[RHOAIENG-11034] - Disabling Authorino Token Authorization forces a Model Pod to rollout

[spolti]

chore: Adds the security.opendatahub.io/enable-auth label to the ServiceAnnotationDisallowedList
to prevents the model to be rolled out in case the auth is disabled / enabled

How to test:

• install the Authorino operator (tech preview version)

Update the DSC:

spec:
  components:
    codeflare:
      managementState: Removed
    kserve:
      devFlags:
        manifests:
          - contextDir: config
            sourcePath: ''
            uri: 'https://github.com/spolti/kserve/tarball/test1234'
      managementState: Managed
      serving:
        ingressGateway:
          certificate:
            secretName: knative-serving-cert
            type: SelfSigned
        managementState: Managed
        name: knative-serving
    trustyai:
      managementState: Removed
    ray:
      managementState: Removed
    kueue:
      managementState: Removed
    workbenches:
      managementState: Managed
    dashboard:
      managementState: Managed
    modelmeshserving:
      managementState: Removed
    datasciencepipelines:
      managementState: Removed

Then:

• Navigate to the dashboard and create a model with auth disabled
• wait for the model to get deployed, make an inference request
• get back to the dashboard and update the model by enabling the auth
• watch the model's pod, It should not be reconciled.
• try to do a inference request by passing the token, it should succeed.

[spolti]

/retest

[openshift-ci]

@spolti: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-raw	527c4f9	link	true	/test e2e-raw
ci/prow/e2e-fast	527c4f9	link	true	/test e2e-fast
ci/prow/e2e-slow	527c4f9	link	true	/test e2e-slow

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mwaykole]

looks good the pod was not restarted
after enabling auth

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hdefazio, mwaykole, spolti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [hdefazio,mwaykole,spolti]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment