From 6eedee5efe6ee13abe50873310b45674d778c158 Mon Sep 17 00:00:00 2001 From: Jooho Lee Date: Tue, 30 May 2023 06:58:15 -0400 Subject: [PATCH] [cherry-pick]Replace old model-mesh manifests to new manifests #815 Signed-off-by: jooho --- kfdef/kfctl_openshift_modh.yaml | 4 +- kfdef/odh-core.yaml | 71 +++++ model-mesh/OWNERS | 13 +- model-mesh/README.md | 29 ++- model-mesh/base/kustomization.yaml | 82 +++--- model-mesh/base/params.env | 7 +- model-mesh/base/params.yaml | 11 - .../base/kustomization.yaml | 5 + .../default/kustomization.yaml | 3 + .../manager/controller_manager_config.yaml | 0 .../manager/kustomization.yaml | 10 + .../odh-model-controller/manager/manager.yaml | 55 ++++ .../overlays/odh/kustomization.yaml | 12 + .../odh_model_controller_manager_patch.yaml | 18 ++ .../overlays/odh/params.yaml | 4 + .../prometheus/kustomization.yaml | 2 + .../prometheus/monitor.yaml | 1 - .../rbac/auth_proxy_client_clusterrole.yaml | 8 +- .../rbac/auth_proxy_role.yaml | 17 ++ .../rbac/auth_proxy_role_binding.yaml | 5 +- .../rbac/auth_proxy_service.yaml | 8 +- .../rbac/kustomization.yaml | 18 ++ .../rbac/leader_election_role.yaml | 37 +++ .../rbac/leader_election_role_binding.yaml | 5 +- .../odh-model-controller/rbac/role.yaml | 182 +++++++++++++ .../rbac/role_binding.yaml | 7 +- .../rbac/service_account.yaml | 1 - .../base/kustomization.yaml | 6 + .../certmanager/certificate.yaml | 0 .../certmanager/kustomization.yaml | 0 .../certmanager/kustomizeconfig.yaml | 0 ...ving.kserve.io_clusterservingruntimes.yaml | 0 .../serving.kserve.io_inferenceservices.yaml | 0 .../bases/serving.kserve.io_predictors.yaml | 0 .../serving.kserve.io_servingruntimes.yaml | 0 .../crd/kustomization.yaml | 3 +- .../crd/kustomizeconfig.yaml | 0 .../patches/cainjection_in_predictors.yaml | 0 .../cainjection_in_servingruntimes.yaml | 0 .../crd/patches/webhook_in_predictors.yaml | 0 .../patches/webhook_in_servingruntimes.yaml | 0 .../default/config-defaults.yaml | 1 + .../default/kustomization.yaml | 1 - .../default/manager_auth_proxy_patch.yaml | 0 .../default/manager_webhook_patch.yaml | 0 .../default/metadataLabelTransformer.yaml | 0 .../default/storage-secret.yaml | 0 .../default/webhookcainjection_patch.yaml | 0 .../dependencies/fvt.yaml | 245 ++++++++++++++++++ .../dependencies/minio-storage-secret.yaml | 27 ++ .../dependencies/nfs-provisioner-subs.yaml | 11 + .../dependencies/nfs-provisioner.yaml | 8 + .../dependencies/quickstart.yaml} | 38 +-- .../example-keras-mnist-isvc.yaml | 0 .../example-lightgbm-mushroom-isvc.yaml | 0 .../example-mlserver-sklearn-mnist-isvc.yaml | 0 .../example-onnx-mnist-isvc.yaml | 0 .../example-pytorch-cifar-isvc.yaml | 0 .../example-tensorflow-mnist-isvc.yaml | 0 .../example-xgboost-mushroom-isvc.yaml | 0 .../example-keras-mnist-predictor.yaml | 0 .../example-lightgbm-mushroom-predictor.yaml | 0 ...mple-mlserver-sklearn-mnist-predictor.yaml | 0 .../example-onnx-mnist-predictor.yaml | 0 .../example-pytorch-cifar-predictor.yaml | 0 .../example-tensorflow-mnist-predictor.yaml | 0 .../example-xgboost-mushroom-predictor.yaml | 0 .../internal/base/deployment.yaml.tmpl | 52 +++- .../manager/kustomization.yaml | 2 +- .../manager/manager.yaml | 33 +-- .../namespace-runtimes/kustomization.yaml | 14 + .../overlays/odh/kustomization.yaml | 15 ++ .../overlays/odh/manager/kustomization.yaml | 5 + .../overlays/odh/manager/service.yaml | 14 + .../overlays/odh/params.yaml | 15 ++ .../overlays/odh}/quickstart.yaml | 11 +- .../overlays/odh/rbac/kustomization.yaml | 11 + .../odh/rbac/networkpolicy_etcd.yaml} | 5 +- .../remove_networkpolicy_rumtime_patch.yaml | 5 + .../odh/rbac/role_apps_metrics_access.yaml | 41 +++ .../odh}/rbac/user_cluster_roles.yaml | 0 .../overlays/odh}/scripts/enable_auth.sh | 0 .../overlays/odh}/scripts/kustomization.yaml | 0 .../prometheus/kustomization.yaml | 0 .../prometheus/monitor.yaml | 0 .../rbac/cluster-scope/kustomization.yaml | 17 ++ .../rbac/cluster-scope}/role.yaml | 0 .../rbac/cluster-scope}/role_binding.yaml | 4 +- .../auth_proxy_client_clusterrole.yaml | 0 .../rbac/common}/auth_proxy_role.yaml | 0 .../rbac/common}/auth_proxy_role_binding.yaml | 0 .../rbac/common}/auth_proxy_service.yaml | 0 .../common}/inferenceservice_editor_role.yaml | 0 .../common}/inferenceservice_viewer_role.yaml | 0 .../rbac/common}/kustomization.yaml | 6 +- .../rbac/common}/leader_election_role.yaml | 0 .../common}/leader_election_role_binding.yaml | 0 .../common}/modelmesh-service-account.yaml | 0 .../modelmesh-serving-service-account.yaml | 17 ++ .../common}/networkpolicy-controller.yaml | 0 .../rbac/common}/networkpolicy-runtimes.yaml | 0 .../rbac/common}/predictor_editor_role.yaml | 0 .../rbac/common}/predictor_viewer_role.yaml | 0 .../rbac/common}/restricted_scc_role.yaml | 0 .../common}/restricted_scc_role_binding.yaml | 0 .../rbac/common}/service-account.yaml | 0 .../common}/servingruntime_editor_role.yaml | 0 .../common}/servingruntime_viewer_role.yaml | 0 .../rbac/namespace-scope/kustomization.yaml | 17 ++ .../rbac/namespace-scope/role.yaml | 167 ++++++++++++ .../rbac/namespace-scope/role_binding.yaml} | 17 +- .../runtimes/kustomization.yaml | 15 +- .../runtimes/mlserver-0.x.yaml | 2 +- .../runtimes/ovms-1.x.yaml | 2 +- .../runtimes/torchserve-0.x.yaml | 59 +++++ .../runtimes/triton-2.x.yaml | 4 +- .../samples/kustomization.yaml | 0 .../samples/predictor_custom_complete.yaml | 0 .../samples/predictor_mlserver.yaml | 0 .../samples/predictor_tf_minimal.yaml | 0 .../serving_v1beta1_inferenceservice.yaml | 0 .../samples/servingruntime_custom.yaml | 0 .../samples/servingruntime_pullerless.yaml | 0 .../default/kustomization.yaml | 3 - .../default/manager_auth_proxy_patch.yaml | 34 --- .../default/manager_config_patch.yaml | 20 -- .../odh-model-controller/kustomization.yaml | 6 - .../manager/kustomization.yaml | 10 - .../odh-model-controller/manager/manager.yaml | 68 ----- .../overlays/odh-model-controller/params.yaml | 4 - .../prometheus/kustomization.yaml | 2 - .../rbac/auth_proxy_role.yaml | 17 -- .../rbac/kustomization.yaml | 18 -- .../rbac/leader_election_role.yaml | 37 --- 134 files changed, 1319 insertions(+), 405 deletions(-) create mode 100644 kfdef/odh-core.yaml delete mode 100644 model-mesh/base/params.yaml create mode 100644 model-mesh/odh-model-controller/base/kustomization.yaml create mode 100644 model-mesh/odh-model-controller/default/kustomization.yaml rename model-mesh/{overlays => }/odh-model-controller/manager/controller_manager_config.yaml (100%) create mode 100644 model-mesh/odh-model-controller/manager/kustomization.yaml create mode 100644 model-mesh/odh-model-controller/manager/manager.yaml create mode 100644 model-mesh/odh-model-controller/overlays/odh/kustomization.yaml create mode 100644 model-mesh/odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml create mode 100644 model-mesh/odh-model-controller/overlays/odh/params.yaml create mode 100644 model-mesh/odh-model-controller/prometheus/kustomization.yaml rename model-mesh/{overlays => }/odh-model-controller/prometheus/monitor.yaml (99%) rename model-mesh/{overlays => }/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml (61%) create mode 100644 model-mesh/odh-model-controller/rbac/auth_proxy_role.yaml rename model-mesh/{overlays => }/odh-model-controller/rbac/auth_proxy_role_binding.yaml (73%) rename model-mesh/{overlays => }/odh-model-controller/rbac/auth_proxy_service.yaml (73%) create mode 100644 model-mesh/odh-model-controller/rbac/kustomization.yaml create mode 100644 model-mesh/odh-model-controller/rbac/leader_election_role.yaml rename model-mesh/{overlays => }/odh-model-controller/rbac/leader_election_role_binding.yaml (73%) create mode 100644 model-mesh/odh-model-controller/rbac/role.yaml rename model-mesh/{overlays => }/odh-model-controller/rbac/role_binding.yaml (58%) rename model-mesh/{overlays => }/odh-model-controller/rbac/service_account.yaml (78%) create mode 100644 model-mesh/odh-modelmesh-controller/base/kustomization.yaml rename model-mesh/{ => odh-modelmesh-controller}/certmanager/certificate.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/certmanager/kustomization.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/certmanager/kustomizeconfig.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/bases/serving.kserve.io_clusterservingruntimes.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/bases/serving.kserve.io_inferenceservices.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/bases/serving.kserve.io_predictors.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/bases/serving.kserve.io_servingruntimes.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/kustomization.yaml (93%) rename model-mesh/{ => odh-modelmesh-controller}/crd/kustomizeconfig.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/patches/cainjection_in_predictors.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/patches/cainjection_in_servingruntimes.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/patches/webhook_in_predictors.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/crd/patches/webhook_in_servingruntimes.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/default/config-defaults.yaml (98%) rename model-mesh/{ => odh-modelmesh-controller}/default/kustomization.yaml (99%) rename model-mesh/{ => odh-modelmesh-controller}/default/manager_auth_proxy_patch.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/default/manager_webhook_patch.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/default/metadataLabelTransformer.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/default/storage-secret.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/default/webhookcainjection_patch.yaml (100%) create mode 100644 model-mesh/odh-modelmesh-controller/dependencies/fvt.yaml create mode 100644 model-mesh/odh-modelmesh-controller/dependencies/minio-storage-secret.yaml create mode 100644 model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner-subs.yaml create mode 100644 model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner.yaml rename model-mesh/{dependencies/fvt.yaml => odh-modelmesh-controller/dependencies/quickstart.yaml} (70%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-keras-mnist-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-lightgbm-mushroom-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-onnx-mnist-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-pytorch-cifar-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-tensorflow-mnist-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-isvcs/example-xgboost-mushroom-isvc.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-keras-mnist-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-lightgbm-mushroom-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-onnx-mnist-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-pytorch-cifar-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-tensorflow-mnist-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/example-predictors/example-xgboost-mushroom-predictor.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/internal/base/deployment.yaml.tmpl (68%) rename model-mesh/{ => odh-modelmesh-controller}/manager/kustomization.yaml (93%) rename model-mesh/{ => odh-modelmesh-controller}/manager/manager.yaml (91%) create mode 100644 model-mesh/odh-modelmesh-controller/namespace-runtimes/kustomization.yaml create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/kustomization.yaml create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/manager/kustomization.yaml create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/manager/service.yaml create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/params.yaml rename model-mesh/{dependencies => odh-modelmesh-controller/overlays/odh}/quickstart.yaml (95%) create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/rbac/kustomization.yaml rename model-mesh/{rbac/networkpolicy-etcd.yaml => odh-modelmesh-controller/overlays/odh/rbac/networkpolicy_etcd.yaml} (90%) create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/rbac/remove_networkpolicy_rumtime_patch.yaml create mode 100644 model-mesh/odh-modelmesh-controller/overlays/odh/rbac/role_apps_metrics_access.yaml rename model-mesh/{ => odh-modelmesh-controller/overlays/odh}/rbac/user_cluster_roles.yaml (100%) rename model-mesh/{dependencies => odh-modelmesh-controller/overlays/odh}/scripts/enable_auth.sh (100%) rename model-mesh/{dependencies => odh-modelmesh-controller/overlays/odh}/scripts/kustomization.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/prometheus/kustomization.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/prometheus/monitor.yaml (100%) create mode 100644 model-mesh/odh-modelmesh-controller/rbac/cluster-scope/kustomization.yaml rename model-mesh/{rbac => odh-modelmesh-controller/rbac/cluster-scope}/role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/cluster-scope}/role_binding.yaml (89%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/auth_proxy_client_clusterrole.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/auth_proxy_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/auth_proxy_role_binding.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/auth_proxy_service.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/inferenceservice_editor_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/inferenceservice_viewer_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/kustomization.yaml (90%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/leader_election_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/leader_election_role_binding.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/modelmesh-service-account.yaml (100%) create mode 100644 model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-serving-service-account.yaml rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/networkpolicy-controller.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/networkpolicy-runtimes.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/predictor_editor_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/predictor_viewer_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/restricted_scc_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/restricted_scc_role_binding.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/service-account.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/servingruntime_editor_role.yaml (100%) rename model-mesh/{rbac => odh-modelmesh-controller/rbac/common}/servingruntime_viewer_role.yaml (100%) create mode 100644 model-mesh/odh-modelmesh-controller/rbac/namespace-scope/kustomization.yaml create mode 100644 model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role.yaml rename model-mesh/{rbac/rolebinding-apps-metrics-access.yaml => odh-modelmesh-controller/rbac/namespace-scope/role_binding.yaml} (79%) rename model-mesh/{ => odh-modelmesh-controller}/runtimes/kustomization.yaml (77%) rename model-mesh/{ => odh-modelmesh-controller}/runtimes/mlserver-0.x.yaml (98%) rename model-mesh/{ => odh-modelmesh-controller}/runtimes/ovms-1.x.yaml (98%) create mode 100644 model-mesh/odh-modelmesh-controller/runtimes/torchserve-0.x.yaml rename model-mesh/{ => odh-modelmesh-controller}/runtimes/triton-2.x.yaml (97%) rename model-mesh/{ => odh-modelmesh-controller}/samples/kustomization.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/predictor_custom_complete.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/predictor_mlserver.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/predictor_tf_minimal.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/serving_v1beta1_inferenceservice.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/servingruntime_custom.yaml (100%) rename model-mesh/{ => odh-modelmesh-controller}/samples/servingruntime_pullerless.yaml (100%) delete mode 100644 model-mesh/overlays/odh-model-controller/default/kustomization.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/default/manager_auth_proxy_patch.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/default/manager_config_patch.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/kustomization.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/manager/kustomization.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/manager/manager.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/params.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/prometheus/kustomization.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/rbac/kustomization.yaml delete mode 100644 model-mesh/overlays/odh-model-controller/rbac/leader_election_role.yaml diff --git a/kfdef/kfctl_openshift_modh.yaml b/kfdef/kfctl_openshift_modh.yaml index 58cb7615b..a088fa89b 100644 --- a/kfdef/kfctl_openshift_modh.yaml +++ b/kfdef/kfctl_openshift_modh.yaml @@ -76,8 +76,8 @@ spec: path: odhargo/odhargo name: odhargo - kustomizeConfig: - overlays: - - odh-model-controller + - name: monitoring-namespace + value: redhat-ods-monitoring repoRef: name: manifests path: model-mesh diff --git a/kfdef/odh-core.yaml b/kfdef/odh-core.yaml new file mode 100644 index 000000000..a075c2258 --- /dev/null +++ b/kfdef/odh-core.yaml @@ -0,0 +1,71 @@ +apiVersion: kfdef.apps.kubeflow.org/v1 +kind: KfDef +metadata: + name: odh-core +spec: + applications: + - kustomizeConfig: + repoRef: + name: manifests + path: odh-common + name: odh-common + - kustomizeConfig: + repoRef: + name: manifests + path: odh-dashboard + name: odh-dashboard + - kustomizeConfig: + repoRef: + name: manifests + path: prometheus/cluster + name: prometheus-cluster + - kustomizeConfig: + repoRef: + name: manifests + path: prometheus/operator + name: prometheus-operator + - kustomizeConfig: + repoRef: + name: manifests + path: grafana/cluster + name: grafana-cluster + - kustomizeConfig: + repoRef: + name: manifests + path: grafana/grafana + name: grafana-instance + - kustomizeConfig: + repoRef: + name: manifests + path: odh-notebook-controller + name: odh-notebook-controller + - kustomizeConfig: + repoRef: + name: manifests + path: notebook-images + name: notebook-images + - kustomizeConfig: + parameters: + - name: monitoring-namespace + value: opendatahub + repoRef: + name: manifests + path: model-mesh + name: model-mesh + - kustomizeConfig: + parameters: + - name: deployment-namespace + value: opendatahub + repoRef: + name: manifests + path: modelmesh-monitoring + name: modelmesh-monitoring + - kustomizeConfig: + repoRef: + name: manifests + path: data-science-pipelines-operator/ + name: data-science-pipelines-operator + repos: + - name: manifests + uri: https://github.com/opendatahub-io/odh-manifests/tarball/master + version: master diff --git a/model-mesh/OWNERS b/model-mesh/OWNERS index ed8aace77..7d68f06f2 100644 --- a/model-mesh/OWNERS +++ b/model-mesh/OWNERS @@ -1,10 +1,17 @@ approvers: -- anishasthana -- Jooho + - anishasthana + - danielezonca + - heyselbi + - israel-hdez + - Jooho + - VedantMahabaleshwarkar + - Xaenalt reviewers: - anishasthana + - danielezonca - heyselbi + - israel-hdez - Jooho - - Xaenalt - VedantMahabaleshwarkar + - Xaenalt diff --git a/model-mesh/README.md b/model-mesh/README.md index ba9fbc28f..acfdbd1b6 100644 --- a/model-mesh/README.md +++ b/model-mesh/README.md @@ -6,28 +6,39 @@ Model Mesh Serving comes with 1 components: ## modelmesh -Contains deployment manifests for the model mesh service. +Contains deployment manifests for the model mesh service and odh model controller. + +- [odh-modelmesh-controller](https://github.com/opendatahub-io/modelmesh-serving) + - Forked upstream kserve/modelmesh-serving repository +- [odh-model-controller](https://github.com/opendatahub-io/odh-model-controller) + - Controller to manage ingress service of Model Mesh. ## Model Mesh Serving Architecture A complete architecture can be found at https://github.com/kserve/modelmesh-serving -In general, Model Mesh Serving deploys a controller that works on the ServingRuntime and Predictor CRDs. There are many -supported ServingRuntimes that support different model types. When a ServingRuntime is created/installed, you can then -create a predictor instance to serve the model described in that predictor. Briefly, the predictor definition includes -an S3 storage location for that model as well as the credentials to fetch it. Also included in the predictor definition +In general, Model Mesh Serving deploys a controller that works on the ServingRuntime and Predictor CRDs. There are many +supported ServingRuntimes that support different model types. When a ServingRuntime is created/installed, you can then +create a predictor instance to serve the model described in that predictor. Briefly, the predictor definition includes +an S3 storage location for that model as well as the credentials to fetch it. Also included in the predictor definition is the model type, which is used by the controller to map to the appropriate serving runtime. The models being served can be reached via both gRPC (natively) and REST (via provided proxy). ### Parameters -None +You can set images though `parameters`. +- odh-mm-rest-proxy +- odh-modelmesh-runtime-adapter +- odh-modelmesh +- odh-openvino +- odh-modelmesh-controller +- odh-model-controller ##### Examples -Example ServingRuntime and Predictors can be found at: https://github.com/kserve/modelmesh-serving/blob/main/docs/quickstart.md +Example ServingRuntime and Predictors can be found at: https://github.com/kserve/modelmesh-serving/blob/main/docs/quickstart.md ### Overlays @@ -39,7 +50,7 @@ Following are the steps to install Model Mesh as a part of OpenDataHub install: 1. Install the OpenDataHub operator 2. Create a KfDef that includes the model-mesh component with the odh-model-controller overlay. - + ``` apiVersion: kfdef.apps.kubeflow.org/v1 kind: KfDef @@ -54,8 +65,6 @@ spec: path: odh-common name: odh-common - kustomizeConfig: - overlays: - - odh-model-controller repoRef: name: manifests path: model-mesh diff --git a/model-mesh/base/kustomization.yaml b/model-mesh/base/kustomization.yaml index b90c4c2c7..793e9dbf9 100644 --- a/model-mesh/base/kustomization.yaml +++ b/model-mesh/base/kustomization.yaml @@ -1,75 +1,73 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +resources: + - ../odh-modelmesh-controller/overlays/odh + - ../odh-model-controller/overlays/odh + commonLabels: - app: model-mesh app.kubernetes.io/part-of: model-mesh -resources: -- ../default -- ../dependencies/quickstart.yaml -- ../dependencies/scripts -- ../prometheus +namespace: opendatahub configMapGenerator: - - name: mesh-parameters - envs: + - envs: - params.env + name: mesh-parameters generatorOptions: disableNameSuffixHash: true + vars: - - name: meshnamespace + - fieldref: + fieldPath: metadata.namespace + name: mesh-namespace objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: metadata.namespace - - name: monitoring-namespace + - fieldref: + fieldPath: data.monitoring-namespace + name: monitoring-namespace objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.monitoring-namespace - - name: odh-modelmesh + - fieldref: + fieldPath: data.odh-modelmesh + name: odh-modelmesh objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-modelmesh - - name: odh-mm-rest-proxy + - fieldref: + fieldPath: data.odh-mm-rest-proxy + name: odh-mm-rest-proxy objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-mm-rest-proxy - - name: odh-modelmesh-runtime-adapter + - fieldref: + fieldPath: data.odh-modelmesh-runtime-adapter + name: odh-modelmesh-runtime-adapter objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-modelmesh-runtime-adapter - - name: odh-modelmesh-controller + - fieldref: + fieldPath: data.odh-modelmesh-controller + name: odh-modelmesh-controller objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-modelmesh-controller - - name: odh-model-controller + - fieldref: + fieldPath: data.odh-model-controller + name: odh-model-controller objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-model-controller - - name: odh-openvino + - fieldref: + fieldPath: data.odh-openvino + name: odh-openvino objref: + apiVersion: v1 kind: ConfigMap name: mesh-parameters - apiVersion: v1 - fieldref: - fieldpath: data.odh-openvino -configurations: - - params.yaml diff --git a/model-mesh/base/params.env b/model-mesh/base/params.env index fa9ae754c..30d7d266a 100644 --- a/model-mesh/base/params.env +++ b/model-mesh/base/params.env @@ -1,8 +1,7 @@ -meshnamespace= -monitoring-namespace= -odh-mm-rest-proxy=quay.io/opendatahub/rest-proxy:v0.11.0-alpha +monitoring-namespace=opendatahub +odh-mm-rest-proxy=quay.io/opendatahub/rest-proxy:v0.10.0 odh-modelmesh-runtime-adapter=quay.io/opendatahub/modelmesh-runtime-adapter:v0.11.0-alpha odh-modelmesh=quay.io/opendatahub/modelmesh:v0.11.0-alpha odh-openvino=quay.io/opendatahub/openvino_model_server:2022.3-gpu odh-modelmesh-controller=quay.io/opendatahub/modelmesh-controller:v0.11.0-alpha -odh-model-controller=quay.io/opendatahub/odh-model-controller:v0.9.6-auth +odh-model-controller=quay.io/opendatahub/odh-model-controller:v0.11.0-alpha diff --git a/model-mesh/base/params.yaml b/model-mesh/base/params.yaml deleted file mode 100644 index 1cffd12e7..000000000 --- a/model-mesh/base/params.yaml +++ /dev/null @@ -1,11 +0,0 @@ -varReference: -- path: metadata/name - kind: ClusterRoleBinding - apiGroup: authorization.openshift.io -- path: spec/template/spec/containers[]/image - kind: Deployment - apiVersion: apps/v1 -- path: data - kind: ConfigMap -- path: spec/template/spec/containers[]/env/value - kind: Deployment diff --git a/model-mesh/odh-model-controller/base/kustomization.yaml b/model-mesh/odh-model-controller/base/kustomization.yaml new file mode 100644 index 000000000..b1459c0f0 --- /dev/null +++ b/model-mesh/odh-model-controller/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../default + - ../prometheus diff --git a/model-mesh/odh-model-controller/default/kustomization.yaml b/model-mesh/odh-model-controller/default/kustomization.yaml new file mode 100644 index 000000000..e497dd06b --- /dev/null +++ b/model-mesh/odh-model-controller/default/kustomization.yaml @@ -0,0 +1,3 @@ +bases: + - ../rbac + - ../manager diff --git a/model-mesh/overlays/odh-model-controller/manager/controller_manager_config.yaml b/model-mesh/odh-model-controller/manager/controller_manager_config.yaml similarity index 100% rename from model-mesh/overlays/odh-model-controller/manager/controller_manager_config.yaml rename to model-mesh/odh-model-controller/manager/controller_manager_config.yaml diff --git a/model-mesh/odh-model-controller/manager/kustomization.yaml b/model-mesh/odh-model-controller/manager/kustomization.yaml new file mode 100644 index 000000000..8ee256554 --- /dev/null +++ b/model-mesh/odh-model-controller/manager/kustomization.yaml @@ -0,0 +1,10 @@ +resources: + - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: + - files: + - controller_manager_config.yaml + name: manager-config diff --git a/model-mesh/odh-model-controller/manager/manager.yaml b/model-mesh/odh-model-controller/manager/manager.yaml new file mode 100644 index 000000000..dd20aecd8 --- /dev/null +++ b/model-mesh/odh-model-controller/manager/manager.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: odh-model-controller + labels: + control-plane: odh-model-controller + app: odh-model-controller +spec: + selector: + matchLabels: + control-plane: odh-model-controller + replicas: 3 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: odh-model-controller + app: odh-model-controller + spec: + securityContext: + runAsNonRoot: true + containers: + - command: + - /manager + args: + - --leader-elect + image: controller:latest + name: manager + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: odh-model-controller + terminationGracePeriodSeconds: 10 diff --git a/model-mesh/odh-model-controller/overlays/odh/kustomization.yaml b/model-mesh/odh-model-controller/overlays/odh/kustomization.yaml new file mode 100644 index 000000000..d9e20e047 --- /dev/null +++ b/model-mesh/odh-model-controller/overlays/odh/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base + +patchesStrategicMerge: + - odh_model_controller_manager_patch.yaml +commonLabels: + app.kubernetes.io/managed-by: odh-model-controller + +configurations: + - params.yaml diff --git a/model-mesh/odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml b/model-mesh/odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml new file mode 100644 index 000000000..948236c1c --- /dev/null +++ b/model-mesh/odh-model-controller/overlays/odh/odh_model_controller_manager_patch.yaml @@ -0,0 +1,18 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: odh-model-controller +spec: + replicas: 3 + template: + spec: + containers: + - args: + - --leader-elect + - "--monitoring-namespace" + - "$(MONITORING_NS)" + image: $(odh-model-controller) + env: + - name: MONITORING_NS + value: $(monitoring-namespace) + name: manager diff --git a/model-mesh/odh-model-controller/overlays/odh/params.yaml b/model-mesh/odh-model-controller/overlays/odh/params.yaml new file mode 100644 index 000000000..f4d339e67 --- /dev/null +++ b/model-mesh/odh-model-controller/overlays/odh/params.yaml @@ -0,0 +1,4 @@ +varReference: + - path: metadata/name + kind: ClusterRoleBinding + apiGroup: authorization.openshift.io diff --git a/model-mesh/odh-model-controller/prometheus/kustomization.yaml b/model-mesh/odh-model-controller/prometheus/kustomization.yaml new file mode 100644 index 000000000..d556b996a --- /dev/null +++ b/model-mesh/odh-model-controller/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - monitor.yaml diff --git a/model-mesh/overlays/odh-model-controller/prometheus/monitor.yaml b/model-mesh/odh-model-controller/prometheus/monitor.yaml similarity index 99% rename from model-mesh/overlays/odh-model-controller/prometheus/monitor.yaml rename to model-mesh/odh-model-controller/prometheus/monitor.yaml index deb942f74..a5cd6ad2e 100644 --- a/model-mesh/overlays/odh-model-controller/prometheus/monitor.yaml +++ b/model-mesh/odh-model-controller/prometheus/monitor.yaml @@ -1,4 +1,3 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml b/model-mesh/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml similarity index 61% rename from model-mesh/overlays/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml rename to model-mesh/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml index 51a75db47..07f438293 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml +++ b/model-mesh/odh-model-controller/rbac/auth_proxy_client_clusterrole.yaml @@ -3,7 +3,7 @@ kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/model-mesh/odh-model-controller/rbac/auth_proxy_role.yaml b/model-mesh/odh-model-controller/rbac/auth_proxy_role.yaml new file mode 100644 index 000000000..2e55d6aea --- /dev/null +++ b/model-mesh/odh-model-controller/rbac/auth_proxy_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role_binding.yaml b/model-mesh/odh-model-controller/rbac/auth_proxy_role_binding.yaml similarity index 73% rename from model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role_binding.yaml rename to model-mesh/odh-model-controller/rbac/auth_proxy_role_binding.yaml index e7409d00a..807b12e8a 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role_binding.yaml +++ b/model-mesh/odh-model-controller/rbac/auth_proxy_role_binding.yaml @@ -7,6 +7,5 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: odh-model-controller - namespace: system + - kind: ServiceAccount + name: odh-model-controller diff --git a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_service.yaml b/model-mesh/odh-model-controller/rbac/auth_proxy_service.yaml similarity index 73% rename from model-mesh/overlays/odh-model-controller/rbac/auth_proxy_service.yaml rename to model-mesh/odh-model-controller/rbac/auth_proxy_service.yaml index ace6bb93a..237ac4823 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_service.yaml +++ b/model-mesh/odh-model-controller/rbac/auth_proxy_service.yaml @@ -7,9 +7,9 @@ metadata: namespace: system spec: ports: - - name: metrics - port: 8080 - protocol: TCP - targetPort: 8080 + - name: metrics + port: 8080 + protocol: TCP + targetPort: 8080 selector: control-plane: odh-model-controller diff --git a/model-mesh/odh-model-controller/rbac/kustomization.yaml b/model-mesh/odh-model-controller/rbac/kustomization.yaml new file mode 100644 index 000000000..0ebbc6f6f --- /dev/null +++ b/model-mesh/odh-model-controller/rbac/kustomization.yaml @@ -0,0 +1,18 @@ +resources: + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml diff --git a/model-mesh/odh-model-controller/rbac/leader_election_role.yaml b/model-mesh/odh-model-controller/rbac/leader_election_role.yaml new file mode 100644 index 000000000..9221419fa --- /dev/null +++ b/model-mesh/odh-model-controller/rbac/leader_election_role.yaml @@ -0,0 +1,37 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/model-mesh/overlays/odh-model-controller/rbac/leader_election_role_binding.yaml b/model-mesh/odh-model-controller/rbac/leader_election_role_binding.yaml similarity index 73% rename from model-mesh/overlays/odh-model-controller/rbac/leader_election_role_binding.yaml rename to model-mesh/odh-model-controller/rbac/leader_election_role_binding.yaml index 8757b65a7..cb4a9c6f5 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/leader_election_role_binding.yaml +++ b/model-mesh/odh-model-controller/rbac/leader_election_role_binding.yaml @@ -7,6 +7,5 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: odh-model-controller - namespace: system + - kind: ServiceAccount + name: odh-model-controller diff --git a/model-mesh/odh-model-controller/rbac/role.yaml b/model-mesh/odh-model-controller/rbac/role.yaml new file mode 100644 index 000000000..977ee556b --- /dev/null +++ b/model-mesh/odh-model-controller/rbac/role.yaml @@ -0,0 +1,182 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: odh-model-controller-role +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshcontrolplanes + verbs: + - create + - get + - list + - patch + - update + - use + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshmembers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - maistra.io + resources: + - servicemeshmembers/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.istio.io + resources: + - virtualservices/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + verbs: + - get + - list + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/finalizers + verbs: + - get + - list + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + + # Needed to hand out Prometheus metrics access + # to SA's in Namespaces containing Model Servers + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get diff --git a/model-mesh/overlays/odh-model-controller/rbac/role_binding.yaml b/model-mesh/odh-model-controller/rbac/role_binding.yaml similarity index 58% rename from model-mesh/overlays/odh-model-controller/rbac/role_binding.yaml rename to model-mesh/odh-model-controller/rbac/role_binding.yaml index 95cfecf61..b903583a9 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/role_binding.yaml +++ b/model-mesh/odh-model-controller/rbac/role_binding.yaml @@ -1,12 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: odh-model-controller-rolebinding-$(meshnamespace) + name: odh-model-controller-rolebinding-$(mesh-namespace) roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: odh-model-controller-role subjects: -- kind: ServiceAccount - name: odh-model-controller - namespace: system + - kind: ServiceAccount + name: odh-model-controller diff --git a/model-mesh/overlays/odh-model-controller/rbac/service_account.yaml b/model-mesh/odh-model-controller/rbac/service_account.yaml similarity index 78% rename from model-mesh/overlays/odh-model-controller/rbac/service_account.yaml rename to model-mesh/odh-model-controller/rbac/service_account.yaml index 754de9a7c..2f4a4fb05 100644 --- a/model-mesh/overlays/odh-model-controller/rbac/service_account.yaml +++ b/model-mesh/odh-model-controller/rbac/service_account.yaml @@ -2,4 +2,3 @@ apiVersion: v1 kind: ServiceAccount metadata: name: odh-model-controller - namespace: system diff --git a/model-mesh/odh-modelmesh-controller/base/kustomization.yaml b/model-mesh/odh-modelmesh-controller/base/kustomization.yaml new file mode 100644 index 000000000..6235d8420 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/base/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../default + - ../prometheus diff --git a/model-mesh/certmanager/certificate.yaml b/model-mesh/odh-modelmesh-controller/certmanager/certificate.yaml similarity index 100% rename from model-mesh/certmanager/certificate.yaml rename to model-mesh/odh-modelmesh-controller/certmanager/certificate.yaml diff --git a/model-mesh/certmanager/kustomization.yaml b/model-mesh/odh-modelmesh-controller/certmanager/kustomization.yaml similarity index 100% rename from model-mesh/certmanager/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/certmanager/kustomization.yaml diff --git a/model-mesh/certmanager/kustomizeconfig.yaml b/model-mesh/odh-modelmesh-controller/certmanager/kustomizeconfig.yaml similarity index 100% rename from model-mesh/certmanager/kustomizeconfig.yaml rename to model-mesh/odh-modelmesh-controller/certmanager/kustomizeconfig.yaml diff --git a/model-mesh/crd/bases/serving.kserve.io_clusterservingruntimes.yaml b/model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_clusterservingruntimes.yaml similarity index 100% rename from model-mesh/crd/bases/serving.kserve.io_clusterservingruntimes.yaml rename to model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_clusterservingruntimes.yaml diff --git a/model-mesh/crd/bases/serving.kserve.io_inferenceservices.yaml b/model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_inferenceservices.yaml similarity index 100% rename from model-mesh/crd/bases/serving.kserve.io_inferenceservices.yaml rename to model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_inferenceservices.yaml diff --git a/model-mesh/crd/bases/serving.kserve.io_predictors.yaml b/model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_predictors.yaml similarity index 100% rename from model-mesh/crd/bases/serving.kserve.io_predictors.yaml rename to model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_predictors.yaml diff --git a/model-mesh/crd/bases/serving.kserve.io_servingruntimes.yaml b/model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_servingruntimes.yaml similarity index 100% rename from model-mesh/crd/bases/serving.kserve.io_servingruntimes.yaml rename to model-mesh/odh-modelmesh-controller/crd/bases/serving.kserve.io_servingruntimes.yaml diff --git a/model-mesh/crd/kustomization.yaml b/model-mesh/odh-modelmesh-controller/crd/kustomization.yaml similarity index 93% rename from model-mesh/crd/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/crd/kustomization.yaml index 0866f2d4f..3dadde68f 100644 --- a/model-mesh/crd/kustomization.yaml +++ b/model-mesh/odh-modelmesh-controller/crd/kustomization.yaml @@ -18,8 +18,7 @@ resources: # Including creation of Service here for now, will later be done automatically - bases/serving.kserve.io_predictors.yaml - bases/serving.kserve.io_inferenceservices.yaml - # ClusterServingRuntime not yet supported by modelmesh-serving - # - bases/serving.kserve.io_clusterservingruntimes.yaml + # - bases/serving.kserve.io_clusterservingruntimes.yaml - bases/serving.kserve.io_servingruntimes.yaml # +kubebuilder:scaffold:crdkustomizeresource diff --git a/model-mesh/crd/kustomizeconfig.yaml b/model-mesh/odh-modelmesh-controller/crd/kustomizeconfig.yaml similarity index 100% rename from model-mesh/crd/kustomizeconfig.yaml rename to model-mesh/odh-modelmesh-controller/crd/kustomizeconfig.yaml diff --git a/model-mesh/crd/patches/cainjection_in_predictors.yaml b/model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_predictors.yaml similarity index 100% rename from model-mesh/crd/patches/cainjection_in_predictors.yaml rename to model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_predictors.yaml diff --git a/model-mesh/crd/patches/cainjection_in_servingruntimes.yaml b/model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_servingruntimes.yaml similarity index 100% rename from model-mesh/crd/patches/cainjection_in_servingruntimes.yaml rename to model-mesh/odh-modelmesh-controller/crd/patches/cainjection_in_servingruntimes.yaml diff --git a/model-mesh/crd/patches/webhook_in_predictors.yaml b/model-mesh/odh-modelmesh-controller/crd/patches/webhook_in_predictors.yaml similarity index 100% rename from model-mesh/crd/patches/webhook_in_predictors.yaml rename to model-mesh/odh-modelmesh-controller/crd/patches/webhook_in_predictors.yaml diff --git a/model-mesh/crd/patches/webhook_in_servingruntimes.yaml b/model-mesh/odh-modelmesh-controller/crd/patches/webhook_in_servingruntimes.yaml similarity index 100% rename from model-mesh/crd/patches/webhook_in_servingruntimes.yaml rename to model-mesh/odh-modelmesh-controller/crd/patches/webhook_in_servingruntimes.yaml diff --git a/model-mesh/default/config-defaults.yaml b/model-mesh/odh-modelmesh-controller/default/config-defaults.yaml similarity index 98% rename from model-mesh/default/config-defaults.yaml rename to model-mesh/odh-modelmesh-controller/default/config-defaults.yaml index 2e7915e91..9819629ad 100644 --- a/model-mesh/default/config-defaults.yaml +++ b/model-mesh/odh-modelmesh-controller/default/config-defaults.yaml @@ -48,3 +48,4 @@ storageHelperResources: serviceAccountName: "modelmesh-serving-sa" metrics: enabled: true +payloadProcessors: "" diff --git a/model-mesh/default/kustomization.yaml b/model-mesh/odh-modelmesh-controller/default/kustomization.yaml similarity index 99% rename from model-mesh/default/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/default/kustomization.yaml index af8462cc5..8001c1860 100644 --- a/model-mesh/default/kustomization.yaml +++ b/model-mesh/odh-modelmesh-controller/default/kustomization.yaml @@ -92,5 +92,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../crd - - ../rbac - ../manager diff --git a/model-mesh/default/manager_auth_proxy_patch.yaml b/model-mesh/odh-modelmesh-controller/default/manager_auth_proxy_patch.yaml similarity index 100% rename from model-mesh/default/manager_auth_proxy_patch.yaml rename to model-mesh/odh-modelmesh-controller/default/manager_auth_proxy_patch.yaml diff --git a/model-mesh/default/manager_webhook_patch.yaml b/model-mesh/odh-modelmesh-controller/default/manager_webhook_patch.yaml similarity index 100% rename from model-mesh/default/manager_webhook_patch.yaml rename to model-mesh/odh-modelmesh-controller/default/manager_webhook_patch.yaml diff --git a/model-mesh/default/metadataLabelTransformer.yaml b/model-mesh/odh-modelmesh-controller/default/metadataLabelTransformer.yaml similarity index 100% rename from model-mesh/default/metadataLabelTransformer.yaml rename to model-mesh/odh-modelmesh-controller/default/metadataLabelTransformer.yaml diff --git a/model-mesh/default/storage-secret.yaml b/model-mesh/odh-modelmesh-controller/default/storage-secret.yaml similarity index 100% rename from model-mesh/default/storage-secret.yaml rename to model-mesh/odh-modelmesh-controller/default/storage-secret.yaml diff --git a/model-mesh/default/webhookcainjection_patch.yaml b/model-mesh/odh-modelmesh-controller/default/webhookcainjection_patch.yaml similarity index 100% rename from model-mesh/default/webhookcainjection_patch.yaml rename to model-mesh/odh-modelmesh-controller/default/webhookcainjection_patch.yaml diff --git a/model-mesh/odh-modelmesh-controller/dependencies/fvt.yaml b/model-mesh/odh-modelmesh-controller/dependencies/fvt.yaml new file mode 100644 index 000000000..0b948fe1c --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/dependencies/fvt.yaml @@ -0,0 +1,245 @@ +# Copyright 2021 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: etcd +spec: + ports: + - name: etcd-client-port + port: 2379 + protocol: TCP + targetPort: 2379 + selector: + app: etcd +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: etcd + name: etcd +spec: + replicas: 1 + selector: + matchLabels: + app: etcd + template: + metadata: + labels: + app: etcd + spec: + containers: + - command: + - etcd + - --listen-client-urls + - http://0.0.0.0:2379 + - --advertise-client-urls + - http://0.0.0.0:2379 + - "--data-dir" + - /tmp/etcd.data + # image: quay.io/coreos/etcd:v3.5.4 + # Tag -> registry.access.redhat.com/rhel7/etcd:3.2.32-34 + image: registry.redhat.io/rhel7/etcd@sha256:d3495b263b103681f1b09a558be43c21989bfc269eb90f84c2609042cebdc626 + name: etcd + ports: + - containerPort: 2379 + name: client + protocol: TCP + - containerPort: 2380 + name: server + protocol: TCP +--- +apiVersion: v1 +kind: Secret +metadata: + name: model-serving-etcd +stringData: + etcd_connection: | + { + "endpoints": "http://etcd:2379", + "root_prefix": "modelmesh-serving" + } +--- +apiVersion: v1 +kind: Service +metadata: + name: minio +spec: + ports: + - name: minio-client-port + port: 9000 + protocol: TCP + targetPort: 9000 + selector: + app: minio +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: minio + name: minio +spec: + replicas: 1 + selector: + matchLabels: + app: minio + template: + metadata: + labels: + app: minio + spec: + containers: + - args: + - server + - /data1 + env: + - name: MINIO_ACCESS_KEY + value: AKIAIOSFODNN7EXAMPLE + - name: MINIO_SECRET_KEY + value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + image: kserve/modelmesh-minio-dev-examples:latest + name: minio +--- +apiVersion: v1 +kind: Secret +metadata: + name: storage-config +stringData: + localMinIO: | + { + "type": "s3", + "access_key_id": "AKIAIOSFODNN7EXAMPLE", + "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "endpoint_url": "http://minio:9000", + "default_bucket": "modelmesh-example-models", + "region": "us-south" + } +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "models-pvc-1" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "models-pvc-2" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: "models-pvc-3" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "pvc-init" +spec: + template: + metadata: + name: "pvc-init-pod" + spec: + restartPolicy: OnFailure + containers: + - name: "copy-pod" + image: kserve/modelmesh-minio-examples:latest + securityContext: + allowPrivilegeEscalation: false + command: ["/bin/sh", "-ex", "-c"] + args: + - echo copy model files ...; + whoami; + ls -al "${SRC_FOLDER}"; + cp -r "${SRC_FOLDER}"/* "${DST_FOLDER_1}" && + cp -r "${SRC_FOLDER}"/* "${DST_FOLDER_2}" && + cp -r "${SRC_FOLDER}"/* "${DST_FOLDER_3}" && + ls -al "${DST_FOLDER_1}" && + ls -al "${DST_FOLDER_2}" && + ls -al "${DST_FOLDER_3}" && + echo done && + exit 0; + env: + - name: SRC_FOLDER + value: "/data1/modelmesh-example-models" + - name: DST_FOLDER_1 + value: "/mnt/pvc1" + - name: DST_FOLDER_2 + value: "/mnt/pvc2" + - name: DST_FOLDER_3 + value: "/mnt/pvc3" + volumeMounts: + - name: "pvc1" + mountPath: "/mnt/pvc1" + - name: "pvc2" + mountPath: "/mnt/pvc2" + - name: "pvc3" + mountPath: "/mnt/pvc3" + volumes: + - name: "pvc1" + persistentVolumeClaim: + claimName: "models-pvc-1" + - name: "pvc2" + persistentVolumeClaim: + claimName: "models-pvc-2" + - name: "pvc3" + persistentVolumeClaim: + claimName: "models-pvc-3" + backoffLimit: 4 +--- +apiVersion: v1 +kind: Pod +metadata: + name: "pvc-reader" +spec: + containers: + - name: main + image: ubuntu + command: ["/bin/sh", "-ec", "sleep 10000"] + volumeMounts: + - name: "pvc1" + mountPath: "/mnt/pvc1" + - name: "pvc2" + mountPath: "/mnt/pvc2" + - name: "pvc3" + mountPath: "/mnt/pvc3" + volumes: + - name: "pvc1" + persistentVolumeClaim: + claimName: "models-pvc-1" + - name: "pvc2" + persistentVolumeClaim: + claimName: "models-pvc-2" + - name: "pvc3" + persistentVolumeClaim: + claimName: "models-pvc-3" diff --git a/model-mesh/odh-modelmesh-controller/dependencies/minio-storage-secret.yaml b/model-mesh/odh-modelmesh-controller/dependencies/minio-storage-secret.yaml new file mode 100644 index 000000000..1c456d353 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/dependencies/minio-storage-secret.yaml @@ -0,0 +1,27 @@ +# Copyright 2021 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: storage-config +stringData: + localMinIO: | + { + "type": "s3", + "access_key_id": "AKIAIOSFODNN7EXAMPLE", + "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "endpoint_url": "http://minio.controller_namespace:9000", + "default_bucket": "modelmesh-example-models", + "region": "us-south" + } diff --git a/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner-subs.yaml b/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner-subs.yaml new file mode 100644 index 000000000..901a555a2 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner-subs.yaml @@ -0,0 +1,11 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: nfs-provisioner-operator + namespace: openshift-operators +spec: + channel: alpha + installPlanApproval: Automatic + name: nfs-provisioner-operator + source: community-operators + sourceNamespace: openshift-marketplace diff --git a/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner.yaml b/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner.yaml new file mode 100644 index 000000000..667799a6b --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/dependencies/nfs-provisioner.yaml @@ -0,0 +1,8 @@ +apiVersion: cache.jhouse.com/v1alpha1 +kind: NFSProvisioner +metadata: + name: nfsprovisioner-sample +spec: + storageSize: "40G" + scForNFSPvc: %default-sc-name% + scForNFS: nfs diff --git a/model-mesh/dependencies/fvt.yaml b/model-mesh/odh-modelmesh-controller/dependencies/quickstart.yaml similarity index 70% rename from model-mesh/dependencies/fvt.yaml rename to model-mesh/odh-modelmesh-controller/dependencies/quickstart.yaml index 539d2d61b..e04bfeae6 100644 --- a/model-mesh/dependencies/fvt.yaml +++ b/model-mesh/odh-modelmesh-controller/dependencies/quickstart.yaml @@ -43,11 +43,13 @@ spec: containers: - command: - etcd + - --data-dir # use data directory under /tmp for read/write access by non-root user on OpenShift + - /tmp/etcd.data - --listen-client-urls - http://0.0.0.0:2379 - --advertise-client-urls - http://0.0.0.0:2379 - image: registry.redhat.io/rhel7/etcd@sha256:d3495b263b103681f1b09a558be43c21989bfc269eb90f84c2609042cebdc626 + image: quay.io/coreos/etcd:v3.5.4 name: etcd ports: - containerPort: 2379 @@ -56,13 +58,6 @@ spec: - containerPort: 2380 name: server protocol: TCP - resources: # ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md#three-member-cluster-with-resource-requirement - limits: - cpu: 300m - memory: 200Mi - requests: - cpu: 200m - memory: 100Mi --- apiVersion: v1 kind: Secret @@ -107,37 +102,16 @@ spec: containers: - args: - server + # - /data - /data1 env: - name: MINIO_ACCESS_KEY value: AKIAIOSFODNN7EXAMPLE - name: MINIO_SECRET_KEY value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - resources: - requests: - cpu: 20m - memory: 100Mi - limits: - cpu: 250m - memory: 1Gi - image: kserve/modelmesh-minio-dev-examples:latest + # image: quay.io/cloudservices/minio:latest + image: kserve/modelmesh-minio-examples:latest name: minio - livenessProbe: - tcpSocket: - port: 9000 - initialDelaySeconds: 30 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - tcpSocket: - port: 9000 - initialDelaySeconds: 5 - timeoutSeconds: 1 - periodSeconds: 5 - successThreshold: 1 - failureThreshold: 3 --- apiVersion: v1 kind: Secret diff --git a/model-mesh/example-isvcs/example-keras-mnist-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-keras-mnist-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-keras-mnist-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-keras-mnist-isvc.yaml diff --git a/model-mesh/example-isvcs/example-lightgbm-mushroom-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-lightgbm-mushroom-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-lightgbm-mushroom-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-lightgbm-mushroom-isvc.yaml diff --git a/model-mesh/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-mlserver-sklearn-mnist-isvc.yaml diff --git a/model-mesh/example-isvcs/example-onnx-mnist-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-onnx-mnist-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-onnx-mnist-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-onnx-mnist-isvc.yaml diff --git a/model-mesh/example-isvcs/example-pytorch-cifar-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-pytorch-cifar-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-pytorch-cifar-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-pytorch-cifar-isvc.yaml diff --git a/model-mesh/example-isvcs/example-tensorflow-mnist-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-tensorflow-mnist-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-tensorflow-mnist-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-tensorflow-mnist-isvc.yaml diff --git a/model-mesh/example-isvcs/example-xgboost-mushroom-isvc.yaml b/model-mesh/odh-modelmesh-controller/example-isvcs/example-xgboost-mushroom-isvc.yaml similarity index 100% rename from model-mesh/example-isvcs/example-xgboost-mushroom-isvc.yaml rename to model-mesh/odh-modelmesh-controller/example-isvcs/example-xgboost-mushroom-isvc.yaml diff --git a/model-mesh/example-predictors/example-keras-mnist-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-keras-mnist-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-keras-mnist-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-keras-mnist-predictor.yaml diff --git a/model-mesh/example-predictors/example-lightgbm-mushroom-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-lightgbm-mushroom-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-lightgbm-mushroom-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-lightgbm-mushroom-predictor.yaml diff --git a/model-mesh/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-mlserver-sklearn-mnist-predictor.yaml diff --git a/model-mesh/example-predictors/example-onnx-mnist-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-onnx-mnist-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-onnx-mnist-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-onnx-mnist-predictor.yaml diff --git a/model-mesh/example-predictors/example-pytorch-cifar-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-pytorch-cifar-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-pytorch-cifar-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-pytorch-cifar-predictor.yaml diff --git a/model-mesh/example-predictors/example-tensorflow-mnist-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-tensorflow-mnist-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-tensorflow-mnist-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-tensorflow-mnist-predictor.yaml diff --git a/model-mesh/example-predictors/example-xgboost-mushroom-predictor.yaml b/model-mesh/odh-modelmesh-controller/example-predictors/example-xgboost-mushroom-predictor.yaml similarity index 100% rename from model-mesh/example-predictors/example-xgboost-mushroom-predictor.yaml rename to model-mesh/odh-modelmesh-controller/example-predictors/example-xgboost-mushroom-predictor.yaml diff --git a/model-mesh/internal/base/deployment.yaml.tmpl b/model-mesh/odh-modelmesh-controller/internal/base/deployment.yaml.tmpl similarity index 68% rename from model-mesh/internal/base/deployment.yaml.tmpl rename to model-mesh/odh-modelmesh-controller/internal/base/deployment.yaml.tmpl index 047767cb4..48f1944bc 100644 --- a/model-mesh/internal/base/deployment.yaml.tmpl +++ b/model-mesh/odh-modelmesh-controller/internal/base/deployment.yaml.tmpl @@ -44,7 +44,11 @@ spec: app.kubernetes.io/name: modelmesh-controller name: {{.ServiceName}}-{{.Name}} spec: - serviceAccountName: {{.ServiceAccountName}} + serviceAccountName: "{{.ServiceAccountName}}" + volumes: + - name: proxy-tls + secret: + secretName: model-serving-proxy-tls containers: - name: mm image: {{.ModelMeshImage}} @@ -120,6 +124,52 @@ spec: capabilities: drop: - ALL + - name: oauth-proxy + args: + - --https-address=:8443 + - --provider=openshift + - --openshift-service-account="{{.ServiceAccountName}}" + - --upstream=http://localhost:8008 + - --tls-cert=/etc/tls/private/tls.crt + - --tls-key=/etc/tls/private/tls.key + - --cookie-secret=SECRET + - '--openshift-delegate-urls={"/": {"namespace": "{{.AuthNamespace}}", "resource": "services", "verb": "get"}}' + - '--openshift-sar={"namespace": "{{.AuthNamespace}}", "resource": "services", "verb": "get"}' + - --skip-auth-regex='(^/metrics|^/apis/v1beta1/healthz)' + image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:4bef31eb993feb6f1096b51b4876c65a6fb1f4401fee97fa4f4542b6b7c9bc46 + ports: + - containerPort: 8443 + name: https + livenessProbe: + httpGet: + path: /oauth/healthz + port: 8443 + scheme: HTTPS + initialDelaySeconds: 30 + timeoutSeconds: 1 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /oauth/healthz + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 100m + memory: 256Mi + volumeMounts: + - mountPath: /etc/tls/private + name: proxy-tls # Model runtime containers are added here diff --git a/model-mesh/manager/kustomization.yaml b/model-mesh/odh-modelmesh-controller/manager/kustomization.yaml similarity index 93% rename from model-mesh/manager/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/manager/kustomization.yaml index 11f5add0f..cfa231dac 100644 --- a/model-mesh/manager/kustomization.yaml +++ b/model-mesh/odh-modelmesh-controller/manager/kustomization.yaml @@ -16,6 +16,6 @@ resources: images: - name: modelmesh-controller - newName: quay.io/opendatahub/modelmesh-controller + newName: kserve/modelmesh-controller ## NOTE THIS SHOULD BE REPLACED WITH LATEST CONTROLLER IMAGE TAG newTag: v0.11.0-alpha diff --git a/model-mesh/manager/manager.yaml b/model-mesh/odh-modelmesh-controller/manager/manager.yaml similarity index 91% rename from model-mesh/manager/manager.yaml rename to model-mesh/odh-modelmesh-controller/manager/manager.yaml index f50bbe2df..a4374d393 100644 --- a/model-mesh/manager/manager.yaml +++ b/model-mesh/odh-modelmesh-controller/manager/manager.yaml @@ -21,13 +21,21 @@ spec: selector: matchLabels: control-plane: modelmesh-controller - replicas: 3 + replicas: 3 # This can be increased safely to enable HA. A good value to set is 3. template: metadata: labels: control-plane: modelmesh-controller spec: affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 @@ -39,14 +47,6 @@ spec: values: - modelmesh-controller topologyKey: topology.kubernetes.io/zone - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 containers: - command: - /manager @@ -95,18 +95,3 @@ spec: configMap: defaultMode: 420 name: model-serving-config-defaults ---- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: modelmesh-controller - name: modelmesh-controller -spec: - ports: - - protocol: TCP - port: 8080 - targetPort: 8080 - type: ClusterIP - selector: - control-plane: modelmesh-controller diff --git a/model-mesh/odh-modelmesh-controller/namespace-runtimes/kustomization.yaml b/model-mesh/odh-modelmesh-controller/namespace-runtimes/kustomization.yaml new file mode 100644 index 000000000..657e278f9 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/namespace-runtimes/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - ../runtimes +patchesJson6902: + - target: + group: serving.kserve.io + version: v1alpha1 + kind: ClusterServingRuntime + name: ".*" + patch: |- + - op: replace + path: /kind + value: ServingRuntime diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/kustomization.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/kustomization.yaml new file mode 100644 index 000000000..428e26021 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../base + - ./scripts/ + - ./quickstart.yaml + - ./rbac/ + - ./manager + +commonLabels: + app.kubernetes.io/managed-by: modelmesh-controller + +configurations: + - params.yaml diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/manager/kustomization.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/manager/kustomization.yaml new file mode 100644 index 000000000..f81528ab1 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/manager/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./service.yaml diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/manager/service.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/manager/service.yaml new file mode 100644 index 000000000..8e00ea5cf --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/manager/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: modelmesh-controller + name: modelmesh-controller +spec: + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 + type: ClusterIP + selector: + control-plane: modelmesh-controller diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/params.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/params.yaml new file mode 100644 index 000000000..67e82db89 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/params.yaml @@ -0,0 +1,15 @@ +varReference: + - path: metadata/namespace + kind: ServiceAccount + apiVersion: v1 + - path: metadata/name + kind: ClusterRoleBinding + apiGroup: rbac.authorization.k8s.io + - path: subjects/namespace + kind: RoleBinding + apiGroup: rbac.authorization.k8s.io + - path: spec/template/spec/containers[]/image + kind: Deployment + apiVersion: apps/v1 + - path: data + kind: ConfigMap diff --git a/model-mesh/dependencies/quickstart.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/quickstart.yaml similarity index 95% rename from model-mesh/dependencies/quickstart.yaml rename to model-mesh/odh-modelmesh-controller/overlays/odh/quickstart.yaml index 25317325b..2c4b20381 100644 --- a/model-mesh/dependencies/quickstart.yaml +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/quickstart.yaml @@ -47,7 +47,7 @@ spec: configMap: name: etcd-scripts defaultMode: 0554 - initContainers: + initContainers: - name: etcd-secret-creator image: registry.redhat.io/openshift4/ose-cli@sha256:25fef269ac6e7491cb8340119a9b473acbeb53bc6970ad029fdaae59c3d0ca61 command: ["/bin/bash", "-c", "--"] @@ -55,7 +55,7 @@ spec: - | etcdpasswordexists=$(oc get secrets -o name | grep etcd-passwords || echo "false") modelservingetcdexists=$(oc get secrets -o name | grep model-serving-etcd || echo "false") - + if [[ $etcdpasswordexists == "false" && $modelservingetcdexists == "false" ]]; then echo "creating etcdpasswords and model-serving-etcd secrets" ETC_ROOT_PSW=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1) @@ -83,7 +83,7 @@ spec: - http://0.0.0.0:2379 - --advertise-client-urls - http://0.0.0.0:2379 - - '--data-dir' + - "--data-dir" - /tmp/etcd.data image: registry.redhat.io/rhel7/etcd@sha256:d3495b263b103681f1b09a558be43c21989bfc269eb90f84c2609042cebdc626 name: etcd @@ -103,7 +103,7 @@ spec: - containerPort: 2380 name: server protocol: TCP - resources: # ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md#three-member-cluster-with-resource-requirement + resources: # ref: https://github.com/coreos/etcd-operator/blob/master/doc/user/spec_examples.md#three-member-cluster-with-resource-requirement limits: cpu: 300m memory: 200Mi @@ -139,7 +139,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: etcd-serviceaccount - namespace: $(monitoring-namespace) + namespace: $(mesh-namespace) --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -170,3 +170,4 @@ roleRef: subjects: - kind: ServiceAccount name: etcd-serviceaccount + namespace: $(mesh-namespace) diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/kustomization.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/kustomization.yaml new file mode 100644 index 000000000..ba3b49d52 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/kustomization.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../../rbac/cluster-scope + - ./networkpolicy_etcd.yaml + - ./role_apps_metrics_access.yaml + - ./user_cluster_roles.yaml + +patchesStrategicMerge: + - remove_networkpolicy_rumtime_patch.yaml diff --git a/model-mesh/rbac/networkpolicy-etcd.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/networkpolicy_etcd.yaml similarity index 90% rename from model-mesh/rbac/networkpolicy-etcd.yaml rename to model-mesh/odh-modelmesh-controller/overlays/odh/rbac/networkpolicy_etcd.yaml index 81c246b20..4765b8cdc 100644 --- a/model-mesh/rbac/networkpolicy-etcd.yaml +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/networkpolicy_etcd.yaml @@ -26,8 +26,9 @@ spec: - namespaceSelector: # matches controller and runtime pods matchLabels: - modelmesh-enabled: 'true' - - podSelector: {} + modelmesh-enabled: "true" + # mataches internal pods + - podSelector: {} ports: - port: 2379 protocol: TCP diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/remove_networkpolicy_rumtime_patch.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/remove_networkpolicy_rumtime_patch.yaml new file mode 100644 index 000000000..67a3906fc --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/remove_networkpolicy_rumtime_patch.yaml @@ -0,0 +1,5 @@ +$patch: delete +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: modelmesh-runtimes diff --git a/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/role_apps_metrics_access.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/role_apps_metrics_access.yaml new file mode 100644 index 000000000..417b63e00 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/role_apps_metrics_access.yaml @@ -0,0 +1,41 @@ +# Deploying a RoleBinding in a given Namespace +# that gives the Prometheus SA the following role +# will allow that Prometheus to scrape Services +# in that RoleBinding's Namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus-ns-access +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get diff --git a/model-mesh/rbac/user_cluster_roles.