Update guardrails controller and guardrails controller test

trustyai-explainability · Jan 7, 2025 · 69b72fd · 69b72fd
1 parent b2fdcc9
commit 69b72fd
Show file tree

Hide file tree

Showing 36 changed files with 2,980 additions and 928 deletions.
diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml
@@ -58,6 +58,8 @@ jobs:
           echo "MAIN IMAGE AT: ${{ vars.QUAY_RELEASE_REPO }}:latest"
           echo "LMES DRIVER IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}:latest"
           echo "LMES JOB IMAGE AT: ${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}:latest"
+          echo "GUARDRAILS ORCH IMAGE AT: ${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}:latest"
+
           echo "CI IMAGE AT: quay.io/trustyai/trustyai-service-operator-ci:${{ github.event.pull_request.head.sha }}"
       #
       # Set environments depending on context
@@ -68,20 +70,25 @@ jobs:
           echo "IMAGE_NAME=quay.io/trustyai/trustyai-service-operator-ci" >> $GITHUB_ENV
           echo "DRIVER_IMAGE_NAME=quay.io/trustyai/ta-lmes-driver-ci" >> $GITHUB_ENV
           echo "JOB_IMAGE_NAME=quay.io/trustyai/ta-lmes-job-ci" >> $GITHUB_ENV
+          echo "ORCH_IMAGE_NAME=quay.io/trustyai/ta-guardrails-orchestrator-ci" >> $GITHUB_ENV
+
       - name: Set main-branch environment
         if:  env.BUILD_CONTEXT == 'main'
         run: |
           echo "TAG=latest" >> $GITHUB_ENV
           echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
           echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV
           echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV
+          echo "ORCH_IMAGE_NAME=${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}" >> $GITHUB_ENV
+
       - name: Set tag environment
         if: env.BUILD_CONTEXT == 'tag'
         run: |
           echo "TAG=${{ github.ref_name }}" >> $GITHUB_ENV
           echo "IMAGE_NAME=${{ vars.QUAY_RELEASE_REPO }}" >> $GITHUB_ENV
           echo "DRIVER_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_DRIVER_REPO }}" >> $GITHUB_ENV
           echo "JOB_IMAGE_NAME=${{ vars.QUAY_RELEASE_LMES_JOB_REPO }}" >> $GITHUB_ENV
+          echo "ORCH_IMAGE_NAME=${{ vars.QUAY_RELEASE_GUARDRAILS_REPO }}" >> $GITHUB_ENV
 
       # Run docker commands
       - name: Put expiry date on CI-tagged image
@@ -101,6 +108,10 @@ jobs:
         run: docker build -f Dockerfile.lmes-job -t ${{ env.JOB_IMAGE_NAME }}:$TAG .
       - name: Push LMES job image to Quay
         run: docker push ${{ env.JOB_IMAGE_NAME }}:$TAG
+      - name: Build Guardrails orchestrator image
+        run: docker build -f Dockerfile.guardrails -t ${{ env.ORCH_IMAGE_NAME }}:$TAG .
+      - name: Push Guardrails orchestrator image to Quay
+        run: docker push ${{ env.ORCH_IMAGE_NAME }}:$TAG
 
       # Create CI Manifests
       - name: Set up manifests for CI
@@ -147,8 +158,10 @@ jobs:
 
             📦 [LMES job image](https://quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-lmes-job:${{ github.event.pull_request.head.sha }}`
 
+            📦 [Guardrails orchestrator image](https://quay.io/trustyai/ta-guardrails-orchestrator:${{ github.event.pull_request.head.sha }}): `quay.io/trustyai/ta-guardrails-orchestrator:${{ github.event.pull_request.head.sha }}`
+
             🗂️ [CI manifests](https://github.com/trustyai-explainability/trustyai-service-operator-ci/tree/operator-${{ env.TAG }})
-            
+
             ```
             devFlags:
               manifests:

diff --git a/Dockerfile.orchestrator b/Dockerfile.orchestrator
@@ -0,0 +1,68 @@
+ARG UBI_MINIMAL_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal
+ARG UBI_BASE_IMAGE_TAG=latest
+ARG PROTOC_VERSION=26.0
+ARG CONFIG_FILE=config/config.yaml
+
+## Rust builder ################################################################
+# Specific debian version so that compatible glibc version is used
+FROM rust:1.80.1-bullseye as rust-builder
+ARG PROTOC_VERSION
+
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+
+# Install protoc, no longer included in prost crate
+RUN cd /tmp && \
+    curl -L -O https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-x86_64.zip && \
+    unzip protoc-*.zip -d /usr/local && rm protoc-*.zip
+
+WORKDIR /app
+
+COPY rust-toolchain.toml rust-toolchain.toml
+
+RUN rustup component add rustfmt
+
+## Orchestrator builder #########################################################
+FROM rust-builder as fms-guardrails-orchestr8-builder
+
+COPY build.rs *.toml LICENSE /app/
+COPY ${CONFIG_FILE} /app/config/config.yaml
+COPY protos/ /app/protos/
+COPY src/ /app/src/
+
+WORKDIR /app
+
+# TODO: Make releases via cargo-release
+RUN cargo install --root /app/ --path .
+
+## Tests stage ##################################################################
+FROM fms-guardrails-orchestr8-builder as tests
+RUN cargo test
+
+## Lint stage ###################################################################
+FROM fms-guardrails-orchestr8-builder as lint
+RUN cargo clippy --all-targets --all-features -- -D warnings
+
+## Formatting check stage #######################################################
+FROM fms-guardrails-orchestr8-builder as format
+RUN cargo fmt --check
+
+## Release Image ################################################################
+
+FROM ${UBI_MINIMAL_BASE_IMAGE}:${UBI_BASE_IMAGE_TAG} as fms-guardrails-orchestr8-release
+
+COPY --from=fms-guardrails-orchestr8-builder /app/bin/ /app/bin/
+COPY ${CONFIG_FILE} /app/config/config.yaml
+
+RUN microdnf install -y --disableplugin=subscription-manager shadow-utils compat-openssl11 && \
+    microdnf clean all --disableplugin=subscription-manager
+
+RUN groupadd --system orchestr8 --gid 1001 && \
+    adduser --system --uid 1001 --gid 0 --groups orchestr8 \
+    --create-home --home-dir /app --shell /sbin/nologin \
+    --comment "FMS Orchestrator User" orchestr8
+
+USER orchestr8
+
+ENV ORCHESTRATOR_CONFIG /app/config/config.yaml
+
+CMD /app/bin/fms-guardrails-orchestr8
diff --git a/PROJECT b/PROJECT
@@ -5,6 +5,7 @@
 domain: opendatahub.io
 layout:
 - go.kubebuilder.io/v4
+multigroup: true
 plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}
@@ -33,4 +34,13 @@ resources:
     defaulting: true
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: opendatahub.io
+  group: gorch
+  kind: GuardrailsOrchestrator
+  path: github.com/trustyai-explainability/trustyai-service-operator/api/gorch/v1alpha1
+  version: v1alpha1
 version: "3"
diff --git a/api/guardrails/v1alpha1/groupversion_info.go → api/gorch/v1alpha1/groupversion_info.go b/api/guardrails/v1alpha1/groupversion_info.go → api/gorch/v1alpha1/groupversion_info.go
@@ -1,5 +1,5 @@
 /*
-Copyright 2024.
+Copyright 2023.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package v1alpha1 contains API Schema definitions for the trustyai.opendatahub.io v1alpha1 API group
+// Package v1alpha1 contains API Schema definitions for the gorch v1alpha1 API group.
 // +kubebuilder:object:generate=true
 // +groupName=trustyai.opendatahub.io
 package v1alpha1
@@ -28,14 +28,14 @@ const (
 	GroupName     = "trustyai.opendatahub.io"
 	Version       = "v1alpha1"
 	KindName      = "GuardrailsOrchestrator"
-	FinalizerName = "trustyai.opendatahub.io/guardrails-finalizer"
+	FinalizerName = "trustyai.opendatahub.io/gorch-finalizer"
 )
 
 var (
-	// GroupVersion is group version used to register these objects
-	GroupVersion = schema.GroupVersion{Group: GroupName, Version: Version}
+	// GroupVersion is group version used to register these objects.
+	GroupVersion = schema.GroupVersion{Group: "trustyai.opendatahub.io", Version: "v1alpha1"}
 
-	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
 
 	// AddToScheme adds the types in this group-version to the given scheme.

diff --git a/api/gorch/v1alpha1/guardrailsorchestrator_types.go b/api/gorch/v1alpha1/guardrailsorchestrator_types.go
@@ -0,0 +1,104 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+type TLSSpec struct {
+	Type       string `json:"type"`
+	CertPath   string `json:"cert_path"`
+	KeyPath    string `json:"key_path"`
+	CACertPath string `json:"ca_cert_path"`
+}
+
+type ServiceSpec struct {
+	Hostname string  `json:"hostname"`
+	Port     int     `json:"port"`
+	TLS      TLSSpec `json:"tls"`
+}
+
+type GeneratorSpec struct {
+	Provider string      `json:"provider"`
+	Service  ServiceSpec `json:"service"`
+}
+
+type ChunkerSpec struct {
+	Provider string      `json:"provider"`
+	Service  ServiceSpec `json:"service"`
+}
+
+type DetectorSpec struct {
+	Type             string      `json:"type"`
+	Service          ServiceSpec `json:"service"`
+	ChunkerName      string      `json:"chunkerName"`
+	DefaultThreshold string      `json:"defaultThreshold"`
+}
+
+// GuardrailsOrchestratorSpec defines the desired state of GuardrailsOrchestrator.
+type GuardrailsOrchestratorSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Number of replicas
+	Replicas int32 `json:"replicas"`
+	// Generator configuration
+	Generator GeneratorSpec `json:"generator"`
+	// Chunker configuration
+	Chunkers []ChunkerSpec `json:"chunker"`
+	// Detector configuration
+	Detectors []DetectorSpec `json:"detectors"`
+	// TLS configuration
+	TLS string `json:"tls"`
+}
+
+// GuardrailsOrchestratorStatus defines the observed state of GuardrailsOrchestrator.
+type GuardrailsOrchestratorStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	Condition string `json:"condition,omitempty"`
+	Ready     bool   `json:"ready"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// GuardrailsOrchestrator is the Schema for the guardrailsorchestrators API.
+type GuardrailsOrchestrator struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   GuardrailsOrchestratorSpec   `json:"spec,omitempty"`
+	Status GuardrailsOrchestratorStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// GuardrailsOrchestratorList contains a list of GuardrailsOrchestrator.
+type GuardrailsOrchestratorList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []GuardrailsOrchestrator `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&GuardrailsOrchestrator{}, &GuardrailsOrchestratorList{})
+}