URL, for example: + **CUSTOM_MANIFESTS_URL:** (optional) To use a custom manifest, set the value to the custom manifest URL ~~~ export CUSTOM_MANIFESTS_URL=https://github.com/opendatahub-io/odh-manifests/tarball/master ~~~ + **CUSTOM_CERT,CUSTOM_KEY:** (optional) To use a custom cert/key for knative gateway, set the custom cert path and key path + ~~~ + export CUSTOM_CERT=/path/to/custom.cert + export CUSTOM_KEY=/path/to/custom.key + ~~~ + + **DEPLOY_ODH_OPERATOR:** (optional) Not to deploy odh/rhods operator, set this to false. (default is true) + ~~~ + export DEPLOY_ODH_OPERATOR=false + ~~~ + + **CLEAN_NS** (optional) Set this to true, if you want to remove the namespace that run odh/rhods applications.(default is false) + ~~~ + export CLEAN_NS=true + ~~~ 3. Run the script to install Kserve including its dependencies. @@ -48,16 +63,27 @@ Note: You have the alternative option of installing the KServe/Caikit/TGIS stack ./scripts/install/kserve-install.sh ~~~ +*Tips.* +The installation script `kserve-install.sh` consists of four files, and each file plays the following role. +- ./scripts/install/check-env-variables.sh + - This file checks to see if the environment variables required by the installation script are already provided and requests that information inline if that information is not available. +- ./scripts/install/1-prerequisite-operators.sh + - This file installs Serverless and ServiceMesh operator, kserve's dependent operators. +- ./scripts/install/2-required-crs.sh + - This file installs ServiceMesh, Serverless CRs, and additional manifests for KServe to operate properly. +- ./scripts/install/3-only-kserve-install.sh + - This file installs OpenDatahub or RHODS operator and installs KServe by creating DataScienceCluster CR. + # Script-based uninstall of Kserve and dependencies 1. Uninstall kserve (including `./script/test/delete-model.sh`): ~~~ - ./script/uninstall/kserve-uninstall.sh + ./scripts/uninstall/kserve-uninstall.sh ~~~ 2. Uninstall the dependencies: ~~~ - ./script/uninstall/dependencies-uninstall.sh + ./scripts/uninstall/dependencies-uninstall.sh ~~~ diff --git a/demo/kserve/scripts/env.sh b/demo/kserve/scripts/env.sh index e53f4d49..25deda72 100755 --- a/demo/kserve/scripts/env.sh +++ b/demo/kserve/scripts/env.sh @@ -2,7 +2,7 @@ export BASE_DIR=/tmp/kserve export BASE_CERT_DIR=${BASE_DIR}/certs export TEST_NS=kserve-demo export MINIO_NS=minio - +export deploy_odh_operator=true getKserveNS() { if [[ ${TARGET_OPERATOR} == "odh" ]] diff --git a/demo/kserve/scripts/install/1-prerequisite-operators.sh b/demo/kserve/scripts/install/1-prerequisite-operators.sh new file mode 100755 index 00000000..86c3fcd4 --- /dev/null +++ b/demo/kserve/scripts/install/1-prerequisite-operators.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# Environment variables +# - CHECK_UWM: Set this to "false", if you want to skip the User Workload Configmap check message +# - TARGET_OPERATOR: Set this among odh, rhods or brew, if you want to skip the question in the script. +set -o pipefail +set -o nounset +set -o errtrace +# set -x #Uncomment this to debug script. + +source "$(dirname "$(realpath "$0")")/../env.sh" +source "$(dirname "$(realpath "$0")")/../utils.sh" + +echo +info "Let's install ServiceMesh, OpenDataHub and Serverless operators" + +# Install Service Mesh operators +echo +light_info "[INFO] Install Service Mesh operators" +echo +oc apply -f custom-manifests/service-mesh/operators.yaml + +wait_for_csv_installed servicemeshoperator openshift-operators +oc wait --for=condition=ready pod -l name=istio-operator -n openshift-operators --timeout=300s + +echo +light_info "[INFO] Install Serverless Operator" +echo +oc apply -f custom-manifests/serverless/operators.yaml +wait_for_csv_installed serverless-operator openshift-serverless + +wait_for_pods_ready "name=knative-openshift" "openshift-serverless" +wait_for_pods_ready "name=knative-openshift-ingress" "openshift-serverless" +wait_for_pods_ready "name=knative-operator" "openshift-serverless" +oc wait --for=condition=ready pod -l name=knative-openshift -n openshift-serverless --timeout=300s +oc wait --for=condition=ready pod -l name=knative-openshift-ingress -n openshift-serverless --timeout=300s +oc wait --for=condition=ready pod -l name=knative-operator -n openshift-serverless --timeout=300s + +success "[SUCCESS] Successfully installed ServiceMesh, Serverless operators" diff --git a/demo/kserve/scripts/install/2-required-crs.sh b/demo/kserve/scripts/install/2-required-crs.sh new file mode 100755 index 00000000..d7a0243b --- /dev/null +++ b/demo/kserve/scripts/install/2-required-crs.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# Environment variables +# - CHECK_UWM: Set this to "false", if you want to skip the User Workload Configmap check message +# - TARGET_OPERATOR: Set this among odh, rhods or brew, if you want to skip the question in the script. +set -o pipefail +set -o nounset +set -o errtrace +# set -x #Uncomment this to debug script. + +source "$(dirname "$(realpath "$0")")/../env.sh" +source "$(dirname "$(realpath "$0")")/../utils.sh" + +echo +info "Let's create required CRs and required setup" + +if [[ ! -d ${BASE_DIR} ]] +then + mkdir ${BASE_DIR} +fi + +if [[ ! -d ${BASE_CERT_DIR} ]] +then + mkdir ${BASE_CERT_DIR} +fi + +# Create an istio instance +echo +light_info "[INFO] Create an istio instance" +echo +oc create ns istio-system -oyaml --dry-run=client | oc apply -f- +oc::wait::object::availability "oc get project istio-system" 2 60 + +oc apply -f custom-manifests/service-mesh/smcp.yaml +wait_for_pods_ready "app=istiod" "istio-system" +wait_for_pods_ready "app=istio-ingressgateway" "istio-system" +wait_for_pods_ready "app=istio-egressgateway" "istio-system" + +oc wait --for=condition=ready pod -l app=istiod -n istio-system --timeout=300s +oc wait --for=condition=ready pod -l app=istio-ingressgateway -n istio-system --timeout=300s +oc wait --for=condition=ready pod -l app=istio-egressgateway -n istio-system --timeout=300s + +# kserve/knative +echo +light_info "[INFO] Update SMMR" +echo +oc create ns knative-serving -oyaml --dry-run=client | oc apply -f- +oc::wait::object::availability "oc get project knative-serving" 2 60 + +oc apply -f custom-manifests/service-mesh/default-smmr.yaml + +# Create a Knative Serving installation +echo +light_info "[INFO] Create a Knative Serving installation" +echo +oc apply -f custom-manifests/serverless/knativeserving-istio.yaml + +wait_for_pods_ready "app=controller" "knative-serving" +wait_for_pods_ready "app=net-istio-controller" "knative-serving" +wait_for_pods_ready "app=net-istio-webhook" "knative-serving" +wait_for_pods_ready "app=autoscaler-hpa" "knative-serving" +wait_for_pods_ready "app=domain-mapping" "knative-serving" +wait_for_pods_ready "app=webhook" "knative-serving" +oc delete pod -n knative-serving -l app=activator --force --grace-period=0 +oc delete pod -n knative-serving -l app=autoscaler --force --grace-period=0 +wait_for_pods_ready "app=activator" "knative-serving" +wait_for_pods_ready "app=autoscaler" "knative-serving" + +oc wait --for=condition=ready pod -l app=controller -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=net-istio-controller -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=net-istio-webhook -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=autoscaler-hpa -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=domain-mapping -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=webhook -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=activator -n knative-serving --timeout=300s +oc wait --for=condition=ready pod -l app=autoscaler -n knative-serving --timeout=300s + +# Generate wildcard cert for a gateway. +export DOMAIN_NAME=$(oc get ingresses.config.openshift.io cluster -o jsonpath='{.spec.domain}' | awk -F'.' '{print $(NF-1)"."