RHOAIENG-4963: ModelMesh should support TLS in payload processors #65
Conversation
Signed-off-by: Rui Vieira <[email protected]>
Signed-off-by: Rui Vieira <[email protected]>
|
@ruivieira: This pull request references RHOAIENG-4963 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.17.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
VedantMahabaleshwarkar
requested review from
israel-hdez
and removed request for
Jooho
There was a problem hiding this comment.
@ruivieira This is only for MM, right? Do we also have a PR for KServe?
@terrytangyuan only for MM, yes. For KServe we are still investigating a solution. |
|
hello @ruivieira |
There was a problem hiding this comment.
I was trying to search how the truststore would get populated. The pointer I was able to find is that it is related to the TLS configuration documented here.
If that's the right configurations, and if my understanding is right, for ModelMesh to support payload processors with TLS, it will be necessary to also configure TLS in ModelMesh itself with the same certificates as the payload processors -- i.e. inference endpoints will be protected under HTTPS using the same certificates as the payload processors.
I'd expect the TLS settings of the processors to be independent from the ModelMesh TLS. May I not be seeing something?
If this is the intended behavior, I can approve as upstream CI is passing. But I'd like to get confirmation that this is how it should be.
Hi @israel-hdez For our use case of the payload processor that is indeed the use case. The reason for this PR is that the truststore created by ModelMesh is not available under the default SSL context, unless explicitly loaded. |
There was a problem hiding this comment.
the code itself seems fine to me, but I have limited expertise in this area and I have not tested this myself. If @israel-hdez or @terrytangyuan give their lgtm I can +1 that
@ruivieira I think the implied question is if you do want ModelMesh to protect the models using the same serving certificate as TrustyAI? I do understand that this will help in trusting the TrustyAI certificate, which is what you need. But unless I'm misunderstanding, infer endpoints will also be using HTTPS using the TrustyAI certificate and this is my confusion. |
The purpose would be to use the same certificates as TrustyAI for MM's outgoing requests made by the remote payload processor, not necessarily for infer endpoints. If we have a TrustyAI service listening to payloads at (say) IIUC simply mounting the secrets is not enough, they must be specified with The other problem is that the truststore created above is not available in the SSL default context, so it's also loaded explicitly. In the current PR this will make those certs also be used for infer endpoints, unless we change it. |
OK, this part is interesting. Maybe it is the context I am missing. I was mentioning the TLS documented, because that's the usual case. But if you have some other way of injecting |
@israel-hdez Just to clarify: the (simplified) TrustyAI/ModelMesh interaction is:
What we want to do is:
We could do this without changes on ModelMesh, but we need this PR because the generated truststore is not available for the payload processor (we get |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: israel-hdez, ruivieira The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Motivation
See RHOAIENG-4963.
Currently, ModelMesh only supports HTTP payload processors (TLS-enable endpoints not supported).
However, the ModelMesh truststore is not available by default when building a TLS-enabled processor.
Modifications
httpsprotocol as a recognized one for payload processorshttps), the ModelMesh truststore will be explicitly loaded in order to be usedhttp) ModelMesh will proceed as before this PRResult
The TLS-enabled payload processor is able to use ModelMesh's certificates in the truststore to perform HTTPS requests.