From 1b9246bb191a9cc61dd1af8b87cb2692b20d16ee Mon Sep 17 00:00:00 2001 From: Spolti Date: Thu, 9 May 2024 11:43:45 -0300 Subject: [PATCH] [RHOAIENG-6877] - odh-model-controller breaks Knative if KServe-Serverless is not enabled chore: Make the validating.odh-model-controller.opendatahub.io intercept only ksvc that contains the serving.kserve.io/inferenceservice label. This label is added by KServe to any ksvc handled by it, this way we avoid other OpenShift Serverless user not be affected by this webhook in case it is not started by odh-model-controller. Signed-off-by: Spolti --- Makefile | 3 ++- config/webhook/field_patch.yaml | 3 +++ config/webhook/kustomization.yaml | 20 ++++++++++++++++++-- config/webhook/manifests.yaml | 7 +++---- config/webhook/webhook_patch.yaml | 16 ++++++++++++++++ 5 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 config/webhook/field_patch.yaml create mode 100644 config/webhook/webhook_patch.yaml diff --git a/Makefile b/Makefile index 97b858b5..0e651976 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,8 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=odh-model-controller-role,headerFile="hack/manifests_boilerplate.yaml.txt" crd paths="./..." output:crd:artifacts:config=config/crd/bases + # Any customization needed, apply to the webhook_patch.yaml file + $(CONTROLLER_GEN) rbac:roleName=odh-model-controller-role,headerFile="hack/manifests_boilerplate.yaml.txt" crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases external-manifests: go get github.com/kserve/modelmesh-serving diff --git a/config/webhook/field_patch.yaml b/config/webhook/field_patch.yaml new file mode 100644 index 00000000..f1b1dc24 --- /dev/null +++ b/config/webhook/field_patch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /metadata/name + value: validating.odh-model-controller.opendatahub.io \ No newline at end of file diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 07fcb5dd..ed4d980b 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -2,5 +2,21 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - manifests.yaml - - service.yaml +- manifests.yaml +- service.yaml + + +patches: + - path: webhook_patch.yaml + target: + group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validating-webhook-configuration + version: v1 + - path: field_patch.yaml + target: + group: admissionregistration.k8s.io + kind: ValidatingWebhookConfiguration + name: validating-webhook-configuration + version: v1 + diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 73db0a5e..26d90b5f 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,15 +2,14 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - name: validating.odh-model-controller.opendatahub.io - annotations: - service.beta.openshift.io/inject-cabundle: true + name: validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: - name: odh-model-controller-webhook-service + name: webhook-service + namespace: system path: /validate-serving-knative-dev-v1-service failurePolicy: Fail name: validating.ksvc.odh-model-controller.opendatahub.io diff --git a/config/webhook/webhook_patch.yaml b/config/webhook/webhook_patch.yaml new file mode 100644 index 00000000..1837a784 --- /dev/null +++ b/config/webhook/webhook_patch.yaml @@ -0,0 +1,16 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating.odh-model-controller.opendatahub.io + annotations: + service.beta.openshift.io/inject-cabundle: true +webhooks: + - name: validating.ksvc.odh-model-controller.opendatahub.io + clientConfig: + service: + name: odh-model-controller-webhook-service + objectSelector: + matchExpressions: + - key: serving.kserve.io/inferenceservice + operator: Exists +