$NF}') +export COMMON_NAME=$(oc get ingresses.config.openshift.io cluster -o jsonpath='{.spec.domain}') + +## Generate wildcard cert using openssl +if [[ ! -n ${CUSTOM_CERT+x} && ! -n ${CUSTOM_KEY+x} ]]; +then + echo + light_info "[INFO] Generate wildcard cert using openssl" + echo + bash -x ./scripts/generate-wildcard-certs.sh ${BASE_CERT_DIR} ${DOMAIN_NAME} ${COMMON_NAME} + TARGET_CUSTOM_CERT=${BASE_CERT_DIR}/wildcard.crt + TARGET_CUSTOM_KEY=${BASE_CERT_DIR}/wildcard.key +else + TARGET_CUSTOM_CERT=${CUSTOM_CERT} + TARGET_CUSTOM_KEY=${CUSTOM_KEY} +fi + +# Create the Knative gateways +oc create secret tls wildcard-certs --cert=${TARGET_CUSTOM_CERT} --key=${TARGET_CUSTOM_KEY} -n istio-system +oc apply -f custom-manifests/serverless/gateways.yaml + +success "[SUCCESS] Successfully created ServiceMesh Control Plane CR, KNative-Serving CR and required setup such as wildcard cert and Gateways" diff --git a/demo/kserve/scripts/install/3-only-kserve-install.sh b/demo/kserve/scripts/install/3-only-kserve-install.sh new file mode 100755 index 00000000..9c64b3a9 --- /dev/null +++ b/demo/kserve/scripts/install/3-only-kserve-install.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Environment variables +# - CHECK_UWM: Set this to "false", if you want to skip the User Workload Configmap check message +# - TARGET_OPERATOR: Set this among odh, rhods or brew, if you want to skip the question in the script. +set -o pipefail +set -o nounset +set -o errtrace +# set -x #Uncomment this to debug script. + +if [[ ! -n ${BASE_DIR+} ]]; +then + source ./scripts/install/check-env-variables.sh +fi + +source "$(dirname "$(realpath "$0")")/../utils.sh" + +if [[ ! -n "${CHECK_UWM+x}" || ! -n ${TARGET_OPERATOR+x} ]] +then + source ./scripts/install/check-env-variables.sh +fi + +echo +light_info "[INFO] Deploy odh operator" +echo + +# Create brew catalogsource +if [[ ${deploy_odh_operator} == "true" ]] +then + if [[ ${TARGET_OPERATOR} == "brew" ]]; + then + echo + light_info "[INFO] Create catalogsource for brew registry" + echo + sed "s/<%brew_tag%>/$BREW_TAG/g" custom-manifests/brew/catalogsource.yaml |oc apply -f - + + wait_for_pods_ready "olm.catalogSource=rhods-catalog-dev" "openshift-marketplace" + oc wait --for=condition=ready pod -l olm.catalogSource=rhods-catalog-dev -n openshift-marketplace --timeout=60s + fi + + # Deploy odh/rhods operator + OPERATOR_LABEL="control-plane=controller-manager" + if [[ ${TARGET_OPERATOR_TYPE} == "rhods" ]]; + then + OPERATOR_LABEL="name=rhods-operator" + oc create ns ${TARGET_OPERATOR_NS} -oyaml --dry-run=client | oc apply -f- + oc::wait::object::availability "oc get project ${TARGET_OPERATOR_NS}" 2 60 + fi + oc create -f custom-manifests/opendatahub/${TARGET_OPERATOR}-operators-2.x.yaml + + wait_for_pods_ready "${OPERATOR_LABEL}" "${TARGET_OPERATOR_NS}" + oc wait --for=condition=ready pod -l ${OPERATOR_LABEL} -n ${TARGET_OPERATOR_NS} --timeout=300s + + # Example CUSTOM_MANIFESTS_URL ==> https://github.com/opendatahub-io/odh-manifests/tarball/master + if [[ -n "${CUSTOM_MANIFESTS_URL+x}" ]] + then + echo + light_info "Added custom manifest url into default dscinitializations" + oc patch dscinitializations default -p="[{\"op\": \"add\", \"path\": \"/spec/manifestsUri\",\"value\": \"${CUSTOM_MANIFESTS_URL}\"}]" --type='json' + fi +else + light_info "DEPLOY_ODH_OPERATOR set ${deploy_odh_operator}. Skip deploy odh/rhods operator" +fi + +echo +info "[INFO] Create DataScienceCluster" +echo + +dsc_exists=$(oc get datasciencecluster default --all-namespaces) +if [[ -n $dsc_exists ]] +then + oc patch datasciencecluster default --type=merge -p '{"spec": {"components":{"kserve": {"managementState": "Managed"}}}}' +else + oc create -f custom-manifests/opendatahub/kserve-dsc.yaml +fi + +wait_for_pods_ready "control-plane=kserve-controller-manager" "${KSERVE_OPERATOR_NS}" + +success "[SUCCESS] Successfully deployed KServe operator! Ready for demo" diff --git a/demo/kserve/scripts/install/check-env-variables.sh b/demo/kserve/scripts/install/check-env-variables.sh new file mode 100755 index 00000000..7c5534d8 --- /dev/null +++ b/demo/kserve/scripts/install/check-env-variables.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Environment variables +# - CHECK_UWM: Set this to "false", if you want to skip the User Workload Configmap check message +# - TARGET_OPERATOR: Set this among odh, rhods or brew, if you want to skip the question in the script. +set -o pipefail +set -o nounset +set -o errtrace +# set -x #Uncomment this to debug script. + +source "$(dirname "$(realpath "$0")")/../env.sh" +source "$(dirname "$(realpath "$0")")/../utils.sh" +if [[ -n "${CHECK_UWM+x}" && ${CHECK_UWM} == "false" ]] +then + input="y" +else + echo "** Check User Workload Configmap for Kserve metrics before you execute this script **" + echo + cat </$BREW_TAG/g" custom-manifests/brew/catalogsource.yaml |oc apply -f - - - wait_for_pods_ready "olm.catalogSource=rhods-catalog-dev" "openshift-marketplace" - oc wait --for=condition=ready pod -l olm.catalogSource=rhods-catalog-dev -n openshift-marketplace --timeout=60s -fi - -# Deploy odh/rhods operator -echo -echo "[INFO] Deploy odh/rhods operator" -echo -OPERATOR_LABEL="control-plane=controller-manager" -if [[ ${TARGET_OPERATOR_TYPE} == "rhods" ]]; -then - OPERATOR_LABEL="name=rhods-operator" - oc create ns ${TARGET_OPERATOR_NS} -oyaml --dry-run=client | oc apply -f- - oc::wait::object::availability "oc get project ${TARGET_OPERATOR_NS} " 2 60 -fi -oc create -f custom-manifests/opendatahub/${TARGET_OPERATOR}-operators-2.x.yaml - -wait_for_pods_ready "${OPERATOR_LABEL}" "${TARGET_OPERATOR_NS}" -oc wait --for=condition=ready pod -l ${OPERATOR_LABEL} -n ${TARGET_OPERATOR_NS} --timeout=300s - -# Example CUSTOM_MANIFESTS_URL ==> https://github.com/opendatahub-io/odh-manifests/tarball/master -if [[ -n "${CUSTOM_MANIFESTS_URL+x}" ]] -then - echo - echo "Added custom manifest url into default dscinitializations" - oc patch dscinitializations default -p="[{\"op\": \"add\", \"path\": \"/spec/manifestsUri\",\"value\": \"${CUSTOM_MANIFESTS_URL}\"}]" --type='json' -fi - -echo -echo "[INFO] Deploy KServe" -echo -# ODH 1.9 use alpha api so this logic needed but from ODH 1.10, this logic must be deleted. -#oc create -f custom-manifests/opendatahub/kserve-dsc.yaml -if [[ ${TARGET_OPERATOR_TYPE} == "rhods" ]]; then - oc create -f custom-manifests/opendatahub/kserve-dsc.yaml -else - oc create -f custom-manifests/opendatahub/kserve-dsc-v1alpha1.yaml -fi - -wait_for_pods_ready "control-plane=kserve-controller-manager" "${KSERVE_OPERATOR_NS}" +source ./scripts/install/check-env-variables.sh +./scripts/install/1-prerequisite-operators.sh +./scripts/install/2-required-crs.sh +./scripts/install/3-only-kserve-install.sh diff --git a/demo/kserve/scripts/install/workaround.sh b/demo/kserve/scripts/install/workaround.sh deleted file mode 100755 index fa86d5df..00000000 --- a/demo/kserve/scripts/install/workaround.