Weekly sync up of dev/lm-eval branch (#278)

* feat: Initial database support (#246) * Initial database support - Add status checking - Add better storage flags - Add spec.storage.format validation - Add DDL -Add HIBERNATE format to DB (test) - Update service image - Revert identifier to DATABASE - Update CR options (remove mandatory data) * Remove default DDL generation env var * Update service image to latest tag * Add migration awareness * Add updating pods for migration * Change JDBC url from mysql to mariadb * Fix TLS mount * Revert images * Remove redundant logic * Fix comments * feat: Add TLS certificate mount on ModelMesh (#255) * feat: Add TLS certificate mount on ModelMesh * Revert from http to https until kserve/modelmesh#147 is merged * Pin oc version, ubi version (#263) * Restore checkout of trustyai-exp (#265) * Add operator installation robustness (#266) * fix: Skip InferenceService patching for KServe RawDeployment (#262) * feat: ConfigMap key to disable KServe Serverless configuration (#267) * feat: Add support for custom certificates in database connection (#259) * Add TLS endpoint for ModelMesh payload processors. (#268) Keep non-TLS endpoint for KServe Serverless (disabled by default) * fix: Correct maxSurge and maxUnavailable (#275) * feat: Add support for custom DB names (#257) * feat: Add support for custom DB names * fix: Correct custom DB name --------- Signed-off-by: Yihong Wang <[email protected]> Co-authored-by: Rui Vieira <[email protected]> Co-authored-by: Rob Geada <[email protected]>
trustyai-explainability · Aug 23, 2024 · 342d1e2 · 342d1e2
1 parent 427d102
commit 342d1e2
Show file tree

Hide file tree

Showing 9 changed files with 51 additions and 17 deletions.
diff --git a/controllers/tas/config_maps.go b/controllers/tas/config_maps.go
@@ -55,7 +55,7 @@ func (r *TrustyAIServiceReconciler) getKServeServerlessConfig(ctx context.Contex
 		// Define the key for the ConfigMap
 		configMapKey := types.NamespacedName{
 			Namespace: r.Namespace,
-			Name:      constants.ConfigMap,
+			Name:      imageConfigMap,
 		}
 
 		// Create an empty ConfigMap object

diff --git a/controllers/tas/constants.go b/controllers/tas/constants.go
@@ -27,6 +27,7 @@ const (
 
 // Configuration constants
 const (
+	imageConfigMap               = "trustyai-service-operator-config"
 	configMapOAuthProxyImageKey  = "oauthProxyImage"
 	configMapServiceImageKey     = "trustyaiServiceImage"
 	configMapkServeServerlessKey = "kServeServerless"

diff --git a/controllers/tas/deployment.go b/controllers/tas/deployment.go
@@ -70,6 +70,7 @@ func (r *TrustyAIServiceReconciler) createDeploymentObject(ctx context.Context,
 		PVCClaimName:             pvcName,
 		CustomCertificatesBundle: caBunble,
 		Version:                  constants.Version,
+		BatchSize:                batchSize,
 	}
 
 	if instance.Spec.Storage.IsStorageDatabase() {

diff --git a/controllers/tas/deployment_test.go b/controllers/tas/deployment_test.go
@@ -338,7 +338,7 @@ var _ = Describe("TrustyAI operator", func() {
 		configMap := &corev1.ConfigMap{}
 		err := k8sClient.Get(ctx, types.NamespacedName{
 			Namespace: operatorNamespace,
-			Name:      constants.ConfigMap,
+			Name:      imageConfigMap,
 		}, configMap)
 
 		// If the ConfigMap exists, delete it
@@ -360,7 +360,7 @@ var _ = Describe("TrustyAI operator", func() {
 			namespace := "trusty-ns-a-1-db"
 			instance = createDefaultDBCustomResource(namespace)
 			WaitFor(func() error {
-				secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mysql")
+				secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mysql", "trustyai_service")
 				return k8sClient.Create(ctx, secret)
 			}, "failed to create ConfigMap")
 			setupAndTestDeploymentDefault(instance, namespace)
@@ -369,7 +369,7 @@ var _ = Describe("TrustyAI operator", func() {
 			namespace := "trusty-ns-a-1-db"
 			instance = createDefaultDBCustomResource(namespace)
 			WaitFor(func() error {
-				secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mariadb")
+				secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mariadb", "trustyai_service")
 				return k8sClient.Create(ctx, secret)
 			}, "failed to create ConfigMap")
 			setupAndTestDeploymentDefault(instance, namespace)
@@ -585,9 +585,16 @@ var _ = Describe("TrustyAI operator", func() {
 			Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match")
 			Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databasePort"), "Secret key does not match")
 
+			envVar = foundEnvVar(trustyaiServiceContainer.Env, "DATABASE_NAME")
+			Expect(envVar).NotTo(BeNil(), "Env var DATABASE_NAME not found")
+			Expect(envVar.ValueFrom).NotTo(BeNil(), "Env var DATABASE_NAME does not have ValueFrom set")
+			Expect(envVar.ValueFrom.SecretKeyRef).NotTo(BeNil(), "Env var DATABASE_NAME is not using SecretKeyRef")
+			Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match")
+			Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databaseName"), "Secret key does not match")
+
 			envVar = foundEnvVar(trustyaiServiceContainer.Env, "QUARKUS_DATASOURCE_JDBC_URL")
 			Expect(envVar).NotTo(BeNil(), "Env var QUARKUS_DATASOURCE_JDBC_URL not found")
-			Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database"))
+			Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}"))
 
 		})
 
@@ -696,9 +703,16 @@ var _ = Describe("TrustyAI operator", func() {
 			Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match")
 			Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databasePort"), "Secret key does not match")
 