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/rbac/user_cluster_roles.yaml similarity index 100% rename from model-mesh/rbac/user_cluster_roles.yaml rename to model-mesh/odh-modelmesh-controller/overlays/odh/rbac/user_cluster_roles.yaml diff --git a/model-mesh/dependencies/scripts/enable_auth.sh b/model-mesh/odh-modelmesh-controller/overlays/odh/scripts/enable_auth.sh similarity index 100% rename from model-mesh/dependencies/scripts/enable_auth.sh rename to model-mesh/odh-modelmesh-controller/overlays/odh/scripts/enable_auth.sh diff --git a/model-mesh/dependencies/scripts/kustomization.yaml b/model-mesh/odh-modelmesh-controller/overlays/odh/scripts/kustomization.yaml similarity index 100% rename from model-mesh/dependencies/scripts/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/overlays/odh/scripts/kustomization.yaml diff --git a/model-mesh/prometheus/kustomization.yaml b/model-mesh/odh-modelmesh-controller/prometheus/kustomization.yaml similarity index 100% rename from model-mesh/prometheus/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/prometheus/kustomization.yaml diff --git a/model-mesh/prometheus/monitor.yaml b/model-mesh/odh-modelmesh-controller/prometheus/monitor.yaml similarity index 100% rename from model-mesh/prometheus/monitor.yaml rename to model-mesh/odh-modelmesh-controller/prometheus/monitor.yaml diff --git a/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/kustomization.yaml b/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/kustomization.yaml new file mode 100644 index 000000000..3cf2dadc8 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/kustomization.yaml @@ -0,0 +1,17 @@ +# Copyright 2022 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +resources: + - ../common + - role.yaml + - role_binding.yaml diff --git a/model-mesh/rbac/role.yaml b/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role.yaml similarity index 100% rename from model-mesh/rbac/role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role.yaml diff --git a/model-mesh/rbac/role_binding.yaml b/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role_binding.yaml similarity index 89% rename from model-mesh/rbac/role_binding.yaml rename to model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role_binding.yaml index 8af5034ab..22f730fcf 100644 --- a/model-mesh/rbac/role_binding.yaml +++ b/model-mesh/odh-modelmesh-controller/rbac/cluster-scope/role_binding.yaml @@ -1,4 +1,4 @@ -# Copyright 2021 IBM Corporation +# Copyright 2022 IBM Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: modelmesh-controller-rolebinding-$(meshnamespace) + name: modelmesh-controller-rolebinding-$(mesh-namespace) roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/model-mesh/rbac/auth_proxy_client_clusterrole.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_client_clusterrole.yaml similarity index 100% rename from model-mesh/rbac/auth_proxy_client_clusterrole.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_client_clusterrole.yaml diff --git a/model-mesh/rbac/auth_proxy_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role.yaml similarity index 100% rename from model-mesh/rbac/auth_proxy_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role.yaml diff --git a/model-mesh/rbac/auth_proxy_role_binding.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role_binding.yaml similarity index 100% rename from model-mesh/rbac/auth_proxy_role_binding.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_role_binding.yaml diff --git a/model-mesh/rbac/auth_proxy_service.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_service.yaml similarity index 100% rename from model-mesh/rbac/auth_proxy_service.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/auth_proxy_service.yaml diff --git a/model-mesh/rbac/inferenceservice_editor_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/inferenceservice_editor_role.yaml similarity index 100% rename from model-mesh/rbac/inferenceservice_editor_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/inferenceservice_editor_role.yaml diff --git a/model-mesh/rbac/inferenceservice_viewer_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/inferenceservice_viewer_role.yaml similarity index 100% rename from model-mesh/rbac/inferenceservice_viewer_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/inferenceservice_viewer_role.yaml diff --git a/model-mesh/rbac/kustomization.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/kustomization.yaml similarity index 90% rename from model-mesh/rbac/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/kustomization.yaml index 52ad78955..1eb14bdc3 100644 --- a/model-mesh/rbac/kustomization.yaml +++ b/model-mesh/odh-modelmesh-controller/rbac/common/kustomization.yaml @@ -12,11 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. resources: - - user_cluster_roles.yaml - service-account.yaml - - role.yaml - - role_binding.yaml - - rolebinding-apps-metrics-access.yaml - leader_election_role.yaml - leader_election_role_binding.yaml - restricted_scc_role.yaml @@ -26,9 +22,9 @@ resources: # - servingruntime_editor_role.yaml # - servingruntime_viewer_role.yaml - modelmesh-service-account.yaml + - modelmesh-serving-service-account.yaml - networkpolicy-controller.yaml - networkpolicy-runtimes.yaml - - networkpolicy-etcd.yaml # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. diff --git a/model-mesh/rbac/leader_election_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/leader_election_role.yaml similarity index 100% rename from model-mesh/rbac/leader_election_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/leader_election_role.yaml diff --git a/model-mesh/rbac/leader_election_role_binding.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/leader_election_role_binding.yaml similarity index 100% rename from model-mesh/rbac/leader_election_role_binding.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/leader_election_role_binding.yaml diff --git a/model-mesh/rbac/modelmesh-service-account.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-service-account.yaml similarity index 100% rename from model-mesh/rbac/modelmesh-service-account.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-service-account.yaml diff --git a/model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-serving-service-account.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-serving-service-account.yaml new file mode 100644 index 000000000..441c99f70 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/rbac/common/modelmesh-serving-service-account.yaml @@ -0,0 +1,17 @@ +# Copyright 2021 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: modelmesh-serving-sa diff --git a/model-mesh/rbac/networkpolicy-controller.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-controller.yaml similarity index 100% rename from model-mesh/rbac/networkpolicy-controller.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-controller.yaml diff --git a/model-mesh/rbac/networkpolicy-runtimes.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-runtimes.yaml similarity index 100% rename from model-mesh/rbac/networkpolicy-runtimes.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/networkpolicy-runtimes.yaml diff --git a/model-mesh/rbac/predictor_editor_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/predictor_editor_role.yaml similarity index 100% rename from model-mesh/rbac/predictor_editor_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/predictor_editor_role.yaml diff --git a/model-mesh/rbac/predictor_viewer_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/predictor_viewer_role.yaml similarity index 100% rename from model-mesh/rbac/predictor_viewer_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/predictor_viewer_role.yaml diff --git a/model-mesh/rbac/restricted_scc_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role.yaml similarity index 100% rename from model-mesh/rbac/restricted_scc_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role.yaml diff --git a/model-mesh/rbac/restricted_scc_role_binding.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role_binding.yaml similarity index 100% rename from model-mesh/rbac/restricted_scc_role_binding.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/restricted_scc_role_binding.yaml diff --git a/model-mesh/rbac/service-account.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/service-account.yaml similarity index 100% rename from model-mesh/rbac/service-account.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/service-account.yaml diff --git a/model-mesh/rbac/servingruntime_editor_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/servingruntime_editor_role.yaml similarity index 100% rename from model-mesh/rbac/servingruntime_editor_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/servingruntime_editor_role.yaml diff --git a/model-mesh/rbac/servingruntime_viewer_role.yaml b/model-mesh/odh-modelmesh-controller/rbac/common/servingruntime_viewer_role.yaml similarity index 100% rename from model-mesh/rbac/servingruntime_viewer_role.yaml rename to model-mesh/odh-modelmesh-controller/rbac/common/servingruntime_viewer_role.yaml diff --git a/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/kustomization.yaml b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/kustomization.yaml new file mode 100644 index 000000000..3cf2dadc8 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/kustomization.yaml @@ -0,0 +1,17 @@ +# Copyright 2022 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +resources: + - ../common + - role.yaml + - role_binding.yaml diff --git a/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role.yaml b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role.yaml new file mode 100644 index 000000000..8624c1525 --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role.yaml @@ -0,0 +1,167 @@ +# Copyright 2022 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: modelmesh-controller-role +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - endpoints + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + - services/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/finalizers + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - inferenceservices/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - predictors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - predictors/finalizers + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - predictors/status + verbs: + - get + - patch + - update + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update diff --git a/model-mesh/rbac/rolebinding-apps-metrics-access.yaml b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role_binding.yaml similarity index 79% rename from model-mesh/rbac/rolebinding-apps-metrics-access.yaml rename to model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role_binding.yaml index a6e9b3136..96ac0dc4f 100644 --- a/model-mesh/rbac/rolebinding-apps-metrics-access.yaml +++ b/model-mesh/odh-modelmesh-controller/rbac/namespace-scope/role_binding.yaml @@ -11,17 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: prometheus-ns-access - labels: - opendatahub.io/managed: 'true' -subjects: - - kind: ServiceAccount - name: prometheus-custom - namespace: redhat-ods-monitoring + name: modelmesh-controller-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prometheus-ns-access + kind: Role + name: modelmesh-controller-role +subjects: + - kind: ServiceAccount + name: modelmesh-controller diff --git a/model-mesh/runtimes/kustomization.yaml b/model-mesh/odh-modelmesh-controller/runtimes/kustomization.yaml similarity index 77% rename from model-mesh/runtimes/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/runtimes/kustomization.yaml index 7afbed251..1355c82f4 100644 --- a/model-mesh/runtimes/kustomization.yaml +++ b/model-mesh/odh-modelmesh-controller/runtimes/kustomization.yaml @@ -15,19 +15,24 @@ resources: - triton-2.x.yaml - mlserver-0.x.yaml - ovms-1.x.yaml + - torchserve-0.x.yaml images: - name: tritonserver-2 newName: nvcr.io/nvidia/tritonserver - newTag: 21.06.1-py3 + newTag: "21.06.1-py3" - name: mlserver-0 - newName: quay.io/opendatahub/mlserver - newTag: 0.5.2 + newName: seldonio/mlserver + newTag: "0.5.2" - name: ovms-1 - newName: quay.io/opendatahub/openvino_model_server - newTag: 2022.3-gpu + newName: openvino/model_server + newTag: "2022.3" + + - name: torchserve-0 + newName: pytorch/torchserve + newTag: 0.6.0-cpu transformers: - ../default/metadataLabelTransformer.yaml diff --git a/model-mesh/runtimes/mlserver-0.x.yaml b/model-mesh/odh-modelmesh-controller/runtimes/mlserver-0.x.yaml similarity index 98% rename from model-mesh/runtimes/mlserver-0.x.yaml rename to model-mesh/odh-modelmesh-controller/runtimes/mlserver-0.x.yaml index 412586b29..09ac918df 100644 --- a/model-mesh/runtimes/mlserver-0.x.yaml +++ b/model-mesh/odh-modelmesh-controller/runtimes/mlserver-0.x.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. apiVersion: serving.kserve.io/v1alpha1 -kind: ServingRuntime +kind: ClusterServingRuntime metadata: name: mlserver-0.x labels: diff --git a/model-mesh/runtimes/ovms-1.x.yaml b/model-mesh/odh-modelmesh-controller/runtimes/ovms-1.x.yaml similarity index 98% rename from model-mesh/runtimes/ovms-1.x.yaml rename to model-mesh/odh-modelmesh-controller/runtimes/ovms-1.x.yaml index 8b9ee7389..dd57207b0 100644 --- a/model-mesh/runtimes/ovms-1.x.yaml +++ b/model-mesh/odh-modelmesh-controller/runtimes/ovms-1.x.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. apiVersion: serving.kserve.io/v1alpha1 -kind: ServingRuntime +kind: ClusterServingRuntime metadata: name: ovms-1.x labels: diff --git a/model-mesh/odh-modelmesh-controller/runtimes/torchserve-0.x.yaml b/model-mesh/odh-modelmesh-controller/runtimes/torchserve-0.x.yaml new file mode 100644 index 000000000..83e0dc81c --- /dev/null +++ b/model-mesh/odh-modelmesh-controller/runtimes/torchserve-0.x.yaml @@ -0,0 +1,59 @@ +# Copyright 2022 IBM Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: torchserve-0.x + labels: + name: modelmesh-serving-torchserve-0.x-SR +spec: + supportedModelFormats: + - name: pytorch-mar + version: "0" + autoSelect: true + + multiModel: true + + grpcEndpoint: "port:8085" + grpcDataEndpoint: "port:7070" + + containers: + - name: torchserve + image: torchserve-0:replace + args: + # Adapter creates the config file; wait for it to exist before starting + - while [ ! -e "$TS_CONFIG_FILE" ]; do echo "waiting for config file..."; sleep 1; done; + - exec + - torchserve + - --start + - --foreground + env: + - name: TS_CONFIG_FILE + value: /models/_torchserve_models/mmconfig.properties + # TBD, this may give better performance + #- name: TS_PREFER_DIRECT_BUFFER + # value: true + # Additional TS_ prefixed TorchServe config options may be added here + resources: + requests: + cpu: 500m + memory: 1Gi + limits: + cpu: "5" + memory: 1Gi + builtInAdapter: + serverType: torchserve + runtimeManagementPort: 7071 + memBufferBytes: 134217728 + modelLoadingTimeoutMillis: 90000 diff --git a/model-mesh/runtimes/triton-2.x.yaml b/model-mesh/odh-modelmesh-controller/runtimes/triton-2.x.yaml similarity index 97% rename from model-mesh/runtimes/triton-2.x.yaml rename to model-mesh/odh-modelmesh-controller/runtimes/triton-2.x.yaml index 485cef0dc..9b1cd6140 100644 --- a/model-mesh/runtimes/triton-2.x.yaml +++ b/model-mesh/odh-modelmesh-controller/runtimes/triton-2.x.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. apiVersion: serving.kserve.io/v1alpha1 -kind: ServingRuntime +kind: ClusterServingRuntime metadata: name: triton-2.x labels: @@ -49,7 +49,7 @@ spec: containers: - name: triton - image: nvcr.io/nvidia/tritonserver:21.06.1-py3 + image: tritonserver-2:replace command: [/bin/sh] args: - -c diff --git a/model-mesh/samples/kustomization.yaml b/model-mesh/odh-modelmesh-controller/samples/kustomization.yaml similarity index 100% rename from model-mesh/samples/kustomization.yaml rename to model-mesh/odh-modelmesh-controller/samples/kustomization.yaml diff --git a/model-mesh/samples/predictor_custom_complete.yaml b/model-mesh/odh-modelmesh-controller/samples/predictor_custom_complete.yaml similarity index 100% rename from model-mesh/samples/predictor_custom_complete.yaml rename to model-mesh/odh-modelmesh-controller/samples/predictor_custom_complete.yaml diff --git a/model-mesh/samples/predictor_mlserver.yaml b/model-mesh/odh-modelmesh-controller/samples/predictor_mlserver.yaml similarity index 100% rename from model-mesh/samples/predictor_mlserver.yaml rename to model-mesh/odh-modelmesh-controller/samples/predictor_mlserver.yaml diff --git a/model-mesh/samples/predictor_tf_minimal.yaml b/model-mesh/odh-modelmesh-controller/samples/predictor_tf_minimal.yaml similarity index 100% rename from model-mesh/samples/predictor_tf_minimal.yaml rename to model-mesh/odh-modelmesh-controller/samples/predictor_tf_minimal.yaml diff --git a/model-mesh/samples/serving_v1beta1_inferenceservice.yaml b/model-mesh/odh-modelmesh-controller/samples/serving_v1beta1_inferenceservice.yaml similarity index 100% rename from model-mesh/samples/serving_v1beta1_inferenceservice.yaml rename to model-mesh/odh-modelmesh-controller/samples/serving_v1beta1_inferenceservice.yaml diff --git a/model-mesh/samples/servingruntime_custom.yaml b/model-mesh/odh-modelmesh-controller/samples/servingruntime_custom.yaml similarity index 100% rename from model-mesh/samples/servingruntime_custom.yaml rename to model-mesh/odh-modelmesh-controller/samples/servingruntime_custom.yaml diff --git a/model-mesh/samples/servingruntime_pullerless.yaml b/model-mesh/odh-modelmesh-controller/samples/servingruntime_pullerless.yaml similarity index 100% rename from model-mesh/samples/servingruntime_pullerless.yaml rename to model-mesh/odh-modelmesh-controller/samples/servingruntime_pullerless.yaml diff --git a/model-mesh/overlays/odh-model-controller/default/kustomization.yaml b/model-mesh/overlays/odh-model-controller/default/kustomization.yaml deleted file mode 100644 index 1ce10036c..000000000 --- a/model-mesh/overlays/odh-model-controller/default/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -bases: -- ../rbac -- ../manager diff --git a/model-mesh/overlays/odh-model-controller/default/manager_auth_proxy_patch.yaml b/model-mesh/overlays/odh-model-controller/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 0ccfcc442..000000000 --- a/model-mesh/overlays/odh-model-controller/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: odh-model-controller - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/model-mesh/overlays/odh-model-controller/default/manager_config_patch.yaml b/model-mesh/overlays/odh-model-controller/default/manager_config_patch.yaml deleted file mode 100644 index 58edd7a2e..000000000 --- a/model-mesh/overlays/odh-model-controller/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: odh-model-controller - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/model-mesh/overlays/odh-model-controller/kustomization.yaml b/model-mesh/overlays/odh-model-controller/kustomization.yaml deleted file mode 100644 index 43cabdcd8..000000000 --- a/model-mesh/overlays/odh-model-controller/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -bases: -- ./rbac -- ./manager -- ./prometheus -configurations: - - params.yaml diff --git a/model-mesh/overlays/odh-model-controller/manager/kustomization.yaml b/model-mesh/overlays/odh-model-controller/manager/kustomization.yaml deleted file mode 100644 index 72b8cb5f6..000000000 --- a/model-mesh/overlays/odh-model-controller/manager/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -resources: -- manager.yaml - -generatorOptions: - disableNameSuffixHash: true - -configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config diff --git a/model-mesh/overlays/odh-model-controller/manager/manager.yaml b/model-mesh/overlays/odh-model-controller/manager/manager.yaml deleted file mode 100644 index c3f4ec4ad..000000000 --- a/model-mesh/overlays/odh-model-controller/manager/manager.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: odh-model-controller - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: odh-model-controller - namespace: system - labels: - control-plane: odh-model-controller - app: odh-model-controller -spec: - selector: - matchLabels: - control-plane: odh-model-controller - replicas: 3 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: odh-model-controller - app: odh-model-controller - spec: - securityContext: - runAsNonRoot: true - containers: - - command: - - /manager - args: - - --leader-elect - - '--monitoring-namespace' - - '$(MONITORING_NS)' - image: $(odh-model-controller) - env: - - name: MONITORING_NS - value: $(monitoring-namespace) - name: manager - imagePullPolicy: Always - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 2Gi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: odh-model-controller - terminationGracePeriodSeconds: 10 diff --git a/model-mesh/overlays/odh-model-controller/params.yaml b/model-mesh/overlays/odh-model-controller/params.yaml deleted file mode 100644 index d2077cc69..000000000 --- a/model-mesh/overlays/odh-model-controller/params.yaml +++ /dev/null @@ -1,4 +0,0 @@ -varReference: -- path: metadata/name - kind: ClusterRoleBinding - apiGroup: authorization.openshift.io diff --git a/model-mesh/overlays/odh-model-controller/prometheus/kustomization.yaml b/model-mesh/overlays/odh-model-controller/prometheus/kustomization.yaml deleted file mode 100644 index ed137168a..000000000 --- a/model-mesh/overlays/odh-model-controller/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role.yaml b/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role.yaml deleted file mode 100644 index 80e1857c5..000000000 --- a/model-mesh/overlays/odh-model-controller/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/model-mesh/overlays/odh-model-controller/rbac/kustomization.yaml b/model-mesh/overlays/odh-model-controller/rbac/kustomization.yaml deleted file mode 100644 index 731832a6a..000000000 --- a/model-mesh/overlays/odh-model-controller/rbac/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/model-mesh/overlays/odh-model-controller/rbac/leader_election_role.yaml b/model-mesh/overlays/odh-model-controller/rbac/leader_election_role.yaml deleted file mode 100644 index 4190ec805..000000000 --- a/model-mesh/overlays/odh-model-controller/rbac/leader_election_role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch