-
Notifications
You must be signed in to change notification settings - Fork 135
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement installation and configuration of KServe prerequisites
KServe pre-requisites are: * Service Mesh (Istio) * A minimal Control Plane is configured for KServe with only Pilot and default gateways. * An additional knative: ingressgateway is set for the Istio Ingress gateway workload. * Some ports are excluded from envoy to allow for metrics collection and KNative hooks. * Metrics collection is configured for Pilot and the gateways. * Serverless (KNative) * Only serving components are needed from KNative. * For the most part, a typical Serving deployment is configured, with Istio as networking layer. * By default, a self-signed certificate is generated using the OpenShift Ingress domain. Users can provide their own secret with a production ready TLS certificate. Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
- Loading branch information
1 parent
dcc6b91
commit 5223678
Showing
27 changed files
with
904 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package v1 | ||
|
||
import operatorv1 "github.com/openshift/api/operator/v1" | ||
|
||
// ServerlessSpec configures KNative components used in Open Data Hub. Specifically, | ||
// KNative is used to enable single model serving (KServe). | ||
type ServerlessSpec struct { | ||
// +kubebuilder:validation:Enum=Managed;Removed | ||
// +kubebuilder:default=Removed | ||
ManagementState operatorv1.ManagementState `json:"managementState,omitempty"` | ||
// Serving configures the KNative-Serving stack used for model serving. A Service | ||
// Mesh (Istio) is prerequisite, since it is used as networking layer. | ||
Serving ServingSpec `json:"serving,omitempty"` | ||
} | ||
|
||
// ServingSpec specifies the configuration for the KNative Serving components and their | ||
// bindings with the Service Mesh. | ||
type ServingSpec struct { | ||
// Name specifies the name of the KNativeServing resource that is going to be | ||
// created to instruct the KNative Operator to deploy KNative serving components. | ||
// +kubebuilder:default=knative-serving | ||
Name string `json:"name,omitempty"` | ||
// Namespace specifies the namespace where the KNativeServing resource is going | ||
// to be created. | ||
// +kubebuilder:default=knative-serving | ||
Namespace string `json:"namespace,omitempty"` | ||
// LocalGatewayServiceName allows to customize the name of the Kubernetes Service that | ||
// is going to be created for intra-cluster requests. The service is created in the | ||
// Service Mesh namespace. | ||
// +kubebuilder:default=knative-local-gateway | ||
LocalGatewayServiceName string `json:"localGatewayServiceName,omitempty"` | ||
// IngressGateway allows to customize some parameters for the Istio Ingress Gateway | ||
// that is bound to KNative-Serving. | ||
IngressGateway IngressGatewaySpec `json:"ingressGateway,omitempty"` | ||
} | ||
|
||
// IngressGatewaySpec represents the configuration of the KNative Ingress Gateway. | ||
type IngressGatewaySpec struct { | ||
// GatewaySelector specifies the label selector to choose the Istio Ingress Gateway to use | ||
// for intercepting incoming requests. If unset, the selector knative=ingressgateway is used. | ||
// GatewaySelector map[string]string `json:"selector,omitempty"` | ||
|
||
// Domain specifies the DNS name for intercepting ingress requests coming from | ||
// outside the cluster. Most likely, you will want to use a wildcard name, | ||
// like *.example.com. If not set, the domain of the OpenShift Ingress is used. | ||
// If you choose to generate a certificate, this is the domain used for the certificate request. | ||
Domain string `json:"domain,omitempty"` | ||
// Certificate specifies configuration about the location of the TLS certificate and | ||
// if a certificate would be generated. | ||
Certificate CertificateSpec `json:"certificate,omitempty"` | ||
} | ||
|
||
// CertificateSpec represents the specification of the certificate securing communications of | ||
// the Istio Ingress Gateway for the KNative network. | ||
type CertificateSpec struct { | ||
// SecretName specifies the name of the Kubernetes Secret resource that contains a | ||
// TLS certificate secure HTTP communications for the KNative network. | ||
// +kubebuilder:default=knative-serving-cert | ||
SecretName string `json:"secretName,omitempty"` | ||
// Generate specifies if the TLS certificate should be generated automatically using an own private | ||
// key. The private key is going to be stored in a secret with the same name as the | ||
// TLS certificate plus the "-key" suffix (e.g. knative-serving-cert-key). | ||
// If this value is set to None, pre-existence of the TLS Secret (SecretName) with a | ||
// valid certificate is assumed. | ||
// +kubebuilder:validation:Enum=SelfSigned;None | ||
// +kubebuilder:default=SelfSigned | ||
Generate string `json:"generate,omitempty"` | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
package v1 | ||
|
||
import operatorv1 "github.com/openshift/api/operator/v1" | ||
|
||
// ServiceMeshSpec configures Service Mesh. | ||
type ServiceMeshSpec struct { | ||
// +kubebuilder:validation:Enum=Managed;Removed | ||
// +kubebuilder:default=Removed | ||
ManagementState operatorv1.ManagementState `json:"managementState,omitempty"` | ||
// Mesh holds configuration of Service Mesh used by Opendatahub. | ||
Mesh MeshSpec `json:"mesh,omitempty"` | ||
} | ||
|
||
type MeshSpec struct { | ||
// Name is a name Service Mesh Control Plane. Defaults to "minimal". | ||
// +kubebuilder:default=data-science-smcp | ||
Name string `json:"name,omitempty"` | ||
// Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system". | ||
// +kubebuilder:default=istio-system | ||
Namespace string `json:"namespace,omitempty"` | ||
// MetricsCollection specifies if metrics from components on the Mesh namespace | ||
// should be collected. Setting the value to "Istio" will collect metrics from the | ||
// control plane and any proxies on the Mesh namespace (like gateway pods). Setting | ||
// to "None" will disable metrics collection. | ||
// +kubebuilder:validation:Enum=Istio;None | ||
// +kubebuilder:default=Istio | ||
MetricsCollection string `json:"monitoring,omitempty"` | ||
} |
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.