+			envVar = foundEnvVar(trustyaiServiceContainer.Env, "DATABASE_NAME")
+			Expect(envVar).NotTo(BeNil(), "Env var DATABASE_NAME not found")
+			Expect(envVar.ValueFrom).NotTo(BeNil(), "Env var DATABASE_NAME does not have ValueFrom set")
+			Expect(envVar.ValueFrom.SecretKeyRef).NotTo(BeNil(), "Env var DATABASE_NAME is not using SecretKeyRef")
+			Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match")
+			Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databaseName"), "Secret key does not match")
+
 			envVar = foundEnvVar(trustyaiServiceContainer.Env, "QUARKUS_DATASOURCE_JDBC_URL")
 			Expect(envVar).NotTo(BeNil(), "Env var QUARKUS_DATASOURCE_JDBC_URL not found")
-			Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database"))
+			Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}"))
 
 		})
 

diff --git a/controllers/tas/inference_services.go b/controllers/tas/inference_services.go
@@ -167,7 +167,7 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsByLabelForDeployments(ctx contex
 	}
 
 	// Build the payload processor endpoint
-	url := utils.GenerateServiceURL(crName, namespace) + "/consumer/kserve/v2"
+	url := utils.GenerateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2"
 
 	// Patch environment variables for the Deployments
 	if shouldContinue, err := r.patchEnvVarsForDeployments(ctx, instance, deployments, envVarName, url, remove); err != nil {
@@ -260,7 +260,7 @@ func (r *TrustyAIServiceReconciler) handleInferenceServices(ctx context.Context,
 // patchKServe adds a TrustyAI service as an InferenceLogger to a KServe InferenceService
 func (r *TrustyAIServiceReconciler) patchKServe(ctx context.Context, instance *trustyaiopendatahubiov1alpha1.TrustyAIService, infService kservev1beta1.InferenceService, namespace string, crName string, remove bool) error {
 
-	url := utils.GenerateServiceURL(crName, namespace)
+	url := utils.GenerateNonTLSServiceURL(crName, namespace)
 
 	if remove {
 		if infService.Spec.Predictor.Logger == nil || *infService.Spec.Predictor.Logger.URL != url {

diff --git a/controllers/tas/secrets.go b/controllers/tas/secrets.go
@@ -54,7 +54,14 @@ func (r *TrustyAIServiceReconciler) findDatabaseSecret(ctx context.Context, inst
 // validateDatabaseSecret validates the DB configuration secret
 func (r *TrustyAIServiceReconciler) validateDatabaseSecret(secret *corev1.Secret) error {
 
-	mandatoryKeys := []string{"databaseKind", "databaseUsername", "databasePassword", "databaseService", "databasePort"}
+	mandatoryKeys := []string{
+		"databaseKind",
+		"databaseUsername",
+		"databasePassword",
+		"databaseService",
+		"databasePort",
+		"databaseName",
+	}
 
 	for _, key := range mandatoryKeys {
 		value, exists := secret.Data[key]

diff --git a/controllers/tas/suite_test.go b/controllers/tas/suite_test.go
@@ -217,13 +217,14 @@ func createSecret(namespace string, secretName string, data map[string]string) *
 	}
 }
 
-func createDatabaseConfiguration(namespace string, name string, dbKind string) *corev1.Secret {
+func createDatabaseConfiguration(namespace string, name string, dbKind string, databaseName string) *corev1.Secret {
 	return createSecret(namespace, name, map[string]string{
 		"databaseKind":     dbKind,
 		"databaseUsername": "foo",
 		"databasePassword": "bar",
 		"databaseService":  "mariadb-service",
 		"databasePort":     "3306",
+		"databaseName":     databaseName,
 	})
 }
 

diff --git a/controllers/tas/templates/service/deployment.tmpl.yaml b/controllers/tas/templates/service/deployment.tmpl.yaml
@@ -15,8 +15,8 @@ spec:
   strategy:
     type: RollingUpdate
     rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 1
+      maxUnavailable: 1
+      maxSurge: 0
   replicas: 1
   selector:
     matchLabels:
@@ -93,11 +93,16 @@ spec:
                 secretKeyRef:
                   name: {{ .Instance.Spec.Storage.DatabaseConfigurations }}
                   key: databasePort
+            - name: DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Instance.Spec.Storage.DatabaseConfigurations }}
+                  key: databaseName
             - name: QUARKUS_DATASOURCE_JDBC_URL
             {{ if .UseDBTLSCerts }}
-              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database?sslMode=verify-ca&serverSslCert=/etc/tls/db/tls.crt"
+              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}?sslMode=verify-ca&serverSslCert=/etc/tls/db/tls.crt"
             {{ else }}
-              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database"
+              value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}"
             {{ end }}
             - name: SERVICE_DATA_FORMAT
               value: "HIBERNATE"

diff --git a/controllers/utils/utils.go b/controllers/utils/utils.go
@@ -41,7 +41,12 @@ func GetNamespace() (string, error) {
 	return string(ns), nil
 }
 
-// generateServiceURL generates an internal URL for a TrustyAI service
-func GenerateServiceURL(crName string, namespace string) string {
-	return "http://" + crName + "." + namespace + ".svc.cluster.local"
+// generateTLSServiceURL generates an internal URL for a TLS-enabled TrustyAI service
+func GenerateTLSServiceURL(crName string, namespace string) string {
+	return "https://" + crName + "." + namespace + ".svc"
+}
+
+// generateNonTLSServiceURL generates an internal URL for a TrustyAI service
+func GenerateNonTLSServiceURL(crName string, namespace string) string {
+	return "http://" + crName + "." + namespace + ".svc"
 }