Allow using SSL between transformer and predictor/explainer #2911
Conversation
Signed-off-by: Jin Dong <jdong183@bloomberg.net>
|
Thanks @greenmoon55 ! Can you help update the local transformer testing instruction here for using https predictor url? |
| @@ -232,9 +237,10 @@ def postprocess(self, response: Union[Dict, InferResponse, ModelInferResponse], | |||
| return response | |||
|
|
|||
| async def _http_predict(self, payload: Union[Dict, InferRequest], headers: Dict[str, str] = None) -> Dict: | |||
| predict_url = PREDICTOR_URL_FORMAT.format(self.predictor_host, self.name) | |||
| protocol = "https" if self.use_ssl else "http" | |||
There was a problem hiding this comment.
Do we have test cases for this function to verify if http or https is used?
There was a problem hiding this comment.
Unfortunately not. I can't find a good way to add tests here. We have e2e tests for http but not for https.
| @@ -311,9 +317,11 @@ async def explain(self, payload: Dict, headers: Dict[str, str] = None) -> Dict: | |||
| """ | |||
| if self.explainer_host is None: | |||
| raise NotImplementedError("Could not find explainer_host.") | |||
| explain_url = EXPLAINER_URL_FORMAT.format(self.explainer_host, self.name) | |||
|
|
|||
| protocol = "https" if self.use_ssl else "http" | |||
There was a problem hiding this comment.
I am wondering if we have test cases for this function.
Signed-off-by: Jin Dong <jdong183@bloomberg.net>
Signed-off-by: Jin Dong <jdong183@bloomberg.net>
python/kserve/kserve/model.py
Outdated
| self.predictor_host = self.predictor_host + ":80" | ||
| _channel = grpc.aio.insecure_channel(self.predictor_host) | ||
| port = 443 if self.use_ssl else 80 | ||
| self.predictor_host = self.predictor_host + f":{port}" |
There was a problem hiding this comment.
Nit: both predictor_host and port can be in the fstring
Signed-off-by: Jin Dong <jdong183@bloomberg.net>
| @@ -103,9 +104,12 @@ def postprocess(self, infer_response: Union[Dict, ModelInferResponse], headers: | |||
| parser.add_argument( | |||
| "--model_name", help="The name that the model is served under." | |||
| ) | |||
| parser.add_argument( | |||
| "--use_ssl", help="Use ssl for connecting to the predictor", action='store_true' | |||
There was a problem hiding this comment.
It will be true with --use_ssl, otherwise False.
|
Great work @greenmoon55 ! /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: greenmoon55, yuzisun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
) * Allow using SSL between transformer and predictor/explainer Signed-off-by: Jin Dong <jdong183@bloomberg.net> * Update custom transformer example Signed-off-by: Jin Dong <jdong183@bloomberg.net> * Update document Signed-off-by: Jin Dong <jdong183@bloomberg.net> * Update doc and use f string format Signed-off-by: Jin Dong <jdong183@bloomberg.net> --------- Signed-off-by: Jin Dong <jdong183@bloomberg.net> Signed-off-by: iamlovingit <freecode666@gmail.com>
What this PR does / why we need it: Currently the transformer is hard-coded to use http to communicate with the predictor. We add a
use_sslproperty toModelclass to allow using SSL between transformer and predictor/explainer for both rest and grpc.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #2863
Type of changes
Please delete options that are not relevant.
Feature/Issue validation/testing:
Please describe the tests that you ran to verify your changes and relevant result summary. Provide instructions so it can be reproduced.
Please also list any relevant details for your test configuration.
Note that if you need a custom root CA, you can set an environment variable like this
export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=bundle.pemSpecial notes for your reviewer:
No.
Checklist:
Release note: