Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-0.12.1] Cherry picks - Fixes for ODH #345

Conversation

VedantMahabaleshwarkar and others added 17 commits May 6, 2024 11:48
Signed-off-by: Vedant Mahabaleshwarkar <vmahabal@redhat.com>
Signed-off-by: jooho <jlee@redhat.com>
Fixes CVE-2024-24762 - Regular Expression Denial of Service (ReDoS)
Remove the fastapi when this is addressed:  https://issues.redhat.com/browse/RHOAIENG-3894
or ray releses a new version that removes the fastapi version pinning and it gets updated on KServe

Signed-off-by: Spolti <fspolti@redhat.com>
Signed-off-by: Vedant Mahabaleshwarkar <vmahabal@redhat.com>
The increased memory limit is for the controller pod to work normally in clusters having 9k+ secrets.

Related https://issues.redhat.com/browse/RHOAIENG-3996

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
* Upgrade orjson to version 3.9.15

chore: Fixes [CVE-2024-27454](https://nvd.nist.gov/vuln/detail/CVE-2024-27454): orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.

Signed-off-by: Spolti <fspolti@redhat.com>

* Update python/kserve/pyproject.toml

Co-authored-by: Sivanantham <90966311+sivanantha321@users.noreply.github.com>
Signed-off-by: Filippe Spolti <filippespolti@gmail.com>

* re-run poetry lock

Signed-off-by: Spolti <fspolti@redhat.com>

---------

Signed-off-by: Spolti <fspolti@redhat.com>
Signed-off-by: Filippe Spolti <filippespolti@gmail.com>
Co-authored-by: Sivanantham <90966311+sivanantha321@users.noreply.github.com>
Signed-off-by: jooho <jlee@redhat.com>
…ets (kserve#3469)

* Remove cluster level list/watch for configmaps, serviceaccounts, secrets

Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>

* Resolve comments

Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>

---------

Signed-off-by: Sivanantham Chinnaiyan <sivanantham.chinnaiyan@ideas2it.com>
Signed-off-by: Andrews Arokiam <andrews.arokiam@ideas2it.com>
Since ODH would support KServe's RawDeployment mode, this modifies the scripts around OpenShift-ci setup to be possible to run RawDeployment-related E2Es.

The run-e2e-tests.sh script is modified to exclude installation of Service Mesh and Serverless, when RawDeployments E2Es are requested to run. A supporting file inferenceservice-openshift-ci-raw.yaml was added to patch KServe's configuration to use RawDeployment mode by default and to use OpenShift Ingress when exposing Inference Services.

Since the E2Es use some annotations in the InferenceService, changes done to the v1beta1_inference_service.py file in commit ecff079 were reverted. As an alternative, the `enablePassthrough` annotation was moved to the ServingRuntime resources. This is not only cleaner, but also reduces the diverging code with the upstream repository. Furthermore, this seems to be an auto-generated file that should not be touched.

Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
chore:	fixes the GH [Alert](https://github.com/kserve/kserve/security/code-scanning/12080).
	filepath.Clean sanitizes the directory path and remove any unnecessary components (such as . and ..)

Signed-off-by: Spolti <fspolti@redhat.com>
…Mode Deployment

Signed-off-by: Spolti <fspolti@redhat.com>
Signed-off-by: Spolti <fspolti@redhat.com>
opendatahub-io#292)

* [RHOAIENG-4617] - follow up - remove hardcoded fastapi from Dockerfile

As the Ray Serve latest release removed the hard dependency of old fastapi version
we can now remove the workaround from the Storage Initializer Container Image.

Signed-off-by: Spolti <fspolti@redhat.com>
There is an error in the storage-initializer-docker-publisher workflow where a string is being used, but should be a variable. On PR merges, this is causing an error when trying to push the docker image of the storage initializer.

This is fixing the issue by properly using the variable.

Signed-off-by: Edgar Hernández <ehernand@redhat.com>
@openshift-ci openshift-ci bot requested review from spolti and terrytangyuan May 6, 2024 18:16
@openshift-ci openshift-ci bot added the approved label May 6, 2024
Copy link

openshift-ci bot commented May 6, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: israel-hdez, spolti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@heyselbi
Copy link

heyselbi commented May 6, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm label May 6, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 8d736ad into opendatahub-io:release-v0.12.1 May 6, 2024
18 checks passed
@israel-hdez israel-hdez deleted the v0121-cherry-picks branch May 6, 2024 19:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

9 participants