diff --git a/controllers/tas/config_maps.go b/controllers/tas/config_maps.go index e313352d..83da00a2 100644 --- a/controllers/tas/config_maps.go +++ b/controllers/tas/config_maps.go @@ -55,7 +55,7 @@ func (r *TrustyAIServiceReconciler) getKServeServerlessConfig(ctx context.Contex // Define the key for the ConfigMap configMapKey := types.NamespacedName{ Namespace: r.Namespace, - Name: constants.ConfigMap, + Name: imageConfigMap, } // Create an empty ConfigMap object diff --git a/controllers/tas/constants.go b/controllers/tas/constants.go index 64f3c5bb..a2b32819 100644 --- a/controllers/tas/constants.go +++ b/controllers/tas/constants.go @@ -27,6 +27,7 @@ const ( // Configuration constants const ( + imageConfigMap = "trustyai-service-operator-config" configMapOAuthProxyImageKey = "oauthProxyImage" configMapServiceImageKey = "trustyaiServiceImage" configMapkServeServerlessKey = "kServeServerless" diff --git a/controllers/tas/deployment.go b/controllers/tas/deployment.go index 87629c44..0dcc434e 100644 --- a/controllers/tas/deployment.go +++ b/controllers/tas/deployment.go @@ -70,6 +70,7 @@ func (r *TrustyAIServiceReconciler) createDeploymentObject(ctx context.Context, PVCClaimName: pvcName, CustomCertificatesBundle: caBunble, Version: constants.Version, + BatchSize: batchSize, } if instance.Spec.Storage.IsStorageDatabase() { diff --git a/controllers/tas/deployment_test.go b/controllers/tas/deployment_test.go index ee8c5c76..ec8d262c 100644 --- a/controllers/tas/deployment_test.go +++ b/controllers/tas/deployment_test.go @@ -338,7 +338,7 @@ var _ = Describe("TrustyAI operator", func() { configMap := &corev1.ConfigMap{} err := k8sClient.Get(ctx, types.NamespacedName{ Namespace: operatorNamespace, - Name: constants.ConfigMap, + Name: imageConfigMap, }, configMap) // If the ConfigMap exists, delete it @@ -360,7 +360,7 @@ var _ = Describe("TrustyAI operator", func() { namespace := "trusty-ns-a-1-db" instance = createDefaultDBCustomResource(namespace) WaitFor(func() error { - secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mysql") + secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mysql", "trustyai_service") return k8sClient.Create(ctx, secret) }, "failed to create ConfigMap") setupAndTestDeploymentDefault(instance, namespace) @@ -369,7 +369,7 @@ var _ = Describe("TrustyAI operator", func() { namespace := "trusty-ns-a-1-db" instance = createDefaultDBCustomResource(namespace) WaitFor(func() error { - secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mariadb") + secret := createDatabaseConfiguration(namespace, defaultDatabaseConfigurationName, "mariadb", "trustyai_service") return k8sClient.Create(ctx, secret) }, "failed to create ConfigMap") setupAndTestDeploymentDefault(instance, namespace) @@ -585,9 +585,16 @@ var _ = Describe("TrustyAI operator", func() { Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match") Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databasePort"), "Secret key does not match") + envVar = foundEnvVar(trustyaiServiceContainer.Env, "DATABASE_NAME") + Expect(envVar).NotTo(BeNil(), "Env var DATABASE_NAME not found") + Expect(envVar.ValueFrom).NotTo(BeNil(), "Env var DATABASE_NAME does not have ValueFrom set") + Expect(envVar.ValueFrom.SecretKeyRef).NotTo(BeNil(), "Env var DATABASE_NAME is not using SecretKeyRef") + Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match") + Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databaseName"), "Secret key does not match") + envVar = foundEnvVar(trustyaiServiceContainer.Env, "QUARKUS_DATASOURCE_JDBC_URL") Expect(envVar).NotTo(BeNil(), "Env var QUARKUS_DATASOURCE_JDBC_URL not found") - Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database")) + Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}")) }) @@ -696,9 +703,16 @@ var _ = Describe("TrustyAI operator", func() { Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match") Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databasePort"), "Secret key does not match") + envVar = foundEnvVar(trustyaiServiceContainer.Env, "DATABASE_NAME") + Expect(envVar).NotTo(BeNil(), "Env var DATABASE_NAME not found") + Expect(envVar.ValueFrom).NotTo(BeNil(), "Env var DATABASE_NAME does not have ValueFrom set") + Expect(envVar.ValueFrom.SecretKeyRef).NotTo(BeNil(), "Env var DATABASE_NAME is not using SecretKeyRef") + Expect(envVar.ValueFrom.SecretKeyRef.Name).To(Equal(defaultDatabaseConfigurationName), "Secret name does not match") + Expect(envVar.ValueFrom.SecretKeyRef.Key).To(Equal("databaseName"), "Secret key does not match") + envVar = foundEnvVar(trustyaiServiceContainer.Env, "QUARKUS_DATASOURCE_JDBC_URL") Expect(envVar).NotTo(BeNil(), "Env var QUARKUS_DATASOURCE_JDBC_URL not found") - Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database")) + Expect(envVar.Value).To(Equal("jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}")) }) diff --git a/controllers/tas/inference_services.go b/controllers/tas/inference_services.go index bd5f012a..072f5af9 100644 --- a/controllers/tas/inference_services.go +++ b/controllers/tas/inference_services.go @@ -167,7 +167,7 @@ func (r *TrustyAIServiceReconciler) patchEnvVarsByLabelForDeployments(ctx contex } // Build the payload processor endpoint - url := utils.GenerateServiceURL(crName, namespace) + "/consumer/kserve/v2" + url := utils.GenerateTLSServiceURL(crName, namespace) + "/consumer/kserve/v2" // Patch environment variables for the Deployments if shouldContinue, err := r.patchEnvVarsForDeployments(ctx, instance, deployments, envVarName, url, remove); err != nil { @@ -260,7 +260,7 @@ func (r *TrustyAIServiceReconciler) handleInferenceServices(ctx context.Context, // patchKServe adds a TrustyAI service as an InferenceLogger to a KServe InferenceService func (r *TrustyAIServiceReconciler) patchKServe(ctx context.Context, instance *trustyaiopendatahubiov1alpha1.TrustyAIService, infService kservev1beta1.InferenceService, namespace string, crName string, remove bool) error { - url := utils.GenerateServiceURL(crName, namespace) + url := utils.GenerateNonTLSServiceURL(crName, namespace) if remove { if infService.Spec.Predictor.Logger == nil || *infService.Spec.Predictor.Logger.URL != url { diff --git a/controllers/tas/secrets.go b/controllers/tas/secrets.go index a74b8840..978f813b 100644 --- a/controllers/tas/secrets.go +++ b/controllers/tas/secrets.go @@ -54,7 +54,14 @@ func (r *TrustyAIServiceReconciler) findDatabaseSecret(ctx context.Context, inst // validateDatabaseSecret validates the DB configuration secret func (r *TrustyAIServiceReconciler) validateDatabaseSecret(secret *corev1.Secret) error { - mandatoryKeys := []string{"databaseKind", "databaseUsername", "databasePassword", "databaseService", "databasePort"} + mandatoryKeys := []string{ + "databaseKind", + "databaseUsername", + "databasePassword", + "databaseService", + "databasePort", + "databaseName", + } for _, key := range mandatoryKeys { value, exists := secret.Data[key] diff --git a/controllers/tas/suite_test.go b/controllers/tas/suite_test.go index d7938aa5..71114243 100644 --- a/controllers/tas/suite_test.go +++ b/controllers/tas/suite_test.go @@ -217,13 +217,14 @@ func createSecret(namespace string, secretName string, data map[string]string) * } } -func createDatabaseConfiguration(namespace string, name string, dbKind string) *corev1.Secret { +func createDatabaseConfiguration(namespace string, name string, dbKind string, databaseName string) *corev1.Secret { return createSecret(namespace, name, map[string]string{ "databaseKind": dbKind, "databaseUsername": "foo", "databasePassword": "bar", "databaseService": "mariadb-service", "databasePort": "3306", + "databaseName": databaseName, }) } diff --git a/controllers/tas/templates/service/deployment.tmpl.yaml b/controllers/tas/templates/service/deployment.tmpl.yaml index fa8a9c76..f1e429f1 100644 --- a/controllers/tas/templates/service/deployment.tmpl.yaml +++ b/controllers/tas/templates/service/deployment.tmpl.yaml @@ -15,8 +15,8 @@ spec: strategy: type: RollingUpdate rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 + maxUnavailable: 1 + maxSurge: 0 replicas: 1 selector: matchLabels: @@ -93,11 +93,16 @@ spec: secretKeyRef: name: {{ .Instance.Spec.Storage.DatabaseConfigurations }} key: databasePort + - name: DATABASE_NAME + valueFrom: + secretKeyRef: + name: {{ .Instance.Spec.Storage.DatabaseConfigurations }} + key: databaseName - name: QUARKUS_DATASOURCE_JDBC_URL {{ if .UseDBTLSCerts }} - value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database?sslMode=verify-ca&serverSslCert=/etc/tls/db/tls.crt" + value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}?sslMode=verify-ca&serverSslCert=/etc/tls/db/tls.crt" {{ else }} - value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/trustyai_database" + value: "jdbc:${QUARKUS_DATASOURCE_DB_KIND}://${DATABASE_SERVICE}:${DATABASE_PORT}/${DATABASE_NAME}" {{ end }} - name: SERVICE_DATA_FORMAT value: "HIBERNATE" diff --git a/controllers/utils/utils.go b/controllers/utils/utils.go index b82131a1..12eb8ba6 100644 --- a/controllers/utils/utils.go +++ b/controllers/utils/utils.go @@ -41,7 +41,12 @@ func GetNamespace() (string, error) { return string(ns), nil } -// generateServiceURL generates an internal URL for a TrustyAI service -func GenerateServiceURL(crName string, namespace string) string { - return "http://" + crName + "." + namespace + ".svc.cluster.local" +// generateTLSServiceURL generates an internal URL for a TLS-enabled TrustyAI service +func GenerateTLSServiceURL(crName string, namespace string) string { + return "https://" + crName + "." + namespace + ".svc" +} + +// generateNonTLSServiceURL generates an internal URL for a TrustyAI service +func GenerateNonTLSServiceURL(crName string, namespace string) string { + return "http://" + crName + "." + namespace + ".svc" }