-
Notifications
You must be signed in to change notification settings - Fork 986
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enabled the multiple domains support on an inference service #3615
Conversation
3833e49
to
f28620c
Compare
9d7d588
to
8504c99
Compare
8504c99
to
a25510c
Compare
/retest |
"ingressService": "test-destination", | ||
"localGateway": "knative-serving/knative-local-gateway", | ||
"localGatewayService": "knative-local-gateway.istio-system.svc.cluster.local", | ||
"urlScheme": "https", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing indentation
@@ -432,6 +432,11 @@ func createIngress(isvc *v1beta1.InferenceService, useDefault bool, config *v1be | |||
}) | |||
// Include ingressDomain to the domains (both internal and external) derived by KNative | |||
hosts = append(hosts, url.Host) | |||
|
|||
// Include additional ingressDomain to the domains (both internal and external) | |||
if config.AdditionalIngressDomains != nil && len(*config.AdditionalIngressDomains) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guess we need to do some validation here before append.
We could relay in the k8s validator api, or, does istio validates it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one should work the same as ingressConfig.IngressDomain
. We just read the values from the CM and set them in this config
. I did not find any validation for other fields. Do you see validation for other fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will create or update the ingress returned by createIngress
. If there is validation issue, the creation or update will fail. That's my assumption, but need to verify.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would help to verify if the values passed in additionalIngressDomain are valid URLs. This includes their length and presence of special characters
7c99b8e
to
98d5657
Compare
for _, domain := range *config.AdditionalIngressDomains { | ||
host := fmt.Sprintf("%s.%s", prefix, domain) | ||
if !IsValidHostURL(fmt.Sprintf("%s://%s", config.UrlScheme, host)) { | ||
log.Error(fmt.Errorf("The domain name %s in the additionalIngressDomains is not a valid domain name.", domain), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
log.Error(fmt.Errorf("The domain name %s in the additionalIngressDomains is not a valid domain name.", domain), | |
log.Error(fmt.Errorf("The domain name %s in the additionalIngressDomains is not valid", domain), |
@@ -62,3 +63,8 @@ func GenerateDomainName(name string, obj metav1.ObjectMeta, ingressConfig *v1bet | |||
|
|||
return buf.String(), nil | |||
} | |||
|
|||
func IsValidHostURL(hostURL string) bool { | |||
_, err := url.ParseRequestURI(hostURL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there is a package called validation
in the apimachinery tool that could help with it.
IIRC:
validation.IsDNS1123Subdomain()
That might be useful here, as we are validating domains for ingress controller.
wdyt @israel-hdez @yuzisun ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I change the way for us to validate the domain or subdomain.
The tricky part is how to get the subdomain. The safest way is to get the domain name for the existing hosts that knative serving generated, remove it and append the new additional ingress domain to get the new hosts.
a9d1feb
to
9401b99
Compare
caa0dea
to
c840f59
Compare
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
* Added the validation for the URLs Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
c840f59
to
56d3cb5
Compare
Signed-off-by: Vincent Hou <shou73@bloomberg.net>
56d3cb5
to
f589c58
Compare
I quickly scanned the code and looks like it would work. However, I'm wondering if we could try to rely less on Istio implementation and prefer using Knative resources? Knative already has some features to manage and customize domains. I'd like to write a proposal for this. If it would be accepted, this PR code may become obsolete. |
Kserve leverages istio as the default ingress, and knative serving is just one of options provisioning the services. It may not be enough if you only think of knative. |
I think we still want an optional routing layer for KServe specific needs, we have implemented features like path based routing and logic for routing to different inference components. The virtual service can be disabled if not needed and in future we can migrate to gateway API so it does not rely on istio. |
Nice work on the first major kserve PR! @houshengbo |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexagriffith, houshengbo, yuzisun The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hmm... OK, I hadn't this feature in mind. |
…3615) * Added the field AdditionalIngressDomains into the struct IngressConfig Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Added the additional ingress domains into the hosts Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Fixed the indentation Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Added isvc name and namespace into the domain name * Added the validation for the URLs Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Validate the domain in the additionalIngressDomains Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Create the hosts from the list of additionalIngressDomains Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Change the way to validate the host Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Change the validation error message Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Revert the name to url Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Get all the available domain list Signed-off-by: Vincent Hou <shou73@bloomberg.net> * gofmt -s -w the file Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Add additionalIngressDomains into the charts Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Added the comments and refactor the tests Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Regenerate the manifests Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Modify createHTTPMatchRequest, the charts and the test cases Signed-off-by: Vincent Hou <shou73@bloomberg.net> * Run make generate Signed-off-by: Vincent Hou <shou73@bloomberg.net> --------- Signed-off-by: Vincent Hou <shou73@bloomberg.net> Signed-off-by: asd981256 <asd981256@gmail.com>
What this PR does / why we need it:
Currently KServe supports setting only a single external host for inference services. After enabling the multi-host support, we can facilitate the use cases like migrating the inference services from one to another. This PR enables this feature on a global level with the field
additionalIngressDomains
in the configMapinferenceservice-config
.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #2747
Type of changes
Please delete options that are not relevant.
Feature/Issue validation/testing:
Please describe the tests that you ran to verify your changes and relevant result summary. Provide instructions so it can be reproduced.
Please also list any relevant details for your test configuration.
Test A
Test B
Logs
Special notes for your reviewer:
Checklist:
Release note: