[Serve][Example] Authentication example

[cblmemo]

A simple example with authentication.

Tested (run the relevant ones):

• Code formatting: bash format.sh
• Any manual or new tests for this PR (please specify below)
  • The usage section in the service YAML
• All smoke tests: pytest tests/test_smoke.py
• Relevant individual smoke tests: pytest tests/test_smoke.py::test_fill_in_the_name
• Backward compatibility tests: bash tests/backward_comaptibility_tests.sh

[MaoZiming]

maybe can give an example of client program that accesses the server with the verify token

[concretevitamin]

+1

[cblmemo]

We've already has one in the Task YAML's comment?

[cblmemo]

Implement in python is rather challenging as I didn't find any default support for this; ref https://stackoverflow.com/questions/34359529/python-requests-equivalent-for-curls-location-trusted

[concretevitamin]

Hmm, not being able to programmatically interacting with the service seems like a key limitation in this mode.

[cblmemo]

Yeah... I guess that is another reason we might want to use a proxy. Will investigate more

[Michaelvll]

Can we test it with OpenAI API? Maybe their library handles the authentication key automatically with redirection.

[cblmemo]

I suppose the problem is our controller does not forward the request with previous auth headers..? Correct me if I'm wrong, but why does replica-side Openai API have a relation to this problem..?

[Michaelvll]

Oh, I mean the client side OpenAI python API, to see if the client querying the endpoint programmatically will have the similar behavior as curl --trust-location.

If this is an issue, we should start migrating our load balancer to proxy based solution.

[cblmemo]

Just tried, the OpenAI Client does not support forwarding auth headers as well. It could access the replica endpoint but not the load balancer endpoint.

[Michaelvll]

Can we add a README for the example folder to explain how this will work and how to access the service? Also, can we make the example a real LLM serving, e.g. using vllm?

[cblmemo]

TODO:

• double-check the example works;
• add README.md;
• check client of openai library to see if it implemented --location-trusted.

[Michaelvll]

Is this outdated? Should we close this @cblmemo?

[cblmemo]

Is this outdated? Should we close this @cblmemo?

Yes. Closing now