[Application] Create API Gateway by default #5515
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rokatyy
reviewed
May 7, 2024
rokatyy
reviewed
May 7, 2024
rokatyy
reviewed
May 7, 2024
Comment on lines
295
to
297
| ports = self.spec.internal_application_port if direct_port_access else [] | ||
| self.create_api_gateway(skip_access_key_auth=skip_access_key_auth, ports=ports) | ||
|
|
There was a problem hiding this comment.
More a question than a comment. Do we want to provide a way to create an api gateway with skip_access_key only? What if user wants to create it with BasicAuth?
There was a problem hiding this comment.
That a valid question.
Users can still manually create api gateways with different configuration that will direct to the application runtime.
The question is what should be the default behavior.
Thinking about it, we might want to accept the mode as an argument, and perhaps have some default mode in the mlrun config.
There was a problem hiding this comment.
@TomerShor as an option, we can do the same way we do in api gateway init. Which means passing APIGatewayAuthenticator when create api gateway. But in case of application runtime we can create an api gateway with accessKey by default.
There was a problem hiding this comment.
I prefer using a mode to allow changing defaults in mlrun config, and use the with_XXX methods for the API Gateway, instead of forcing the user to pass a APIGatewayAuthenticator object (a bit more complex usage IMO).
rokatyy
reviewed
May 7, 2024
rokatyy
reviewed
May 9, 2024
rokatyy
reviewed
May 9, 2024
rokatyy
approved these changes
May 9, 2024
liranbg
approved these changes
May 14, 2024
assaf758
pushed a commit
that referenced
this pull request
May 21, 2024
…the streaming interface (#5599) * [Datastore] Rename `DatastoreProfileAzureBlob` 'bucket' parameter to 'container' (#5521) * [Project] Add delete artifact method (#5491) * [API] Add delete artifact data endpoints (#5477) * [Docs] Add registering an HDFS datastore profile (#5396) To * how to register a datastore profile * Update docs/store/datastore.md Co-authored-by: Gal Topper <gal.topper@gmail.com> * Update docs/store/datastore.md Co-authored-by: Gal Topper <gal.topper@gmail.com> * fix: data store is 2 words * clarify example --------- Co-authored-by: Gal Topper <gal.topper@gmail.com> * [Alerts] Add backwards compatibility for igz < 3.6 (#5524) * [Coding Conventions] Fix `mlconf` usages (#5525) * [API] Enhance usage of iguazio client (#5506) * [Model Monitoring] Implement TSDB abstraction (#5210) * [Automation] Don't rollout deployment before purging DB (#5527) * [SQLDB] Refactor partition querying to minimize subquery table size (#5526) * [Docs] Enable automodule for mlrun.comon.schemas.artifact (#5529) * [Alerts] Filter project resources by permissions for list (#5532) * [ProjectSummaries] Add pipelines_completed_recent_count, pipelines_failed_recent_count (#5523) * [KFP] Merge KFP2 Feature Branch (#5533) * [Nuclio] Delete remote function config map (#5530) * [API] Add read model monitoring metrics values endpoint (#5519) * [Model Monitoring] Fix up imports (#5531) * Remove unused import * Change import so that PyCharm detects inheritance correctly * [Notifications] Display Step Kind In Pipeline Notification (#5538) * Add step kind to pipeline notification * better system test * redundant comment * fix ut --------- Co-authored-by: quaark <a.melnick@icloud.com> * [Alerts] Modify alert entity to have list of ids per alert (#5511) * [Application] Fix test function handler assertion (#5548) * [Docs] Feature-store + Datastore: consolidate Apache Kafka details, cleanups in datastores (#5305) * [Model Monitoring] Fix invalid current_stats in `MonitoringApplicationContext` (#5552) fix deepcopy bug * [KFP] Bump version and create makefile for release (#5555) * [Runs] Store artifact URIs instead of full artifacts in body (#5553) * [Artifacts] Add `producer_uri` filter to list artifacts API (#5549) * [API] Check the artifact kind while attempting to remove artifact data (#5545) * [CI] Fix pipeline adapters makefile (#5557) * [Model Monitoring] Update model endpoint's current stats and drift measures in the writer (#5554) * [Model Monitoring] Add new TSDB target for all predictions (#5551) * [Model Monitoring] Add new TSDB target for all predictions Tracking count and latency. [ML-6349](https://iguazio.atlassian.net/browse/ML-6349) * Change TSDB predictions table path * Move predictions table * Fix * Fix parameter names * Fix * [Functions] Update function with deletion task id (#5536) * [Application] Create API Gateway by default (#5515) * [Logger] Enhance formatter creation (#5561) * [KFP] Suppress reusable-components warnings (#5501) * [ProjectSummaries] Add distinct_scheduled_jobs_pending_count, distinct_scheduled_pipelines_pending_count (#5535) * [Notifications] Fix Pipeline Notification Log Spam + Git Notification (#5563) fix pipeline notification bugs Co-authored-by: quaark <a.melnick@icloud.com> * [Docs] Compile notification when compiling docs (#5564) * [Helpers] Ignore pre-release in `min_iguazio_version` (#5558) * [Runs] Enrich run with artifacts when getting a single run (#5565) * [Application] Set api gateway name on status (#5567) * [CI] Bundling demos as release asset (#5550) * [Nuclio-jupyter] Bump nuclio-jupyter to 0.9.17 (#5568) * [FrontendSpec] Adding TTLCache to `try_get_grafana_service_url` function (#5543) * [KFP] Fix `watch=True` for remote pipeline when using `set_workflow` (#5572) * [Alerts] Add cooldown_period to notification config in alert (#5547) * [Model] Replace yaml dump with safe_dump (#5571) * [Versioning] Fix package version for dev feature branches (#5575) * repace hasattr() with dir() * Support single Parquet and CSV files --------- Co-authored-by: moranbental <107995850+moranbental@users.noreply.github.com> Co-authored-by: jillnogold <88145832+jillnogold@users.noreply.github.com> Co-authored-by: Gal Topper <gal.topper@gmail.com> Co-authored-by: Yan Burman <yanburman@users.noreply.github.com> Co-authored-by: Adam <adamm@iguazio.com> Co-authored-by: Liran BG <liranbg@users.noreply.github.com> Co-authored-by: Eyal Danieli <eyald@iguazio.com> Co-authored-by: Alon Maor <48641682+alonmr@users.noreply.github.com> Co-authored-by: roei3000b <40743125+roei3000b@users.noreply.github.com> Co-authored-by: Katerina Molchanova <35141662+rokatyy@users.noreply.github.com> Co-authored-by: Jonathan Daniel <36337649+jond01@users.noreply.github.com> Co-authored-by: quaark <a.melnick@icloud.com> Co-authored-by: TomerShor <90552140+TomerShor@users.noreply.github.com> Co-authored-by: daniels290813 <78727943+daniels290813@users.noreply.github.com> Co-authored-by: ZeevRispler <73653682+ZeevRispler@users.noreply.github.com> Co-authored-by: Alex Toker <alex_toker@mckinsey.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
To better secure access to application runtimes, we want to utilize the authentication features of API Gateways, and use it as the default gateway to the application.
Thus, in this PR we create an API Gateway by default when creating an application runtime, with access key authentication mode, and set it on the runtime's status.
Furthermore, when invoking the application using
invoke, we prioritize invoking the api gateway, rather then the function's external invocation url.This PR is dependent on #5509 and #5512, as it is using the features added there.
Resolves https://iguazio.atlassian.net/browse/ML-6364 and https://iguazio.atlassian.net/browse/ML-6365