## Kubernetes Clusterwide SSL Demo

### Setup

Create a Kind cluster by using an ansible playbook from the project `ansible` folder.


In [None]:
!cd ../ansible && ansible-playbook playbooks/kind-cluster.yaml

In [None]:
!cd ../ansible && ansible-playbook playbooks/setup-ecosystem.yaml

In [1]:
!helm upgrade --install seldon-core-v2-crds  ../k8s/helm-charts/seldon-core-v2-crds -n seldon-mesh

Release "seldon-core-v2-crds" has been upgraded. Happy Helming!
NAME: seldon-core-v2-crds
LAST DEPLOYED: Thu Jun 22 09:11:26 2023
NAMESPACE: seldon-mesh
STATUS: deployed
REVISION: 2
TEST SUITE: None


In [2]:
!kubectl create namespace ns1

namespace/ns1 created


In [3]:
!kubectl create namespace ns2

namespace/ns2 created


In [48]:
!helm install seldon-v2-certs ../k8s/helm-charts/seldon-core-v2-certs/ -n ns1

NAME: seldon-v2-certs
LAST DEPLOYED: Thu Jun 22 10:00:32 2023
NAMESPACE: ns1
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [5]:
!helm install seldon-v2-certs ../k8s/helm-charts/seldon-core-v2-certs/ -n ns2

NAME: seldon-v2-certs
LAST DEPLOYED: Thu Jun 22 09:11:36 2023
NAMESPACE: ns2
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [6]:
!cat ../k8s/samples/values-tls-dataplane-controlplane-example.yaml

security:
  controlplane:
    protocol: SSL
    ssl:
      server:
        secret: seldon-controlplane-server
        clientValidationSecret: seldon-controlplane-client
      client:
        secret: seldon-controlplane-client
        serverValidationSecret: seldon-controlplane-server
  envoy:
    protocol: SSL
    ssl:
      upstream:
        server:
          secret: seldon-upstream-server
          clientValidationSecret: seldon-upstream-client
        client:
          secret: seldon-upstream-client
          serverValidationSecret: seldon-upstream-server
      downstream:
        client:
          serverValidationSecret: seldon-downstream-server
        server: 
          secret: seldon-downstream-server


In [7]:
!helm install seldon-v2 ../k8s/helm-charts/seldon-core-v2-setup/ -n seldon-mesh --set controller.clusterwide=true --values ../k8s/samples/values-tls-dataplane-controlplane-example.yaml

NAME: seldon-v2
LAST DEPLOYED: Thu Jun 22 09:11:40 2023
NAMESPACE: seldon-mesh
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [49]:
!helm install seldon-v2-runtime ../k8s/helm-charts/seldon-core-v2-runtime  -n ns1

NAME: seldon-v2-runtime
LAST DEPLOYED: Thu Jun 22 10:00:36 2023
NAMESPACE: ns1
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [50]:
!helm install seldon-v2-servers ../k8s/helm-charts/seldon-core-v2-servers  -n ns1

NAME: seldon-v2-servers
LAST DEPLOYED: Thu Jun 22 10:00:36 2023
NAMESPACE: ns1
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [10]:
!helm install seldon-v2-runtime ../k8s/helm-charts/seldon-core-v2-runtime  -n ns2

NAME: seldon-v2-runtime
LAST DEPLOYED: Thu Jun 22 09:11:49 2023
NAMESPACE: ns2
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [11]:
!helm install seldon-v2-servers ../k8s/helm-charts/seldon-core-v2-servers  -n ns2

NAME: seldon-v2-servers
LAST DEPLOYED: Thu Jun 22 09:12:16 2023
NAMESPACE: ns2
STATUS: deployed
REVISION: 1
TEST SUITE: None


In [12]:
!kubectl wait --for condition=ready --timeout=300s server --all -n ns1

server.mlops.seldon.io/mlserver condition met
server.mlops.seldon.io/triton condition met


In [13]:
!kubectl wait --for condition=ready --timeout=300s server --all -n ns2

server.mlops.seldon.io/mlserver condition met
server.mlops.seldon.io/triton condition met


### Setup TLS Config

In [14]:
MESH_IP=!kubectl get svc seldon-mesh -n ns1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
MESH_IP_NS1=MESH_IP[0]
import os
os.environ['MESH_IP_NS1'] = MESH_IP_NS1
MESH_IP_NS1

'172.21.255.2'

In [31]:
MESH_IP=!kubectl get svc seldon-mesh -n ns2 -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
MESH_IP_NS2=MESH_IP[0]
import os
os.environ['MESH_IP_NS2'] = MESH_IP_NS2
MESH_IP_NS2

'172.21.255.4'

In [16]:
!seldon config add tls ${PWD}/config-dataplane-tls.json

In [17]:
!seldon config activate tls

### Launch model in namespace ns1

In [18]:
!kubectl create -f ./models/sklearn-iris-gs.yaml -n ns1

model.mlops.seldon.io/iris created


In [19]:
!kubectl wait --for condition=ready --timeout=300s model --all -n ns1

model.mlops.seldon.io/iris condition met


In [36]:
!seldon model infer iris --inference-host ${MESH_IP_NS1}:80 \
  '{"inputs": [{"name": "predict", "shape": [1, 4], "datatype": "FP32", "data": [[1, 2, 3, 4]]}]}' 

{
	"model_name": "iris_1",
	"model_version": "1",
	"id": "77f21360-b6cf-4c50-a000-1f219f5e9e29",
	"parameters": {},
	"outputs": [
		{
			"name": "predict",
			"shape": [
				1,
				1
			],
			"datatype": "INT64",
			"parameters": {
				"content_type": "np"
			},
			"data": [
				2
			]
		}
	]
}


### Launch model in namespace ns2

In [21]:
!kubectl create -f ./models/sklearn-iris-gs.yaml -n ns2

model.mlops.seldon.io/iris created


In [22]:
!kubectl wait --for condition=ready --timeout=300s model --all -n ns2

model.mlops.seldon.io/iris condition met


In [37]:
!seldon model infer iris --inference-host ${MESH_IP_NS2}:80 \
  '{"inputs": [{"name": "predict", "shape": [1, 4], "datatype": "FP32", "data": [[1, 2, 3, 4]]}]}' 

{
	"model_name": "iris_1",
	"model_version": "1",
	"id": "902b8483-0ede-4136-97be-dbf266f05a0c",
	"parameters": {},
	"outputs": [
		{
			"name": "predict",
			"shape": [
				1,
				1
			],
			"datatype": "INT64",
			"parameters": {
				"content_type": "np"
			},
			"data": [
				2
			]
		}
	]
}


## TearDown

In [38]:
!kubectl delete -f ./models/sklearn-iris-gs.yaml -n ns1

model.mlops.seldon.io "iris" deleted


In [39]:
!kubectl delete -f ./models/sklearn-iris-gs.yaml -n ns2

model.mlops.seldon.io "iris" deleted


In [51]:
!helm delete seldon-v2-servers -n ns1
!helm delete seldon-v2-runtime -n ns1
!helm delete seldon-v2-certs -n ns1

release "seldon-v2-servers" uninstalled
release "seldon-v2-runtime" uninstalled
release "seldon-v2-certs" uninstalled


In [52]:
!helm delete seldon-v2-runtime -n ns2
!helm delete seldon-v2-runtime -n ns2
!helm delete seldon-v2-certs -n ns2

release "seldon-v2-runtime" uninstalled
Error: uninstall: Release not loaded: seldon-v2-runtime: release: not found
release "seldon-v2-certs" uninstalled


In [53]:
!helm delete seldon-v2  -n seldon-mesh

release "seldon-v2" uninstalled


In [54]:
!helm delete seldon-core-v2-crds -n seldon-mesh

release "seldon-core-v2-crds" uninstalled


In [55]:
!kubectl delete namespace ns1
!kubectl delete namespace ns2

namespace "ns1" deleted
namespace "ns2" deleted