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -source "$(dirname "$(realpath "$0")")/../env.sh" -export KSERVE_OPERATOR_NS=$(getKserveNS) - -# Workaround -while true -do - oc get validatingwebhookconfiguration.admissionregistration.k8s.io/inferenceservice.serving.kserve.io - - if [[ $? == 0 ]] - then - break - fi - sleep 1 -done -oc delete rolebinding redhat-ods-applications -n ${KSERVE_OPERATOR_NS} -oc delete pod --all --force -n ${KSERVE_OPERATOR_NS} -oc patch validatingwebhookconfiguration inferenceservice.serving.kserve.io -p="[{'op': 'replace', 'path': '/webhooks/0/clientConfig/service/namespace', 'value': 'redhat-ods-applications'}]" --type=json diff --git a/demo/kserve/scripts/test/delete-model.sh b/demo/kserve/scripts/test/delete-model.sh index a31919bf..add24f77 100755 --- a/demo/kserve/scripts/test/delete-model.sh +++ b/demo/kserve/scripts/test/delete-model.sh @@ -6,17 +6,6 @@ set -o errtrace source "$(dirname "$(realpath "$0")")/../env.sh" -oc delete isvc --all -n ${TEST_NS} --force --grace-period=0 -oc delete ns ${TEST_NS} ${MINIO_NS} +oc delete isvc,pod --all -n ${TEST_NS} --force --grace-period=0 +oc delete ns ${TEST_NS} ${MINIO_NS} --force --grace-period=0 -# Get the index of the target member in the array -INDEX=$(oc get servicemeshmemberroll/default -n istio-system -o jsonpath='{.spec.members[*]}') -INDEX=$(echo ${INDEX} | tr ' ' '\n' | grep -n ${TEST_NS} | cut -d: -f1) - -if [ -z "${INDEX}" ]; then - echo "Target member ${TEST_NS} not found in the array." - exit 1 -fi - -# Perform the patch operation -oc patch servicemeshmemberroll/default -n istio-system --type='json' -p="[{'op': 'remove', 'path': \"/spec/members/$((INDEX - 1))\"}]" diff --git a/demo/kserve/scripts/test/deploy-model.sh b/demo/kserve/scripts/test/deploy-model.sh index 681e6fee..c608533e 100755 --- a/demo/kserve/scripts/test/deploy-model.sh +++ b/demo/kserve/scripts/test/deploy-model.sh @@ -29,8 +29,7 @@ oc get ns ${TEST_NS} if [[ $? == 1 ]] then oc new-project ${TEST_NS} - oc patch smmr/default -n istio-system --type='json' -p="[{'op': 'add', 'path': '/spec/members/-', 'value': \"$TEST_NS\"}]" - + oc apply -f ./custom-manifests/caikit/caikit-servingruntime.yaml -n ${TEST_NS} oc apply -f ${BASE_DIR}/minio-secret-current.yaml -n ${TEST_NS} diff --git a/demo/kserve/scripts/uninstall/dependencies-uninstall.sh b/demo/kserve/scripts/uninstall/dependencies-uninstall.sh index 342609d5..11350415 100755 --- a/demo/kserve/scripts/uninstall/dependencies-uninstall.sh +++ b/demo/kserve/scripts/uninstall/dependencies-uninstall.sh @@ -25,16 +25,12 @@ export KSERVE_OPERATOR_NS=$(getKserveNS) # Delete the Knative gateways oc delete -f custom-manifests/serverless/gateways.yaml -oc delete Jaeger jaeger -n istio-system -oc delete Kiali kiali -n istio-system oc delete ServiceMeshControlPlane minimal -n istio-system oc delete -f custom-manifests/serverless/knativeserving-istio.yaml oc delete -f custom-manifests/serverless/operators.yaml -oc delete -f custom-manifests/service-mesh/smmr-${TARGET_OPERATOR_TYPE}.yaml -oc delete -f custom-manifests/service-mesh/peer-authentication.yaml -oc delete -f custom-manifests/service-mesh/peer-authentication-${TARGET_OPERATOR_TYPE}.yaml +oc delete -f custom-manifests/service-mesh/default-smmr.yaml oc delete ns redhat-ods-applications oc delete ns knative-serving oc delete -f custom-manifests/service-mesh/smcp.yaml @@ -53,17 +49,9 @@ fi # Verify oc delete KnativeServing knative-serving -n knative-serving -oc delete subscription jaeger-product -n openshift-operators -oc delete subscription kiali-ossm -n openshift-operators oc delete subscription servicemeshoperator -n openshift-operators oc delete subscription serverless-operator -n openshift-serverless -jaeger_csv_name=$(oc get csv -n openshift-operators | grep jaeger|awk '{print $1}') -oc delete csv $jaeger_csv_name -n openshift-operators - -kiali_csv_name=$(oc get csv -n openshift-operators | grep kiali|awk '{print $1}') -oc delete csv $kiali_csv_name -n openshift-operators - sm_csv_name=$(oc get csv -n openshift-operators | grep servicemeshoperator|awk '{print $1}') oc delete csv $sm_csv_name -n openshift-operators diff --git a/demo/kserve/scripts/uninstall/kserve-uninstall.sh b/demo/kserve/scripts/uninstall/kserve-uninstall.sh index 74370684..88d56e65 100755 --- a/demo/kserve/scripts/uninstall/kserve-uninstall.sh +++ b/demo/kserve/scripts/uninstall/kserve-uninstall.sh @@ -27,10 +27,10 @@ export TARGET_OPERATOR_NS=$(getOpNS ${TARGET_OPERATOR_TYPE}) oc delete validatingwebhookconfiguration inferencegraph.serving.kserve.io inferenceservice.serving.kserve.io oc delete mutatingwebhookconfiguration inferenceservice.serving.kserve.io -oc delete isvc --all -n ${TEST_NS} --force --grace-period=0 +oc delete isvc,pod --all -n ${TEST_NS} --force --grace-period=0 echo "It would take around around 3~4 mins" -oc delete ns ${TEST_NS} ${MINIO_NS} +oc delete ns ${TEST_NS} ${MINIO_NS} --force --grace-period=0 oc delete secret wildcard-certs -n istio-system oc delete DataScienceCluster --all -n "${KSERVE_OPERATOR_NS}" @@ -42,28 +42,15 @@ then oc delete catalogsource rhods-catalog-dev -n openshift-marketplace fi if [[ ${TARGET_OPERATOR_TYPE} == "rhods" ]]; then - oc delete ns redhat-ods-operator redhat-ods-applications rhods-notebooks redhat-ods-monitoring --force --grace-period=0 + if [[ -n ${CLEAN_NS+x} && ${CLEAN_NS} != "false" ]] + then + oc delete ns redhat-ods-operator redhat-ods-applications rhods-notebooks redhat-ods-monitoring --force --grace-period=0 + fi oc delete csv -n ${TARGET_OPERATOR_NS} $(oc get csv -n ${TARGET_OPERATOR_NS}|grep rhods|awk '{print $1}') else - oc delete ns ${KSERVE_OPERATOR_NS} --force --grace-period=0 + if [[ -n ${CLEAN_NS+x} && ${CLEAN_NS} != "false" ]] + then + oc delete ns ${KSERVE_OPERATOR_NS} --force --grace-period=0 + fi oc delete csv -n ${TARGET_OPERATOR_NS} $(oc get csv -n ${TARGET_OPERATOR_NS} |grep opendatahub|awk '{print $1}') fi - -# Remove test namespace from SMMR -INDEX=$(oc get servicemeshmemberroll/default -n istio-system -o jsonpath='{.spec.members[*]}') -INDEX=$(echo ${INDEX} | tr ' ' '\n' | grep -n ${TEST_NS} | cut -d: -f1) - -if [ -z "${INDEX}" ]; then - echo "Target member ${TEST_NS} not found in the array." -fi -oc patch servicemeshmemberroll/default -n istio-system --type='json' -p="[{'op': 'remove', 'path': \"/spec/members/$((INDEX - 1))\"}]" - - -# Remove kserve namespace from SMMR -INDEX=$(oc get servicemeshmemberroll/default -n istio-system -o jsonpath='{.spec.members[*]}') -INDEX=$(echo ${INDEX} | tr ' ' '\n' | grep -n ${KSERVE_OPERATOR_NS} | cut -d: -f1) - -if [ -z "${INDEX}" ]; then - echo "Target member ${TEST_NS} not found in the array." -fi -oc patch servicemeshmemberroll/default -n istio-system --type='json' -p="[{'op': 'remove', 'path': \"/spec/members/$((INDEX - 1))\"}]" diff --git a/demo/kserve/scripts/utils.sh b/demo/kserve/scripts/utils.sh index 04542d8c..ccb50078 100644 --- a/demo/kserve/scripts/utils.sh +++ b/demo/kserve/scripts/utils.sh @@ -1,5 +1,22 @@ #!/bin/bash +# Set the color variable +red='\033[0;31m' +light_red='\033[0;91m' +cyan='\033[0;36m' +green='\033[0;32m' +yellow='\033[0;33m' +blue='\033[0;34m' +light_blue='\033[0;94m' +# Clear the color after that +clear='\033[0m' + +# Set the color for log level +info=$cyan +warning=$yellow +error=$red +pending=$light_blue + die() { color_red='\e[31m' color_yellow='\e[33m' @@ -14,6 +31,11 @@ info() { printf "${color_blue}$*${color_reset}\n" 1>&2 } +light_info() { + color_reset='\e[0m' + printf "${cyan}$*${color_reset}\n" 1>&2 +} + success() { color_green='\e[32m' color_reset='\e[0m'