feat(kserve): automates installation and configuration of KServe prerequisites

apis/dscinitialization/v1/dscinitialization_types.go

@@ -35,9 +35,22 @@ type DSCInitializationSpec struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=2
 	// +optional
 	Monitoring Monitoring `json:"monitoring,omitempty"`
+	// Configures Service Mesh as networking layer for Data Science Clusters components.
+	// The Service Mesh is a mandatory prerequisite for single model serving (KServe) and
+	// you should review this configuration if you are planning to use KServe.
+	// For other components, it enhances user experience; e.g. it provides unified
+	// authentication giving a Single Sign On experience.
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=3
+	// +optional
+	ServiceMesh ServiceMeshSpec `json:"serviceMesh,omitempty"`
+	// Configures Serverless (KNative Serving). This is a prerequisite for single model
+	// serving (KServe) and you should review this configuration if you are planning to use KServe.
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=4
+	// +optional
+	Serverless ServerlessSpec `json:"serverless,omitempty"`
 	// Internal development useful field to test customizations.
 	// This is not recommended to be used in production environment.
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=3
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,order=5
 	// +optional
 	DevFlags DevFlags `json:"devFlags,omitempty"`
 }

apis/dscinitialization/v1/serverless_types.go

@@ -0,0 +1,68 @@
+package v1
+
+import operatorv1 "github.com/openshift/api/operator/v1"
+
+// ServerlessSpec configures KNative components used in Open Data Hub. Specifically,
+// KNative is used to enable single model serving (KServe).
+type ServerlessSpec struct {
+	// +kubebuilder:validation:Enum=Managed;Removed
+	// +kubebuilder:default=Removed
+	ManagementState operatorv1.ManagementState `json:"managementState,omitempty"`
+	// Serving configures the KNative-Serving stack used for model serving. A Service
+	// Mesh (Istio) is prerequisite, since it is used as networking layer.
+	Serving ServingSpec `json:"serving,omitempty"`
+}
+
+// ServingSpec specifies the configuration for the KNative Serving components and their
+// bindings with the Service Mesh.
+type ServingSpec struct {
+	// Name specifies the name of the KNativeServing resource that is going to be
+	// created to instruct the KNative Operator to deploy KNative serving components.
+	// +kubebuilder:default=knative-serving
+	Name string `json:"name,omitempty"`
+	// Namespace specifies the namespace where the KNativeServing resource is going
+	// to be created.
+	// +kubebuilder:default=knative-serving
+	Namespace string `json:"namespace,omitempty"`
+	// LocalGatewayServiceName allows to customize the name of the Kubernetes Service that
+	// is going to be created for intra-cluster requests. The service is created in the
+	// Service Mesh namespace.
+	// +kubebuilder:default=knative-local-gateway
+	LocalGatewayServiceName string `json:"localGatewayServiceName,omitempty"`
+	// IngressGateway allows to customize some parameters for the Istio Ingress Gateway
+	// that is bound to KNative-Serving.
+	IngressGateway IngressGatewaySpec `json:"ingressGateway,omitempty"`
+}
+
+// IngressGatewaySpec represents the configuration of the KNative Ingress Gateway.
+type IngressGatewaySpec struct {
+	// GatewaySelector specifies the label selector to choose the Istio Ingress Gateway to use
+	// for intercepting incoming requests. If unset, the selector knative=ingressgateway is used.
+	// GatewaySelector map[string]string `json:"selector,omitempty"`
+
+	// Domain specifies the DNS name for intercepting ingress requests coming from
+	// outside the cluster. Most likely, you will want to use a wildcard name,
+	// like *.example.com. If not set, the domain of the OpenShift Ingress is used.
+	// If you choose to generate a certificate, this is the domain used for the certificate request.
+	Domain string `json:"domain,omitempty"`
+	// Certificate specifies configuration about the location of the TLS certificate and
+	// if a certificate would be generated.
+	Certificate CertificateSpec `json:"certificate,omitempty"`
+}
+
+// CertificateSpec represents the specification of the certificate securing communications of
+// the Istio Ingress Gateway for the KNative network.
+type CertificateSpec struct {
+	// SecretName specifies the name of the Kubernetes Secret resource that contains a
+	// TLS certificate secure HTTP communications for the KNative network.
+	// +kubebuilder:default=knative-serving-cert
+	SecretName string `json:"secretName,omitempty"`
+	// Generate specifies if the TLS certificate should be generated automatically using an own private
+	// key. The private key is going to be stored in a secret with the same name as the
+	// TLS certificate plus the "-key" suffix (e.g. knative-serving-cert-key).
+	// If this value is set to None, pre-existence of the TLS Secret (SecretName) with a
+	// valid certificate is assumed.
+	// +kubebuilder:validation:Enum=SelfSigned;None
+	// +kubebuilder:default=SelfSigned
+	Generate string `json:"generate,omitempty"`
+}

apis/dscinitialization/v1/servicemesh_types.go

@@ -0,0 +1,28 @@
+package v1
+
+import operatorv1 "github.com/openshift/api/operator/v1"
+
+// ServiceMeshSpec configures Service Mesh.
+type ServiceMeshSpec struct {
+	// +kubebuilder:validation:Enum=Managed;Removed
+	// +kubebuilder:default=Removed
+	ManagementState operatorv1.ManagementState `json:"managementState,omitempty"`
+	// Mesh holds configuration of Service Mesh used by Opendatahub.
+	Mesh MeshSpec `json:"mesh,omitempty"`
+}
+
+type MeshSpec struct {
+	// Name is a name Service Mesh Control Plane. Defaults to "minimal".
+	// +kubebuilder:default=data-science-smcp
+	Name string `json:"name,omitempty"`
+	// Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system".
+	// +kubebuilder:default=istio-system
+	Namespace string `json:"namespace,omitempty"`
+	// MetricsCollection specifies if metrics from components on the Mesh namespace
+	// should be collected. Setting the value to "Istio" will collect metrics from the
+	// control plane and any proxies on the Mesh namespace (like gateway pods). Setting
+	// to "None" will disable metrics collection.
+	// +kubebuilder:validation:Enum=Istio;None
+	// +kubebuilder:default=Istio
+	MetricsCollection string `json:"monitoring,omitempty"`
+}

config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml

@@ -81,6 +81,124 @@ spec:
                     description: Namespace for monitoring if it is enabled
                     type: string
                 type: object
+              serverless:
+                description: Configures Serverless (KNative Serving). This is a prerequisite
+                  for single model serving (KServe) and you should review this configuration
+                  if you are planning to use KServe.
+                properties:
+                  managementState:
+                    default: Removed
+                    enum:
+                    - Managed
+                    - Removed
+                    pattern: ^(Managed|Unmanaged|Force|Removed)$
+                    type: string
+                  serving:
+                    description: Serving configures the KNative-Serving stack used
+                      for model serving. A Service Mesh (Istio) is prerequisite, since
+                      it is used as networking layer.
+                    properties:
+                      ingressGateway:
+                        description: IngressGateway allows to customize some parameters
+                          for the Istio Ingress Gateway that is bound to KNative-Serving.
+                        properties:
+                          certificate:
+                            description: Certificate specifies configuration about
+                              the location of the TLS certificate and if a certificate
+                              would be generated.
+                            properties:
+                              generate:
+                                default: SelfSigned
+                                description: Generate specifies if the TLS certificate
+                                  should be generated automatically using an own private
+                                  key. The private key is going to be stored in a
+                                  secret with the same name as the TLS certificate
+                                  plus the "-key" suffix (e.g. knative-serving-cert-key).
+                                  If this value is set to None, pre-existence of the
+                                  TLS Secret (SecretName) with a valid certificate
+                                  is assumed.
+                                enum:
+                                - SelfSigned
+                                - None
+                                type: string
+                              secretName:
+                                default: knative-serving-cert
+                                description: SecretName specifies the name of the
+                                  Kubernetes Secret resource that contains a TLS certificate
+                                  secure HTTP communications for the KNative network.
+                                type: string
+                            type: object
+                          domain:
+                            description: Domain specifies the DNS name for intercepting
+                              ingress requests coming from outside the cluster. Most
+                              likely, you will want to use a wildcard name, like *.example.com.
+                              If not set, the domain of the OpenShift Ingress is used.
+                              If you choose to generate a certificate, this is the
+                              domain used for the certificate request.
+                            type: string
+                        type: object
+                      localGatewayServiceName:
+                        default: knative-local-gateway
+                        description: LocalGatewayServiceName allows to customize the
+                          name of the Kubernetes Service that is going to be created
+                          for intra-cluster requests. The service is created in the
+                          Service Mesh namespace.
+                        type: string
+                      name:
+                        default: knative-serving
+                        description: Name specifies the name of the KNativeServing
+                          resource that is going to be created to instruct the KNative
+                          Operator to deploy KNative serving components.
+                        type: string
+                      namespace:
+                        default: knative-serving
+                        description: Namespace specifies the namespace where the KNativeServing
+                          resource is going to be created.
+                        type: string
+                    type: object
+                type: object
+              serviceMesh:
+                description: Configures Service Mesh as networking layer for Data
+                  Science Clusters components. The Service Mesh is a mandatory prerequisite
+                  for single model serving (KServe) and you should review this configuration
+                  if you are planning to use KServe. For other components, it enhances
+                  user experience; e.g. it provides unified authentication giving
+                  a Single Sign On experience.
+                properties:
+                  managementState:
+                    default: Removed
+                    enum:
+                    - Managed
+                    - Removed
+                    pattern: ^(Managed|Unmanaged|Force|Removed)$
+                    type: string
+                  mesh:
+                    description: Mesh holds configuration of Service Mesh used by
+                      Opendatahub.
+                    properties:
+                      monitoring:
+                        default: Istio
+                        description: MetricsCollection specifies if metrics from components
+                          on the Mesh namespace should be collected. Setting the value
+                          to "Istio" will collect metrics from the control plane and
+                          any proxies on the Mesh namespace (like gateway pods). Setting
+                          to "None" will disable metrics collection.
+                        enum:
+                        - Istio
+                        - None
+                        type: string
+                      name:
+                        default: data-science-smcp
+                        description: Name is a name Service Mesh Control Plane. Defaults
+                          to "minimal".
+                        type: string
+                      namespace:
+                        default: istio-system
+                        description: Namespace is a namespace where Service Mesh is
+                          deployed. Defaults to "istio-system".
+                        type: string
+                    type: object
+                type: object
             required:
             - applicationsNamespace
             type: object