From 046fdbcd42692f6d3a2581aae5284dbe483f9c4f Mon Sep 17 00:00:00 2001 From: Andres Llausas Date: Tue, 25 Feb 2025 09:14:00 -0500 Subject: [PATCH] [RHOAIENG-14237] Adding REST_PROXY_SKIP_VERIFY env var. (#536) #### Motivation rest-proxy has a new environment variable for allowing the user to skip verification when using TLS #### Modifications Adding the variable to the RESTProxyConfig and to the Deployments #### Result Users will be able to specify if they want to skip verification when using TLS See: [RHOAIENG-14237](https://issues.redhat.com/browse/RHOAIENG-14237) Signed-off-by: Andres Llausas --- controllers/modelmesh/modelmesh.go | 39 ++++++++++--------- controllers/modelmesh/proxy.go | 4 ++ .../testdata/servingruntime_controller.golden | 2 + pkg/config/config.go | 9 +++-- 4 files changed, 31 insertions(+), 23 deletions(-) diff --git a/controllers/modelmesh/modelmesh.go b/controllers/modelmesh/modelmesh.go index cf136a7d..ccd1d1d5 100644 --- a/controllers/modelmesh/modelmesh.go +++ b/controllers/modelmesh/modelmesh.go @@ -37,25 +37,26 @@ const ModelMeshEtcdPrefix = "mm" // Models a deployment type Deployment struct { - ServiceName string - ServicePort uint16 - Name string - Namespace string - Owner mf.Owner - SRSpec *kserveapi.ServingRuntimeSpec - DefaultVModelOwner string - Log logr.Logger - Metrics bool - PrometheusPort uint16 - PrometheusScheme string - PayloadProcessors string - ModelMeshImage string - ModelMeshResources *corev1.ResourceRequirements - RESTProxyEnabled bool - RESTProxyImage string - RESTProxyResources *corev1.ResourceRequirements - RESTProxyPort uint16 - PVCs []string + ServiceName string + ServicePort uint16 + Name string + Namespace string + Owner mf.Owner + SRSpec *kserveapi.ServingRuntimeSpec + DefaultVModelOwner string + Log logr.Logger + Metrics bool + PrometheusPort uint16 + PrometheusScheme string + PayloadProcessors string + ModelMeshImage string + ModelMeshResources *corev1.ResourceRequirements + RESTProxyEnabled bool + RESTProxySkipVerify bool + RESTProxyImage string + RESTProxyResources *corev1.ResourceRequirements + RESTProxyPort uint16 + PVCs []string // internal fields used when templating ModelMeshLimitCPU string ModelMeshRequestsCPU string diff --git a/controllers/modelmesh/proxy.go b/controllers/modelmesh/proxy.go index 442ee835..2473ee28 100644 --- a/controllers/modelmesh/proxy.go +++ b/controllers/modelmesh/proxy.go @@ -26,6 +26,7 @@ const ( restProxyGrpcMaxMsgSizeEnvVar = "REST_PROXY_GRPC_MAX_MSG_SIZE_BYTES" restProxyGrpcPortEnvVar = "REST_PROXY_GRPC_PORT" restProxyTlsEnvVar = "REST_PROXY_USE_TLS" + restProxySkipVerifyEnvVar = "REST_PROXY_SKIP_VERIFY" ) func (m *Deployment) addRESTProxyToDeployment(deployment *appsv1.Deployment) error { @@ -47,6 +48,9 @@ func (m *Deployment) addRESTProxyToDeployment(deployment *appsv1.Deployment) err }, { Name: restProxyGrpcMaxMsgSizeEnvVar, Value: strconv.Itoa(m.GrpcMaxMessageSize), + }, { + Name: restProxySkipVerifyEnvVar, + Value: strconv.FormatBool(m.RESTProxySkipVerify), }, }, Ports: []corev1.ContainerPort{ diff --git a/controllers/testdata/servingruntime_controller.golden b/controllers/testdata/servingruntime_controller.golden index fcef4966..f90019a1 100644 --- a/controllers/testdata/servingruntime_controller.golden +++ b/controllers/testdata/servingruntime_controller.golden @@ -555,6 +555,8 @@ spec: value: "false" - name: REST_PROXY_GRPC_MAX_MSG_SIZE_BYTES value: "16777216" + - name: REST_PROXY_SKIP_VERIFY + value: "false" image: kserve/rest-proxy:latest imagePullPolicy: Always name: rest-proxy diff --git a/pkg/config/config.go b/pkg/config/config.go index ca2db8a0..45847449 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -133,10 +133,11 @@ type TLSConfig struct { } type RESTProxyConfig struct { - Enabled bool - Port uint16 - Image ImageConfig - Resources ResourceRequirements + Enabled bool + SkipVerify bool + Port uint16 + Image ImageConfig + Resources ResourceRequirements } func (c *Config) GetEtcdSecretName() string {